Skip to content

HYPERFLEET-350: Add openapi generate part to Dockerfile #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-bot merged 1 commit into from
Dec 16, 2025
Merged

HYPERFLEET-350: Add openapi generate part to Dockerfile #32

openshift-merge-bot merged 1 commit into from
Dec 16, 2025

Conversation

@yingzhanredhat
Copy link
Contributor

@yingzhanredhat yingzhanredhat commented Dec 15, 2025
edited
Loading 

podman build -t hyperfleet-sentinel .

[1/3] STEP 1/6: FROM openapitools/openapi-generator-cli:v7.16.0 AS openapi-gen
[1/3] STEP 2/6: WORKDIR /local
--> b8c3a8e6718e
[1/3] STEP 3/6: ARG OPENAPI_SPEC_REF=main
--> 9f3625a7e151
[1/3] STEP 4/6: ARG OPENAPI_SPEC_URL=https://raw.githubusercontent.com/openshift-hyperfleet/hyperfleet-api/${OPENAPI_SPEC_REF}/openapi/openapi.yaml
--> 8a3489db0b43
[1/3] STEP 5/6: RUN echo "Fetching OpenAPI spec from hyperfleet-api (ref: ${OPENAPI_SPEC_REF})..." &&     mkdir -p openapi &&     wget -O openapi/openapi.yaml "${OPENAPI_SPEC_URL}" ||     (echo "Failed to download OpenAPI spec from ${OPENAPI_SPEC_URL}" && exit 1)
Fetching OpenAPI spec from hyperfleet-api (ref: main)...
--2025-12-15 08:21:05--  https://raw.githubusercontent.com/openshift-hyperfleet/hyperfleet-api/main/openapi/openapi.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 39262 (38K) [text/plain]
Saving to: ‘openapi/openapi.yaml’

     0K .......... .......... .......... ........             100%  427K=0.09s

2025-12-15 08:21:06 (427 KB/s) - ‘openapi/openapi.yaml’ saved [39262/39262]

--> c043557c6e4e
[1/3] STEP 6/6: RUN bash /usr/local/bin/docker-entrypoint.sh generate     -i /local/openapi/openapi.yaml     -g go     -o /local/pkg/api/openapi &&     rm -f /local/pkg/api/openapi/go.mod /local/pkg/api/openapi/go.sum &&     rm -rf /local/pkg/api/openapi/test
[main] INFO  o.o.codegen.DefaultGenerator - Generating with dryRun=false
[main] INFO  o.o.c.ignore.CodegenIgnoreProcessor - Output directory (/local/pkg/api/openapi) does not exist, or is inaccessible. No file (.openapi-generator-ignore) will be evaluated.
[main] INFO  o.o.codegen.DefaultGenerator - OpenAPI Generator: go (client)
[main] INFO  o.o.codegen.DefaultGenerator - Generator 'go' is considered stable.
[main] INFO  o.o.c.languages.AbstractGoCodegen - Environment variable GO_POST_PROCESS_FILE not defined so Go code may not be properly formatted. To define it, try `export GO_POST_PROCESS_FILE="/usr/local/bin/gofmt -w"` (Linux/Mac)
[main] INFO  o.o.c.languages.AbstractGoCodegen - NOTE: To enable file post-processing, 'enablePostProcessFile' must be set to `true` (--enable-post-process-file for CLI).
[main] INFO  o.o.codegen.InlineModelResolver - Inline schema created as AdapterStatusBase_metadata. To have complete control of the model name, set the `title` field or use the modelNameMapping option (e.g. --model-name-mappings AdapterStatusBase_metadata=NewModel,ModelA=NewModelA in CLI) or inlineSchemaNameMapping option (--inline-schema-name-mappings AdapterStatusBase_metadata=NewModel,ModelA=NewModelA in CLI).
[main] INFO  o.o.codegen.InlineModelResolver - Inline schema created as Error_details_inner. To have complete control of the model name, set the `title` field or use the modelNameMapping option (e.g. --model-name-mappings Error_details_inner=NewModel,ModelA=NewModelA in CLI) or inlineSchemaNameMapping option (--inline-schema-name-mappings Error_details_inner=NewModel,ModelA=NewModelA in CLI).
[main] INFO  o.o.codegen.DefaultGenerator - Model ClusterSpec not generated since it's a free-form object
[main] INFO  o.o.codegen.DefaultGenerator - Model NodePoolSpec not generated since it's a free-form object
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_api_resource.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/APIResource.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_adapter_condition.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/AdapterCondition.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_adapter_status.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/AdapterStatus.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_adapter_status_base.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/AdapterStatusBase.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_adapter_status_base_metadata.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/AdapterStatusBaseMetadata.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_adapter_status_create_request.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/AdapterStatusCreateRequest.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_adapter_status_list.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/AdapterStatusList.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_bearer_auth.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/BearerAuth.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_cluster.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/Cluster.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_cluster_base.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ClusterBase.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_cluster_create_request.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ClusterCreateRequest.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_cluster_list.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ClusterList.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_cluster_status.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ClusterStatus.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_condition_base.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ConditionBase.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_condition_request.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ConditionRequest.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_condition_status.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ConditionStatus.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_error.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/Error.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_error_details_inner.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ErrorDetailsInner.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_list.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/List.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_node_pool.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/NodePool.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_node_pool_base.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/NodePoolBase.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_node_pool_create_request.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/NodePoolCreateRequest.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_node_pool_create_response.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/NodePoolCreateResponse.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_node_pool_list.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/NodePoolList.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_node_pool_status.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/NodePoolStatus.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_object_reference.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ObjectReference.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_order_direction.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/OrderDirection.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_resource_condition.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ResourceCondition.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/model_resource_phase.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/ResourcePhase.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/api_default.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/test/api_default_test.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/docs/DefaultAPI.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/api/openapi.yaml
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/README.md
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/git_push.sh
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/.gitignore
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/configuration.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/client.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/response.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/go.mod
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/go.sum
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/.travis.yml
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/utils.go
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/.openapi-generator-ignore
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/.openapi-generator/VERSION
[main] INFO  o.o.codegen.TemplateManager - writing file /local/pkg/api/openapi/.openapi-generator/FILES
############################################################################################
# Thanks for using OpenAPI Generator.                                                      #
# We appreciate your support! Please consider donation to help us maintain this project.   #
# https://opencollective.com/openapi_generator/donate                                      #
############################################################################################
--> 4aee2c1bb227
[2/3] STEP 1/7: FROM golang:1.25-alpine AS builder
[2/3] STEP 2/7: WORKDIR /build
--> Using cache 2c31a1cd0fe62551c7ce4a156e41683f064b06e81573220213de4df72f99e749
--> 2c31a1cd0fe6
[2/3] STEP 3/7: COPY go.mod go.sum ./
--> Using cache 589c7c81b111091aac868e919a3eafa58a416a3893155ebcb16e037ae380f580
--> 589c7c81b111
[2/3] STEP 4/7: RUN go mod download
--> Using cache 1d2700adfafd513674519a17661c6a0708c988b61c6881e5017f0ec2e2c589fb
--> 1d2700adfafd
[2/3] STEP 5/7: COPY --from=openapi-gen /local/pkg/api/openapi ./pkg/api/openapi
--> 7ec9e93e22fc
[2/3] STEP 6/7: COPY . .
--> e7307a27228a
[2/3] STEP 7/7: RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -o sentinel ./cmd/sentinel
--> 38809de6ce09
[3/3] STEP 1/6: FROM gcr.io/distroless/static-debian12:nonroot
[3/3] STEP 2/6: WORKDIR /app
--> Using cache 96223c832f897ce1a28a100c4733b33f7bebe52cf67637425cac475c767d120c
--> 96223c832f89
[3/3] STEP 3/6: COPY --from=builder /build/sentinel /app/sentinel
--> 4cb4803a4c55
[3/3] STEP 4/6: ENTRYPOINT ["/app/sentinel"]
--> ed86d5b71c4f
[3/3] STEP 5/6: CMD ["serve"]
--> 2c20969aacab
[3/3] STEP 6/6: LABEL name="hyperfleet-sentinel"       vendor="Red Hat"       version="0.1.0"       summary="HyperFleet Sentinel - Resource polling and event publishing service"       description="Watches HyperFleet API resources and publishes reconciliation events to message brokers"
[3/3] COMMIT hyperfleet-sentinel
--> 9a049ff45ef2
Successfully tagged localhost/hyperfleet-sentinel:latest
9a049ff45ef2dbcbb9331b040e92d983d87d435cbb4ab3112ae9bb005156bf22

Summary by CodeRabbit

  • Chores
    • Enhanced build infrastructure to automatically generate and integrate an OpenAPI client into the build process, ensuring improved consistency with API specifications.

✏️ Tip: You can customize this high-level summary in your review settings.

@openshift-ci openshift-ci bot requested review from crizzo71 and mbrudnoy December 15, 2025 08:29
@coderabbitai
Copy link

coderabbitai bot commented Dec 15, 2025
edited
Loading

Walkthrough

The pull request introduces a multi-stage Dockerfile build process that adds OpenAPI code generation. A new openapi-gen stage is added using the openapitools/openapi-generator-cli image to fetch an OpenAPI specification from hyperfleet-api, generate a Go client in /local/pkg/api/openapi, and remove generated build artifacts (go.mod, go.sum, and tests). The main builder stage is then modified to copy the generated OpenAPI client from the openapi-gen stage, integrating the auto-generated code into the build without altering runtime behavior.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

  • Verify that the OpenAPI generator base image (openapitools/openapi-generator-cli) is the correct and trusted version
  • Confirm the OpenAPI spec source path (/fetch/openapi.yaml from hyperfleet-api) is correct and accessible during build
  • Validate that the generated client output path `/local/pkg/api/openapi matches the COPY destination path in the builder stage
  • Ensure removal of go.mod, go.sum, and test files from the generated code is intentional and appropriate for the Go client integration

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and specifically describes the main change: adding an OpenAPI generation stage to the Dockerfile, which matches the core modification in the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Dec 15, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (3)
Dockerfile (3)

6-13: Build reproducibility concern: fetching OpenAPI spec from main branch.

The default OPENAPI_SPEC_REF=main (line 6) means each build may fetch a different version of the OpenAPI spec if the main branch changes. This reduces build determinism and can cause unexpected behavior changes without explicit version bumps.

Consider one of the following approaches:

  • Default to a stable release tag (e.g., OPENAPI_SPEC_REF=v1.0.0) instead of main.
  • Document that OPENAPI_SPEC_REF must be explicitly specified for production builds.
  • Use a commit SHA for maximum reproducibility.

Additionally, the external network call during build (lines 10-13) creates a runtime dependency on GitHub availability. Consider caching the OpenAPI spec or including it in the repository if it's core to the build.

10-13: Add checksum validation for the downloaded OpenAPI spec.

The spec is downloaded via wget without integrity verification. Consider adding a checksum (SHA256) to validate the downloaded file and detect tampering or corruption.

Example enhancement:

-RUN echo "Fetching OpenAPI spec from hyperfleet-api (ref: ${OPENAPI_SPEC_REF})..." && \
-    mkdir -p openapi && \
-    wget -O openapi/openapi.yaml "${OPENAPI_SPEC_URL}" || \
-    (echo "Failed to download OpenAPI spec from ${OPENAPI_SPEC_URL}" && exit 1)
+ARG OPENAPI_SPEC_SHA256=""
+RUN echo "Fetching OpenAPI spec from hyperfleet-api (ref: ${OPENAPI_SPEC_REF})..." && \
+    mkdir -p openapi && \
+    wget -O openapi/openapi.yaml "${OPENAPI_SPEC_URL}" || \
+    (echo "Failed to download OpenAPI spec from ${OPENAPI_SPEC_URL}" && exit 1) && \
+    if [ -n "${OPENAPI_SPEC_SHA256}" ]; then \
+      echo "${OPENAPI_SPEC_SHA256}  openapi/openapi.yaml" | sha256sum -c - || exit 1; \
+    fi

This is optional but recommended for security-sensitive deployments.

1-54: Operational advice: Consider build caching and CI/CD implications.

The addition of the openapi-gen stage introduces a new network dependency and build step. In CI/CD pipelines:

  • Each build will re-fetch the OpenAPI spec and re-generate the client, which may slow down builds. Consider using Docker layer caching or pre-built base images if this becomes a bottleneck.
  • Document the OPENAPI_SPEC_REF build argument so CI/CD can pin stable versions.
  • Ensure the GitHub URL and hyperfleet-api repository are accessible from your CI/CD environment.

Additionally, if the OpenAPI spec is versioned, consider storing generated clients in a separate artifact repository or cache to avoid regenerating on every build.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6d788f6 and 5421c7b.

📒 Files selected for processing (1)
  • Dockerfile (2 hunks)
🔇 Additional comments (2)
Dockerfile (2)

17-22: Confirm the generated client integration approach.

The removal of go.mod and go.sum from the generated code (line 21) and the test directory (line 22) is appropriate to avoid module conflicts with the main build. Ensure this approach aligns with your project's Go dependency management and that the generated code has no unmet imports after removal.

33-34: LGTM — OpenAPI client integration is clean.

The COPY --from=openapi-gen pattern cleanly integrates the generated client into the builder stage without polluting the build context. The multi-stage approach keeps the build efficient.

Dockerfile
@@ -1,3 +1,26 @@
FROM openapitools/openapi-generator-cli:v7.16.0 AS openapi-gen
Copy link

@coderabbitai coderabbitai bot Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

openapitools/openapi-generator-cli v7.16.0 security advisories vulnerabilities

💡 Result:

Short answer — summary and guidance:

  • The openapi-generator-cli repository itself has no published security advisories. [1]

  • The main OpenAPITools/openapi-generator project has several past advisories that may be relevant to users of the CLI (notably):

    • CVE-2024-35219 — path‑traversal (arbitrary file read/delete) in the online generator; fixed in openapi-generator >= 7.6.0. Versions prior to 7.6.0 are affected. [2][3]
    • CVE-2023-27162 — SSRF in the online endpoints; affected up to 6.4.0 and fixed in 6.5.0. [4]

  • Impact for v7.16.0:

    • v7.16.0 is newer than 7.6.0, so CVE-2024-35219 is fixed in that lineage. There are no public advisories listing v7.16.0 as vulnerable on the openapi-generator-cli security page. Still, the upstream project has historical CVEs you should be aware of. [1][2][4][5]

Recommendations:

  • Upgrade to the latest stable openapi-generator / openapi-generator-cli (7.17.0 or newer). [5]
  • If you expose any online/code‑generation endpoints (web service), ensure you follow the project advisories and harden/disable any online-generation features; treat user-supplied paths/URLs as untrusted.
  • Monitor the OpenAPITools security page and OSV/NVD feeds for new advisories. [1][2]

Sources:

  • openapi-generator-cli GitHub security page (no advisories). [1]
  • OSV / NVD / GHSA entry for CVE-2024-35219 (path traversal, fixed in >=7.6.0). [2][3]
  • GitLab/NVD entries and advisories for CVE-2023-27162 (SSRF, fixed in 6.5.0). [4]
  • openapi-generator v7.16.0 release notes. [5]

🌐 Web query:

openapitools/openapi-generator-cli latest version 2025

💡 Result:

The latest stable release is v7.17.0 (released Oct 29, 2025). (github.com)

Citations:

🌐 Web query:

openapitools/openapi-generator-cli Docker Hub official image trusted source

💡 Result:

Yes — openapitools/openapi-generator-cli on Docker Hub is the official Docker image published by the OpenAPI Tools organization and is the recommended/authoritative Docker distribution for OpenAPI Generator CLI. The project README and website point users to that Docker image, and the openapitools Docker Hub account shows the openapi-generator-cli repository (millions of pulls and active tags). [1][2][3]

If you want to verify at source: check the openapitools organization page on Docker Hub and the OpenAPI Generator project README/website which link to docker image usage. [1][2][3]

Sources:

  • Docker Hub — openapitools organization / openapi-generator-cli. [1]
  • OpenAPI Generator GitHub README (Docker section). [2]
  • OpenAPI Generator website (usage via Docker). [3]

Consider upgrading openapitools/openapi-generator-cli to v7.17.0.

The openapi-generator-cli:v7.16.0 image is from the official OpenAPI Tools Docker Hub account and is secure—no known vulnerabilities affect v7.16.0 (CVE-2024-35219 and CVE-2023-27162 are fixed in that version). However, v7.17.0 is the latest stable release (Oct 2025), so consider upgrading for the most current bug fixes and improvements.

🤖 Prompt for AI Agents 
In Dockerfile at lines 1-1, update the base image tag from
openapitools/openapi-generator-cli:v7.16.0 to v7.17.0; change the FROM line to
reference v7.17.0, then rebuild the image and run the generator tests/CI to
verify compatibility and adjust any breaking changes if test failures occur.

@rafabene
Copy link
Contributor

rafabene commented Dec 16, 2025

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Dec 16, 2025
@openshift-ci
Copy link

openshift-ci bot commented Dec 16, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rafabene

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 0146d4b into openshift-hyperfleet:main Dec 16, 2025
7 checks passed
This was referenced Jan 6, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@crizzo71 crizzo71 Awaiting requested review from crizzo71

@mbrudnoy mbrudnoy Awaiting requested review from mbrudnoy

Assignees

@rafabene rafabene

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yingzhanredhat @rafabene