jwilger/auto_review
1
0
Fork 0
Code Issues 6 Pull requests 1 Releases Packages 1 Activity Actions

fix(gateway): require sandbox image at startup #41

Open
jwilger wants to merge 1 commit from issue-10-mandatory-sandbox into main
pull from: issue-10-mandatory-sandbox
merge into: jwilger:main
Conversation 0 Commits 1 Files changed 12 +332 -95
jwilger commented 2026-05-02 14:17:42 -07:00
Owner
Copy link

Summary

  • require AR_SANDBOX_IMAGE during gateway startup and remove production direct-sandbox fallback
  • fail fast when neither podman nor docker is available, with blank runtime overrides treated as unset
  • document mandatory sandboxing and add a Forgejo workflow to publish versioned sandbox images

Verification

  • cargo test -p ar-gateway sandbox_ -- --nocapture
  • cargo fmt --all -- --check
  • cargo clippy --workspace --all-targets -- -D warnings
  • cargo nextest run -p ar-gateway

Closes #10

## Summary - require `AR_SANDBOX_IMAGE` during gateway startup and remove production direct-sandbox fallback - fail fast when neither podman nor docker is available, with blank runtime overrides treated as unset - document mandatory sandboxing and add a Forgejo workflow to publish versioned sandbox images ## Verification - cargo test -p ar-gateway sandbox_ -- --nocapture - cargo fmt --all -- --check - cargo clippy --workspace --all-targets -- -D warnings - cargo nextest run -p ar-gateway Closes #10
fix(gateway): require sandbox image at startup
All checks were successful
CI / Nix flake check (pull_request) Successful in 1m46s
Details
auto_review auto_review: no findings
8ee4cc99a9
auto-review requested changes 2026-05-02 14:53:37 -07:00
auto-review left a comment
Copy link

This PR enforces the requirement for AR_SANDBOX_IMAGE during gateway startup, removing the fallback to direct host execution. It also introduces clear error messages when neither Podman nor Docker is available. The changes are well-documented across various files, ensuring users are informed of the new requirements. The PR appears safe to merge, with no critical issues identified.

Pre-merge checks

  • CHANGELOG updated — CHANGELOG.md is in the diff
  • Tests touched — source changed but no test file appears in the diff
  • No new TODO/FIXME comments — no new TODO/FIXME markers
Linters
  • gitleaks — ok, 7 findings
  • semgrep — ok, 0 findings
  • trivy — ok, 0 findings
  • osv-scanner — skipped: osv-scanner not found in sandbox image, 0 findings
  • ast-grep — ok, 0 findings
  • typos — ok, 25 findings
  • actionlint — failed: parse error in actionlint output: missing field Filepath at line 1 column 1005, 0 findings
  • prettier — ok, 0 findings
  • yamllint — ok, 2 findings
  • kubeconform — ok, 0 findings
  • ansible-lint — ok, 0 findings
This PR enforces the requirement for `AR_SANDBOX_IMAGE` during gateway startup, removing the fallback to direct host execution. It also introduces clear error messages when neither Podman nor Docker is available. The changes are well-documented across various files, ensuring users are informed of the new requirements. The PR appears safe to merge, with no critical issues identified. ## Pre-merge checks - [x] CHANGELOG updated — CHANGELOG.md is in the diff - [ ] Tests touched — source changed but no test file appears in the diff - [x] No new TODO/FIXME comments — no new TODO/FIXME markers <details> <summary>Linters</summary> - gitleaks — ok, 7 findings - semgrep — ok, 0 findings - trivy — ok, 0 findings - osv-scanner — skipped: osv-scanner not found in sandbox image, 0 findings - ast-grep — ok, 0 findings - typos — ok, 25 findings - actionlint — failed: parse error in actionlint output: missing field `Filepath` at line 1 column 1005, 0 findings - prettier — ok, 0 findings - yamllint — ok, 2 findings - kubeconform — ok, 0 findings - ansible-lint — ok, 0 findings </details>
All checks were successful
CI / Nix flake check (pull_request) Successful in 1m46s
Required
Details
auto_review auto_review: no findings
Required
This pull request has changes requested by an official reviewer.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin issue-10-mandatory-sandbox:issue-10-mandatory-sandbox
git switch issue-10-mandatory-sandbox
Sign in to join this conversation.
Reviewers
No reviewers
auto-review
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
jwilger/auto_review!41
No description provided.