copacetic feat: Bulk Image Patching

This PR introduces bulk patching for copa that allows user to patch multiple container images by passing a single YAML config file path in the --config flag.

eg: copa patch --config path/config.yaml

This is the initial implementation which focuses on the "comprehensive/update-all" patching foundational for report based bulk image patching for future prospects.

The design doc which this is implemented on: Bulk Image Patching

Closes #631

Jul 29 '25 21:07 amanycodes

Codecov Report

:x: Patch coverage is 32.93173% with 167 lines in your changes missing coverage. Please review. :white_check_mark: Project coverage is 39.49%. Comparing base (0c86ad6) to head (73c3edb).

Files with missing lines	Patch %	Lines
pkg/bulk/engine.go	0.00%	125 Missing :warning:
pkg/bulk/discover.go	64.10%	25 Missing and 3 partials :warning:
pkg/bulk/config.go	71.42%	3 Missing and 3 partials :warning:
pkg/cmd/cmd.go	64.70%	6 Missing :warning:
pkg/patch/patch.go	75.00%	1 Missing and 1 partial :warning:

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1235      +/-   ##
==========================================
+ Coverage   39.31%   39.49%   +0.18%     
==========================================
  Files          42       45       +3     
  Lines        5927     6165     +238     
==========================================
+ Hits         2330     2435     +105     
- Misses       3396     3521     +125     
- Partials      201      209       +8

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:

:snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
:package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Aug 01 '25 18:08 codecov[bot]

@amanycodes can you add an integration test too

Aug 05 '25 21:08 sozercan

@sozercan I was working on integration tests. the basic implementation is done. I'll add in more cases to make this robust with updated CI workflow. Thanks!

Aug 06 '25 13:08 amanycodes

@sozercan the integration test is done. The only part that remains is testing multiarch images through the config file. I was having some issues with it's dealing with the manifest in the testcontainer registry (working on it). Please let me know if the workflow is set correctly!

Aug 06 '25 19:08 amanycodes

@amanycodes what error do you see when patching manifests with bulk image patching? can we add to this PR to debug

Aug 15 '25 14:08 ashnamehrotra

@ashnamehrotra There was a panic due to a race condition in the main Patch() function from the error channels, i fixed that and the single arch tests are passing. still getting some error in the multiarch ones. I think it's more related to the image but I'm not able to point it out. Would love your feedback!

Aug 18 '25 20:08 amanycodes

@amanycodes look like the CI is failing. is this ready for review?

Sep 03 '25 20:09 sozercan

@sozercan the PR is ready for review, the multi arch testing part was where i had some issues. rest the feature is working and unit tests and single arch tests are passing.

Sep 04 '25 12:09 amanycodes

@ashnamehrotra I hope it's good to go now :)

Sep 08 '25 15:09 amanycodes

@amanycodes can we add this to docs?

Sep 16 '25 19:09 ashnamehrotra

For the failing test, I think you are missing the required tooling:

      - name: Install required tools
        shell: bash
        run: .github/workflows/scripts/download-tooling.sh

Oct 01 '25 18:10 ashnamehrotra

@amanycodes can we add this to the documentation under Features?

Oct 22 '25 14:10 ashnamehrotra

@amanycodes are you still working on this?

Oct 29 '25 22:10 leodewang