The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

pkg/cmd/server/openapi.go (4)

63-71: Set .spec to an explicit object when creating a schemaless container

When raw is empty and .spec doesn't exist yet, we only set AdditionalProperties=true on an otherwise zero-value schema. Some consumers require type: object for additionalProperties to apply. Being explicit here avoids edge-case validation issues.

Apply this diff:

   if strings.TrimSpace(raw) == "" {
     if target.Properties == nil {
       target.Properties = map[string]spec.Schema{}
     }
     prop := target.Properties["spec"]
+    if !prop.Type.Contains("object") {
+      prop.Type = spec.StringOrArray{"object"}
+    }
     prop.AdditionalProperties = &spec.SchemaOrBool{Allows: true}
     target.Properties["spec"] = prop
     return nil
   }

---

274-283: Make int-or-string detection robust to nullable unions

The current check fails if the union includes "null" (a common pattern for nullable fields). Ignoring "null" and requiring exactly the two target types avoids false negatives.

Apply this diff:

 func hasIntAndStringAnyOf(anyOf []spec.Schema) bool {
   seen := map[string]bool{}
   for i := range anyOf {
     for _, t := range anyOf[i].Type {
-      seen[t] = true
+      if t != "null" && t != "" {
+        seen[t] = true
+      }
     }
   }
-  return seen["string"] && seen["integer"] && len(seen) <= 2
+  return seen["string"] && seen["integer"] && len(seen) == 2
 }

---

291-304: Consider preserving some signal when dropping AnyOf/OneOf

V2 can’t express anyOf/oneOf. Clearing them is necessary, but it erases helpful shape information for downstream consumers. Optional: stash the original branches in a vendor extension for traceability.

Illustrative change (optional):

 if len(s.AnyOf) > 0 {
   if hasIntAndStringAnyOf(s.AnyOf) {
     s.Type = spec.StringOrArray{"string"}
     if s.Extensions == nil {
       s.Extensions = map[string]interface{}{}
     }
     s.Extensions["x-kubernetes-int-or-string"] = true
   }
+  // Optional: retain visibility of the original union for tooling/doc purposes.
+  if s.Extensions == nil {
+    s.Extensions = map[string]interface{}{}
+  }
+  if _, ok := s.Extensions["x-cozystack-anyOf"]; !ok {
+    s.Extensions["x-cozystack-anyOf"] = s.AnyOf
+  }
   s.AnyOf = nil
 }
 
 if len(s.OneOf) > 0 {
-  s.OneOf = nil
+  if s.Extensions == nil {
+    s.Extensions = map[string]interface{}{}
+  }
+  if _, ok := s.Extensions["x-cozystack-oneOf"]; !ok {
+    s.Extensions["x-cozystack-oneOf"] = s.OneOf
+  }
+  s.OneOf = nil
 }

---

359-362: Avoid double sanitization to reduce work and surprises

We sanitize cloned kind schemas before inserting into definitions, and then sanitize all definitions again post-unmarshal. One pass is sufficient; keeping only the final pass guarantees all defs are covered and avoids redundant work.

Apply this diff to drop the early pass:

-      sanitizeForV2(obj)
-      sanitizeForV2(status)
-      sanitizeForV2(l)

Also applies to: 393-397

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

pkg/cmd/server/openapi.go (1)

77-79: Defaulting AdditionalProperties to true for custom .spec is correct

OpenAPI defaults additionalProperties to true; making it explicit improves interoperability. LGTM.

hack/e2e-test-openapi.bats (1)

6-8: Reduce log noise from kubectl -v7 in CI output.

The verbose logs go to stderr and can clutter reports. Keep -v7 for local debugging, but in CI consider redirecting stderr or lowering verbosity.

Apply this minimal tweak if desired:

-  kubectl get -v7 --raw '/openapi/v2?timeout=32s' > /dev/null
+  kubectl get --raw '/openapi/v2?timeout=32s' > /dev/null 2>&1

And similarly for the v3 call.

Also applies to: 10-12

packages/core/testing/Makefile (1)

50-52: Add .PHONY for the new test target (and test) to satisfy checkmake and prevent filename collisions.

This prevents Make from treating these as file targets and addresses the static analysis warning.

Apply this diff:

+ .PHONY: test test-openapi

If you prefer grouping, you can also include other purely procedural targets in the same line.

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

hack/e2e-test-openapi.bats (2)

1-5: Good addition: targeted E2E coverage for OpenAPI v2/v3 and protobuf.

This gives us basic contract checks against the cluster’s OpenAPI endpoints and directly exercises the v2 sanitization work.

---

10-12: The provided test-openapi target is not currently gated behind an install-cozystack prerequisite, and the test target simply runs test-cluster, test-openapi, then test-apps. Without ensuring install-cozystack runs first, the OpenAPI group may not exist yet, causing the raw GET check to 404.

Please apply one of these fixes:

• Ensure install-cozystack runs before test-openapi by updating the Makefile’s dependencies. For example, modify the test target:

 test: test-cluster test-openapi test-apps ## Run the end-to-end tests in existing sandbox
+    $(MAKE) install-cozystack

or add install-cozystack as a prerequisite to test-openapi:

-test-openapi:
+test-openapi: install-cozystack

• Alternatively, wrap the raw OpenAPI GET in a guard to skip the test when apps.cozystack.io isn’t yet installed:

 @test "Test OpenAPI v3 endpoint (apps.cozystack.io present)" {
-  kubectl get -v7 --raw '/openapi/v3/apis/apps.cozystack.io/v1alpha1' > /dev/null
+  if ! kubectl api-resources --api-group=apps.cozystack.io >/dev/null 2>&1; then
+    skip "apps.cozystack.io API group not installed"
+  fi
+  kubectl get -v7 --raw '/openapi/v3/apis/apps.cozystack.io/v1alpha1' > /dev/null
 }

Either approach will prevent a false-negative when the API group is not yet present.

packages/core/testing/Makefile (1)

33-33: Integrating test-openapi into the main test flow looks good.

The high-level order makes sense, assuming the cluster has the cozystack APIs available by this point.

Please confirm whether test-cluster installs cozystack APIs. If not, consider either:

• test: test-cluster install-cozystack test-openapi test-apps
• or make test-openapi depend on install-cozystack.

.github/workflows/pull-requests.yaml (1)

257-261: Harden OpenAPI test step with retries and backoff to reduce flakes

The new step can be transiently flaky (API not fully ready, kube-proxy hiccups). Mirror the retry pattern used elsewhere in this workflow to stabilize CI.

Apply this patch to wrap the command with retries and a small backoff:

-      - name: Run OpenAPI tests
-        run: |
-          cd /tmp/$SANDBOX_NAME
-          make -C packages/core/testing SANDBOX_NAME=$SANDBOX_NAME test-openapi
+      - name: Run OpenAPI tests
+        run: |
+          set -euo pipefail
+          cd /tmp/$SANDBOX_NAME
+          attempt=0
+          until make -C packages/core/testing SANDBOX_NAME=$SANDBOX_NAME test-openapi; do
+            attempt=$((attempt + 1))
+            if [ $attempt -ge 3 ]; then
+              echo "❌ Attempt $attempt failed, exiting..."
+              exit 1
+            fi
+            echo "❌ Attempt $attempt failed, retrying..."
+            sleep 10
+          done
+          echo "✅ The task completed successfully after $attempt attempts."

packages/core/testing/Makefile (1)

50-52: Add help text and optional retry around the OpenAPI bats to aid DX and stability

• Add a help description so make help surfaces this target.
• Optional: wrap in a simple retry here as well (even if the workflow retries), useful for local runs.

Proposed tweaks:

-test-openapi:
-	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && hack/cozytest.sh hack/e2e-test-openapi.bats'
+test-openapi: ## Run OpenAPI e2e tests (v2, v3, protobuf) inside the sandbox
+	@attempt=0; \
+	until docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && hack/cozytest.sh hack/e2e-test-openapi.bats'; do \
+	  attempt=$$((attempt + 1)); \
+	  if [ $$attempt -ge 3 ]; then \
+	    echo "❌ Attempt $$attempt failed, exiting..."; exit 1; \
+	  fi; \
+	  echo "❌ Attempt $$attempt failed, retrying..."; sleep 5; \
+	done; \
+	echo "✅ The task completed successfully after $$attempt attempts."

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.