// Use when preparing a pull request for review or before pushing. Checklist of commit conventions, Rego policy tests at 100% coverage, BATS tests, code quality checks, and CI check requirements.
| name | pr-definition-of-done |
| description | Use when preparing a pull request for review or before pushing. Checklist of commit conventions, Rego policy tests at 100% coverage, BATS tests, code quality checks, and CI check requirements. |
Every PR must pass CI checks, follow commit conventions, include tests with 100% coverage for policies, and avoid unnecessary whitespace changes.
type(JIRA-ID): description (e.g., feat(STONEINTG-1641): add AI skills)feat, fix, chore, refactor, test, docsgit commit -sAssisted-by: <tool-name> trailerunittests/test_{scanner}/unittests_bash/opa test policies unittests unittests/test_data -c passesbats unittests_bash passesshellcheck -s bash test/utils.sh passes (excludes conftest.sh, selftest.sh)hadolint Dockerfile passes (with standard ignores: DL3003,DL3013,DL3041,DL4006)| Check | Workflow | What fails it |
|---|---|---|
| OPA unit tests | pr-checks.yaml / opa_policies_unittest | Any test failure or coverage < 100% |
| BATS tests | pr-checks.yaml / bash_unittests | Any BATS test failure |
| Shellcheck | pr-checks.yaml / shellcheck | Violations in test/ (excludes conftest.sh, selftest.sh) |
| Hadolint | pr-checks.yaml / Dockerfile-linter | Dockerfile lint violations |
| YAML lint | pr-checks.yaml / YAML-Linter | yamllint violations |
| Gitlint | pr-checks.yaml / gitlint | Non-conventional format, title > 72 chars, uppercase after colon |
| Tekton build | .tekton/ | Image build failure, security scans |
| Mistake | Fix |
|---|---|
| Commit description starts uppercase | Must start lowercase — gitlint custom rule UC1 enforces |
| OPA coverage drops below 100% | Add tests for every new policy rule line |
| Added whitespace to unrelated lines | Review diff carefully, revert formatting-only changes |
| Forgot to add test data fixture | New policies need test data in unittests/test_data/ |
shellcheck passes locally but fails in CI | Run with -s bash flag: shellcheck -s bash test/utils.sh |
Use when adding new tools, binaries, or packages to the konflux-test container image. Covers artifacts.lock.yaml (generic binaries), rpms.in.yaml (system packages), multi-architecture support, and hermetic build constraints.
Use when CI checks fail unexpectedly, when preparing code for CI, or when encountering non-obvious build and pipeline behavior. Covers hermetic builds, Tekton pipelines, multi-arch, GitHub Actions checks, and integration test structure.
Use when running OPA policy unit tests, BATS bash tests, shellcheck, hadolint, or conftest integration tests locally. Covers test commands, coverage requirements, test data, and prerequisites.
Use when adding or modifying bash utility functions in test/utils.sh. Covers naming conventions, function structure, BATS tests, mock patterns for external tools, TEST_OUTPUT format, and shellcheck compliance.
Use when writing, modifying, or reviewing OPA/conftest Rego policies. Covers package naming, rule prefixes (violation_ and warn_), conftest namespaces, violation object structures, imports, and unit test patterns.