Fix ContainerfilesDirect build instead of make targets to catch failures

[Joeavaikath]

Why the changes were made

konflux.Dockerfile successfully builds but the oadp-cli binaries are absent: make target silently fails

How to test the changes made

konflux.Dockerfile build should succeed without issue

Summary by CodeRabbit

• Chores
  • Restructured build process to explicitly cross-compile binaries for multiple platforms (Linux, macOS, Windows) and architectures (amd64, arm64) with version and commit information embedded at build time.
  • Updated build configuration for download-server component.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Joeavaikath

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Joeavaikath]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Joeavaikath]

/cherry-pick oadp-1.6

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request updates two Dockerfiles to replace single make release-binaries commands with explicit per-platform cross-compilation loops. Build-time arguments VERSION and GIT_COMMIT are introduced and wired into Go builds via -ldflags to populate build metadata. Artifacts are now organized into /archives with corresponding .sha256 checksum files for each binary.

Changes

Cohort / File(s)	Summary
Dockerfile Cross-Platform Build Refactoring Containerfile.download, konflux.Dockerfile	Replaced make release-binaries with explicit per-platform cross-compilation loops for Linux/macOS/Windows (amd64/arm64). Added VERSION and GIT_COMMIT build arguments injected via -ldflags into Go build metadata. Generates .sha256 checksum files for each binary. Adjusted artifact copying from /archives instead of release-binaries directory. Updated download-server build flags to use -trimpath.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Redesign download server UI and add Konflux Containerfile #158 — Modifies Containerfile.download build steps for download-server and archive handling.
• Update download server to serve raw binaries and drop ppc64le/s390x #174 — Replaces archive-centric release steps with per-platform binary outputs in /archives for Containerfile.download.
• Prepare oadp-cli for Konflux onboarding into OADP 1.6 #169 — Updates konflux.Dockerfile build steps for archive creation and Go build flags.

Suggested labels

approved, lgtm

Suggested reviewers

• kaovilai
• mpryc
• sseago

Poem

🐰 Cross-compiling for every platform with glee,
Linux, Mac, Windows—amd64, arm64, you see!
With -ldflags magic and checksums so neat,
Your binaries are packaged—oh what a treat! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the main change: replacing make targets with direct build commands in Containerfiles to improve failure detection.
Description check	✅ Passed	The description includes both required sections with adequate detail about the silent build failure problem and testing approach, matching the template structure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-cherrypick-robot]

@Joeavaikath: once the present PR merges, I will cherry-pick it on top of oadp-1.6 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick oadp-1.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Containerfile.download`:
- Line 41: The checksum file currently contains absolute paths because the line
invoking sha256sum uses /archives/$output; change the invocation so sha256sum
computes checksums using relative filenames (e.g., run sha256sum from inside the
/archives directory or otherwise pass just $output as the filename) and write
the result to /archives/$output.sha256; update the sha256sum invocation that
references /archives/$output and $output.sha256 to ensure the output uses the
bare filename so downstream sha256sum -c works for users.

In `@konflux.Dockerfile`:
- Line 35: The checksum line currently invokes sha256sum on the absolute path
and writes an absolute-path filename (causing mismatch for users); update the
step that runs sha256sum on the $output artifact so it records the basename
rather than the absolute path and writes to a $output.sha256 file in the same
folder — achieve this by running sha256sum on the relative filename (or changing
into the archives directory first) so the produced checksum file contains the
plain filename and will verify with sha256sum -c; target the existing sha256sum
invocation that references $output and the generated .sha256 file.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0fb0a841-3f5f-4f31-a858-e015c63cb352

📥 Commits

Reviewing files that changed from the base of the PR and between b021c35 and 10bc90d.

📒 Files selected for processing (2)

• Containerfile.download
• konflux.Dockerfile

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Checksum files will contain absolute paths, breaking user verification.

sha256sum /archives/$output produces output like abc123... /archives/kubectl-oadp_linux_amd64. When users download the binary and checksum file, running sha256sum -c kubectl-oadp_linux_amd64.sha256 will fail because the path doesn't match.

🔧 Proposed fix to use relative paths in checksum files

-        sha256sum /archives/$output > /archives/$output.sha256; \
+        (cd /archives && sha256sum $output > $output.sha256); \

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	sha256sum /archives/$output > /archives/$output.sha256; \
	(cd /archives && sha256sum $output > $output.sha256); \

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Containerfile.download` at line 41, The checksum file currently contains
absolute paths because the line invoking sha256sum uses /archives/$output;
change the invocation so sha256sum computes checksums using relative filenames
(e.g., run sha256sum from inside the /archives directory or otherwise pass just
$output as the filename) and write the result to /archives/$output.sha256;
update the sha256sum invocation that references /archives/$output and
$output.sha256 to ensure the output uses the bare filename so downstream
sha256sum -c works for users.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Checksum file contains absolute path, breaking user verification.

The sha256sum /archives/$output command outputs the full path (e.g., /archives/kubectl-oadp_linux_amd64) in the checksum file. When users download these files and run sha256sum -c, verification will fail because the local filename won't match.

🔧 Proposed fix to use relative path in checksum

-        sha256sum /archives/$output > /archives/$output.sha256; \
+        (cd /archives && sha256sum $output > $output.sha256); \

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	sha256sum /archives/$output > /archives/$output.sha256; \
	(cd /archives && sha256sum $output > $output.sha256); \

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@konflux.Dockerfile` at line 35, The checksum line currently invokes sha256sum
on the absolute path and writes an absolute-path filename (causing mismatch for
users); update the step that runs sha256sum on the $output artifact so it
records the basename rather than the absolute path and writes to a
$output.sha256 file in the same folder — achieve this by running sha256sum on
the relative filename (or changing into the archives directory first) so the
produced checksum file contains the plain filename and will verify with
sha256sum -c; target the existing sha256sum invocation that references $output
and the generated .sha256 file.