azurelinux icon indicating copy to clipboard operation
azurelinux copied to clipboard
verified publisher icon microsoft

feat: Add comprehensive RADAR PR check system with multi-spec support…

Open abadawi591 opened this issue 1 month ago • 0 comments

…, AI analysis, and challenge UI

This commit introduces the Repository Anti-pattern Detection And Review (RADAR) system, a sophisticated automated PR check pipeline for Azure Linux spec file validation.

Key Features:

  • Multi-spec analysis with per-package anti-pattern detection
  • AI-powered analysis using Azure OpenAI (GPT-4, o1, o3-mini models)
  • Interactive HTML reports with dark/light theme support
  • Challenge system with GitHub OAuth authentication
  • Azure Function backend for CRUD operations on findings
  • Azure Blob Storage integration for report persistence
  • Complete issue lifecycle tracking with analytics
  • GitHub integration (PR comments, labels, status checks)
  • Comprehensive test suite with 50+ test cases

Major Components:

  • CveSpecFilePRCheck.py: Main orchestrator with multi-spec support
  • AntiPatternDetector.py: Rule-based detection engine (606 lines)
  • HtmlReportGenerator.py: Interactive UI with challenge forms (2100+ lines)
  • ResultAnalyzer.py: Result processing and formatting (857 lines)
  • SpecFileResult.py: Data structures for multi-spec analysis
  • AnalyticsManager.py: Persistent challenge tracking
  • BlobStorageClient.py: Azure Blob Storage integration
  • GitHubClient.py: GitHub API integration (670 lines)
  • Azure Function: Serverless backend for challenge submissions (932 lines)

Anti-Pattern Detection:

  • Missing/unused patch files
  • Future-dated CVEs
  • Missing CVE changelog entries
  • Invalid changelog format
  • Patch file naming issues
  • Macro expansion support

Infrastructure:

  • Azure Blob Storage (radarblobstore/radarcontainer)
  • Azure Function App (radar-func)
  • Azure Key Vault integration
  • Managed Identity (UMI) authentication
  • Application Insights monitoring

Documentation:

  • Azure Function deployment guides (docs/azure-function/)
  • Production deployment guide
  • GitHub integration guide
  • API documentation

This represents months of development work to create an enterprise-grade automated review system for Azure Linux package specifications.

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • [ ] The toolchain has been rebuilt successfully (or no changes were made to it)
  • [ ] The toolchain/worker package manifests are up-to-date
  • [ ] Any updated packages successfully build (or no packages were changed)
  • [ ] Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • [ ] Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • [ ] All package sources are available
  • [ ] cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • [ ] LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
  • [ ] All source files have up-to-date hashes in the *.signatures.json files
  • [ ] sudo make go-tidy-all and sudo make go-test-coverage pass
  • [ ] Documentation has been updated to match any changes to the build system
  • [ ] Ready to merge
Summary

What does the PR accomplish, why was it needed?

Change Log
  • Change
  • Change
  • Change
Does this affect the toolchain?

YES/NO

Associated issues
  • #xxxx
Links to CVEs
  • https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXX
Test Methodology
  • Pipeline build id: xxxx

abadawi591 avatar Nov 08 '25 02:11 abadawi591