Add agent skills to update Calico toolchain images#764
Add agent skills to update Calico toolchain images#764hjiawei wants to merge 2 commits intoprojectcalico:masterfrom
Conversation
hjiawei
force-pushed
the
gemini-skills
branch
from
295f1fe to
d8d9464
Compare
hjiawei
force-pushed
the
gemini-skills
branch
from
a6b451e to
f7e065c
Compare
There was a problem hiding this comment.
Pull request overview
This PR introduces Gemini-oriented documentation and agent skills to automate updating Calico toolchain images, and slightly refines the binfmt Dockerfile and repository README to reflect the broader toolchain scope.
Changes:
- Update
images/calico-binfmt/Dockerfileto use an unversioned Fedora base image for the QEMU binfmt image. - Modernize
README.mdto describe the repository as a generic Calico toolchain repo rather than onlygo-build. - Add
GEMINI.mdand a set of.gemini/skills/*/SKILL.mddocuments that describe Gemini skills for updating Go, Rust, and binfmt toolchain versions and orchestrating those updates.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| images/calico-binfmt/Dockerfile | Adjusts the binfmt image base to FROM fedora AS qemu, impacting how QEMU versions from versions.yaml are resolved against Fedora packages. |
| README.md | Updates badge link target, top-level title, and description to reflect the broader Calico toolchain repository (Go, LLVM, Rust) instead of only the go-build image. |
| GEMINI.md | Introduces a high-level, Gemini-focused overview of the repository structure, images, CI/CD flows, and branching/versioning strategy. |
| .gemini/skills/update-toolchain-images/SKILL.md | Defines a dispatcher skill that routes user intents to specific update skills for calico/go-build, calico/rust-build, or calico/binfmt. |
| .gemini/skills/update-rust-build/SKILL.md | Documents a skill to read images/calico-rust-build/versions.yaml, fetch the latest stable Rust version, compare, update, and propose a commit. |
| .gemini/skills/update-go-build/SKILL.md | Documents a skill to read images/calico-go-build/versions.yaml, fetch latest Go and Kubernetes versions, update the file in a single replacement, and propose a commit. |
| .gemini/skills/update-binfmt/SKILL.md | Documents a skill to read images/calico-binfmt/versions.yaml, discover the latest Fedora and qemu-user-static versions, update QEMU in versions.yaml, and propose a commit. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -1,4 +1,4 @@ | |||
| FROM fedora:43 AS qemu | |||
| FROM fedora AS qemu | |||
There was a problem hiding this comment.
The change to FROM fedora AS qemu uses the unversioned fedora tag, which is a mutable reference and can silently pull different, potentially malicious images over time. Because this image is part of your build toolchain and will run with access to build artifacts and possibly secrets, an upstream compromise or breaking change in the fedora image could compromise your builds. Pin the base image to a specific Fedora version or immutable image digest instead of the unversioned tag to ensure reproducible and trusted builds.
1 participant
No description provided.