Skip to content

fix(security): Resolve confirmed Sonar findings#110

Open
ryanheffernan wants to merge 24 commits into
mainfrom
rheffernan/sonar-fixes
Open

fix(security): Resolve confirmed Sonar findings#110
ryanheffernan wants to merge 24 commits into
mainfrom
rheffernan/sonar-fixes

Conversation

@ryanheffernan

@ryanheffernan ryanheffernan commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Description

Resolve confirmed Sonar findings across container builds, deployment manifests, CI workflows, backend services, and UI code.

  • Harden container images by narrowing build contexts, making copied resources immutable, and declaring non-root runtime users.
  • Remove privileged mode and host namespace access from the air-gapped image loader, with the manifest documentation updated to match.
  • Pin GitHub Actions to immutable commit SHAs and make focused Python, Go, and TypeScript maintainability/security fixes.
  • Santize newline characters from logs using external inputs to prevent forged lines
  • Update github kind workflow to cancel in-progress runs when a new one is kicked off, fixed permissions for comment posting, and retrict comments for superceded runs

Validation

  • Standard CI passes.
  • Kind integration passes, or this PR explains why it was not run.

Passing Kind Integration run:
https://github.com/NVIDIA/nv-config-manager/actions/runs/28958011491

Ran a local integration test to confirm the non-root Nautobot image successfully cloned, synchronized, imported, and executed Git-backed jobs with correct permissions, since kind integration doesn't cover this scenario.

Checklist

  • I am familiar with the contributing guidelines in CONTRIBUTING.md.
  • Commits are signed off for DCO compliance.
  • New or existing tests cover these changes, or the PR explains why tests are not needed.
  • Documentation is updated for user-facing behavior changes.
  • Generated artifacts are updated when applicable, such as OpenAPI specs,
    docs screenshots, or Helm/rendered outputs.

Summary by CodeRabbit

  • Security
    • Hardened air-gapped image loading and container runtime settings to reduce privileges and improve isolation.
  • Bug Fixes
    • Improved handling of unusual/newline-containing log and request values to prevent misleading output.
    • Ensured CI only reports results for the latest matching run, reducing stale status comments.
  • Chores
    • Updated build and CI workflows to use pinned action versions for more reliable automation.
    • Standardized container execution to run as non-root where appropriate.
  • Documentation
    • Clarified container privilege notes and air-gapped loading guidance.

@copy-pr-bot

copy-pr-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: eae77ca5-a898-430d-bf33-02a540796bcc

📥 Commits

Reviewing files that changed from the base of the PR and between 15d1a0b and 55038a2.

📒 Files selected for processing (5)
  • src/nv_config_manager/common/log.py
  • src/nv_config_manager/ztp/sftp/main.py
  • src/tests/common/test_log.py
  • src/tests/ztp/api/test_main.py
  • src/tests/ztp/sftp/test_main.py
 __________________________________________
< Thread behaviour? I don't even know her. >
 ------------------------------------------
  \
   \   (\__/)
       (•ㅅ•)
       /   づ
📝 Walkthrough

Walkthrough

This PR updates workflow pinning and Kind integration handling, tightens container build/runtime settings, hardens air-gapped image loading, renames the NATS readiness interface, escapes log values in ZTP paths, and adjusts two UI helpers.

Changes

CI automation updates

Layer / File(s) Summary
Pinned workflow actions
.github/workflows/docs.yml, .github/workflows/public-ci.yml
docs and public CI workflows switch setup and upload steps to pinned action references and shared aliases across multiple jobs.
Kind integration result gating
.github/workflows/kind-integration-command.yml, .github/workflows/kind-integration.yml, .github/scripts/kind-integration-result.js, .github/scripts/kind-integration-result.test.js
Kind integration command permissions, result publication logic, workflow concurrency, and the matching tests are updated to check current PR head SHAs before commenting.

Runtime images and deployment hardening

Layer / File(s) Summary
Container copy and user settings
build/kea-admin.Dockerfile, build/kea.Dockerfile, build/nats-ready.Dockerfile, build/nv-config-manager.Dockerfile, build/nautobot.Dockerfile, build/nautobot-test.Dockerfile, build/ui.Dockerfile, components/nautobot/nautobot-app-overlays/development/Dockerfile, SECURITY.md
Kea, nats-ready, Nautobot, nv-config-manager, Nautobot app overlays, Nautobot test, and UI Dockerfiles narrow COPY inputs and add explicit runtime users; the security note is updated to match the Kea container exception.
Air-gapped image-loader hardening
deploy/airgapped/create-airgapped.sh, deploy/airgapped/manifests/README.md, deploy/airgapped/manifests/image-loader-daemonset.yaml
The image-loader DaemonSet removes hostNetwork and hostPID, disables privilege escalation, drops capabilities, sets read-only and RuntimeDefault security settings, and marks the containerd mount read-only; the README text is updated to match. The helper script now returns success explicitly after printing a normalized image reference.

NATS readiness interface rename

Layer / File(s) Summary
Runner interface rename
components/nats-ready/internal/nats-ready/nats.go, components/nats-ready/cmd/nats-ready/main.go
The embed import comment is added, the readiness interface is renamed, and NewNatsRunnable now returns Runner.

Log escaping updates

Layer / File(s) Summary
Log escaping helpers and call sites
src/nv_config_manager/common/log.py, src/nv_config_manager/ztp/api/device_v1.py, src/nv_config_manager/ztp/api/streaming.py, src/nv_config_manager/ztp/sftp/main.py
A shared newline-escaping helper is added and used in device API, streaming, and SFTP logging paths.
Log escaping tests
src/tests/common/test_log.py, src/tests/ztp/api/test_main.py, src/tests/ztp/sftp/test_main.py
The common log helper tests cover separator escaping, object stringification, and unchanged text, while the ZTP API and SFTP tests assert CRLF-safe logging and forged-input handling.

UI helper updates

Layer / File(s) Summary
UI normalization and typing
ui/src/app/auth/discovery/route.ts, ui/src/app/body.tsx
Discovery route normalization uses an explicit trailing-slash loop and replaceAll for commas, and Body now accepts Readonly<BodyProps>.

Estimated code review effort: 4 (Complex) | ~45 minutes

Possibly related PRs

  • NVIDIA/nv-config-manager#92: Both PRs touch deploy/airgapped/create-airgapped.sh, specifically normalize_image_reference, to add an explicit success return 0.

Suggested reviewers: susanhooks, zsblevins, polarweasel, spidercensus

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the PR’s security-focused fixes for confirmed Sonar findings.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch rheffernan/sonar-fixes

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
components/nats-ready/internal/nats-ready/nats.go (1)

81-81: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Constructor name still references old interface name.

NewNatsRunnable now returns Runner but its own name still carries the old NatsRunnable naming, which is slightly inconsistent post-rename.

♻️ Optional rename for consistency
-func NewNatsRunnable(config *NatsReadyConfig) (Runner, error) {
+func NewRunner(config *NatsReadyConfig) (Runner, error) {

Note: would also require updating the call site in components/nats-ready/cmd/nats-ready/main.go.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@components/nats-ready/internal/nats-ready/nats.go` at line 81, Rename the
constructor to match the new interface naming and keep the API consistent:
update NewNatsRunnable in nats.go to use the Runner-oriented name, and adjust
the main.go call site accordingly. Make sure the renamed function still returns
Runner and preserves the same config behavior so all references follow the new
naming convention.
build/nv-config-manager.Dockerfile (1)

44-49: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Stale comment: "Copy all project files" no longer matches the targeted copies below.

The comment above still says "Copy all project files" but the block now copies only specific subdirectories. Consider updating the comment to describe the narrowed scope so future contributors don't assume the whole tree is copied.

✏️ Suggested comment fix
-# Copy all project files
+# Copy only the files needed for the build (narrowed build context)
 COPY pyproject.toml uv.lock README.md /code/nv-config-manager/
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@build/nv-config-manager.Dockerfile` around lines 44 - 49, The comment above
the COPY instructions is outdated and says “Copy all project files,” but the
Dockerfile now copies only selected files and subdirectories. Update the nearby
comment in the Dockerfile to accurately describe the narrower copy scope around
the COPY statements for pyproject.toml, uv.lock, src/nv_config_manager,
src/tests, and components/network-templates so the intent matches the current
behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/public-ci.yml:
- Around line 25-31: The checkout steps are still using the default credential
persistence, which leaves the git token available to later steps. Update every
job that uses the actions/checkout step via the actions_checkout anchor to
explicitly set persist-credentials: false in that step’s with block, including
jobs that already set fetch-depth: 0 and jobs like python-lint that currently
have no with block. Use the existing checkout usages in the workflow as the
places to apply the fix.

In `@build/kea-admin.Dockerfile`:
- Around line 44-46: SECURITY.md still says Kea/kea-admin containers run as
root, but kea-admin is now explicitly configured to run as non-root with USER
1000:1000 and matches the Helm chart’s runAsUser/runAsGroup convention. Update
the accepted-risk note in SECURITY.md to remove kea-admin from the “runs as
root” statement and keep only any remaining root-related risk that still applies
to Kea components. Make sure the wording aligns with the kea-admin container
behavior referenced by the Dockerfile change.

---

Nitpick comments:
In `@build/nv-config-manager.Dockerfile`:
- Around line 44-49: The comment above the COPY instructions is outdated and
says “Copy all project files,” but the Dockerfile now copies only selected files
and subdirectories. Update the nearby comment in the Dockerfile to accurately
describe the narrower copy scope around the COPY statements for pyproject.toml,
uv.lock, src/nv_config_manager, src/tests, and components/network-templates so
the intent matches the current behavior.

In `@components/nats-ready/internal/nats-ready/nats.go`:
- Line 81: Rename the constructor to match the new interface naming and keep the
API consistent: update NewNatsRunnable in nats.go to use the Runner-oriented
name, and adjust the main.go call site accordingly. Make sure the renamed
function still returns Runner and preserves the same config behavior so all
references follow the new naming convention.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: de5a0357-2b53-48b3-a7ff-092f9a7052ed

📥 Commits

Reviewing files that changed from the base of the PR and between e6f6dc3 and e6eaf25.

📒 Files selected for processing (17)
  • .github/workflows/docs.yml
  • .github/workflows/public-ci.yml
  • build/kea-admin.Dockerfile
  • build/kea.Dockerfile
  • build/nats-ready.Dockerfile
  • build/nautobot-test.Dockerfile
  • build/nautobot.Dockerfile
  • build/nv-config-manager.Dockerfile
  • build/ui.Dockerfile
  • components/nats-ready/internal/nats-ready/nats.go
  • components/nautobot/nautobot-app-overlays/development/Dockerfile
  • deploy/airgapped/create-airgapped.sh
  • deploy/airgapped/manifests/README.md
  • deploy/airgapped/manifests/image-loader-daemonset.yaml
  • src/nv_config_manager/ztp/api/device_v1.py
  • ui/src/app/auth/discovery/route.ts
  • ui/src/app/body.tsx

Comment thread .github/workflows/public-ci.yml
Comment thread build/kea-admin.Dockerfile
@ryanheffernan ryanheffernan changed the title Resolve confirmed Sonar findings fix(security): Resolve confirmed Sonar findings Jul 8, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
src/nv_config_manager/common/log.py (1)

158-160: 🔒 Security & Privacy | 🔵 Trivial | 💤 Low value

Optional: consider escaping other line-breaking control characters.

Current helper only escapes \r/\n. Some log processors/terminals also treat \x0b (VT), \x0c (FF), and Unicode line separators (\u2028/\u2029) as line breaks, which could still enable partial log-forging. Since the PR scope is specifically CR/LF, this is a nice-to-have hardening, not a blocker.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/nv_config_manager/common/log.py` around lines 158 - 160, The
escape_log_newlines helper currently hardens only against CR/LF, so extend it to
also escape other line-breaking control characters such as vertical tab, form
feed, and Unicode line/paragraph separators. Update escape_log_newlines in
log.py to handle these additional separators while keeping the existing behavior
for \r and \n unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/nv_config_manager/common/log.py`:
- Around line 158-160: The escape_log_newlines helper currently hardens only
against CR/LF, so extend it to also escape other line-breaking control
characters such as vertical tab, form feed, and Unicode line/paragraph
separators. Update escape_log_newlines in log.py to handle these additional
separators while keeping the existing behavior for \r and \n unchanged.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 77360974-2917-48d1-a385-b656021b176d

📥 Commits

Reviewing files that changed from the base of the PR and between 265adfc and ef48383.

📒 Files selected for processing (6)
  • src/nv_config_manager/common/log.py
  • src/nv_config_manager/ztp/api/device_v1.py
  • src/nv_config_manager/ztp/api/streaming.py
  • src/nv_config_manager/ztp/sftp/main.py
  • src/tests/ztp/api/test_main.py
  • src/tests/ztp/sftp/test_main.py
✅ Files skipped from review due to trivial changes (1)
  • src/nv_config_manager/ztp/sftp/main.py

Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
@ryanheffernan ryanheffernan force-pushed the rheffernan/sonar-fixes branch from ef48383 to fbde0cf Compare July 8, 2026 15:09
Signed-off-by: rheffernan <rheffernan@nvidia.com>
@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/kind test

@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/ok to test 8f6f43e

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
src/tests/common/test_log.py (1)

37-38: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Consider covering non-string input and passthrough behavior.

escape_log_newlines accepts value: object and stringifies internally, but the tests only exercise str inputs with an embedded separator. Adding a case for a non-string value (e.g. an exception or int) and a no-separator passthrough case would round out coverage for the actual signature.

♻️ Suggested additional test
+def test_escape_log_newlines_passthrough_and_non_str() -> None:
+    assert escape_log_newlines("plain text") == "plain text"
+    assert escape_log_newlines(ValueError("bad\nvalue")) == r"bad\nvalue"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/tests/common/test_log.py` around lines 37 - 38, The current
`test_escape_log_newlines_escapes_line_separators` only covers string inputs
with separators, so add coverage for `escape_log_newlines`’s broader `value:
object` signature. Extend the tests in `test_log.py` to include a non-string
input case (such as an int or exception object) to verify it stringifies and
escapes correctly, and a passthrough case with no newline separators to confirm
unchanged output when no escaping is needed.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/tests/common/test_log.py`:
- Around line 37-38: The current
`test_escape_log_newlines_escapes_line_separators` only covers string inputs
with separators, so add coverage for `escape_log_newlines`’s broader `value:
object` signature. Extend the tests in `test_log.py` to include a non-string
input case (such as an int or exception object) to verify it stringifies and
escapes correctly, and a passthrough case with no newline separators to confirm
unchanged output when no escaping is needed.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4d670ba8-f69b-4237-83c8-1e9b4a3a9f63

📥 Commits

Reviewing files that changed from the base of the PR and between fbde0cf and 8f6f43e.

📒 Files selected for processing (2)
  • src/nv_config_manager/common/log.py
  • src/tests/common/test_log.py
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/nv_config_manager/common/log.py

Signed-off-by: rheffernan <rheffernan@nvidia.com>
@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/ok to test 4aaaf2e

@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/kind test

Signed-off-by: rheffernan <rheffernan@nvidia.com>
Signed-off-by: rheffernan <rheffernan@nvidia.com>
@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/ok to test 38f0d1f

@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/kind test

@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

@coderabbitai full review

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
✅ Action performed

Full review finished.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
.github/workflows/kind-integration-command.yml (1)

30-30: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Missing version comment on pinned checkout.

Other workflows (docs.yml, public-ci.yml) annotate pinned SHAs with # v4.3.1 for readability; this file's checkout pins lack that comment.

✏️ Suggested tweak
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

Also applies to: 54-54

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/kind-integration-command.yml at line 30, Add the missing
version comment to the pinned actions/checkout reference in the kind integration
workflow so it matches the other workflows’ readability convention. Update the
checkout step in the workflow and the other pinned checkout occurrence mentioned
in the comment to include the same inline version tag (for example, the existing
v4.3.1-style annotation) without changing the pinned SHA or step behavior.
src/nv_config_manager/common/log.py (1)

62-75: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Consider also escaping ESC (\x1b) to block terminal escape-sequence injection.

The map neutralizes CR/LF and other line-separator characters, but not the ESC character that begins ANSI/VT terminal escape sequences. If these logs are ever viewed through a terminal, forged input containing \x1b[... sequences could manipulate the display (hide/alter log content) even though CRLF injection is now blocked. This is a related but distinct log-forging vector (CWE-150).

♻️ Optional hardening
         "\x85": r"\x85",
         "\u2028": r"\u2028",
         "\u2029": r"\u2029",
+        "\x1b": r"\x1b",
     }
 )
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/nv_config_manager/common/log.py` around lines 62 - 75, The log escaping
map in _LOG_LINE_BREAK_ESCAPES should also neutralize the ESC character to
prevent terminal escape-sequence injection. Update the translation table in
log.py so the existing line-break sanitization additionally covers "\x1b",
ensuring log content handled by the logging helpers cannot inject ANSI/VT
control sequences when viewed in a terminal.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/kind-integration-command.yml:
- Line 30: Add the missing version comment to the pinned actions/checkout
reference in the kind integration workflow so it matches the other workflows’
readability convention. Update the checkout step in the workflow and the other
pinned checkout occurrence mentioned in the comment to include the same inline
version tag (for example, the existing v4.3.1-style annotation) without changing
the pinned SHA or step behavior.

In `@src/nv_config_manager/common/log.py`:
- Around line 62-75: The log escaping map in _LOG_LINE_BREAK_ESCAPES should also
neutralize the ESC character to prevent terminal escape-sequence injection.
Update the translation table in log.py so the existing line-break sanitization
additionally covers "\x1b", ensuring log content handled by the logging helpers
cannot inject ANSI/VT control sequences when viewed in a terminal.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8272c7ee-616c-4490-b97c-1e509de03cfb

📥 Commits

Reviewing files that changed from the base of the PR and between fbc13c6 and 38f0d1f.

📒 Files selected for processing (29)
  • .github/scripts/kind-integration-result.js
  • .github/scripts/kind-integration-result.test.js
  • .github/workflows/docs.yml
  • .github/workflows/kind-integration-command.yml
  • .github/workflows/kind-integration.yml
  • .github/workflows/public-ci.yml
  • SECURITY.md
  • build/kea-admin.Dockerfile
  • build/kea.Dockerfile
  • build/nats-ready.Dockerfile
  • build/nautobot-test.Dockerfile
  • build/nautobot.Dockerfile
  • build/nv-config-manager.Dockerfile
  • build/ui.Dockerfile
  • components/nats-ready/cmd/nats-ready/main.go
  • components/nats-ready/internal/nats-ready/nats.go
  • components/nautobot/nautobot-app-overlays/development/Dockerfile
  • deploy/airgapped/create-airgapped.sh
  • deploy/airgapped/manifests/README.md
  • deploy/airgapped/manifests/image-loader-daemonset.yaml
  • src/nv_config_manager/common/log.py
  • src/nv_config_manager/ztp/api/device_v1.py
  • src/nv_config_manager/ztp/api/streaming.py
  • src/nv_config_manager/ztp/sftp/main.py
  • src/tests/common/test_log.py
  • src/tests/ztp/api/test_main.py
  • src/tests/ztp/sftp/test_main.py
  • ui/src/app/auth/discovery/route.ts
  • ui/src/app/body.tsx

Signed-off-by: rheffernan <rheffernan@nvidia.com>
@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/ok to test 15d1a0b

@ryanheffernan ryanheffernan marked this pull request as ready for review July 8, 2026 15:51
@zsblevins

Copy link
Copy Markdown
Collaborator

The escape_log_newlines mechanism would be cleaner to include in the log adapter instead of calling on every log parameter

Signed-off-by: rheffernan <rheffernan@nvidia.com>
@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/ok to test e4a052a

@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/kind test

Signed-off-by: rheffernan <rheffernan@nvidia.com>
@ryanheffernan

Copy link
Copy Markdown
Collaborator Author

/ok to test 55038a2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants