Preserve per-tag directory structure when constructing bundle paths (merges into #96)#102
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR.
| tag_path = Path(tag) | ||
| tag_manifest_dir = resolve_within_root(manifest_dir, str(tag_path.parent)) if tag_path.parent != Path(".") else manifest_dir | ||
| tag_bundle_dir = resolve_within_root(bundle_dir, str(tag_path.parent)) if tag_path.parent != Path(".") else bundle_dir | ||
| tag_manifest_dir.mkdir(parents=True, exist_ok=True) | ||
| tag_bundle_dir.mkdir(parents=True, exist_ok=True) | ||
|
|
||
| manifest_path = tag_manifest_dir / f"{tag_path.name}.yaml" | ||
| with manifest_path.open("w", encoding="utf-8") as handle: | ||
| yaml.safe_dump(manifest, handle, sort_keys=False) | ||
|
|
||
| bundle_path = resolve_within_root(bundle_dir, f"{tag}.zip") | ||
| bundle_path = tag_bundle_dir / f"{tag_path.name}.zip" |
There was a problem hiding this comment.
Creating bundles now writes manifests and archives into nested directories based on the tag (e.g., namespace/repo:v1.0.0 ends up under manifests/namespace/repo.yaml and bundles/namespace/repo.zip). The FastAPI evidence routes still glob only manifest_dir/*.yaml and build bundle paths as bundle_dir / f"{tag}.zip", and the /{release} route cannot even accept slashes in the tag. As a result, namespaced bundles generated by this change will never be listed or fetched through the API despite being written to disk. Consider teaching the API to recurse through namespace directories (and using a path parameter for release) so these bundles remain accessible.
Useful? React with 👍 / 👎.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files
Prompt for AI agents (all 1 issues)
Understand the root cause of the following 1 issues and fix them.
<file name="evidence/packager.py">
<violation number="1" location="evidence/packager.py:264">
The logic for creating nested directories from namespaced tags is flawed. The implementation in `evidence/packager.py` incorrectly parses the tag string, and as a result, the assertions in the corresponding test in `tests/test_evidence_bundle.py` will fail. The code does not produce the intended directory structure.</violation>
</file>
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
| } | ||
|
|
||
| manifest_path = resolve_within_root(manifest_dir, f"{tag}.yaml") | ||
| tag_path = Path(tag) |
There was a problem hiding this comment.
The logic for creating nested directories from namespaced tags is flawed. The implementation in evidence/packager.py incorrectly parses the tag string, and as a result, the assertions in the corresponding test in tests/test_evidence_bundle.py will fail. The code does not produce the intended directory structure.
Prompt for AI agents
Address the following comment on evidence/packager.py at line 264:
<comment>The logic for creating nested directories from namespaced tags is flawed. The implementation in `evidence/packager.py` incorrectly parses the tag string, and as a result, the assertions in the corresponding test in `tests/test_evidence_bundle.py` will fail. The code does not produce the intended directory structure.</comment>
<file context>
@@ -261,11 +261,17 @@ def create_bundle(inputs: BundleInputs) -> dict[str, Any]:
}
- manifest_path = resolve_within_root(manifest_dir, f"{tag}.yaml")
+ tag_path = Path(tag)
+ tag_manifest_dir = resolve_within_root(manifest_dir, str(tag_path.parent)) if tag_path.parent != Path(".") else manifest_dir
+ tag_bundle_dir = resolve_within_root(bundle_dir, str(tag_path.parent)) if tag_path.parent != Path(".") else bundle_dir
</file context>
|
Closing as part of PR consolidation. Useful changes have been cherry-picked into PR #240. |
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🤖 PR by cubic
This PR addresses the comment in #96 – Harden parser validation and evidence guardrails
File:
evidence/packager.pyLine: 268
Comment:
This fix was automatically generated. Please review the changes carefully before merging.
Summary by cubic
Preserves per-tag directory structure when creating manifest and bundle paths to prevent overwriting bundles for namespaced tags. Tags like namespace/repo:v1.0.0 now write under namespace/repo/ instead of flattening the tag.