Skip to content

Validate function tag literals before execution#4503

Open
AkashKumar7902 wants to merge 3 commits intokptdev:mainfrom
AkashKumar7902:issue-4500-invalid-tags
Open

Validate function tag literals before execution#4503
AkashKumar7902 wants to merge 3 commits intokptdev:mainfrom
AkashKumar7902:issue-4500-invalid-tags

Conversation

@AkashKumar7902
Copy link
Copy Markdown

@AkashKumar7902 AkashKumar7902 commented Apr 24, 2026

Summary

  • Validate literal function.tag values against image tag syntax before constructing the function image reference.
  • Preserve semver constraint resolution and valid non-semver literal tags such as hash-style build tags.
  • Add coverage for invalid literal tags that previously reached runtime execution.

Motivation

Fixes #4500.

Invalid tag values that were neither semantic versions nor semantic version constraints could be appended to the image name and only fail later during function execution. This catches those values during tag resolution with an actionable error.

Validation

  • go test ./pkg/fn/runtime
  • go test ./pkg/fn/...
  • go test -cover ./pkg/fn/runtime
  • go vet ./pkg/fn/runtime
  • go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.11.4 run ./pkg/fn/runtime

AI Assistance

I used OpenAI GPT-5 for code exploration, implementation assistance, and test drafting. I reviewed the changes and validated them locally.

@AkashKumar7902
Validate function tag literals before execution
a260134 
Signed-off-by: Akash Kumar <meakash7902@gmail.com>
Copilot AI review requested due to automatic review settings April 24, 2026 21:25
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 24, 2026
edited
Loading

Deploy Preview for kptdocs ready!

Name Link
🔨 Latest commit 9782c09
🔍 Latest deploy log https://app.netlify.com/projects/kptdocs/deploys/69f27ce5ee2aa700088d69af
😎 Deploy Preview https://deploy-preview-4503--kptdocs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@dosubot dosubot Bot added size:S This PR changes 10-29 lines, ignoring generated files. area/fn-runtime KRM function runtime go Pull requests that update Go code labels Apr 24, 2026
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds early validation for literal function.tag values to ensure they conform to OCI/Docker image tag syntax, preventing invalid tags from reaching runtime execution and failing later.

Changes:

  • Validate literal (non-constraint-resolved) function.tag values against an image tag regex before constructing the final image reference.
  • Factor literal-tag image construction into a helper (imageWithLiteralTag) used by both semver-exact and non-semver tag paths.
  • Add test coverage for invalid literal tags (including a semver-valid-but-tag-invalid case).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
pkg/fn/runtime/tag_resolution.go Adds image-tag syntax validation for literal tags and routes literal tag resolution through a helper returning actionable errors early.
pkg/fn/runtime/tag_resolution_test.go Adds cases asserting invalid literal tags now fail during resolution rather than later at execution time.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pkg/fn/runtime/tag_resolution.go Outdated
@AkashKumar7902
Clarify image tag validation error
b47453b 
Signed-off-by: Akash Kumar <meakash7902@gmail.com>
mozesl-nokia
mozesl-nokia reviewed Apr 29, 2026
View reviewed changes
Comment thread pkg/fn/runtime/tag_resolution.go Outdated
Comment thread pkg/fn/runtime/tag_resolution.go Outdated
@AkashKumar7902
Address review: use distribution/reference TagRegexp, simplify contro…
9782c09 
…l flow

mozesl-nokia in kptdev#4503 review:
- Suggested importing the canonical tag regexp from
  github.com/distribution/reference instead of duplicating the pattern.
  Switched imageWithLiteralTag to use reference.TagRegexp; since it is
  unanchored, require a full-string match via FindString to keep the
  same semantics as the previous local regex.
- Restored the pre-PR control flow in ResolveFunctionImage so the
  literal-tag warning stays in the else branch and the validation /
  reference build happens once at the end via imageWithLiteralTag.

Signed-off-by: Akash Kumar <meakash7902@gmail.com>
@AkashKumar7902
Copy link
Copy Markdown
Author

AkashKumar7902 commented Apr 29, 2026

@mozesl-nokia Thanks for the review! Pushed 9782c09 addressing both points:

  • regex import: Switched to reference.TagRegexp from github.com/distribution/reference. That regex is unanchored, so I'm using FindString(tag) == tag to keep the previous full-string-match semantics. The exported helpers in distribution/reference (Parse/WithTag) are name+tag oriented and anchoredTagRegexp is unexported, so this is the cleanest plug-in.
  • else branch: Restored the pre-PR shape — warning stays in the else, and the single imageWithLiteralTag call at the end handles validation for both branches.

@copilot the wording suggestion (must start with...) was already applied in b47453b. PTAL.

@dosubot dosubot Bot added the lgtm label Apr 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mozesl-nokia mozesl-nokia mozesl-nokia approved these changes

@liamfallon liamfallon Awaiting requested review from liamfallon liamfallon is a code owner

@kispaljr kispaljr Awaiting requested review from kispaljr kispaljr is a code owner

@efiacor efiacor Awaiting requested review from efiacor efiacor is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

area/fn-runtime KRM function runtime go Pull requests that update Go code lgtm size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Catch blatantly invalid image tags before execution

3 participants

@AkashKumar7902 @mozesl-nokia