AGENT-1261: Update dependency sourcing to remote

[pawanpinjarkar]

Adds a new dockerfile for ART to manage dependencies from REMOTE_SOURCES and CACHED_YARN for the ART builds

Summary by CodeRabbit

• Chores
  • Enabled offline, deterministic container builds using cached/remote-provided dependencies for improved reliability.
  • Consolidated UI assets and backend binary into the final image for consistent runtime behavior.
  • Added build-time validation and safeguards to fail early when required artifacts are missing.
  • Improved build stability via user, environment, and git configuration adjustments.
  • Ensured reproducible binary output and standardized runtime defaults (workdir, port, entry command).

[openshift-ci-robot]

@pawanpinjarkar: This pull request references AGENT-1261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Adds a new dockerfile for ART to manage dependencies from REMOTE_SOURCES and CACHED_YARN for the ART builds

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pawanpinjarkar
Once this PR has been reviewed and has the lgtm label, please assign batzionb for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

The Containerfile.ocp is replaced with a Cachito-backed, offline multi-stage build: it copies remote artifacts, installs a pinned Yarn, builds UI assets offline, compiles a deterministic Go proxy binary from cached sources, and assembles both into the final runtime image serving on port 8080.

Changes

Cohort / File(s)

Summary

Offline Cachito-driven multi-stage build apps/assisted-disconnected-ui/Containerfile.ocp

Adds ARGs REMOTE_SOURCES/REMOTE_SOURCES_DIR, copies remote sources into the build context, installs Yarn from a tarball, uses Cachito-provided .npmrc/.yarnrc/lockfiles/registry-ca for offline yarn install --immutable and yarn build:all, makes frontend build non-root with NODE_OPTIONS and git safe.directory, adds proxy-build stage that copies Cachito Go sources, builds with CGO_ENABLED=0 and vendor-aware mode producing -o assisted-disconnected-ui, and composes UI dist + Go binary into the final image with WORKDIR, EXPOSE 8080, and CMD.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Dev as Developer
    participant CI as Build System
    participant RS as Remote Sources (Cachito)
    participant UI as ui-build
    participant PB as proxy-build
    participant Final as Final Image

    Dev->>CI: docker build (Containerfile.ocp) with REMOTE_SOURCES
    CI->>RS: copy/mount $REMOTE_SOURCES_DIR (Cachito artifacts)
    RS-->>CI: yarn tarball, .npmrc/.yarnrc/lockfiles, gomod artifacts

    CI->>UI: COPY remote sources -> build context
    UI->>UI: install YARN from tarball
    UI->>UI: use Cachito configs, `yarn install --immutable`
    UI->>UI: `yarn build:all` (offline)
    note right of UI: offline UI asset build

    CI->>PB: COPY cachito-gomod-with-deps/app -> /app
    PB->>PB: set CGO_ENABLED=0, vendor-aware build
    PB->>PB: `go build -o assisted-disconnected-ui` (deterministic)
    note right of PB: deterministic Go proxy build

    CI->>Final: COPY ui-build:/app/proxy/dist -> /app/proxy/dist
    CI->>Final: COPY proxy-build:/app/proxy/assisted-disconnected-ui -> /app/proxy/
    Final-->>Dev: final image (UI assets + proxy binary) serving on :8080

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

ok-to-test

Suggested reviewers

• rawagner
• celdrake

Poem

Thump-thump in the buildroom, carrots stashed with care,
Cachito fed the tarballs so yarn need not go anywhere.
Go snapped its paws, compiled neat and small,
UI and proxy bundled — ready to serve all. 🥕🐇

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e4669cb and 028616f.

📒 Files selected for processing (1)

• apps/assisted-disconnected-ui/Containerfile.ocp (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/assisted-disconnected-ui/Containerfile.ocp

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[openshift-ci]

Welcome @pawanpinjarkar! It looks like this is your first PR to openshift-assisted/assisted-installer-ui 🎉

[openshift-ci]

Hi @pawanpinjarkar. Thanks for your PR.

I'm waiting for a openshift-assisted member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci-robot]

@pawanpinjarkar: This pull request references AGENT-1261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Adds a new dockerfile for ART to manage dependencies from REMOTE_SOURCES and CACHED_YARN for the ART builds

Summary by CodeRabbit

• Chores
• Introduced a multi-stage container build for the Assisted Disconnected UI, producing a lightweight runtime image.
• Bundles the compiled frontend with a Go-based proxy and sets the default service to listen on port 8080.
• Improves build reproducibility and reliability with deterministic dependency installation and pinned toolchains.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (4)

apps/assisted-disconnected-ui/Containerfile.ocp.art (4)

14-22: Yarn bootstrap approach is brittle; prefer corepack or verify the tarball method.

npm -g for Yarn v3 is non-standard; corepack is the recommended path. If offline-only, keep the tarball, else switch.

 USER 0
 ARG YARN_VERSION=v3.4.1
-RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
-    if [ -f ${CACHED_YARN} ]; then \
-      npm install -g ${CACHED_YARN}; \
-    else \
-      echo "need yarn at ${CACHED_YARN}"; \
-      exit 1; \
-    fi
+# Option A (preferred when allowed): corepack
+RUN corepack enable && corepack prepare "yarn@${YARN_VERSION#v}" --activate || \
+  { echo "corepack unavailable; falling back to cached tarball"; \
+    CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
+    test -f "${CACHED_YARN}" && npm install -g "${CACHED_YARN}"; }

---

24-28: Make shell compatible and align Yarn config file.

Use POSIX “.” (or set SHELL to bash) and ensure we copy .yarnrc.yml for Yarn 3.

-# use dependencies provided by Cachito
-RUN test -d ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps || exit 1; \
-    cp -f $REMOTE_SOURCES_DIR/cachito-gomod-with-deps/app/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
- && source ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env \
- && yarn install --immutable && yarn build:all
+# use dependencies provided by Cachito
+SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
+RUN test -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps"; \
+    cp -f "${REMOTE_SOURCES_DIR}"/cachito-gomod-with-deps/app/{.npmrc,.yarnrc.yml,yarn.lock,registry-ca.pem} .; \
+    source "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env"; \
+    yarn install --immutable && yarn build:all

---

36-41: Harden runtime: CA certs and non-root execution.

ubi-micro may lack CA certs; also run as non-root for OCP.

 FROM registry.ci.openshift.org/ocp/ubi-micro:9
+RUN microdnf -y install ca-certificates && update-ca-trust && microdnf clean all
 COPY --from=ui-build /app/apps/assisted-disconnected-ui/build /app/proxy/dist
 COPY --from=proxy-build /app/assisted-disconnected-ui /app/proxy
 WORKDIR /app/proxy
 EXPOSE 8080
-CMD ./assisted-disconnected-ui
+USER 1001
+CMD ["./assisted-disconnected-ui"]

---

10-11: Optional: keep memory cap but confirm builder limits.

8192 MB may exceed CI quotas; confirm with ART CI limits.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 7a0b7a3 and 5fd8298.

📒 Files selected for processing (1)

• apps/assisted-disconnected-ui/Containerfile.ocp.art (1 hunks)

[openshift-ci-robot]

@pawanpinjarkar: This pull request references AGENT-1261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Adds a new dockerfile for ART to manage dependencies from REMOTE_SOURCES and CACHED_YARN for the ART builds

Summary by CodeRabbit

• Chores
• Added offline/remote-sources build support, improving reliability in disconnected environments.
• Implemented deterministic builds and stricter validation to fail fast when dependencies are missing.
• Refactor
• Restructured build stages for UI and proxy to streamline the pipeline and reduce network reliance.
• Standardized environment arguments and paths for clearer configuration.
• Bug Fixes
• Ensured the final image consistently includes both compiled UI assets and the proxy binary, preventing incomplete runtime artifacts.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/assisted-disconnected-ui/Containerfile.ocp (1)

49-53: Run as non-root in the final image and fix ownership

Harden runtime by dropping root and ensuring files are owned by the runtime UID.

-COPY --from=ui-build /app/apps/assisted-disconnected-ui/build /app/proxy/dist
-COPY --from=proxy-build /app/assisted-disconnected-ui /app/proxy
+COPY --chown=1001:0 --from=ui-build /app/apps/assisted-disconnected-ui/build /app/proxy/dist
+COPY --chown=1001:0 --from=proxy-build /app/assisted-disconnected-ui /app/proxy
 WORKDIR /app/proxy
 EXPOSE 8080
+USER 1001:0
 CMD ./assisted-disconnected-ui

🧹 Nitpick comments (3)

apps/assisted-disconnected-ui/Containerfile.ocp (3)

31-34: Be resilient to Yarn config file name differences

Cachito-provided app may have .yarnrc.yml (Yarn Berry) instead of .yarnrc. Copy whichever exists to avoid brittle failures.

-RUN test -d ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps || exit 1; \
-    cp -f $REMOTE_SOURCES_DIR/cachito-gomod-with-deps/app/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
+RUN test -d ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps || exit 1; \
+    for f in .npmrc .yarnrc .yarnrc.yml yarn.lock registry-ca.pem; do \
+      [ -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" ] && cp -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" .; \
+    done \

---

20-21: Remove redundant USER directive

You’re already root from Line 12; the extra USER 0 is redundant.

-USER 0
 ARG YARN_VERSION=v3.4.1

---

46-46: Tighten Go build for smaller, more reproducible binary

Add -trimpath and -buildvcs=false and strip symbols.

-    go build -o assisted-disconnected-ui .
+    go build -trimpath -buildvcs=false -ldflags "-s -w" -o assisted-disconnected-ui .

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5fd8298 and dc80696.

📒 Files selected for processing (1)

• apps/assisted-disconnected-ui/Containerfile.ocp (1 hunks)

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Yarn bootstrap likely incorrect for Yarn 3; clarify target and use an offline-safe flow

If the intent is Yarn 3, installing via npm -g won’t work and --immutable won’t be recognized by Yarn 1. Please pick one of the two supported paths below.

Option A — Yarn 3 (offline, via local .cjs):

-ARG YARN_VERSION=v3.4.1
-RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
-    if [ -f ${CACHED_YARN} ]; then \
-      npm install -g ${CACHED_YARN}; \
-    else \
-      echo "need yarn at ${CACHED_YARN}"; \
-      exit 1; \
-    fi
+ARG YARN_VERSION=3.4.1
+RUN YARN_CJS=./artifacts/yarn-${YARN_VERSION}.cjs; \
+    if [ -f "${YARN_CJS}" ]; then \
+      node "${YARN_CJS}" --version; \
+    else \
+      echo "need yarn at ${YARN_CJS}"; \
+      exit 1; \
+    fi
@@
- && yarn install --immutable && yarn build:all
+ && node "./artifacts/yarn-${YARN_VERSION}.cjs" install --immutable \
+ && node "./artifacts/yarn-${YARN_VERSION}.cjs" build:all

Option B — Yarn 1 (classic, offline tarball from npm):

-ARG YARN_VERSION=v3.4.1
+ARG YARN_VERSION=1.22.22
-RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
-    if [ -f ${CACHED_YARN} ]; then \
-      npm install -g ${CACHED_YARN}; \
+RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tgz; \
+    if [ -f "${CACHED_YARN}" ]; then \
+      npm install -g "${CACHED_YARN}"; \
     else \
       echo "need yarn at ${CACHED_YARN}"; \
       exit 1; \
     fi
@@
- && yarn install --immutable && yarn build:all
+ && yarn install --frozen-lockfile && yarn build:all

Also applies to: 33-34

---

Clarify Yarn version and use offline-safe installation

The current bootstrap uses npm install -g on a .tar.gz, which won’t work for Yarn 3 and mismatches Yarn 1’s tarball format. Choose one of the following offline-safe flows:

Option A — Yarn 3 via single .cjs release

- ARG YARN_VERSION=v3.4.1
- RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
-     if [ -f ${CACHED_YARN} ]; then \
-       npm install -g ${CACHED_YARN}; \
+ ARG YARN_VERSION=3.4.1
+ RUN YARN_CJS=./artifacts/yarn-${YARN_VERSION}.cjs; \
+     if [ -f "${YARN_CJS}" ]; then \
+       node "${YARN_CJS}" --version; \
     else \
       echo "need yarn at ${YARN_CJS}"; \
       exit 1; \
     fi
@@
-  && yarn install --immutable && yarn build:all
+  && node "./artifacts/yarn-${YARN_VERSION}.cjs" install --immutable \
+  && node "./artifacts/yarn-${YARN_VERSION}.cjs" build:all

• Yarn 3 releases are distributed as .cjs files, not npm tarballs (git.marussy.com)
• Use --immutable (with alias --frozen-lockfile) for lockfile integrity (yarnpkg.com, stackoverflow.com)

Option B — Yarn 1 (Classic) via .tgz tarball

- ARG YARN_VERSION=v3.4.1
+ ARG YARN_VERSION=1.22.22
- RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
-     if [ -f ${CACHED_YARN} ]; then \
-       npm install -g ${CACHED_YARN}; \
+ RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tgz; \
+     if [ -f "${CACHED_YARN}" ]; then \
+       npm install -g "${CACHED_YARN}"; \
     else \
       echo "need yarn at ${CACHED_YARN}"; \
       exit 1; \
     fi
@@
-  && yarn install --immutable && yarn build:all
+  && yarn install --frozen-lockfile && yarn build:all

• Yarn 1 publishes as .tgz tarballs (classic.yarnpkg.com)
• Use --frozen-lockfile for reproducible installs (classic.yarnpkg.com)

Also apply these changes around lines 33–34.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ARG YARN_VERSION=v3.4.1
	RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
	if [ -f ${CACHED_YARN} ]; then \
	npm install -g ${CACHED_YARN}; \
	else \
	echo "need yarn at ${CACHED_YARN}"; \
	exit 1; \
	fi
	ARG YARN_VERSION=3.4.1
	RUN YARN_CJS=./artifacts/yarn-${YARN_VERSION}.cjs; \
	if [ -f "${YARN_CJS}" ]; then \
	node "${YARN_CJS}" --version; \
	else \
	echo "need yarn at ${YARN_CJS}"; \
	exit 1; \
	fi \
	&& node "./artifacts/yarn-${YARN_VERSION}.cjs" install --immutable \
	&& node "./artifacts/yarn-${YARN_VERSION}.cjs" build:all

🤖 Prompt for AI Agents

In apps/assisted-disconnected-ui/Containerfile.ocp around lines 21–28 (and also
adjust the related install steps around lines 33–34), the Dockerfile attempts to
install a .tar.gz with `npm install -g`, which mismatches Yarn 3 distribution
format and is not offline-safe; update the bootstrap to one of two offline-safe
flows: Option A — for Yarn 3 set ARG to the .cjs filename (e.g.,
YARN_FILE=.yarn/releases/yarn-${YARN_VERSION}.cjs), copy that .cjs into the
image and install by placing the .cjs at /usr/local/bin/yarn (or create an
executable wrapper that runs `node /path/to/yarn-<ver>.cjs`) and run yarn
installs with `yarn install --immutable` (alias for frozen lockfile); Option B —
for Yarn 1 keep a .tgz classic tarball, install it with `npm install -g
./artifacts/yarn-${YARN_VERSION}.tgz` and run `yarn install --frozen-lockfile`;
pick the correct option, update ARG names/filenames accordingly, and replace the
current conditional install and subsequent install flags at lines ~33–34 to use
the corresponding frozen/immutable flag.

[pawanpinjarkar]

@rawagner @Ximinhan PTAL

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[openshift-ci-robot]

@pawanpinjarkar: This pull request references AGENT-1261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Adds a new dockerfile for ART to manage dependencies from REMOTE_SOURCES and CACHED_YARN for the ART builds

Summary by CodeRabbit

• Chores
• Enabled offline, deterministic container builds using cached dependencies for improved reliability.
• Consolidated UI and proxy artifacts into the final image to ensure consistent runtime output.
• Added build-time validation and safeguards to fail early when required sources are missing.
• Improved build stability by adjusting environment settings (e.g., memory limits) and safe Git configuration.
• Standardized proxy binary build for reproducibility.
• No user-facing functionality changes; impacts build process and deployment reliability only.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@pawanpinjarkar: This pull request references AGENT-1261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Adds a new dockerfile for ART to manage dependencies from REMOTE_SOURCES and CACHED_YARN for the ART builds

Summary by CodeRabbit

• Chores
• Enabled offline, deterministic container builds using cached dependencies for improved reliability.
• Consolidated UI and backend artifacts into the final image to ensure consistent runtime output.
• Added build-time validation and safeguards to fail early when required sources are missing.
• Improved build stability via environment and git configuration adjustments.
• Standardized binary build for reproducibility; runtime defaults (workdir, port, entry command) ensured.
• No user-facing functionality changes; impacts build and deployment reliability only.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (2)

apps/assisted-disconnected-ui/Containerfile.ocp (2)

33-37: Make shell POSIX-safe and match Yarn flags to chosen major version

• Use POSIX “.” instead of “source”.
• If adopting Yarn 1 (per above), use --frozen-lockfile, not --immutable.

-RUN test -d ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps || exit 1; \
-    cp -f $REMOTE_SOURCES_DIR/cachito-gomod-with-deps/app/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
- && source ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env \
- && yarn install --immutable && yarn build:all
+RUN test -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" || exit 1; \
+    cp -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app"/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
+ && . "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env" \
+ && yarn install --frozen-lockfile && yarn build:all

---

8-17: Fix Yarn bootstrap: wrong artifact type for Yarn 3 and unconditional failure

• v3.4.1 is a Berry release (single .cjs), not an npm-installable tarball; the current flow won’t work.
• The else branch installs something and then exits 1, making builds always fail when cache is missing.

Apply one of the following. Option A aligns with the repo signals here (.yarnrc, yarn.lock): Yarn Classic.

Option A — Yarn 1 (classic, offline-friendly + online fallback)

-ARG YARN_VERSION=v3.4.1
+ARG YARN_VERSION=v1.22.22
@@
-RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
-    if [ -f ${CACHED_YARN} ]; then \
-      npm install -g ${CACHED_YARN}; \
-    else \
-      npm install https://github.com/yarnpkg/yarn/releases/download/${YARN_VERSION}/yarn-${YARN_VERSION}.tar.gz; \
-      exit 1; \
-    fi
+RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tgz; \
+    if [ -f "${CACHED_YARN}" ]; then \
+      npm install -g "${CACHED_YARN}"; \
+    else \
+      npm install -g "https://github.com/yarnpkg/yarn/releases/download/${YARN_VERSION}/yarn-${YARN_VERSION}.tar.gz"; \
+    fi

If you truly need Yarn 3, switch to the .cjs bootstrap and invoke via node (and update the install flags accordingly). I can provide that variant if preferred.

🧹 Nitpick comments (2)

apps/assisted-disconnected-ui/Containerfile.ocp (2)

39-66: Final stage looks correct; minor nits only

Runtime layout, workdir, and command are consistent. Consider adding non-root USER if compatible with the binary, and OCI labels later.

---

10-17: Optional: support both offline Cachito and upstream online builds cleanly

If Cachito isn’t present, fall back to the online flow instead of failing. This keeps upstream builds working while ART uses REMOTE_SOURCES.

-RUN test -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" || exit 1; \
-    cp -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app"/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
- && . "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env" \
- && yarn install --frozen-lockfile && yarn build:all
+RUN if [ -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" ]; then \
+      cp -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app"/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
+   && . "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env" \
+   && yarn install --frozen-lockfile; \
+    else \
+      echo "Cachito deps not found; proceeding with online install"; \
+      yarn install --frozen-lockfile; \
+    fi \
+ && yarn build:all

Also applies to: 33-37

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 534f5be and 987f5f2.

📒 Files selected for processing (1)

• apps/assisted-disconnected-ui/Containerfile.ocp (1 hunks)

🔇 Additional comments (6)

apps/assisted-disconnected-ui/Containerfile.ocp (6)

19-25: ARG defaults and comments look good

Clear docs and sane defaults (once the path is fixed). No issues.

---

28-32: UI build context setup LGTM

Copy with chown, memory limit, and git safe.directory are appropriate.

---

41-46: Go builder base and ARG reuse LGTM

Pinning to golang 1.23 builder and reusing REMOTE_SOURCES_DIR is fine.

---

60-66: Entrypoint/ports LGTM

EXPOSE 8080 and running the built binary from WORKDIR is consistent.

---

1-7: Stage headers and base image are fine

No action needed here.

---

10-17: Clarify Yarn major version for assisted-disconnected-ui
No .yarnrc.yml, .yarnrc or yarn.lock found under apps/assisted-disconnected-ui, so it’s unclear whether this Containerfile should bootstrap Yarn 1 (classic) or Yarn 3 (berry). Please confirm the intended major version before merging (affects lines 10–17 and 33–37).

[coderabbitai]

🛠️ Refactor suggestion

⚠️ Potential issue

proxy-build sources cachito.env without copying it into this stage

Only /app is copied from ui-build; /remote-sources/.../cachito.env is missing, so “source …/cachito.env” will fail.

 COPY --from=ui-build ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/ /app
+COPY --from=ui-build ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env /tmp/cachito.env
@@
-RUN source ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env; \
+RUN . /tmp/cachito.env; \
     if [ -d vendor ]; then export GOFLAGS="-mod=vendor"; fi; \
     go build -o assisted-disconnected-ui .

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	COPY --from=ui-build ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/ /app
	USER 0
	RUN go build
	# Build deterministically and name the output explicitly
	ENV CGO_ENABLED=0
	RUN source ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env; \
	if [ -d vendor ]; then export GOFLAGS="-mod=vendor"; fi; \
	go build -o assisted-disconnected-ui .
	COPY --from=ui-build ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/ /app
	COPY --from=ui-build ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env /tmp/cachito.env
	USER 0
	# Build deterministically and name the output explicitly
	ENV CGO_ENABLED=0
	RUN . /tmp/cachito.env; \
	if [ -d vendor ]; then export GOFLAGS="-mod=vendor"; fi; \
	go build -o assisted-disconnected-ui .

🤖 Prompt for AI Agents

In apps/assisted-disconnected-ui/Containerfile.ocp around lines 49-55 the RUN
tries to source ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env but
that file is not copied into this stage (only /app is copied), so sourcing will
fail; fix by copying the cachito.env from the ui-build stage into the same path
before using it (e.g., add a COPY --from=ui-build for the cachito.env into
${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/), or alternatively guard the RUN
to only source the file if it exists (e.g., check -f before sourcing) — choose
one approach and implement it so the build no longer errors when sourcing
cachito.env.

[pawanpinjarkar]

cachito.env is referenced from https://github.com/openshift/networking-console-plugin/blob/release-4.20/Dockerfile.art#L23 but I am not sure if its needed TBH.

[coderabbitai]

in the newer cachi2 system.

My analysis suggests two approaches:

Option 1: Remove cachito.env sourcing entirely (Recommended)
Since your Go build:

• Uses vendor mode (if [ -d vendor ]; then export GOFLAGS="-mod=vendor")
• Has CGO_ENABLED=0 (pure Go build)
• Doesn't seem to require network access during build

The cachito.env sourcing is likely unnecessary. You could simplify to:

RUN if [ -d vendor ]; then export GOFLAGS="-mod=vendor"; fi; \
    go build -o assisted-disconnected-ui .

Option 2: Make it conditional (Safer if unsure)

RUN if [ -f ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env ]; then \
      source ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env; \
    fi; \
    if [ -d vendor ]; then export GOFLAGS="-mod=vendor"; fi; \
    go build -o assisted-disconnected-ui .

Given that you're using vendored dependencies and this is a simple Go binary build, I'd recommend Option 1 - just remove the cachito.env sourcing entirely. The networking-console-plugin reference might be from an older pattern that's no longer needed.

What's your preference?

🐰 curious ears perk up, investigating the mystery of the potentially unnecessary env file

---

✏️ Learnings added

Learnt from: pawanpinjarkar
PR: openshift-assisted/assisted-installer-ui#3152
File: apps/assisted-disconnected-ui/Containerfile.ocp:49-55
Timestamp: 2025-09-02T22:43:45.127Z
Learning: In OpenShift ART builds with Cachito, the cachito.env file sourcing may not be necessary for Go builds that use vendor mode, especially with the newer cachi2 system which automatically handles environment setup.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[openshift-ci-robot]

@pawanpinjarkar: This pull request references AGENT-1261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Adds a new dockerfile for ART to manage dependencies from REMOTE_SOURCES and CACHED_YARN for the ART builds

Summary by CodeRabbit

• Chores
• Enabled offline, deterministic container builds using cached dependencies for improved reliability.
• Consolidated UI assets and backend binary into the final image for consistent runtime behavior.
• Added build-time validation and safeguards to fail early when required build artifacts are missing.
• Improved build stability via environment, user, and git configuration adjustments.
• Standardized reproducible binary build and ensured runtime defaults (workdir, port, entry command).
• No user-facing functionality changes; impacts build and deployment reliability only.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

apps/assisted-disconnected-ui/Containerfile.ocp (2)

49-55: Remove/guard unnecessary cachito.env usage in Go build (and UI stage)

With vendor mode and cachi2, sourcing cachito.env is typically unnecessary and it isn’t copied into this stage, causing failures. Either remove it or guard it.

-RUN . ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env; \
-    if [ -d vendor ]; then export GOFLAGS="-mod=vendor"; fi; \
+RUN if [ -d vendor ]; then export GOFLAGS="-mod=vendor"; fi; \
     go build -o assisted-disconnected-ui .

(Optional guard instead of removal):

-RUN . ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env; \
+RUN [ -f ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env ] && . ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env || true; \
     if [ -d vendor ]; then export GOFLAGS="-mod=vendor"; fi; \
     go build -o assisted-disconnected-ui .

---

8-17: Broken Yarn bootstrap: version/format mismatch and guaranteed failure path

• Using v3 (Berry) with npm -g tarball is incorrect; Yarn 3 ships as a single .cjs file.
• If cached artifact is missing, the current else installs from the internet and then unconditionally exits 1, so builds always fail.
• Pick one flow and align flags and files.

Option A — Yarn 3 (Berry), offline via .cjs committed/provided by Cachito:

-ARG YARN_VERSION=v3.4.1
-RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
-    if [ -f ${CACHED_YARN} ]; then \
-      npm install -g ${CACHED_YARN}; \
-    else \
-      npm install https://github.com/yarnpkg/yarn/releases/download/${YARN_VERSION}/yarn-${YARN_VERSION}.tar.gz; \
-      exit 1; \
-    fi
+ARG YARN_VERSION=3.4.1
+RUN set -euo pipefail; \
+    YARN_CJS="${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/.yarn/releases/yarn-${YARN_VERSION}.cjs"; \
+    if [ -f "${YARN_CJS}" ]; then \
+      install -D -m0755 "${YARN_CJS}" /usr/local/bin/yarn.cjs; \
+      printf '#!/usr/bin/env sh\nexec node /usr/local/bin/yarn.cjs "$@"\n' > /usr/local/bin/yarn; \
+      chmod +x /usr/local/bin/yarn; \
+      yarn --version; \
+    else \
+      echo "Missing ${YARN_CJS}. Provide Yarn release via Cachito."; \
+      exit 1; \
+    fi

Option B — Yarn 1 (Classic), offline-first, with controlled online fallback:

-ARG YARN_VERSION=v3.4.1
+ARG YARN_VERSION=v1.22.22
+ARG ALLOW_ONLINE_YARN=0
-RUN CACHED_YARN=./artifacts/yarn-${YARN_VERSION}.tar.gz; \
-    if [ -f ${CACHED_YARN} ]; then \
-      npm install -g ${CACHED_YARN}; \
-    else \
-      npm install https://github.com/yarnpkg/yarn/releases/download/${YARN_VERSION}/yarn-${YARN_VERSION}.tar.gz; \
-      exit 1; \
-    fi
+RUN set -euo pipefail; \
+    CACHED_YARN="${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/artifacts/yarn-${YARN_VERSION}.tar.gz"; \
+    if [ -f "${CACHED_YARN}" ]; then \
+      npm install -g "${CACHED_YARN}"; \
+    elif [ "${ALLOW_ONLINE_YARN}" = "1" ]; then \
+      npm install -g "https://github.com/yarnpkg/yarn/releases/download/${YARN_VERSION}/yarn-${YARN_VERSION}.tar.gz"; \
+    else \
+      echo "Need ${CACHED_YARN} (online fallback disabled)"; \
+      exit 1; \
+    fi

🧹 Nitpick comments (2)

apps/assisted-disconnected-ui/Containerfile.ocp (2)

26-26: Prefer brace expansion for ARGs in COPY

Safer and consistent with other usages.

-COPY $REMOTE_SOURCES $REMOTE_SOURCES_DIR
+COPY ${REMOTE_SOURCES} ${REMOTE_SOURCES_DIR}

---

6-6: Drop root after setup to follow OpenShift restricted SCC

Run build steps that require root, but switch back to a non-root UID for subsequent steps and in the final image. Ensure /app (and later /app/proxy) is owned by 1001.

Outside this hunk, add in final stage:

RUN chown -R 1001:0 /app/proxy
USER 1001

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 987f5f2 and e4669cb.

📒 Files selected for processing (1)

• apps/assisted-disconnected-ui/Containerfile.ocp (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: pawanpinjarkar
PR: openshift-assisted/assisted-installer-ui#3152
File: apps/assisted-disconnected-ui/Containerfile.ocp:49-55
Timestamp: 2025-09-02T22:43:45.127Z
Learning: In OpenShift ART builds with Cachito, the cachito.env file sourcing may not be necessary for Go builds that use vendor mode, especially with the newer cachi2 system which automatically handles environment setup.

📚 Learning: 2025-09-02T22:43:45.127Z

Learnt from: pawanpinjarkar
PR: openshift-assisted/assisted-installer-ui#3152
File: apps/assisted-disconnected-ui/Containerfile.ocp:49-55
Timestamp: 2025-09-02T22:43:45.127Z
Learning: In OpenShift ART builds with Cachito, the cachito.env file sourcing may not be necessary for Go builds that use vendor mode, especially with the newer cachi2 system which automatically handles environment setup.

Applied to files:

• apps/assisted-disconnected-ui/Containerfile.ocp

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Align dependency files and install flags with chosen Yarn major; avoid brittle brace copy

• If you pick Yarn 3, configs are typically yarnrc.yml (not .yarnrc) and the correct flag is --immutable.
• If you pick Yarn 1, keep .yarnrc and use --frozen-lockfile.
• Also guard missing files and avoid brace expansion that fails if one file is absent.

Option A — Yarn 3:

-RUN test -d ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps || exit 1; \
-    cp -f $REMOTE_SOURCES_DIR/cachito-gomod-with-deps/app/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
- && . ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env \
- && yarn install --immutable && yarn build:all
+RUN set -euo pipefail; \
+    test -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" || exit 1; \
+    for f in .npmrc yarn.lock yarnrc.yml registry-ca.pem; do \
+      [ -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" ] && \
+      cp -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" . || true; \
+    done; \
+    yarn install --immutable && yarn build:all

Option B — Yarn 1:

-RUN test -d ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps || exit 1; \
-    cp -f $REMOTE_SOURCES_DIR/cachito-gomod-with-deps/app/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
- && . ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env \
- && yarn install --immutable && yarn build:all
+RUN set -euo pipefail; \
+    test -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" || exit 1; \
+    for f in .npmrc .yarnrc yarn.lock registry-ca.pem; do \
+      [ -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" ] && \
+      cp -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" . || true; \
+    done; \
+    yarn install --frozen-lockfile && yarn build:all

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1. List Yarn config files to detect .yarnrc vs .yarnrc.yml
find . -maxdepth 3 -type f -name ".yarnrc*" -print

# 2. Inspect package.json for packageManager field (Node 16+ spec for Yarn)
rg -n '"packageManager"' -g 'package.json' || true

# 3. Scan for yarn install invocations to see which flags are already used
rg -n 'yarn install' -n .

Length of output: 845

---

Use Yarn 3 config and guard missing files when copying Cachito deps
Project uses Yarn 3 (packageManager: "yarn@3.4.1" and .yarnrc.yml present), so copy .yarnrc.yml (not .yarnrc) and keep --immutable. Wrap copies in a loop to avoid brace‐expansion failures and retain sourcing of cachito.env:

-RUN test -d ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps || exit 1; \
-    cp -f $REMOTE_SOURCES_DIR/cachito-gomod-with-deps/app/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
- && . ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env \
- && yarn install --immutable && yarn build:all
+RUN set -euo pipefail; \
+    test -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" || exit 1; \
+    for f in .npmrc yarn.lock .yarnrc.yml registry-ca.pem; do \
+      [ -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" ] && \
+      cp -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" .; \
+    done; \
+    . "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env"; \
+    yarn install --immutable && yarn build:all

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# use dependencies provided by Cachito
	RUN test -d ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps || exit 1; \
	cp -f $REMOTE_SOURCES_DIR/cachito-gomod-with-deps/app/{.npmrc,.yarnrc,yarn.lock,registry-ca.pem} . \
	&& . ${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env \
	&& yarn install --immutable && yarn build:all
	# use dependencies provided by Cachito
	RUN set -euo pipefail; \
	test -d "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps" || exit 1; \
	for f in .npmrc yarn.lock .yarnrc.yml registry-ca.pem; do \
	[ -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" ] && \
	cp -f "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/app/${f}" .; \
	done; \
	. "${REMOTE_SOURCES_DIR}/cachito-gomod-with-deps/cachito.env"; \
	yarn install --immutable && yarn build:all

🤖 Prompt for AI Agents

In apps/assisted-disconnected-ui/Containerfile.ocp around lines 33 to 37, the
Dockerfile copies the wrong Yarn config and uses brace expansion which can fail
and abort the build; update it to copy .yarnrc.yml (Yarn v3) instead of .yarnrc,
keep the yarn install --immutable and yarn build:all, and replace the single cp
with a guarded loop that checks each expected file (e.g., .yarnrc.yml,
yarn.lock, registry-ca.pem, .npmrc if present) before copying to avoid failures
when some files are missing, while retaining the source of cachito.env prior to
running yarn commands.

[openshift-ci-robot]

@pawanpinjarkar: This pull request references AGENT-1261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Adds a new dockerfile for ART to manage dependencies from REMOTE_SOURCES and CACHED_YARN for the ART builds

Summary by CodeRabbit

• Chores
• Enabled offline, deterministic container builds using cached/remote-provided dependencies for improved reliability.
• Consolidated UI assets and backend binary into the final image for consistent runtime behavior.
• Added build-time validation and safeguards to fail early when required artifacts are missing.
• Improved build stability via user, environment, and git configuration adjustments.
• Ensured reproducible binary output and standardized runtime defaults (workdir, port, entry command).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[pawanpinjarkar]

@coderabbitai

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@pawanpinjarkar Hello! I see you've mentioned me. How can I help you with this PR? I'm ready to assist with reviewing the changes, answering questions about the Dockerfile modifications, or anything else you need regarding the dependency sourcing updates.

ฅ(•ㅅ•❀)ฅ

[pawanpinjarkar]

@coderabbitai code review

[coderabbitai]

@pawanpinjarkar I'll conduct a comprehensive code review of your PR that updates dependency sourcing to remote sources for ART builds.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[pawanpinjarkar]

A lot of noise here. Closed this and created another clean PR #3155