packaging: add support for Opensuse Leap 15.6 and SLES 15.7

[illescad]

Providing support for SLES and Opensuse

Resolves #10875 by adding SLES v15.7 and Opensuse Leap 15.6 packaging. Opensuse repo images are minimal so adding -base to the target will case errors. To get around this multiple Dockerfiles were created for distro/opensuse/15.6*

---

Testing
Before we can approve your change; please submit the following in a comment:

• [N/A] Example configuration file for the change

• [N/A] Debug log output from testing the change

• [N/A] Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• [N/A] Documentation required for this feature

Backporting

• [N/A] Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• New Features

  • Official RPM packages now available for openSUSE Leap 15.6 and SLES 15.7 (x86_64 and arm64); installer now supports zypper with version pinning.

• Documentation

  • Distro tables and installation guidance updated to include openSUSE/SLES entries.

• Tests

  • Release package verification extended to cover openSUSE/SLES via zypper.

• Chores

  • Build/publish/sign workflows and multi-arch RPM targets added for SUSE/openSUSE.

[coderabbitai]

Walkthrough

Adds OpenSUSE Leap 15.6 and SLES 15.7 packaging support: updates docs and build-config, introduces multi-arch Dockerfiles for both distros, adds zypper-based test and repo-update flows, routes repo updates to zypper for SUSE paths, and extends the installer with zypper parameters and a zypper branch.

Changes

Cohort / File(s)	Summary
Docs: distros listing packaging/README.md	Inserts openSUSE 15.6 and SLES 15.7 entries (x86_64, arm64v8) into concise and full distro tables.
Build config: RPM targets packaging/build-config.json	Adds RPM targets: opensuse/15.6, opensuse/15.6.arm64v8, sles/15.7, sles/15.7.arm64v8.
Docker builds: SUSE distros packaging/distros/opensuse/Dockerfile, packaging/distros/sles/Dockerfile	New multi-stage, multi-arch Dockerfiles that prepare build environments (qemu shim for aarch64), configure CMake with Fluent Bit feature flags, build and CPack-package RPMs, and output artifacts to /output.
Release package tests (zypper) packaging/test-release-packages.sh	Adds ZYPPER_TARGETS and a zypper-based test loop mirroring the yum path: runs containers, refreshes zypper, installs gpg/curl, runs install flow, and verifies fluent-bit --version.
Repo update routing and entries packaging/update-repos.sh	Adds opensuse/leap/15.6 and sles/15.7 to RPM_REPO_PATHS and dispatches opensuse/* and sles/* repos to update-zypper-repo.sh (others remain on yum).
Zypper repo updater script packaging/update-zypper-repo.sh	New script: validates paths, handles optional signing and GPG key, signs RPMs and repomd if enabled, runs createrepo, optionally writes S3-backed .repo metadata, and logs progress.
Installer: zypper support install.sh	Adds ZYPPER_PARAMETERS and ZYPPER_VERSION; implements OpenSUSE/SLES branch to import GPG key, create /etc/zypp/repos.d/fluent-bit.repo, refresh metadata and install via zypper with optional version pinning.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant User
  participant Installer as install.sh
  participant Repo as Fluent-Bit Repo
  participant Zypper

  User->>Installer: run installer
  Installer->>Installer: detect OS (opensuse/leap or sles)
  alt SUSE family
    Installer->>Repo: import GPG key
    Installer->>Installer: write `/etc/zypp/repos.d/fluent-bit.repo`
    Installer->>Zypper: refresh metadata
    Installer->>Zypper: install fluent-bit (ZYPPER_VERSION, ZYPPER_PARAMETERS)
    Zypper-->>User: installation result
  else other OS families
    Installer->>Installer: run apt/yum flows
  end

Loading

sequenceDiagram
  autonumber
  participant CI
  participant Updater as update-repos.sh
  participant YumUpd as update-yum-repo.sh
  participant ZypperUpd as update-zypper-repo.sh

  CI->>Updater: run repo update
  Updater->>Updater: iterate RPM_REPO_PATHS
  alt path matches opensuse/* or sles/*
    Updater->>ZypperUpd: run zypper repo update (sign, createrepo, optional .repo)
  else
    Updater->>YumUpd: run yum repo update
  end

Loading

sequenceDiagram
  autonumber
  participant Tester
  participant TestScript as test-release-packages.sh
  participant Docker
  participant Zypper

  Tester->>TestScript: run tests
  loop for each ZYPPER_TARGET
    TestScript->>Docker: run image
    Docker->>Zypper: refresh, install gpg/curl
    Docker->>Zypper: run install script (install.sh)
    Docker-->>TestScript: return `fluent-bit --version`
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Areas to focus review on:

• packaging/distros/*/Dockerfile: qemu multi-arch setup, CMake flags, and CPack/RPM packaging steps.
• packaging/update-zypper-repo.sh: signing toggles, createrepo args, S3 .repo generation and path sanitization.
• install.sh: zypper branch correctness, repo file contents, and version-pinning semantics.
• packaging/test-release-packages.sh: container invocation, zypper commands and error handling parity with existing yum tests.

Possibly related PRs

• packaging: provide CentOS Stream, Alma and Rocky Linux builds for version 10 #10906: Similar packaging changes adding RPM distro targets and related packaging/test script updates.

Suggested reviewers

• niedbalski
• celalettin1286
• patrick-stephens

Poem

I hop through Leap and SLES with glee,
RPMs stack up, arm64 and x86,
Zypper hums and repos align,
Multi‑arch builds in tidy line,
A rabbit packs — the pipeline’s fine. 🐇📦

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding support for OpenSUSE Leap 15.6 and SLES 15.7 to the packaging system.
Linked Issues check	✅ Passed	The PR implements all primary coding objectives from issue #10875: Dockerfiles for SLES 15.7 and OpenSUSE 15.6, zypper support in test-release-packages.sh and update-repos.sh, update-zypper-repo.sh script, and install.sh enhancements.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to supporting SLES 15.7 and OpenSUSE 15.6 packaging; no unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 964ebca and f4ff22a.

📒 Files selected for processing (8)

• packaging/README.md (1 hunks)
• packaging/build-config.json (1 hunks)
• packaging/distros/opensuse/15.6.arm64v8/Dockerfile (1 hunks)
• packaging/distros/opensuse/15.6/Dockerfile (1 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)
• packaging/test-release-packages.sh (1 hunks)
• packaging/update-repos.sh (1 hunks)

🔇 Additional comments (3)

packaging/distros/opensuse/15.6.arm64v8/Dockerfile (1)

12-24: Confirm availability of cmake3-full.

On Leap 15.x the package is usually cmake/cmake-full; cmake3-full may not exist and would break the build. Please confirm the package name and adjust if necessary (likely cmake-full).

packaging/distros/opensuse/15.6/Dockerfile (1)

7-19: Verify the cmake3-full dependency.

Same concern as the arm64 Dockerfile: ensure cmake3-full exists on Leap 15.6; otherwise switch to cmake-full to avoid install failures.

packaging/distros/opensuse/Dockerfile (1)

16-28: Please double-check the cmake3-full install.

For the generic OpenSUSE builder we also request confirmation that cmake3-full is present on the chosen Leap image; if not, use the available cmake-full package instead.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

packaging/README.md (1)

40-43: Docs update looks good; minor style nit

Entries are correct. Consider dropping bold on “SLES” to match the table’s neutral style used for other distros.

packaging/test-release-packages.sh (1)

123-141: Harden zypper invocations to avoid key prompts

Add --gpg-auto-import-keys to refresh/install to eliminate potential non-interactive key prompts on fresh images.

-        sh -c "zypper --non-interactive refresh && zypper --non-interactive install gpg curl; $INSTALL_CMD && /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"
+        sh -c "zypper --non-interactive --gpg-auto-import-keys refresh && zypper --non-interactive --gpg-auto-import-keys install gpg curl; $INSTALL_CMD && /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"

install.sh (2)

158-172: Avoid non-interactive key prompts on repo refresh/install

Add --gpg-auto-import-keys to the zypper commands to ensure fully non-interactive runs across images.

- zypper --non-interactive refresh
- $INSTALL_CMD_PREFIX zypper --non-interactive $ZYPPER_PARAMETERS install $INSTALL_PACKAGE_NAME$ZYPPER_VERSION
+ zypper --non-interactive --gpg-auto-import-keys refresh
+ $INSTALL_CMD_PREFIX zypper --non-interactive --gpg-auto-import-keys $ZYPPER_PARAMETERS install $INSTALL_PACKAGE_NAME$ZYPPER_VERSION

---

161-169: Optional repo metadata fields

Consider adding type=rpm-md and autorefresh=1 for clarity and default behavior parity with common SUSE repo snippets. Not required.

 [fluent-bit]
 name = Fluent Bit
 baseurl = $RELEASE_URL/$SUSE_OS/$SUSE_VER
 gpgcheck=1
 repo_gpgcheck=1
 gpgkey=$RELEASE_KEY
 enabled=1
+type=rpm-md
+autorefresh=1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f4ff22a and 9249b7b.

📒 Files selected for processing (3)

• install.sh (3 hunks)
• packaging/README.md (1 hunks)
• packaging/test-release-packages.sh (2 hunks)

🔇 Additional comments (4)

packaging/test-release-packages.sh (1)

63-66: Good targets

Correct images for openSUSE Leap and SLES (BCI base). Nice fix separating Zypper-based distros.

install.sh (3)

17-17: Env parameter passthrough looks good

ZYPPER_PARAMETERS addition mirrors APT/YUM patterns. No issues.

---

52-57: Version pinning parity

ZYPPER_VERSION addition aligns with YUM_VERSION format. Good for consistent pinning.

---

151-172: Consistency check passed: packaging/update-repos.sh and packaging/build-config.json already include opensuse/15.6 and sles/15.7.

[patrick-stephens]

@illescad can you raise and link a docs PR as well? Also just tweak the commits and PR title to include packaging: prefix and ensure the DCO is done.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 75c6d92 and f52823d.

📒 Files selected for processing (9)

• install.sh (3 hunks)
• packaging/README.md (1 hunks)
• packaging/build-config.json (1 hunks)
• packaging/distros/opensuse/15.6.arm64v8/Dockerfile (1 hunks)
• packaging/distros/opensuse/15.6/Dockerfile (1 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)
• packaging/test-release-packages.sh (2 hunks)
• packaging/update-repos.sh (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (7)

• packaging/README.md
• packaging/distros/sles/Dockerfile
• install.sh
• packaging/distros/opensuse/15.6/Dockerfile
• packaging/build-config.json
• packaging/distros/opensuse/Dockerfile
• packaging/update-repos.sh

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

cmake3-full doesn’t exist in Leap 15.x repos

zypper install … cmake3-full will fail because the package name in Leap/SLES is cmake (with the optional cmake-full pattern), not cmake3-full. The Docker build will therefore break before we even reach CMake configure. Please swap in the correct package name (typically cmake or cmake-full) so the image can install successfully.

🤖 Prompt for AI Agents

In packaging/distros/opensuse/15.6.arm64v8/Dockerfile around lines 11-24, the
Dockerfile attempts to install a non-existent package named cmake3-full on Leap
15.x; replace cmake3-full with the correct package name (typically cmake or the
cmake-full pattern) in the zypper install line so the install succeeds, then
rebuild the image to verify CMake is available.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix command chaining in the zypper loop

The escaped newline glues both zypper invocations into a single command (zypper … refresh zypper … install …), which fails, and $INSTALL_CMD /opt/… treats the version check as arguments to the installer, so /opt/fluent-bit/bin/fluent-bit --version never runs. Use explicit && separators just like the YUM/APT blocks.

-        sh -c "zypper --non-interactive --gpg-auto-import-keys refresh \
-               zypper --non-interactive --gpg-auto-import-keys install gpg curl; \
-               $INSTALL_CMD /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"
+        sh -c "zypper --non-interactive --gpg-auto-import-keys refresh && \
+               zypper --non-interactive --gpg-auto-import-keys install gpg curl && \
+               $INSTALL_CMD && /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	sh -c "zypper --non-interactive --gpg-auto-import-keys refresh \
	zypper --non-interactive --gpg-auto-import-keys install gpg curl; \
	$INSTALL_CMD /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"
	sh -c "zypper --non-interactive --gpg-auto-import-keys refresh && \
	zypper --non-interactive --gpg-auto-import-keys install gpg curl && \
	$INSTALL_CMD && /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"

🤖 Prompt for AI Agents

In packaging/test-release-packages.sh around lines 139 to 141, the zypper
commands are joined by an escaped newline which concatenates them into a single
invalid command and causes the version check to be passed as arguments to the
installer; change the chaining to use explicit && between commands (e.g. zypper
... refresh && zypper ... install gpg curl && $INSTALL_CMD
/opt/fluent-bit/bin/fluent-bit --version) so each zypper invocation runs
sequentially and the --version check executes as a separate command.

[patrick-stephens]

@illescad if you can sort the DCO and docs PR that would be great so we can merge? Plus just check the CodeRabbit comments and resolve/fix as needed.

[illescad]

@patrick-stephens working through the the docs PR today and any coderabbit fixes

[patrick-stephens]

@patrick-stephens working through the the docs PR today and any coderabbit fixes

Thanks mate, let me know when you're done and I'll re-approve for merge. Looks good to me and I'll probably take it downstream to our repo straightaway anyway!

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (7)

packaging/update-zypper-repo.sh (7)

2-2: Harden shell options

Add pipefail to catch errors in pipelines; optionally gate xtrace with a DEBUG flag.

-set -eux
+set -euo pipefail
+${DEBUG:+set -x}

---

36-41: realpath flags portability; add fallback

realpath -sm may not be available on all images. Provide a fallback to readlink -f or drop -s.

-REPO_DIR=$(realpath -sm "$BASE_PATH/$RPM_REPO")
+if command -v realpath >/dev/null 2>&1; then
+  REPO_DIR=$(realpath -m "$BASE_PATH/$RPM_REPO")
+elif command -v readlink >/dev/null 2>&1; then
+  REPO_DIR=$(readlink -f "$BASE_PATH/$RPM_REPO")
+else
+  REPO_DIR=$(cd "$BASE_PATH/$RPM_REPO" && pwd -P)
+fi

Please confirm realpath -s exists on your target SUSE/Leap images.

---

42-46: RPM signing: robustness and batching

• Use null-delimited paths and batch to reduce process spawn and handle odd filenames.
• Ensure we only target regular files.

-    find "$REPO_DIR" -name "*-bit-*.rpm" -exec rpm --define "_gpg_name $GPG_KEY" --addsign {} \;
+    find "$REPO_DIR" -type f -name "*-bit-*.rpm" -print0 | \
+      xargs -0 -r rpm --define "_gpg_name $GPG_KEY" --addsign

---

50-66: Align metadata signing with zypper checks

You sign repomd.xml, but the generated .repo lacks repo_gpgcheck=1. Either add it (recommended) or skip metadata signing.

 baseurl=https://$AWS_S3_BUCKET.s3.amazonaws.com/$RPM_REPO/
 enabled=1
 gpgkey=https://$AWS_S3_BUCKET.s3.amazonaws.com/fluentbit.key
 gpgcheck=1
+repo_gpgcheck=1
 autorefresh=1

If you prefer not to enforce repo metadata verification, remove the repomd signatures to avoid confusion.

Also applies to: 68-76

---

60-63: Allow overriding base URL (CDN/region)

Hardcoding the S3 endpoint can be limiting. Support REPO_BASEURL override while keeping current default.

-baseurl=https://$AWS_S3_BUCKET.s3.amazonaws.com/$RPM_REPO/
+baseurl=${REPO_BASEURL:-https://$AWS_S3_BUCKET.s3.amazonaws.com/$RPM_REPO/}

---

29-31: Package name hint

On SUSE, the package providing createrepo is typically createrepo_c. Adjust helper text.

-echo "ERROR: 'createrepo' command not found. Please install it, e.g., 'zypper install createrepo'."
+echo "ERROR: 'createrepo' command not found. Install it, e.g., 'zypper install createrepo_c'."

---

1-3: Set a sane umask for repo files

Ensure world-readable artifacts.

 #!/bin/bash
-set -euo pipefail
+umask 022
+set -euo pipefail

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3389284 and b8d8fb5.

📒 Files selected for processing (1)

• packaging/update-zypper-repo.sh (1 hunks)

[patrick-stephens]

I don't think you need this as it should be part of the opensuse/Dockerfile?

[illescad]

I had an issue with docker finding the correct base image when trying to set the specific leap versions. So if using the opensuse/Dockerfile and setting the target to something like
./packaging/build.sh -d opensuse/leap:15.6
Then the build.sh will add a -base to the image name, opensuse/leap:15.6-base, which does not exist for opensuse. The standard naming convention is opensuse/leap:15.6 which is already the minimal image.

I wasnt sure how to correctly get around this, I can also add a check in build.sh if DISTRO is opensuse to not append the -base. Or maybe there is another way I am not understanding

[patrick-stephens]

I don't think you need this as it should be part of the opensuse/Dockerfile?

[illescad]

I think i discovered the problem i had on why i thought i needed multiple Dockerfiles. The build.sh needs to be updated to replace : with - if i want to call ./build.sh -d opensuse/leap:15.6. I'll push an update to remove the extra Dockerfiles.

Is there a preference on the name we will pass the target distro to build.sh?
./build.sh -d opensuse/leap:15.6
or
./build.sh -d opensuse/leap-15.6
or
./build.sh -d opensuse/15.6

opensuse/leap:15.6 makes sense to me and I can make a change to build.sh to replace : with - to make sure its a valid stage name.

[patrick-stephens]

I think we've typically done the os/version approach in the past - you can see with centos for example the actual base images are stream now but we kept the old name for consistency.

I would probably just go with opensuse/15.6 for now to keep it simple - otherwise we start running into making typos or trying to use non-leap versions, etc.

[patrick-stephens]

What's the main deltas between opensuse and sles? Just want to make sure we capture which one people should use for their targets.

[illescad]

Ah i think I caused some confusion, I need to update that comment to say its the SLES base container image not # opensuse/leap base image. But its just building from SLES image vs the community os opensuse, and people would want to target the os they are building for.
@jhansonhpe do you have a better explanation for main deltas?

[patrick-stephens]

When we add the docs page we should be clear on any differences because if it's not important why do we care? :)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

packaging/README.md (1)

40-43: Docs addition looks consistent; consider noting Tumbleweed unsupported

Targets and “Target Option” values align with build.sh and repo paths. Optional: add a short note that openSUSE Tumbleweed isn’t supported via install.sh to avoid confusion.

packaging/update-zypper-repo.sh (2)

28-39: Honor CREATE_REPO_CMD in availability check and message

You define CREATE_REPO_CMD but check for a hardcoded createrepo. Use the variable for consistency and overrides.

-# Check for createrepo
-if ! command -v createrepo &> /dev/null; then
-    echo "ERROR: 'createrepo' command not found. Please install it, e.g., 'zypper install createrepo'."
+# Check for createrepo-compatible command
+if ! command -v "$CREATE_REPO_CMD" &> /dev/null; then
+    echo "ERROR: '$CREATE_REPO_CMD' not found. Install it, e.g., 'zypper install createrepo'."
     exit 1
 fi

---

49-53: Robust signing: handle spaces and show failures

Minor hardening: use -print0 with xargs and fail the script if any signing fails.

-if [[ "$DISABLE_SIGNING" != "true" ]]; then
-    # Sign all RPMs created for this target, cover both fluent-bit and legacy packages
-    find "$REPO_DIR" -name "*-bit-*.rpm" -exec rpm --define "_gpg_name $GPG_KEY" --addsign {} \;
-fi
+if [[ "$DISABLE_SIGNING" != "true" ]]; then
+    # Sign all RPMs (fluent-bit and legacy td-agent-bit)
+    find "$REPO_DIR" -name "*-bit-*.rpm" -print0 | xargs -0 -r -n1 \
+      rpm --define "_gpg_name $GPG_KEY" --addsign
+fi

packaging/update-repos.sh (1)

61-68: Pass BASE_PATH explicitly to child scripts to reduce env coupling

update-zypper-repo.sh expects BASE_PATH via env or $1. Pass it to be explicit and resilient.

-        "opensuse/"* | "sles/"*)
-            /bin/bash -eux "$SCRIPT_DIR/update-zypper-repo.sh"
+        "opensuse/"* | "sles/"*)
+            /bin/bash -eux "$SCRIPT_DIR/update-zypper-repo.sh" "$BASE_PATH"
             ;;
         *)
-            /bin/bash -eux "$SCRIPT_DIR/update-yum-repo.sh"
+            /bin/bash -eux "$SCRIPT_DIR/update-yum-repo.sh" "$BASE_PATH"
             ;;

packaging/distros/sles/Dockerfile (1)

63-71: CMake flags: remove unused FLB_OUT_KAFKA arg or wire it through

You define FLB_OUT_KAFKA but pass FLB_KAFKA to CMake. Either drop FLB_OUT_KAFKA or add the corresponding -DFLB_OUT_KAFKA flag if intended.

-ARG FLB_OUT_KAFKA=On
...
-    -DFLB_KAFKA="$FLB_KAFKA" \
+    -DFLB_KAFKA="$FLB_KAFKA" \
+    # If separate output toggle exists, include:
+    # -DFLB_OUT_KAFKA="$FLB_OUT_KAFKA" \

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b8d8fb5 and 1e4ad4d.

📒 Files selected for processing (8)

• install.sh (3 hunks)
• packaging/README.md (1 hunks)
• packaging/build-config.json (1 hunks)
• packaging/build.sh (1 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)
• packaging/update-repos.sh (2 hunks)
• packaging/update-zypper-repo.sh (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• packaging/distros/opensuse/Dockerfile
• packaging/build-config.json

🔇 Additional comments (5)

install.sh (2)

151-169: openSUSE Leap zypper branch LGTM

Repo stanza, key import, refresh, and install flow look correct for Leap using VERSION_ID.

---

171-188: Verify zypper’s $releasever expansion on SLES 15.7
Test on a SLES 15.7 instance to confirm $releasever is correctly expanded in the repo URL; if it isn’t, replace with $VERSION_ID (or a sanitized SLES version):

- baseurl = $RELEASE_URL/sles/\$releasever
+ baseurl = $RELEASE_URL/sles/$VERSION_ID

packaging/update-repos.sh (1)

46-48: Repo list update LGTM

New SUSE paths present: opensuse/leap/15.6 and sles/15.7.

packaging/build.sh (1)

63-71: Stage name derivation matches versioned base stages

Constructing BASE_BUILDER as "-<cleaned_version>-base" aligns with SLES stage names (e.g., sles-15.7-base) and likely the opensuse/leap:15.6 Dockerfile. Good.

If opensuse’s Dockerfile uses unversioned base stage names, update it to include the version or adjust this derivation accordingly.

packaging/distros/sles/Dockerfile (1)

9-20: Base images and tooling look correct for SLES 15.7

Multi-arch bases, qemu setup, zypper install set, and cleanup steps are appropriate.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1e4ad4d and 7590d18.

📒 Files selected for processing (4)

• packaging/README.md (1 hunks)
• packaging/build-config.json (1 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packaging/distros/sles/Dockerfile

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packaging/update-repos.sh (1)

61-68: Avoid quoting case patterns; use unquoted globs

Quoting patterns in case may be misleading and can inhibit pattern semantics in some shells. Prefer unquoted patterns.

-    case "$RPM_REPO" in
-        "opensuse/"* | "sles/"*)
+    case "$RPM_REPO" in
+        opensuse/* | sles/*)
             /bin/bash -eux "$SCRIPT_DIR/update-zypper-repo.sh"
             ;;
         *)
             /bin/bash -eux "$SCRIPT_DIR/update-yum-repo.sh"
             ;;
     esac

install.sh (1)

151-170: LGTM: openSUSE Leap repo and install flow

• Uses VERSION_ID for Leap (15.6) path.
• Properly imports key, sets rpm-md repo, refreshes, installs with non-interactive.

One nit: consider adding a brief comment that Leap requires VERSION_ID whereas SLES uses $releasever to avoid future drift.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7590d18 and 04fd8bc.

📒 Files selected for processing (5)

• install.sh (3 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)
• packaging/update-repos.sh (2 hunks)
• packaging/update-zypper-repo.sh (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• packaging/distros/sles/Dockerfile
• packaging/distros/opensuse/Dockerfile
• packaging/update-zypper-repo.sh

🔇 Additional comments (3)

packaging/update-repos.sh (1)

46-48: LGTM: SUSE/SLES repo paths added

New RPM targets look correct and align with the installer paths.

Please confirm packages.fluentbit.io has these directories populated before enabling AWS_SYNC.

install.sh (2)

17-17: LGTM: New ZYPPER_PARAMETERS knob

Keeps CLI flexibility consistent with APT/YUM.

---

171-188: Verify SLES $releasever expands to 15.7 Ensure on all supported SLES images that $releasever resolves to 15.7 (SLE 15 SP7); if it yields 15 or 15-SP7, add a mapping or fallback to target SP7.

[patrick-stephens]

@illescad let me know when you need another review.

[illescad]

@patrick-stephens it's ready for another review. I'll be trying to get some progress on the docs PR

[patrick-stephens]

@patrick-stephens it's ready for another review. I'll be trying to get some progress on the docs PR

Thanks, I'll try to look asap but I'm talking at KCD UK next week so have to focus on that.

[eschabell]

@patrick-stephens can you give this a look (review), as docs PR is ready too: fluent/fluent-bit-docs#2103

[illescad]

hey @patrick-stephens wanted to follow up on another review for this, it's ready to go

[patrick-stephens]

Yeah sorry, school holidays and KCD UK distracted me so apologies for that. Will have a look this week.

[patrick-stephens]

Just some minor niggles to sort.

[patrick-stephens]

Let's ignore DL3037 here to suppress the warning

[patrick-stephens]

We seem to be doing both brace expansion and explicit files here to resolve the possible issue with brace expansion - I'd say just remove the brace expansion entirely and keep it simple.

[illescad]

ah oops, left that in. pushing out the fixes

[patrick-stephens]

Do we need any authentication or suffer from any rate throttling for this registry btw?

[illescad]

We are ok here, it's public access and I cant find any documentation for limits on pulling images

[edsiper]

moved to next milestone (not ready)

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packaging/distros/opensuse/Dockerfile (1)

11-29: Note: Substantial code duplication across three base stages.

The three opensuse base stages (opensuse-leap-base, opensuse-15.6-base, opensuse-15.6.arm64v8-base) each contain identical zypper package lists and cleanup commands. While Docker limitations make it difficult to factor this out without external tooling, consider documenting in the repo's README why this duplication exists and whether a shared base pattern could be introduced in a future refactor.

For this PR, the identical package lists across all three stages are acceptable and ensure consistency.

Also applies to: 31-48, 50-70

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9fc3e11 and 4c8f2ab.

📒 Files selected for processing (2)

• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)

🔇 Additional comments (2)

packaging/distros/sles/Dockerfile (1)

1-88: Package selection and multi-arch setup look solid.

The SLES Dockerfile correctly uses SLES-native packages (cmake-full, libopenssl-devel) and follows the same multi-stage, multi-arch pattern as the OpenSUSE variant. The qemu-aarch64-static setup for ARM64 is correct, and the builder stage CMake configuration is appropriate.

packaging/distros/opensuse/Dockerfile (1)

11-48: Package names and multi-arch setup are correct.

The OpenSUSE Dockerfile correctly uses distro-native packages (cmake-full, libopenssl-devel) across all base stages, and the multi-arch setup with qemu-aarch64-static is properly configured. Prior issues with incorrect package names (cmake3-full, libopenssl-3-devel) appear to have been resolved.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

packaging/distros/opensuse/Dockerfile (1)

15-29: Recommended refactor: reduce duplication in base stage package lists.

The three base stages (lines 15–29, 34–48, 56–70) have nearly identical zypper install commands differing only in the FROM image and platform specifics. You could reduce duplication by defining a shared base template or using a heredoc, though Docker's multi-stage structure makes this less critical. If this pattern extends to other Dockerfiles in the PR, consider a shared base-layer approach for maintainability.

Also applies to: 34-48, 56-70

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4c8f2ab and d650dbd.

📒 Files selected for processing (1)

• packaging/distros/opensuse/Dockerfile (1 hunks)

🔇 Additional comments (1)

packaging/distros/opensuse/Dockerfile (1)

78-121: LGTM: builder stage and CMake configuration look solid.

The common builder stage (line 78) correctly uses the ARG BASE_BUILDER parameter to select the appropriate base image, and the CMake configuration (lines 106–121) is comprehensive with all relevant Fluent Bit build flags (SIMD, TRACE, HTTP_SERVER, KAFKA, PostgreSQL, Jemalloc, etc.). The build and packaging workflow (line 124) is correct. No concerns here.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

Verify: generic opensuse/leap tag vs versioned opensuse/leap:15.6.

Line 13 uses the unversioned opensuse/leap tag for the generic base stage, while lines 32 and 52 use the pinned opensuse/leap:15.6 tag. The generic tag could drift to newer Leap versions in the future, potentially causing unexpected version mismatches or build failures. Consider pinning this to :15.6 (or the intended minimum version) for consistency and reproducibility, or document that this base stage is intended to track the latest Leap release.

---

🌐 Web query:

What versions does the opensuse/leap Docker image tag currently resolve to and is it recommended to use pinned version tags?

💡 Result:

Short answer — opensuse/leap image tags are multi‑tagged per Leap release (e.g. leap:15.6, leap:15.5, …) and the “floating” tags (leap:15 and leap:latest) are moved to point at the current Leap release(s). It’s therefore recommended to pin to a specific release tag (e.g. opensuse/leap:15.6) or — for immutability — to a digest (sha256) when reproducibility is required. (en.opensuse.org)

Citations:

• 1: https://en.opensuse.org/Building_derived_containers?utm_source=openai

---

Pin generic base stage to specific Leap version for reproducibility.

Line 13 uses the unversioned opensuse/leap tag, which is a floating tag that moves to point at the current Leap release(s). This conflicts with the pinned opensuse/leap:15.6 tags on lines 32 and 52, and could cause unexpected version drift or build inconsistencies. It's recommended to pin to a specific release tag (e.g., opensuse/leap:15.6) for reproducibility. Change line 13 to FROM opensuse/leap:15.6 AS opensuse-leap-base.

🤖 Prompt for AI Agents

In packaging/distros/opensuse/Dockerfile around lines 11 to 13, the base stage
uses the floating tag "opensuse/leap", causing potential version drift versus
the pinned "opensuse/leap:15.6" used later; update the FROM line to use the
specific release tag (opensuse/leap:15.6) so the generic base stage is pinned
consistently with the other stages for reproducible builds.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify: libopenssl3 libopenssl-devel combination for openSUSE Leap 15.6.

All three base stages specify libopenssl3 libopenssl-devel (lines 27, 46, 68). The libopenssl3 package is typically the runtime library, while libopenssl-devel provides development headers—this combination appears correct. However, please verify that both package names are available on openSUSE Leap 15.6, particularly since previous reviews flagged incorrect package names in this area.

Also applies to: 46-46, 68-68

---

🌐 Web query:

openSUSE Leap 15.6 zypper packages libopenssl3 libopenssl-devel availability

💡 Result:

Yes — openSUSE Leap 15.6 provides OpenSSL 3 packages (libopenssl3 and libopenssl-3-devel) in the official repositories. You can install them with zypper, for example:

• zypper refresh
• zypper install libopenssl3 libopenssl-3-devel

SUSE security / update listings confirm libopenssl3 and libopenssl-3-devel are packaged for Leap 15.6. [1][2]

Sources:
[1] SUSE update announcement listing libopenssl3 / libopenssl-3-devel for Leap 15.6. [2] SUSE-SU security update listing (Leap 15.6) including libopenssl3 and libopenssl-3-devel.

---

Update package name to libopenssl-3-devel on lines 27, 46, and 68.

OpenSSL 3 packages for openSUSE Leap 15.6 are available in official repositories as libopenssl3 and libopenssl-3-devel. The Dockerfile currently specifies libopenssl-devel, which appears to be incomplete. Change to libopenssl-3-devel to match the correct official package name.

🤖 Prompt for AI Agents

In packaging/distros/opensuse/Dockerfile around lines 27, 46 and 68 the OpenSSL
development package is incorrectly listed as libopenssl-devel; update the
package name to libopenssl-3-devel at each occurrence (lines 27, 46, 68) so the
Dockerfile installs the correct OpenSSL 3 development package from the openSUSE
Leap 15.6 repositories.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

Verify: --platform=arm64 Docker syntax correctness.

Line 52 uses --platform=arm64 in the FROM clause. Verify that this is the correct syntax for your Docker/BuildKit version. Typical platform identifiers in Docker are linux/arm64v8, linux/amd64, etc. Confirm the build succeeds with this syntax, or adjust if needed.

---

🌐 Web query:

Docker FROM --platform=arm64 correct syntax buildkit

💡 Result:

Short answer — valid Dockerfile syntax (BuildKit / buildx):

• Hard-coded platform:
  FROM --platform=linux/arm64 node:18-alpine
• With stage name:
  FROM --platform=linux/arm64 node:18-alpine AS base
• Use build variables (recommended for multi‑arch builds):
  FROM --platform=${BUILDPLATFORM} golang:alpine AS build

To build multi-arch images, prefer passing --platform to buildx (or docker build) instead of hard-coding a constant in every FROM, e.g.:
docker buildx build --platform linux/amd64,linux/arm64 -t myimage:latest .

References: Docker FROM syntax and guidance, multi-platform build docs, and buildx examples. [1][2][3]

Sources
[1] Docker Docs — Multi-platform builds.
[2] docker/buildx (GitHub) — examples and Dockerfile variables.
[3] FROM instruction reference (syntax: FROM [--platform=] [AS ]).

---

---

Correct --platform syntax to use full platform identifier.

Line 52 uses --platform=arm64, but Docker requires full platform identifiers like --platform=linux/arm64. Change to:

FROM --platform=linux/arm64 opensuse/leap:15.6 AS opensuse-15.6.arm64v8-base

🤖 Prompt for AI Agents

In packaging/distros/opensuse/Dockerfile around line 52, the FROM uses an
incomplete platform identifier (--platform=arm64); update it to the full
platform name required by Docker (e.g., --platform=linux/arm64) so change the
FROM line to use --platform=linux/arm64 and keep the rest of the token
unchanged.