Skip to content

Move shared git package from operator to pkg/git#4045

Merged
JAORMX merged 2 commits intomainfrom
refactor/move-git-package
Mar 9, 2026
Merged

Move shared git package from operator to pkg/git#4045
JAORMX merged 2 commits intomainfrom
refactor/move-git-package

Conversation

@JAORMX
Copy link
Copy Markdown
Collaborator

@JAORMX JAORMX commented Mar 9, 2026
edited
Loading

Summary

  • The operator's internal git client (cmd/thv-operator/pkg/git/) is needed by the CLI for upcoming git-based skill installation. Moving it to pkg/git/ makes it a shared package available to both the operator and CLI.
  • Replaces controller-runtime/pkg/log with log/slog so the package works outside the operator's controller-runtime context.
  • Rewrites tests to use testify assertions and t.TempDir() for isolation, dropping trivial field-accessibility tests and slow network-dependent tests in favor of deterministic local-repo integration tests.
  • Adds path traversal validation, CloneConfig mutual-exclusion validation, and sentinel errors for improved security and error handling.

Relates to #4015

Type of change

  • Refactoring (no behavior change)

Test plan

  • Unit tests (task test)
  • Linting (task lint-fix)

Changes

File Change
cmd/thv-operator/pkg/git/* Deleted — moved to pkg/git/
pkg/git/client.go Moved from operator, swapped controller-runtime/pkg/log for log/slog, added path validation, sentinel errors, cleanup logging
pkg/git/fs.go Moved from operator, switched sentinel errors to errors.New
pkg/git/types.go Moved from operator, added validate() for CloneConfig mutual exclusion
pkg/git/doc.go Updated package documentation
pkg/git/client_test.go Rewritten with testify, t.TempDir(), added path traversal and validation tests
pkg/git/integration_test.go Rewritten with testify, local-repo tests only, added tag-based clone test

Does this introduce a user-facing change?

No

Large PR Justification

  • Large refactoring that must be atomic: the package move deletes 991 lines from cmd/thv-operator/pkg/git/ and recreates 331 lines in pkg/git/. The deletions account for the majority of the diff size. Splitting the delete and create into separate PRs would leave the codebase in a broken state.
  • Test rewrite is part of the move: the old tests depended on controller-runtime/pkg/log which is no longer available in the new location, so they had to be rewritten in the same PR.

Special notes for reviewers

Operator test files intentionally dropped during move

  • commit_test.go: Cloned from real github.com/stacklok/toolhive over the network — slow, fragile, skipped in -short mode. Same scenario covered by local-repo integration tests.
  • types_test.go: Trivial field-accessibility tests ("set URL, check URL is set") that add no meaningful coverage per the project's test quality guidelines.

Security hardening added during move

  • Path traversal validation in GetFileContent (rejects .., absolute paths, null bytes)
  • CloneConfig.validate() enforces mutual exclusion of Branch/Tag/Commit
  • Sentinel errors (ErrNilRepository, ErrInvalidFilePath, ErrInvalidCloneConfig) for proper errors.Is() checking

This is PR 1 of 2 — split from #4042. PR 2 (git-based skill install feature) builds on this.

Generated with Claude Code

@github-actions github-actions bot added the size/XL Extra large PR: 1000+ lines changed label Mar 9, 2026
github-actions[bot]
github-actions bot previously requested changes Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Large PR Detected

This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.

How to unblock this PR:

Add a section to your PR description with the following format:

## Large PR Justification

[Explain why this PR must be large, such as:]
- Generated code that cannot be split
- Large refactoring that must be atomic
- Multiple related changes that would break if separated
- Migration or data transformation

Alternative:

Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.

See our Contributing Guidelines for more details.

This review will be automatically dismissed once you add the justification section.

@JAORMX JAORMX force-pushed the refactor/move-git-package branch from 3e82856 to 13536fb Compare March 9, 2026 10:25
@github-actions github-actions bot added size/L Large PR: 600-999 lines changed and removed size/XL Extra large PR: 1000+ lines changed labels Mar 9, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 9, 2026

✅ PR size has been reduced below the XL threshold. The size review has been dismissed and this PR can now proceed with normal review. Thank you for splitting this up!

@github-actions github-actions bot dismissed their stale review March 9, 2026 10:26

PR size has been reduced below the XL threshold. Thank you for splitting this up!

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 9, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 72.22222% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.69%. Comparing base (0791876) to head (cba20b1).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
pkg/git/client.go 60.00% 7 Missing and 3 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4045      +/-   ##
==========================================
+ Coverage   68.62%   68.69%   +0.06%     
==========================================
  Files         445      446       +1     
  Lines       45374    45396      +22     
==========================================
+ Hits        31140    31186      +46     
+ Misses      11827    11803      -24     
  Partials     2407     2407

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@JAORMX @claude
Move shared git package from operator to pkg/git
efa601e 
The operator's git package (CloneConfig, Client interface, LimitedFs,
DefaultGitClient) is needed by both the operator and the CLI for
git-based skill installation. Move it to pkg/git/ so both can share it.

Changes during move:
- Replace controller-runtime/pkg/log with log/slog
- Add WithAuth ClientOption for authenticated clones
- Remove runtime.GC() call from Cleanup (unnecessary; Go GC handles it)
- Update tests to use t.Context() instead of controller-runtime logger
- Rewrite tests with testify assertions and t.TempDir()
- Drop trivial field-accessibility tests and slow network-dependent tests

No functional changes to the operator — the package was not yet imported
by any operator code.

Relates to #4015

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@JAORMX JAORMX force-pushed the refactor/move-git-package branch from 13536fb to efa601e Compare March 9, 2026 10:36
@github-actions github-actions bot added size/XL Extra large PR: 1000+ lines changed and removed size/L Large PR: 600-999 lines changed labels Mar 9, 2026
github-actions[bot]
github-actions bot previously requested changes Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Large PR Detected

This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.

How to unblock this PR:

Add a section to your PR description with the following format:

## Large PR Justification

[Explain why this PR must be large, such as:]
- Generated code that cannot be split
- Large refactoring that must be atomic
- Multiple related changes that would break if separated
- Migration or data transformation

Alternative:

Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.

See our Contributing Guidelines for more details.

This review will be automatically dismissed once you add the justification section.

aponcedeleonch
aponcedeleonch reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@aponcedeleonch aponcedeleonch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nits — nothing blocking, just small improvements to consider.

@JAORMX @claude
Address review feedback and harden pkg/git
cba20b1 
- Use errors.New for sentinel errors in fs.go
- Add ErrNilRepository sentinel replacing duplicate fmt.Errorf strings
- Add path traversal validation in GetFileContent
- Add CloneConfig.validate() rejecting conflicting Branch/Tag/Commit
- Log util.RemoveAll failures in Cleanup with slog.Warn
- Add tag-based clone integration test
- Add path traversal and validation unit tests
- Improve integration test comments

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
github-actions[bot]
github-actions bot previously requested changes Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Large PR Detected

This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.

How to unblock this PR:

Add a section to your PR description with the following format:

## Large PR Justification

[Explain why this PR must be large, such as:]
- Generated code that cannot be split
- Large refactoring that must be atomic
- Multiple related changes that would break if separated
- Migration or data transformation

Alternative:

Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.

See our Contributing Guidelines for more details.

This review will be automatically dismissed once you add the justification section.

@github-actions github-actions bot added size/XL Extra large PR: 1000+ lines changed and removed size/XL Extra large PR: 1000+ lines changed labels Mar 9, 2026
aponcedeleonch
aponcedeleonch approved these changes Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@aponcedeleonch aponcedeleonch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

@JAORMX JAORMX merged commit ace1b2d into main Mar 9, 2026
86 of 88 checks passed
@JAORMX JAORMX deleted the refactor/move-git-package branch March 9, 2026 12:38
@JAORMX JAORMX mentioned this pull request Mar 9, 2026
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aponcedeleonch aponcedeleonch aponcedeleonch approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

@ChrisJBurns ChrisJBurns Awaiting requested review from ChrisJBurns ChrisJBurns is a code owner

@yrobla yrobla Awaiting requested review from yrobla yrobla is a code owner

@jerm-dro jerm-dro Awaiting requested review from jerm-dro jerm-dro is a code owner

@jhrozek jhrozek Awaiting requested review from jhrozek jhrozek is a code owner

@eleftherias eleftherias Awaiting requested review from eleftherias

@amirejaz amirejaz Awaiting requested review from amirejaz

@lujunsan lujunsan Awaiting requested review from lujunsan

@rdimitrov rdimitrov Awaiting requested review from rdimitrov

Assignees

No one assigned

Labels

size/XL Extra large PR: 1000+ lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JAORMX @aponcedeleonch