Add ACM observability component repository mappings

[coleenquadros]

Added mappings for observability components to their respective GitHub repositories and branch strategies for CVE fix workflows.

Example CVE Jira from our project https://redhat.atlassian.net/browse/ACM-32577

[coderabbitai]

Warning

Rate limit exceeded

@coleenquadros has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 15 minutes and 46 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 15 minutes and 46 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 422697a7-25f8-4255-a348-70a39c556039

📥 Commits

Reviewing files that changed from the base of the PR and between 7aba21c and 7ccb676.

📒 Files selected for processing (1)

• workflows/cve-fixer/component-repository-mappings.json

Walkthrough

Added a new top-level Observability section to workflows/cve-fixer/component-repository-mappings.json that maps 14 rhacm2/*-rhel9 containers to stolostron/* repositories and defines repository-specific CVE-fix workflow and build/test configuration for each mapped repo.

Changes

Cohort / File(s)

Summary

Observability configuration workflows/cve-fixer/component-repository-mappings.json

Introduced top-level Observability with container_to_repo_mapping (14 rhacm2 → stolostron entries) and repositories entries for the corresponding stolostron/* repos. Each repo includes github_url, default_branch, active_release_branches, branch_strategy, repo_type, cve_fix_workflow (primary_target + backport_targets), build_command, test_command, and optional notes/special_requirements (tool/version constraints, go.mod replace/vendoring, branch-pattern differences).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding observability component repository mappings to the configuration file.
Description check	✅ Passed	The description is related to the changeset, explaining that mappings for observability components were added for CVE fix workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coleenquadros]

How and where can I provide the Github and Jira API tokens?

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@workflows/cve-fixer/component-repository-mappings.json`:
- Line 954: The JSON entry for repository "stolostron/kube-state-metrics" has
contradictory metadata: it declares "Release branches only" / "No main branch"
but still sets the key default_branch to "main"; update the record so those keys
agree by either removing the default_branch property or setting it to the
appropriate release branch name, and ensure the branch-selection/branch-policy
field that currently indicates "Release branches only" / "No main branch"
remains accurate; target the JSON object for "stolostron/kube-state-metrics" and
update the default_branch and branch policy keys (e.g., default_branch,
branch_policy/branch_selection) so they are consistent.
- Around line 906-907: The mapping "rhacm2/memcached-exporter-rhel9" ->
"stolostron/memcached-exporter" is missing a corresponding repository entry
under Observability.repositories; add a new repository object for
"stolostron/memcached-exporter" in Observability.repositories with the required
schema fields (e.g., name, org, repo, default branch/registry info as used
elsewhere) so the CVE-fixer can resolve the mapped target—ensure the repository
identifier matches "stolostron/memcached-exporter" exactly and mirror field
structure from nearby repository entries.
- Line 1158: The backport_targets string value for the mapping contains a
missing comma between "backplane-2.10" and "backplane-2.9", which produces an
invalid branch list; update the "backport_targets" entry (the property named
backport_targets in the JSON mapping) to insert the missing comma so the value
becomes a properly comma-separated list (e.g., ensure "...backplane-2.10,
backplane-2.9, ...") and verify spacing/commas between all items in that string.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 57a73b51-ddab-4ee8-b590-f80ee92ef6bd

📥 Commits

Reviewing files that changed from the base of the PR and between 2239b41 and 64d2e65.

📒 Files selected for processing (1)

• workflows/cve-fixer/component-repository-mappings.json

[coderabbitai]

♻️ Duplicate comments (2)

workflows/cve-fixer/component-repository-mappings.json (2)

954-970: ⚠️ Potential issue | 🟠 Major

Resolve conflicting branch metadata for stolostron/kube-state-metrics.

Line 954 sets default_branch to main, but Line 962 and Line 970 say this repo is release-branch-only, and Line 965 targets release-2.17. This inconsistency can cause wrong branch selection in automation.

Proposed fix

-          "default_branch": "main",
+          "default_branch": "release-2.17",

As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@workflows/cve-fixer/component-repository-mappings.json` around lines 954 -
970, The JSON for stolostron/kube-state-metrics has conflicting branch metadata:
"default_branch": "main" while "branch_strategy" indicates release-only and
cve_fix_workflow.primary_target is "release-2.17"; update the mapping so branch
metadata is consistent by removing or changing "default_branch" from "main" to
the appropriate release branch (e.g., "release-2.17") or by switching
"branch_strategy" to include main—choose the release-branch option to match
cve_fix_workflow.primary_target and backport_targets so automation will select
release branches correctly.

---

906-907: ⚠️ Potential issue | 🟠 Major

Add missing repositories entry for mapped target stolostron/memcached-exporter.

Line 906 maps rhacm2/memcached-exporter-rhel9 to stolostron/memcached-exporter, but there is no matching object under Observability.repositories. This leaves the mapping incomplete and can break/derail CVE-fixer repo resolution for that container.

Proposed fix

       "repositories": {
+        "stolostron/memcached-exporter": {
+          "github_url": "https://github.com/stolostron/memcached-exporter",
+          "default_branch": "release-2.17",
+          "active_release_branches": [
+            "release-2.16",
+            "release-2.15",
+            "release-2.14",
+            "release-2.13"
+          ],
+          "branch_strategy": "Release branches (release-2.13 through release-2.17). Fix in latest release branch first.",
+          "repo_type": "golang",
+          "cve_fix_workflow": {
+            "primary_target": "release-2.17",
+            "backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
+          }
+        },
         "stolostron/multicluster-observability-operator": {

As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

Also applies to: 908-1189

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@workflows/cve-fixer/component-repository-mappings.json` around lines 906 -
907, The mapping "rhacm2/memcached-exporter-rhel9":
"stolostron/memcached-exporter" is missing a corresponding entry under
Observability.repositories; add a repository object for
"stolostron/memcached-exporter" inside the Observability.repositories array with
the expected fields (name matching "stolostron/memcached-exporter", appropriate
image names/tags, and any metadata keys used by the CVE-fixer resolution logic)
so the mapping resolves correctly; update any related entries (e.g.,
imageVariants or platform-specific tags) to mirror other repository objects in
Observability.repositories to ensure consistency with the existing structure.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@workflows/cve-fixer/component-repository-mappings.json`:
- Around line 954-970: The JSON for stolostron/kube-state-metrics has
conflicting branch metadata: "default_branch": "main" while "branch_strategy"
indicates release-only and cve_fix_workflow.primary_target is "release-2.17";
update the mapping so branch metadata is consistent by removing or changing
"default_branch" from "main" to the appropriate release branch (e.g.,
"release-2.17") or by switching "branch_strategy" to include main—choose the
release-branch option to match cve_fix_workflow.primary_target and
backport_targets so automation will select release branches correctly.
- Around line 906-907: The mapping "rhacm2/memcached-exporter-rhel9":
"stolostron/memcached-exporter" is missing a corresponding entry under
Observability.repositories; add a repository object for
"stolostron/memcached-exporter" inside the Observability.repositories array with
the expected fields (name matching "stolostron/memcached-exporter", appropriate
image names/tags, and any metadata keys used by the CVE-fixer resolution logic)
so the mapping resolves correctly; update any related entries (e.g.,
imageVariants or platform-specific tags) to mirror other repository objects in
Observability.repositories to ensure consistency with the existing structure.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 790e2072-62ff-44a6-bfc8-4005f9638cdf

📥 Commits

Reviewing files that changed from the base of the PR and between 64d2e65 and 7aba21c.

📒 Files selected for processing (1)

• workflows/cve-fixer/component-repository-mappings.json