Copilot skills for building CLI, container images, and installing Radius#11402
Copilot skills for building CLI, container images, and installing Radius#11402
Conversation
sk593
requested a deployment
to
external-contributor-approval
GitHub Actions
Waiting
There was a problem hiding this comment.
Pull request overview
This PR adds new GitHub Copilot skills that document how to build the rad CLI, build/push Radius container images, and install Radius from custom images. It also introduces new DynamicRP schema-annotation helpers and a frontend update filter intended to interact with sensitive-field schema metadata.
Changes:
- Add 3 new Copilot skills under
.github/skills/and register them in.github/copilot-instructions.md. - Add
GetSensitiveFieldPaths/ExtractSensitiveFieldPathsimplementation + tests underpkg/dynamicrp/schema/. - Add a new DynamicRP frontend update filter factory + tests under
pkg/dynamicrp/frontend/.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/dynamicrp/schema/annotations.go | New schema annotation helper implementation for sensitive-field paths |
| pkg/dynamicrp/schema/annotations_test.go | Unit tests for the new DynamicRP schema helper |
| pkg/dynamicrp/frontend/updatefilter.go | New frontend update filter factory that fetches sensitive-field paths |
| pkg/dynamicrp/frontend/updatefilter_test.go | Tests covering the new update filter behavior |
| .github/skills/radius-build-cli/SKILL.md | New skill: build rad from source |
| .github/skills/radius-build-images/SKILL.md | New skill: build/push Radius images (incl. multi-arch) |
| .github/skills/radius-install-custom/SKILL.md | New skill: install Radius using custom-built images |
| .github/copilot-instructions.md | Registers the newly added skills |
You can also share your feedback on Copilot code review. Take the survey.
| ## Key Environment Variables | ||
|
|
||
| | Variable | Default | Description | | ||
| |----------|---------|-------------| | ||
| | `DOCKER_REGISTRY` | `$(whoami)` | Target registry (e.g. `ghcr.io/myorg`) | | ||
| | `DOCKER_TAG_VERSION` | `latest` | Image tag | | ||
| | `DOCKER_CACHE_GHA` | `0` | Set to `1` to enable GitHub Actions layer caching | |
There was a problem hiding this comment.
The "Key Environment Variables" table lists DOCKER_REGISTRY defaulting to $(whoami), but the repository Makefile includes build/test.mk before build/docker.mk, and build/test.mk sets DOCKER_REGISTRY ?= ghcr.io/radius-project/dev — which becomes the effective default. Update the table (or call out the include-order behavior) so the documented default matches what make docker-build/docker-push will actually use when the user doesn’t export DOCKER_REGISTRY.
| kubectl create secret docker-registry regcred \ | ||
| --docker-server=${DOCKER_REGISTRY} \ | ||
| --docker-username=<username> \ | ||
| --docker-password=<password> \ | ||
| -n radius-system |
There was a problem hiding this comment.
This example uses the --docker-password flag, which causes the registry password to appear in shell history, process listings, and potentially CI logs, making it easier for an attacker with host or log access to steal credentials and compromise the registry. Prefer approaches that do not place secrets directly on the command line (for example using --docker-password-stdin or other mechanisms supported by your tooling) so that passwords are not recorded in plaintext.
| kubectl create secret docker-registry regcred \ | ||
| --docker-server=${DOCKER_REGISTRY} \ | ||
| --docker-username=<username> \ | ||
| --docker-password=<password> \ | ||
| -n radius-system |
There was a problem hiding this comment.
This command passes the registry password via the --docker-password flag, which can expose credentials in shell history, process listings, and CI logs where the command line is captured. An attacker with access to these logs or the host could recover registry credentials and push or pull malicious images. Use a safer method such as --docker-password-stdin or an identity-based mechanism so the password is never present directly on the command line.
sk593
requested a deployment
to
external-contributor-approval
GitHub Actions
Waiting
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
sk593
requested a deployment
to
external-contributor-approval
GitHub Actions
Waiting
Signed-off-by: sk593 <shruthikumar@microsoft.com>
Signed-off-by: sk593 <shruthikumar@microsoft.com>
Signed-off-by: sk593 <shruthikumar@microsoft.com>
Description
Adds three new GitHub Copilot skills to help developers build and deploy Radius from source, and updates
.github/copilot-instructions.mdto register them.New skills added:
.github/skills/radius-build-cli/SKILL.md— Step-by-step procedure for building theradCLI binary usingmake build-rad, including cross-compilation and debug build variants..github/skills/radius-build-images/SKILL.md— Procedure for building and pushing Radius Docker images to a registry, including multi-arch builds and registry authentication guidance..github/skills/radius-install-custom/SKILL.md— Procedure for installing Radius on Kubernetes from custom-built images, including private registry auth, reinstall, and troubleshooting.Type of change
Contributor checklist
Please verify that the PR meets the following requirements, where applicable: