feat: Add configuration for image registries

[gfyrag]

No description provided.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

This pull request centralizes image selection by introducing an ImageConfiguration type used across Pulumi deployment code, replacing tag-only image resolution. It also relaxes replication restoration to ignore already-started pipelines and updates the provisioner Dockerfile builder image to golang:1.25-alpine.

Changes

Cohort / File(s)	Summary
Image Configuration Core deployments/pulumi/pkg/utils/convert.go	Add public ImageConfiguration (Registry, Repository, Tag). Change GetMainImage and GetImage to accept ImageConfiguration. Add WithFallbackTag() and SetDefaults(); generalize image string construction and defaults.
Configuration Layer deployments/pulumi/pkg/config/config.go, deployments/pulumi/pkg/common/common.go	Add ImageConfiguration to Common args/config, remove direct Tag usage, wire imageConfigurationOrTag() into loading/toInput flows, call SetDefaults() for image config. Import utils. Mark Tag deprecated.
Deployment Components (image wiring) deployments/pulumi/pkg/api/deployment.go, deployments/pulumi/pkg/storage/migrate.go, deployments/pulumi/pkg/worker/deployment.go	Replace calls using args.Tag with args.ImageConfiguration when getting main container image; no other container spec changes.
Generator / Provisioner components deployments/pulumi/pkg/generator/component.go, deployments/pulumi/pkg/provision/component.go	Use WithFallbackTag() to combine ImageConfiguration with component-specific version inputs; change ProvisionerVersion type to pulumix.Input[string]. Remove prior Apply/Apply2 tag merging logic and GeneratorVersion defaulting.
Replication: restore behavior internal/replication/manager.go	In synchronizePipelines(), ignore startPipeline() errors equal to ledger.ErrAlreadyStarted("") so restoration continues for already-started pipelines.
Replication: logging internal/replication/pipeline.go	Add three debug logs in PipelineHandler.Run(): pipeline termination, fetched items count, and last log ID movement.
Build / Dockerfile tools/provisioner/Dockerfile	Bump builder from golang:1.24-alpine to golang:1.25-alpine; add # syntax=docker/dockerfile:1 directive and extra COPY steps; ensure final CMD newline.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–30 minutes

Areas requiring close attention:

• deployments/pulumi/pkg/utils/convert.go — public API/signature changes for GetMainImage/GetImage and new ImageConfiguration defaults and normalization.
• All call sites that previously passed Tag (ensure every usage now passes an ImageConfiguration or uses WithFallbackTag).
• deployments/pulumi/pkg/config/config.go — correctness of imageConfigurationOrTag() precedence and interaction with deprecated Tag.
• internal/replication/manager.go — verify tolerating ErrAlreadyStarted is intended and doesn't mask other errors.

Poem

🐰 I hopped through registries wide and far,
I stitched repo, registry, tag into one star.
Images now neat, no more scattered track,
Pipelines hum along — I never look back.
Build updated, logs whisper the tale, ha-hop! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to assess whether the description relates to the changeset.	Add a pull request description explaining the motivation, implementation approach, and impact of adding configurable image registry support.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: refactoring image handling to support configurable image registries throughout the deployment system via a new ImageConfiguration struct.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch backport/v2.3/pulumi-configurable-registry

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tools/provisioner/Dockerfile (1)

4-8: COPY instructions reference undefined root build stage—this will cause build failure.

Lines 4-8 reference --from=root, but this stage is never defined in the Dockerfile. The only defined stages are:

• compiler (line 2: FROM golang:1.25-alpine AS compiler)
• Implicitly, the alpine:3.21 runtime stage (line 18)

The build will fail with "error: Stage 'root' not found" during the COPY operations. No parent Dockerfile, orchestration file, or build context defines this stage.

Remove lines 4-8 or clarify the intended source stage (likely should be compiler, or these copies are redundant since the build later copies specific files from the context).

Go 1.25-alpine is stable and available; Alpine 3.21 is correctly specified.

🧹 Nitpick comments (2)

deployments/pulumi/pkg/common/common.go (1)

22-31: Consider refactoring duplicate tag defaulting logic.

Lines 22-31 manually set defaults for args.Tag (which refers to the embedded ImageConfiguration.Tag field), but line 41 also calls args.ImageConfiguration.SetDefaults(). This creates duplicate defaulting logic that could lead to inconsistency if the default tag value changes in one place but not the other.

Consider removing lines 22-31 and ensuring ImageConfiguration.SetDefaults() handles all tag defaulting:

-	if args.Tag == nil {
-		args.Tag = pulumi.String("latest")
-	} else {
-		args.Tag = pulumix.Apply(args.Tag, func(tag string) string {
-			if tag == "" {
-				return "latest"
-			}
-			return tag
-		})
-	}

deployments/pulumi/pkg/utils/convert.go (1)

62-95: Consider consolidating default logic to avoid duplication.

The same defaults (ghcr.io, formancehq, latest) are applied in both SetDefaults() and inline within GetImage(). While this provides defense-in-depth, it introduces maintenance risk if defaults need to change.

Consider extracting default values as constants:

+const (
+	DefaultRegistry   = "ghcr.io"
+	DefaultRepository = "formancehq"
+	DefaultTag        = "latest"
+)

Then reference these constants in both GetImage() and SetDefaults() to keep them synchronized.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6caf8f3 and 995f5fc.

📒 Files selected for processing (11)

• deployments/pulumi/pkg/api/deployment.go (1 hunks)
• deployments/pulumi/pkg/common/common.go (2 hunks)
• deployments/pulumi/pkg/config/config.go (9 hunks)
• deployments/pulumi/pkg/generator/component.go (2 hunks)
• deployments/pulumi/pkg/provision/component.go (3 hunks)
• deployments/pulumi/pkg/storage/migrate.go (1 hunks)
• deployments/pulumi/pkg/utils/convert.go (2 hunks)
• deployments/pulumi/pkg/worker/deployment.go (1 hunks)
• internal/replication/manager.go (1 hunks)
• internal/replication/pipeline.go (3 hunks)
• tools/provisioner/Dockerfile (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-04-29T11:24:28.923Z

Learnt from: gfyrag
Repo: formancehq/ledger PR: 892
File: internal/controller/ledger/controller_default.go:196-196
Timestamp: 2025-04-29T11:24:28.923Z
Learning: In the ledger Import function, it's critical to maintain proper log ID tracking by updating lastLogID with the current log.ID after each processed log, rather than setting it to nil. This ensures the system can properly validate the ordering of logs and prevent duplicate or out-of-order processing, which is essential for maintaining data integrity in the ledger.

Applied to files:

• internal/replication/pipeline.go

🧬 Code graph analysis (9)

deployments/pulumi/pkg/api/deployment.go (2)

deployments/pulumi/pkg/utils/convert.go (2)

• GetMainImage (8-10)
• ImageConfiguration (46-50)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

deployments/pulumi/pkg/storage/migrate.go (2)

deployments/pulumi/pkg/utils/convert.go (2)

• GetMainImage (8-10)
• ImageConfiguration (46-50)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

internal/replication/manager.go (1)

internal/errors.go (1)

• ErrAlreadyStarted (75-75)

deployments/pulumi/pkg/worker/deployment.go (2)

deployments/pulumi/pkg/utils/convert.go (2)

• GetMainImage (8-10)
• ImageConfiguration (46-50)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

deployments/pulumi/pkg/provision/component.go (2)

deployments/pulumi/pkg/utils/convert.go (2)

• GetImage (12-35)
• ImageConfiguration (46-50)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

deployments/pulumi/pkg/utils/convert.go (1)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

deployments/pulumi/pkg/common/common.go (2)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

deployments/pulumi/pkg/utils/convert.go (1)

• ImageConfiguration (46-50)

deployments/pulumi/pkg/generator/component.go (1)

deployments/pulumi/pkg/utils/convert.go (2)

• GetImage (12-35)
• ImageConfiguration (46-50)

deployments/pulumi/pkg/config/config.go (2)

deployments/pulumi/pkg/utils/convert.go (1)

• ImageConfiguration (46-50)

internal/replication/drivers/registry.go (1)

• Registry (18-22)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Tests
• GitHub Check: Dirty

🔇 Additional comments (19)

tools/provisioner/Dockerfile (1)

1-1: Good addition: Dockerfile syntax directive.

The # syntax=docker/dockerfile:1 directive enables newer Dockerfile features and is a best practice for Dockerfile compatibility.

deployments/pulumi/pkg/storage/migrate.go (1)

41-41: LGTM!

The image resolution now uses the centralized ImageConfiguration instead of a simple tag, enabling more flexible registry and repository configuration.

deployments/pulumi/pkg/worker/deployment.go (1)

48-48: LGTM!

Consistent with the broader refactor to use ImageConfiguration for centralized image resolution.

internal/replication/manager.go (1)

218-223: LGTM!

The updated error handling makes pipeline restoration idempotent by tolerating already-started pipelines during synchronization. This is appropriate for periodic sync operations where pipelines may already be running.

deployments/pulumi/pkg/api/deployment.go (1)

170-170: LGTM!

The ledger-api container image resolution now uses ImageConfiguration, consistent with the refactor across all deployment components.

internal/replication/pipeline.go (3)

70-70: LGTM!

Added debug logging for pipeline shutdown improves observability.

---

96-96: LGTM!

Debug logging for fetched item count provides useful visibility into pipeline activity.

---

122-122: LGTM!

Debug logging for log ID updates enhances traceability. Based on learnings, proper log ID tracking is critical for maintaining data integrity in the ledger system, making this logging particularly valuable.

deployments/pulumi/pkg/provision/component.go (2)

30-30: LGTM!

Type change to pulumix.Input[string] provides more flexibility for provisioner version configuration.

---

133-136: LGTM!

The provisioner image now uses ImageConfiguration.WithFallbackTag, which allows custom registry/repository configuration while falling back to ProvisionerVersion when the main tag is not specified. This provides good flexibility for different deployment scenarios.

deployments/pulumi/pkg/common/common.go (2)

11-11: LGTM!

Embedding utils.ImageConfiguration in CommonArgs centralizes image configuration and enables consistent registry, repository, and tag management across all components.

---

41-41: LGTM!

Delegating to ImageConfiguration.SetDefaults() ensures consistent default initialization for registry, repository, and tag fields.

deployments/pulumi/pkg/generator/component.go (2)

6-9: Imports added for new functionality.

The imports for os, filepath, and time support the script loading from file and HTTP timeout configuration features.

---

144-147: LGTM!

The generator image now uses ImageConfiguration.WithFallbackTag to support custom registry/repository configuration while allowing GeneratorVersion to override the tag when specified. This provides consistent flexibility across all components.

deployments/pulumi/pkg/utils/convert.go (2)

8-35: LGTM - Image construction logic is sound.

The image reference format registry/org/component:tag correctly produces paths like ghcr.io/formancehq/ledger:latest for GitHub Container Registry. The inline default handling provides a safety net.

---

46-60: LGTM - Clean struct and fallback pattern.

The ImageConfiguration struct and WithFallbackTag method provide a clear API for handling image configuration with sensible fallback behavior.

deployments/pulumi/pkg/config/config.go (3)

578-582: LGTM - Deprecation and new field addition are clear.

The Tag field is properly marked as deprecated with the new Image *ImageConfiguration field taking its place. The toInput() method correctly uses imageConfigurationOrTag to bridge backward compatibility.

---

736-740: Note: JSON tag for Tag is version for consistency.

The JSON tag version on the Tag field aligns with the deprecated Tag field in Common struct (line 579), maintaining backward compatibility in configuration files.

---

845-861: LGTM - Backward-compatible conversion logic.

The helper correctly handles three cases:

1. No configuration → uses legacy tag parameter
2. Configuration with Tag → overrides the legacy tag
3. Configuration without Tag → uses legacy tag as fallback

This ensures smooth migration from the deprecated Tag field.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix incorrect error message - copy-paste error.

The error message references "generator config" but should reference "image config".

 	image := &ImageConfiguration{}
 	if err := cfg.TryObject("image", image); err != nil {
 		if !errors.Is(err, config.ErrMissingVar) {
-			return nil, fmt.Errorf("error reading generator config: %w", err)
+			return nil, fmt.Errorf("error reading image config: %w", err)
 		}
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	image := &ImageConfiguration{}
	if err := cfg.TryObject("image", image); err != nil {
	if !errors.Is(err, config.ErrMissingVar) {
	return nil, fmt.Errorf("error reading generator config: %w", err)
	}
	}
	image := &ImageConfiguration{}
	if err := cfg.TryObject("image", image); err != nil {
	if !errors.Is(err, config.ErrMissingVar) {
	return nil, fmt.Errorf("error reading image config: %w", err)
	}
	}

🤖 Prompt for AI Agents

In deployments/pulumi/pkg/config/config.go around lines 812 to 817, the error
message logged when TryObject("image", ...) returns a non-missing error
incorrectly says "generator config"; change the fmt.Errorf call to reference
"image config" instead so the returned error reads fmt.Errorf("error reading
image config: %w", err). Keep the same error wrapping and behavior for
non-missing errors.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

golang:1.25-alpine Docker Hub image availability

💡 Result:

Yes — the official golang images include Alpine variants for Go 1.25. Tags such as golang:1.25-alpine (and more specific ones like golang:1.25-alpine3.21 / golang:1.25-alpine3.22 / golang:1.25.3-alpine) are published and can be pulled. [1][2]

Sources:

• Docker image listing for golang:1.25-alpine (mirror of Docker Hub). [1]
• community-maintained list of available golang tags showing 1.25-alpine variants. [2]

---

🌐 Web query:

Go 1.25 release date stability breaking changes

💡 Result:

• Release date: Go 1.25.0 was released August 12, 2025. [1]

• Stability / compatibility: Go’s 1.x compatibility promise remains — no deliberate source-breaking language changes — but some toolchain/runtime changes in 1.25 can cause previously-working (but incorrect or relying-on-undefined-behavior) programs to fail at runtime. Test your code before upgrading. [1]

• Notable breaking / behavior-changing items in 1.25 (things that may require code changes or additional testing):

  1. Stricter nil‑pointer semantics: fixes a long-standing compiler bug that can make previously-running-but-incorrect code panic (nil-check timing/semantics tightened). Test for unexpected panics. [2]
  2. Compiler optimizations (more slice backing allocation on the stack) can amplify incorrect unsafe.Pointer usage; such code may misbehave. [2]
  3. DWARF5 debug info becomes the default (affects debugging/tooling; DWARF5 can be disabled via GOEXPERIMENT=nodwarf5). [2]
  4. New/changed toolchain defaults and vet analyzers (e.g., new vet checks, AddressSanitizer leak-detection default, fewer prebuilt helper binaries) may surface new warnings or change build/test behavior. [2]
  5. Experimental encoding/json/v2 exposed behind GOEXPERIMENT=jsonv2 — opt‑in but may affect behavior if enabled. [2]

References:

• Go release history / 1.25 release notes. [1]
• 1.25 summary (nil‑check, DWARF5, toolchain changes, jsonv2, unsafe effects). [2]

---

🌐 Web query:

Go 1.25 security considerations and vulnerabilities

💡 Result:

Summary — Go 1.25 security considerations and known vulnerabilities (concise)

• Go 1.25 security posture: multiple follow-up minor releases (1.25.1 → 1.25.4) addressed security fixes across stdlib crypto and networking packages; Go upstream recommends installing the latest 1.25.x patch for security fixes. [1][2]

• Notable packages/areas patched in 1.25.x series:

  • crypto/tls and crypto/x509 — stricter TLS behavior, disallowing SHA‑1 in TLS1.2 by default, stricter spec conformance, x509 parsing/SubjectKeyId behavior changes. [1][3]
  • encoding/asn1 and encoding/pem — ASN.1/BMP/T61 string handling and PEM fixes. [1][3]
  • net/http, net/textproto, net/url, net/mail — multiple security fixes across minor releases. [1][2]
  • archive/tar — fixes (e.g., tar writer FS symlink behavior) included in 1.25.2 notes. [1][2]
  • crypto/subtle, os, runtime, compiler — additional fixes landed in later 1.25.x updates. [2]

• Public CVEs / advisories affecting Go 1.25 (examples reported in vendor/security feeds):

  • CVE-2025-4674, CVE-2025-47906, CVE-2025-47907 — referenced in a SUSE/OSV security update for go1.25-openssl packaging (details in vendor advisory). Install patched builds from distro or upstream. [4]

• Vendor builds / distro notes:

  • Microsoft’s Go 1.25 build enables systemcrypto (system-provided crypto backends) by default on some platforms — this can affect behavior/security posture; opt-out instructions provided by Microsoft. [5]
  • Distributors (SUSE, others) published advisories describing additional packaging fixes (HKDF/OpenSSL interactions, FIPS notes). [4][3]

Recommendations

• Upgrade to the latest go1.25.x patch (or newer Go release) from the official go.dev downloads or your distro vendor as soon as practical. [1][2]
• Review code that depends on TLS/x509/ASN.1 parsing and net/http behavior — test with patched runtime; watch GODEBUG/GOEXPERIMENT flags (tlssha1, systemcrypto, jsonv2) which can change behavior. [1][5]
• If you use vendor/dist-specific builds (e.g., go-openssl, FIPS builds, Microsoft build), follow vendor advisories and apply their security patches. [4][5]

Sources

1. Go 1.25 release notes / release history (go.dev). [Go release history / go1.25 notes].
2. go1.25 minor-release changelog summary (go.dev release history listing 1.25.1–1.25.4).
3. SUSE go1.25-openssl advisory / release details.
4. OSV / SUSE security update listing (CVE-2025-4674, CVE-2025-47906, CVE-2025-47907).
5. Microsoft blog: Microsoft build of Go 1.25 notes (systemcrypto default).

If you want, I can fetch and extract the specific CVE descriptions and upstream issue links for each patched bug.

---

golang:1.25-alpine is available but requires careful validation before deployment.

The golang:1.25-alpine image is available on Docker Hub. However, Go 1.25 introduced several breaking changes that necessitate thorough testing:

• Nil-pointer semantics tightened: Previously-working-but-incorrect code may panic at runtime due to stricter nil checks.
• Compiler optimizations: More stack-based slice allocations can expose incorrect unsafe.Pointer usage.
• DWARF5 debug info: Now default (can be disabled via GOEXPERIMENT=nodwarf5).
• Toolchain and vet changes: New checks and build/test behavior may surface additional warnings.

Additionally, multiple security advisories exist for Go 1.25 (CVE-2025-4674, CVE-2025-47906, CVE-2025-47907). Use the latest patched version (1.25.4 or newer) and test dependent code thoroughly, especially components using TLS, x509, ASN.1 parsing, or net/http.

🤖 Prompt for AI Agents

In tools/provisioner/Dockerfile around line 2 the base image is pinned to
golang:1.25-alpine which has breaking changes and known CVEs; update the FROM to
a patched 1.25 release (e.g. golang:1.25.4-alpine or later) or another supported
patchline, update any CI/build matrix to use the same pinned patch, run the full
test-suite and integration tests (focus on TLS/x509/ASN.1/net/http paths), run
static checks (go vet, golangci-lint) and audit unsafe.Pointer usage, and if you
hit debug/DWARF issues consider setting GOEXPERIMENT=nodwarf5 in the
Dockerfile/CI until code adjustments are validated.

[codecov]

Codecov Report

❌ Patch coverage is 71.42857% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.04%. Comparing base (6caf8f3) to head (1ebb730).
⚠️ Report is 1 commits behind head on release/v2.3.

Files with missing lines	Patch %	Lines
internal/replication/manager.go	50.00%	2 Missing ⚠️

Additional details and impacted files

@@               Coverage Diff                @@
##           release/v2.3    #1166      +/-   ##
================================================
+ Coverage         81.88%   82.04%   +0.16%     
================================================
  Files               187      187              
  Lines              8924     8995      +71     
================================================
+ Hits               7307     7380      +73     
+ Misses             1190     1189       -1     
+ Partials            427      426       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[graphite-app]

Error message incorrectly states "error reading generator config" when actually reading image configuration. This will mislead debugging efforts.

Fix:

return nil, fmt.Errorf("error reading image config: %w", err)

Suggested change

	return nil, fmt.Errorf("error reading generator config: %w", err)
	return nil, fmt.Errorf("error reading image config: %w", err)

Spotted by Graphite Agent



Is this helpful? React 👍 or 👎 to let us know.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

deployments/pulumi/pkg/config/config.go (1)

812-817: Fix error message - incorrect reference to "generator config".

The error message on line 815 incorrectly references "generator config" when reading image configuration.

Apply this diff:

-			return nil, fmt.Errorf("error reading generator config: %w", err)
+			return nil, fmt.Errorf("error reading image config: %w", err)

🧹 Nitpick comments (1)

deployments/pulumi/pkg/utils/convert.go (1)

62-95: Consider extracting default values to constants.

The default values "ghcr.io", "formancehq", and "latest" are hardcoded in both SetDefaults and GetImage (lines 17, 23, 30). Extracting these as package-level constants would improve maintainability.

Example:

+const (
+	defaultRegistry   = "ghcr.io"
+	defaultRepository = "formancehq"
+	defaultTag        = "latest"
+)
+
 func (args *ImageConfiguration) SetDefaults() {
 	if args.Registry == nil {
-		args.Registry = pulumi.String("ghcr.io")
+		args.Registry = pulumi.String(defaultRegistry)
 	} else {
 		args.Registry = pulumix.Apply(args.Registry, func(registry string) string {
 			if registry == "" {
-				return "ghcr.io"
+				return defaultRegistry
 			}
 			return registry
 		})
 	}
 	// ... apply similar changes for Repository and Tag
 }

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 995f5fc and 1ebb730.

📒 Files selected for processing (11)

• deployments/pulumi/pkg/api/deployment.go (1 hunks)
• deployments/pulumi/pkg/common/common.go (2 hunks)
• deployments/pulumi/pkg/config/config.go (9 hunks)
• deployments/pulumi/pkg/generator/component.go (2 hunks)
• deployments/pulumi/pkg/provision/component.go (3 hunks)
• deployments/pulumi/pkg/storage/migrate.go (1 hunks)
• deployments/pulumi/pkg/utils/convert.go (2 hunks)
• deployments/pulumi/pkg/worker/deployment.go (1 hunks)
• internal/replication/manager.go (1 hunks)
• internal/replication/pipeline.go (3 hunks)
• tools/provisioner/Dockerfile (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• internal/replication/manager.go
• internal/replication/pipeline.go
• tools/provisioner/Dockerfile

🧰 Additional context used

🧬 Code graph analysis (4)

deployments/pulumi/pkg/utils/convert.go (1)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

deployments/pulumi/pkg/common/common.go (2)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

deployments/pulumi/pkg/utils/convert.go (1)

• ImageConfiguration (46-50)

deployments/pulumi/pkg/worker/deployment.go (2)

deployments/pulumi/pkg/utils/convert.go (2)

• GetMainImage (8-10)
• ImageConfiguration (46-50)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

deployments/pulumi/pkg/storage/migrate.go (2)

deployments/pulumi/pkg/utils/convert.go (2)

• GetMainImage (8-10)
• ImageConfiguration (46-50)

deployments/pulumi/pkg/config/config.go (1)

• ImageConfiguration (736-740)

🔇 Additional comments (15)

deployments/pulumi/pkg/utils/convert.go (4)

8-10: LGTM! Clean delegation to GetImage.

The refactored GetMainImage now accepts a complete ImageConfiguration and delegates appropriately, improving consistency across the codebase.

---

12-35: Image URL construction logic is correct.

The function properly constructs the image reference with sensible fallbacks for registry, repository, and tag. The empty-string checks ensure defaults are applied consistently.

---

46-50: LGTM! Well-defined configuration struct.

The ImageConfiguration type cleanly captures the three components needed for image resolution.

---

52-60: LGTM! Fallback logic is correct and immutable.

The method properly merges the provided tag with a fallback, using a value receiver to ensure immutability.

deployments/pulumi/pkg/worker/deployment.go (1)

48-48: LGTM! Correctly updated to use ImageConfiguration.

The worker container image resolution now uses the new ImageConfiguration pattern, maintaining consistency with the broader refactoring.

deployments/pulumi/pkg/storage/migrate.go (1)

41-41: LGTM! Migration job image resolution updated correctly.

Consistent with the ImageConfiguration refactoring across other components.

deployments/pulumi/pkg/api/deployment.go (1)

170-170: LGTM! API container image resolution updated correctly.

The ledger-api deployment now uses ImageConfiguration, aligning with the refactoring pattern.

deployments/pulumi/pkg/provision/component.go (2)

30-30: LGTM! Type change enables flexible input handling.

Changing ProvisionerVersion from pulumi.String to pulumix.Input[string] allows for more flexible configuration sources.

---

133-136: LGTM! Provisioner image resolution correctly uses fallback mechanism.

The image construction properly leverages WithFallbackTag to apply the provisioner version as a fallback, and correctly specifies "ledger-provisioner" as the component name.

deployments/pulumi/pkg/common/common.go (2)

11-11: LGTM! Embedding ImageConfiguration centralizes image configuration.

Embedding utils.ImageConfiguration into CommonArgs provides a clean way to share image configuration across all components.

---

41-41: LGTM! SetDefaults delegation is correct.

Delegating to ImageConfiguration.SetDefaults() ensures proper initialization of image-related fields.

deployments/pulumi/pkg/generator/component.go (1)

144-147: LGTM! Generator image resolution uses fallback pattern correctly.

The image construction properly uses WithFallbackTag with the generator version and specifies "ledger-generator" as the component name, consistent with the provisioner implementation.

deployments/pulumi/pkg/config/config.go (3)

736-740: LGTM! Configuration struct properly defined.

The ImageConfiguration struct correctly maps JSON/YAML fields for registry, repository, and version (tag).

---

845-861: LGTM! Backward compatibility helper is well-designed.

The imageConfigurationOrTag function correctly provides backward compatibility by honoring the deprecated Tag field when ImageConfiguration is not provided, and properly merges configuration when both are present.

---

591-598: LGTM! Config-to-input conversion updated correctly.

The toInput method properly uses the imageConfigurationOrTag helper to construct the ImageConfiguration, maintaining backward compatibility with the deprecated Tag field.