packaging: add support for Opensuse Leap 15.6 and SLES 15.7

[illescad]

Providing support for SLES and Opensuse

Resolves #10875 by adding SLES v15.7 and Opensuse Leap 15.6 packaging. Opensuse repo images are minimal so adding -base to the target will case errors. To get around this multiple Dockerfiles were created for distro/opensuse/15.6*

---

Testing
Before we can approve your change; please submit the following in a comment:

• [N/A] Example configuration file for the change

• [N/A] Debug log output from testing the change

• [N/A] Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• [N/A] Documentation required for this feature

Backporting

• [N/A] Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• New Features

  • Official RPM packages now available for openSUSE Leap 15.6 and SLES 15.7 (x86_64 and arm64); installer now supports zypper with version pinning.

• Documentation

  • Distro tables and installation guidance updated to include openSUSE and SLES entries.

• Tests

  • Release package verification extended to cover openSUSE/SLES via zypper.

• Chores

  • Multi-arch RPM build, packaging, repo update and signing workflows added for SUSE/openSUSE.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds OpenSUSE Leap 15.6 and SLES 15.7 packaging and install support: documentation and build-config updates, new multi-arch Dockerfiles for both distros, zypper-based test and repo-update flows, update-repos routing to zypper, and install.sh extensions for zypper parameters and install branches.

Changes

Cohort / File(s)	Summary
Docs: distros listing packaging/README.md	Inserts openSUSE 15.6 and SLES 15.7 (x86_64, arm64v8) into concise and full distro tables.
Build config: RPM targets packaging/build-config.json	Adds RPM targets: opensuse/15.6, opensuse/15.6.arm64v8, sles/15.7, sles/15.7.arm64v8.
Docker builds: SUSE distros packaging/distros/opensuse/Dockerfile, packaging/distros/sles/Dockerfile	New multi-stage, multi-arch Dockerfiles (qemu shim for aarch64) that install dev deps via zypper, configure CMake with many Fluent Bit feature flags, build and CPack-package RPMs, and emit artifacts to /output.
Release package tests (zypper) packaging/test-release-packages.sh	Adds ZYPPER_TARGETS and a zypper-based test loop mirroring the existing yum path: runs containers, refreshes zypper, installs gpg/curl, executes install flow and verifies fluent-bit --version.
Repo update routing and entries packaging/update-repos.sh	Adds opensuse/leap/15.6 and sles/15.7 to RPM_REPO_PATHS and dispatches opensuse/* and sles/* repos to update-zypper-repo.sh (others remain routed to yum updater).
Zypper repo updater script packaging/update-zypper-repo.sh	New script: validates paths, handles optional signing/GPG key, signs RPMs and repomd if enabled, runs createrepo, optionally writes S3-backed .repo metadata, and logs progress.
Installer: zypper support install.sh	Adds ZYPPER_PARAMETERS and ZYPPER_VERSION; implements opensuse-leap and sles install branches that import GPG key, write /etc/zypp/repos.d/fluent-bit.repo, refresh metadata and install via zypper with optional version pinning.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant User
  participant Installer as install.sh
  participant Repo as Fluent-Bit Repo
  participant Zypper

  User->>Installer: run installer
  Installer->>Installer: detect OS (opensuse-leap or sles)
  alt SUSE family
    Installer->>Repo: import GPG key
    Installer->>Installer: write `/etc/zypp/repos.d/fluent-bit.repo`
    Installer->>Zypper: refresh metadata
    Installer->>Zypper: install fluent-bit (ZYPPER_VERSION, ZYPPER_PARAMETERS)
    Zypper-->>User: installation result
  else other OS families
    Installer->>Installer: run apt/yum flows
  end

Loading

sequenceDiagram
  autonumber
  participant CI
  participant Updater as update-repos.sh
  participant YumUpd as update-yum-repo.sh
  participant ZypperUpd as update-zypper-repo.sh

  CI->>Updater: run repo update
  Updater->>Updater: iterate RPM_REPO_PATHS
  alt path matches opensuse/* or sles/*
    Updater->>ZypperUpd: run zypper repo update (sign, createrepo, optional .repo)
  else
    Updater->>YumUpd: run yum repo update
  end

Loading

sequenceDiagram
  autonumber
  participant Tester
  participant TestScript as test-release-packages.sh
  participant Docker
  participant Zypper

  Tester->>TestScript: run tests
  loop for each ZYPPER_TARGET
    TestScript->>Docker: run image
    Docker->>Zypper: refresh, install gpg/curl
    Docker->>Zypper: run install script (install.sh)
    Docker-->>TestScript: return `fluent-bit --version`
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• packaging: script: Use rockylinux prefix on package testing script #11297: Modifies packaging/test-release-packages.sh container targets and test flows (related zypper/yum test changes).
• packaging: provide CentOS Stream, Alma and Rocky Linux builds for version 10 #10906: Packaging updates adding RPM distro targets and related packaging files (build-config, README, repo/update logic).

Suggested reviewers

• patrick-stephens
• niedbalski
• celalettin1286

Poem

I hop through Leap and SLES with glee,
RPMs stack up, arm64 and x86,
Zypper hums while repos align,
Multi‑arch builds in tidy line,
A rabbit packs — the pipeline’s fine. 🐇📦

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding packaging support for OpenSUSE Leap 15.6 and SLES 15.7, which is the primary objective across all file modifications.
Linked Issues check	✅ Passed	The changes comprehensively address issue #10875 objectives: add native SLES/OpenSUSE packaging with Dockerfiles, extend test tooling with zypper support, and provide update-zypper-repo.sh script.
Out of Scope Changes check	✅ Passed	All changes are within scope: Dockerfiles and build configs for new distros, README documentation, test and repo update scripts, and install script modifications for zypper support.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 964ebca and f4ff22a.

📒 Files selected for processing (8)

• packaging/README.md (1 hunks)
• packaging/build-config.json (1 hunks)
• packaging/distros/opensuse/15.6.arm64v8/Dockerfile (1 hunks)
• packaging/distros/opensuse/15.6/Dockerfile (1 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)
• packaging/test-release-packages.sh (1 hunks)
• packaging/update-repos.sh (1 hunks)

🔇 Additional comments (3)

packaging/distros/opensuse/15.6.arm64v8/Dockerfile (1)

12-24: Confirm availability of cmake3-full.

On Leap 15.x the package is usually cmake/cmake-full; cmake3-full may not exist and would break the build. Please confirm the package name and adjust if necessary (likely cmake-full).

packaging/distros/opensuse/15.6/Dockerfile (1)

7-19: Verify the cmake3-full dependency.

Same concern as the arm64 Dockerfile: ensure cmake3-full exists on Leap 15.6; otherwise switch to cmake-full to avoid install failures.

packaging/distros/opensuse/Dockerfile (1)

16-28: Please double-check the cmake3-full install.

For the generic OpenSUSE builder we also request confirmation that cmake3-full is present on the chosen Leap image; if not, use the available cmake-full package instead.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

packaging/README.md (1)

40-43: Docs update looks good; minor style nit

Entries are correct. Consider dropping bold on “SLES” to match the table’s neutral style used for other distros.

packaging/test-release-packages.sh (1)

123-141: Harden zypper invocations to avoid key prompts

Add --gpg-auto-import-keys to refresh/install to eliminate potential non-interactive key prompts on fresh images.

-        sh -c "zypper --non-interactive refresh && zypper --non-interactive install gpg curl; $INSTALL_CMD && /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"
+        sh -c "zypper --non-interactive --gpg-auto-import-keys refresh && zypper --non-interactive --gpg-auto-import-keys install gpg curl; $INSTALL_CMD && /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"

install.sh (2)

158-172: Avoid non-interactive key prompts on repo refresh/install

Add --gpg-auto-import-keys to the zypper commands to ensure fully non-interactive runs across images.

- zypper --non-interactive refresh
- $INSTALL_CMD_PREFIX zypper --non-interactive $ZYPPER_PARAMETERS install $INSTALL_PACKAGE_NAME$ZYPPER_VERSION
+ zypper --non-interactive --gpg-auto-import-keys refresh
+ $INSTALL_CMD_PREFIX zypper --non-interactive --gpg-auto-import-keys $ZYPPER_PARAMETERS install $INSTALL_PACKAGE_NAME$ZYPPER_VERSION

---

161-169: Optional repo metadata fields

Consider adding type=rpm-md and autorefresh=1 for clarity and default behavior parity with common SUSE repo snippets. Not required.

 [fluent-bit]
 name = Fluent Bit
 baseurl = $RELEASE_URL/$SUSE_OS/$SUSE_VER
 gpgcheck=1
 repo_gpgcheck=1
 gpgkey=$RELEASE_KEY
 enabled=1
+type=rpm-md
+autorefresh=1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f4ff22a and 9249b7b.

📒 Files selected for processing (3)

• install.sh (3 hunks)
• packaging/README.md (1 hunks)
• packaging/test-release-packages.sh (2 hunks)

🔇 Additional comments (4)

packaging/test-release-packages.sh (1)

63-66: Good targets

Correct images for openSUSE Leap and SLES (BCI base). Nice fix separating Zypper-based distros.

install.sh (3)

17-17: Env parameter passthrough looks good

ZYPPER_PARAMETERS addition mirrors APT/YUM patterns. No issues.

---

52-57: Version pinning parity

ZYPPER_VERSION addition aligns with YUM_VERSION format. Good for consistent pinning.

---

151-172: Consistency check passed: packaging/update-repos.sh and packaging/build-config.json already include opensuse/15.6 and sles/15.7.

[patrick-stephens]

@illescad can you raise and link a docs PR as well? Also just tweak the commits and PR title to include packaging: prefix and ensure the DCO is done.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 75c6d92 and f52823d.

📒 Files selected for processing (9)

• install.sh (3 hunks)
• packaging/README.md (1 hunks)
• packaging/build-config.json (1 hunks)
• packaging/distros/opensuse/15.6.arm64v8/Dockerfile (1 hunks)
• packaging/distros/opensuse/15.6/Dockerfile (1 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)
• packaging/test-release-packages.sh (2 hunks)
• packaging/update-repos.sh (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (7)

• packaging/README.md
• packaging/distros/sles/Dockerfile
• install.sh
• packaging/distros/opensuse/15.6/Dockerfile
• packaging/build-config.json
• packaging/distros/opensuse/Dockerfile
• packaging/update-repos.sh

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

cmake3-full doesn’t exist in Leap 15.x repos

zypper install … cmake3-full will fail because the package name in Leap/SLES is cmake (with the optional cmake-full pattern), not cmake3-full. The Docker build will therefore break before we even reach CMake configure. Please swap in the correct package name (typically cmake or cmake-full) so the image can install successfully.

🤖 Prompt for AI Agents

In packaging/distros/opensuse/15.6.arm64v8/Dockerfile around lines 11-24, the
Dockerfile attempts to install a non-existent package named cmake3-full on Leap
15.x; replace cmake3-full with the correct package name (typically cmake or the
cmake-full pattern) in the zypper install line so the install succeeds, then
rebuild the image to verify CMake is available.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix command chaining in the zypper loop

The escaped newline glues both zypper invocations into a single command (zypper … refresh zypper … install …), which fails, and $INSTALL_CMD /opt/… treats the version check as arguments to the installer, so /opt/fluent-bit/bin/fluent-bit --version never runs. Use explicit && separators just like the YUM/APT blocks.

-        sh -c "zypper --non-interactive --gpg-auto-import-keys refresh \
-               zypper --non-interactive --gpg-auto-import-keys install gpg curl; \
-               $INSTALL_CMD /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"
+        sh -c "zypper --non-interactive --gpg-auto-import-keys refresh && \
+               zypper --non-interactive --gpg-auto-import-keys install gpg curl && \
+               $INSTALL_CMD && /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	sh -c "zypper --non-interactive --gpg-auto-import-keys refresh \
	zypper --non-interactive --gpg-auto-import-keys install gpg curl; \
	$INSTALL_CMD /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"
	sh -c "zypper --non-interactive --gpg-auto-import-keys refresh && \
	zypper --non-interactive --gpg-auto-import-keys install gpg curl && \
	$INSTALL_CMD && /opt/fluent-bit/bin/fluent-bit --version" | tee "$LOG_FILE"

🤖 Prompt for AI Agents

In packaging/test-release-packages.sh around lines 139 to 141, the zypper
commands are joined by an escaped newline which concatenates them into a single
invalid command and causes the version check to be passed as arguments to the
installer; change the chaining to use explicit && between commands (e.g. zypper
... refresh && zypper ... install gpg curl && $INSTALL_CMD
/opt/fluent-bit/bin/fluent-bit --version) so each zypper invocation runs
sequentially and the --version check executes as a separate command.

[patrick-stephens]

@illescad if you can sort the DCO and docs PR that would be great so we can merge? Plus just check the CodeRabbit comments and resolve/fix as needed.

[illescad]

@patrick-stephens working through the the docs PR today and any coderabbit fixes

[patrick-stephens]

@patrick-stephens working through the the docs PR today and any coderabbit fixes

Thanks mate, let me know when you're done and I'll re-approve for merge. Looks good to me and I'll probably take it downstream to our repo straightaway anyway!

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (7)

packaging/update-zypper-repo.sh (7)

2-2: Harden shell options

Add pipefail to catch errors in pipelines; optionally gate xtrace with a DEBUG flag.

-set -eux
+set -euo pipefail
+${DEBUG:+set -x}

---

36-41: realpath flags portability; add fallback

realpath -sm may not be available on all images. Provide a fallback to readlink -f or drop -s.

-REPO_DIR=$(realpath -sm "$BASE_PATH/$RPM_REPO")
+if command -v realpath >/dev/null 2>&1; then
+  REPO_DIR=$(realpath -m "$BASE_PATH/$RPM_REPO")
+elif command -v readlink >/dev/null 2>&1; then
+  REPO_DIR=$(readlink -f "$BASE_PATH/$RPM_REPO")
+else
+  REPO_DIR=$(cd "$BASE_PATH/$RPM_REPO" && pwd -P)
+fi

Please confirm realpath -s exists on your target SUSE/Leap images.

---

42-46: RPM signing: robustness and batching

• Use null-delimited paths and batch to reduce process spawn and handle odd filenames.
• Ensure we only target regular files.

-    find "$REPO_DIR" -name "*-bit-*.rpm" -exec rpm --define "_gpg_name $GPG_KEY" --addsign {} \;
+    find "$REPO_DIR" -type f -name "*-bit-*.rpm" -print0 | \
+      xargs -0 -r rpm --define "_gpg_name $GPG_KEY" --addsign

---

50-66: Align metadata signing with zypper checks

You sign repomd.xml, but the generated .repo lacks repo_gpgcheck=1. Either add it (recommended) or skip metadata signing.

 baseurl=https://$AWS_S3_BUCKET.s3.amazonaws.com/$RPM_REPO/
 enabled=1
 gpgkey=https://$AWS_S3_BUCKET.s3.amazonaws.com/fluentbit.key
 gpgcheck=1
+repo_gpgcheck=1
 autorefresh=1

If you prefer not to enforce repo metadata verification, remove the repomd signatures to avoid confusion.

Also applies to: 68-76

---

60-63: Allow overriding base URL (CDN/region)

Hardcoding the S3 endpoint can be limiting. Support REPO_BASEURL override while keeping current default.

-baseurl=https://$AWS_S3_BUCKET.s3.amazonaws.com/$RPM_REPO/
+baseurl=${REPO_BASEURL:-https://$AWS_S3_BUCKET.s3.amazonaws.com/$RPM_REPO/}

---

29-31: Package name hint

On SUSE, the package providing createrepo is typically createrepo_c. Adjust helper text.

-echo "ERROR: 'createrepo' command not found. Please install it, e.g., 'zypper install createrepo'."
+echo "ERROR: 'createrepo' command not found. Install it, e.g., 'zypper install createrepo_c'."

---

1-3: Set a sane umask for repo files

Ensure world-readable artifacts.

 #!/bin/bash
-set -euo pipefail
+umask 022
+set -euo pipefail

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3389284 and b8d8fb5.

📒 Files selected for processing (1)

• packaging/update-zypper-repo.sh (1 hunks)

[patrick-stephens]

I don't think you need this as it should be part of the opensuse/Dockerfile?

[illescad]

I had an issue with docker finding the correct base image when trying to set the specific leap versions. So if using the opensuse/Dockerfile and setting the target to something like
./packaging/build.sh -d opensuse/leap:15.6
Then the build.sh will add a -base to the image name, opensuse/leap:15.6-base, which does not exist for opensuse. The standard naming convention is opensuse/leap:15.6 which is already the minimal image.

I wasnt sure how to correctly get around this, I can also add a check in build.sh if DISTRO is opensuse to not append the -base. Or maybe there is another way I am not understanding

[patrick-stephens]

I don't think you need this as it should be part of the opensuse/Dockerfile?

[illescad]

I think i discovered the problem i had on why i thought i needed multiple Dockerfiles. The build.sh needs to be updated to replace : with - if i want to call ./build.sh -d opensuse/leap:15.6. I'll push an update to remove the extra Dockerfiles.

Is there a preference on the name we will pass the target distro to build.sh?
./build.sh -d opensuse/leap:15.6
or
./build.sh -d opensuse/leap-15.6
or
./build.sh -d opensuse/15.6

opensuse/leap:15.6 makes sense to me and I can make a change to build.sh to replace : with - to make sure its a valid stage name.

[patrick-stephens]

I think we've typically done the os/version approach in the past - you can see with centos for example the actual base images are stream now but we kept the old name for consistency.

I would probably just go with opensuse/15.6 for now to keep it simple - otherwise we start running into making typos or trying to use non-leap versions, etc.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

packaging/README.md (1)

40-43: Docs addition looks consistent; consider noting Tumbleweed unsupported

Targets and “Target Option” values align with build.sh and repo paths. Optional: add a short note that openSUSE Tumbleweed isn’t supported via install.sh to avoid confusion.

packaging/update-zypper-repo.sh (2)

28-39: Honor CREATE_REPO_CMD in availability check and message

You define CREATE_REPO_CMD but check for a hardcoded createrepo. Use the variable for consistency and overrides.

-# Check for createrepo
-if ! command -v createrepo &> /dev/null; then
-    echo "ERROR: 'createrepo' command not found. Please install it, e.g., 'zypper install createrepo'."
+# Check for createrepo-compatible command
+if ! command -v "$CREATE_REPO_CMD" &> /dev/null; then
+    echo "ERROR: '$CREATE_REPO_CMD' not found. Install it, e.g., 'zypper install createrepo'."
     exit 1
 fi

---

49-53: Robust signing: handle spaces and show failures

Minor hardening: use -print0 with xargs and fail the script if any signing fails.

-if [[ "$DISABLE_SIGNING" != "true" ]]; then
-    # Sign all RPMs created for this target, cover both fluent-bit and legacy packages
-    find "$REPO_DIR" -name "*-bit-*.rpm" -exec rpm --define "_gpg_name $GPG_KEY" --addsign {} \;
-fi
+if [[ "$DISABLE_SIGNING" != "true" ]]; then
+    # Sign all RPMs (fluent-bit and legacy td-agent-bit)
+    find "$REPO_DIR" -name "*-bit-*.rpm" -print0 | xargs -0 -r -n1 \
+      rpm --define "_gpg_name $GPG_KEY" --addsign
+fi

packaging/update-repos.sh (1)

61-68: Pass BASE_PATH explicitly to child scripts to reduce env coupling

update-zypper-repo.sh expects BASE_PATH via env or $1. Pass it to be explicit and resilient.

-        "opensuse/"* | "sles/"*)
-            /bin/bash -eux "$SCRIPT_DIR/update-zypper-repo.sh"
+        "opensuse/"* | "sles/"*)
+            /bin/bash -eux "$SCRIPT_DIR/update-zypper-repo.sh" "$BASE_PATH"
             ;;
         *)
-            /bin/bash -eux "$SCRIPT_DIR/update-yum-repo.sh"
+            /bin/bash -eux "$SCRIPT_DIR/update-yum-repo.sh" "$BASE_PATH"
             ;;

packaging/distros/sles/Dockerfile (1)

63-71: CMake flags: remove unused FLB_OUT_KAFKA arg or wire it through

You define FLB_OUT_KAFKA but pass FLB_KAFKA to CMake. Either drop FLB_OUT_KAFKA or add the corresponding -DFLB_OUT_KAFKA flag if intended.

-ARG FLB_OUT_KAFKA=On
...
-    -DFLB_KAFKA="$FLB_KAFKA" \
+    -DFLB_KAFKA="$FLB_KAFKA" \
+    # If separate output toggle exists, include:
+    # -DFLB_OUT_KAFKA="$FLB_OUT_KAFKA" \

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b8d8fb5 and 1e4ad4d.

📒 Files selected for processing (8)

• install.sh (3 hunks)
• packaging/README.md (1 hunks)
• packaging/build-config.json (1 hunks)
• packaging/build.sh (1 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)
• packaging/update-repos.sh (2 hunks)
• packaging/update-zypper-repo.sh (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• packaging/distros/opensuse/Dockerfile
• packaging/build-config.json

🔇 Additional comments (5)

install.sh (2)

151-169: openSUSE Leap zypper branch LGTM

Repo stanza, key import, refresh, and install flow look correct for Leap using VERSION_ID.

---

171-188: Verify zypper’s $releasever expansion on SLES 15.7
Test on a SLES 15.7 instance to confirm $releasever is correctly expanded in the repo URL; if it isn’t, replace with $VERSION_ID (or a sanitized SLES version):

- baseurl = $RELEASE_URL/sles/\$releasever
+ baseurl = $RELEASE_URL/sles/$VERSION_ID

packaging/update-repos.sh (1)

46-48: Repo list update LGTM

New SUSE paths present: opensuse/leap/15.6 and sles/15.7.

packaging/build.sh (1)

63-71: Stage name derivation matches versioned base stages

Constructing BASE_BUILDER as "-<cleaned_version>-base" aligns with SLES stage names (e.g., sles-15.7-base) and likely the opensuse/leap:15.6 Dockerfile. Good.

If opensuse’s Dockerfile uses unversioned base stage names, update it to include the version or adjust this derivation accordingly.

packaging/distros/sles/Dockerfile (1)

9-20: Base images and tooling look correct for SLES 15.7

Multi-arch bases, qemu setup, zypper install set, and cleanup steps are appropriate.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1e4ad4d and 7590d18.

📒 Files selected for processing (4)

• packaging/README.md (1 hunks)
• packaging/build-config.json (1 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packaging/distros/sles/Dockerfile

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packaging/update-repos.sh (1)

61-68: Avoid quoting case patterns; use unquoted globs

Quoting patterns in case may be misleading and can inhibit pattern semantics in some shells. Prefer unquoted patterns.

-    case "$RPM_REPO" in
-        "opensuse/"* | "sles/"*)
+    case "$RPM_REPO" in
+        opensuse/* | sles/*)
             /bin/bash -eux "$SCRIPT_DIR/update-zypper-repo.sh"
             ;;
         *)
             /bin/bash -eux "$SCRIPT_DIR/update-yum-repo.sh"
             ;;
     esac

install.sh (1)

151-170: LGTM: openSUSE Leap repo and install flow

• Uses VERSION_ID for Leap (15.6) path.
• Properly imports key, sets rpm-md repo, refreshes, installs with non-interactive.

One nit: consider adding a brief comment that Leap requires VERSION_ID whereas SLES uses $releasever to avoid future drift.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7590d18 and 04fd8bc.

📒 Files selected for processing (5)

• install.sh (3 hunks)
• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)
• packaging/update-repos.sh (2 hunks)
• packaging/update-zypper-repo.sh (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• packaging/distros/sles/Dockerfile
• packaging/distros/opensuse/Dockerfile
• packaging/update-zypper-repo.sh

🔇 Additional comments (3)

packaging/update-repos.sh (1)

46-48: LGTM: SUSE/SLES repo paths added

New RPM targets look correct and align with the installer paths.

Please confirm packages.fluentbit.io has these directories populated before enabling AWS_SYNC.

install.sh (2)

17-17: LGTM: New ZYPPER_PARAMETERS knob

Keeps CLI flexibility consistent with APT/YUM.

---

171-188: Verify SLES $releasever expands to 15.7 Ensure on all supported SLES images that $releasever resolves to 15.7 (SLE 15 SP7); if it yields 15 or 15-SP7, add a mapping or fallback to target SP7.

[patrick-stephens]

@illescad let me know when you need another review.

[illescad]

@patrick-stephens it's ready for another review. I'll be trying to get some progress on the docs PR

[patrick-stephens]

@patrick-stephens it's ready for another review. I'll be trying to get some progress on the docs PR

Thanks, I'll try to look asap but I'm talking at KCD UK next week so have to focus on that.

[illescad]

I have time this week to wrap this up. I thought i had any issues addressed already, is there something specific in the PR that i am missing?

[patrick-stephens]

You might have done it all, sorry it's hard with all my notifications! If you can just double check and ping me then I can merge if so.

[illescad]

@patrick-stephens ok double checked and any of your previous notes have been fixed/addressed

[patrick-stephens]

Just the OpenSSL 3 headers question

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packaging/distros/opensuse/Dockerfile (2)

32-32: Remove trailing whitespace.

Line 32 has trailing whitespace after the stage name.

-FROM opensuse/leap:15.6 AS opensuse-15.6-base 
+FROM opensuse/leap:15.6 AS opensuse-15.6-base

---

124-124: Consider dynamic parallelism for make.

The hardcoded -j 4 is a safe default but may underutilize systems with more cores. Consider using $(nproc) for dynamic parallelism, or document why 4 was chosen.

-CMD [ "/bin/bash", "-c", "make --no-print-directory -j 4 && cpack -G RPM && cp *.rpm /output/" ]
+CMD [ "/bin/bash", "-c", "make --no-print-directory -j $(nproc) && cpack -G RPM && cp *.rpm /output/" ]

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d650dbd and a3d7c89.

📒 Files selected for processing (2)

• packaging/distros/opensuse/Dockerfile (1 hunks)
• packaging/distros/sles/Dockerfile (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packaging/distros/sles/Dockerfile

🔇 Additional comments (3)

packaging/distros/opensuse/Dockerfile (3)

1-9: LGTM!

The header documentation clearly explains the BASE_BUILDER mechanism and the multiarch setup using qemu-user-static is a standard pattern for cross-architecture builds.

---

11-29: Floating tag retained for generic Leap builds.

The opensuse/leap floating tag (line 13) appears to be intentionally retained to provide a "latest Leap" build target, while opensuse-15.6-base provides a pinned alternative. This is a reasonable design given the BASE_BUILDER ARG mechanism allows selecting the appropriate base. Consider adding a brief comment explaining this distinction for future maintainers.

---

50-74: LGTM!

The arm64 base stage correctly uses --platform=linux/arm64 syntax, includes the qemu static binary for cross-compilation, and appropriately configures jemalloc options with larger page size (--with-lg-page=16) suitable for arm64 architectures.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify if FLB_OUT_KAFKA is a valid CMake option and how it's used

echo "=== Checking for FLB_OUT_KAFKA in Dockerfiles ==="
rg -n 'FLB_OUT_KAFKA' --type-add 'docker:Dockerfile*' --type docker

echo "=== Checking CMakeLists for FLB_OUT_KAFKA ==="
rg -n 'FLB_OUT_KAFKA' -g 'CMakeLists.txt'

echo "=== Checking for FLB_OUT_KAFKA in all files ==="
rg -n 'FLB_OUT_KAFKA' --max-count 20

echo "=== Checking opensuse Dockerfile context around line 98 ==="
sed -n '90,125p' packaging/distros/opensuse/Dockerfile

Repository: fluent/fluent-bit

Length of output: 4622

---

Add missing FLB_OUT_KAFKA flag to CMake command.

FLB_OUT_KAFKA is defined as an ARG on line 98 but is not passed to CMake (lines 106-121). Other Dockerfiles (debian, ubuntu, raspbian, etc.) include -DFLB_OUT_KAFKA="$FLB_OUT_KAFKA" in their CMake invocations. Add this flag to the opensuse Dockerfile's cmake command to ensure consistent configuration.

🤖 Prompt for AI Agents

In packaging/distros/opensuse/Dockerfile around lines 98 and 106-121, the ARG
FLB_OUT_KAFKA is declared on line 98 but not forwarded to the CMake invocation;
update the CMake command(s) in the block at lines ~106-121 to include
-DFLB_OUT_KAFKA="$FLB_OUT_KAFKA" alongside the other -D flags so the Kafka
output option honors the build ARG the same way other distro Dockerfiles do.

[patrick-stephens]

Agreed, we should use args if they are provided.

[coderabbitai]

@patrick-stephens, thank you for confirming! The FLB_OUT_KAFKA flag should indeed be added to the CMake command in the opensuse Dockerfile to match the pattern used in other distro Dockerfiles. This will ensure the Kafka output plugin configuration is consistent across all packaging targets.

(/￣▽￣)/ ♪

---

🧠 Learnings used

Learnt from: ThomasDevoogdt
Repo: fluent/fluent-bit PR: 9277
File: .github/workflows/pr-compile-check.yaml:147-151
Timestamp: 2025-08-31T12:46:11.940Z
Learning: In fluent-bit, the correct CMake flag for using system librdkafka is `FLB_PREFER_SYSTEM_LIB_KAFKA=ON`.

---

Learnt from: ThomasDevoogdt
Repo: fluent/fluent-bit PR: 9277
File: .github/workflows/pr-compile-check.yaml:147-151
Timestamp: 2025-08-31T12:46:11.940Z
Learning: In fluent-bit CMakeLists.txt, the system library preference flags are defined as FLB_PREFER_SYSTEM_LIB_ZSTD and FLB_PREFER_SYSTEM_LIB_KAFKA with the FLB_ prefix.

---

Learnt from: cosmo0920
Repo: fluent/fluent-bit PR: 10832
File: src/wasm/CMakeLists.txt:112-131
Timestamp: 2025-09-04T07:28:37.083Z
Learning: In fluent-bit CMake files, the user cosmo0920 prefers treating Git as a command rather than a package, emphasizing that Git is not a pkg-config retrievable package but just a command.

[illescad]

@patrick-stephens things are looking good!

[illescad]

@patrick-stephens i believe all questions were addressed/resolved. Can we get this merged in now?

[patrick-stephens]

Sorry, my notifications have been overwhelmed since the holiday season and my jury service after it so will take a look shortly.

It looks like we still have a comment and some failing CI though.

[patrick-stephens]

Can you confirm this works to only substitute the correct thing? I notice in the other sections we do a sed afterwards instead so we should be consistent in both.

[patrick-stephens]

The reason I ask is I think I had issues before with it being too aggressive on substituting variables in the HEREDOC even with escaping, you can also quote the EOF to prevent it but in this case you need to substitute the RELEASE_URL. I think what you have is correct but I'd just like a quick test to confirm in a real world install.

[patrick-stephens]

@illescad can I give you a quick poke on this so we can merge?

[illescad]

@illescad can I give you a quick poke on this so we can merge?

hey yea i'd like to dedicate some time to get this wrapped up as well. right now it looks like a quick code rabbit fix and test out the install.sh? Anything else im missing??

[patrick-stephens]

@illescad can I give you a quick poke on this so we can merge?

hey yea i'd like to dedicate some time to get this wrapped up as well. right now it looks like a quick code rabbit fix and test out the install.sh? Anything else im missing??

Nope, that's all - if you can rebase as well to make sure we've got all the latest changes in particularly around the CI due to the recent changes to mitigate Github security issues.

[illescad]

@patrick-stephens I've updated install.sh for opensuse and sles to match other distros replace with sed.

Added in the kafka_out flag to cmake for both distros

rebased to upstream/master

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

install.sh (1)

151-189: Consider extracting the duplicated zypper install flow into a helper.

The opensuse-leap and sles blocks are nearly identical; a small helper would reduce drift risk (like the macro typo) and simplify future updates.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@install.sh` around lines 151 - 189, Extract the duplicated zypper flow in the
opensuse-leap and sles case blocks into a helper function (e.g.,
setup_zypper_repo_and_install) that accepts the distro path segment
(opensuse/leap vs sles) and the VERSION_SUBSTR replacement token, then move the
shared sequence—rpm --import $RELEASE_KEY, heredoc to create
/etc/zypp/repos.d/fluent-bit.repo using $RELEASE_URL and $RELEASE_KEY, the sed
substitution, zypper refresh and the install command—into that helper; call it
from both case labels passing the appropriate URL segment and replacement token
(ensure you pass the correct replacement string used in sed: "$releasever" for
sles and the intended token for opensuse-leap), and reuse existing variables
$INSTALL_CMD_PREFIX, $ZYPPER_PARAMETERS, $INSTALL_PACKAGE_NAME and
$ZYPPER_VERSION so the final behavior is identical.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@install.sh`:
- Line 165: The sed substitution on the line using sed -i
's|VERSION_SUBSTR|\$releaserver|g' should use the correct openSUSE zypper macro
name; change the replacement token from \$releaserver to \$releasever so the
command becomes sed -i 's|VERSION_SUBSTR|\$releasever|g' (locate the sed call
that replaces VERSION_SUBSTR in install.sh).

---

Nitpick comments:
In `@install.sh`:
- Around line 151-189: Extract the duplicated zypper flow in the opensuse-leap
and sles case blocks into a helper function (e.g.,
setup_zypper_repo_and_install) that accepts the distro path segment
(opensuse/leap vs sles) and the VERSION_SUBSTR replacement token, then move the
shared sequence—rpm --import $RELEASE_KEY, heredoc to create
/etc/zypp/repos.d/fluent-bit.repo using $RELEASE_URL and $RELEASE_KEY, the sed
substitution, zypper refresh and the install command—into that helper; call it
from both case labels passing the appropriate URL segment and replacement token
(ensure you pass the correct replacement string used in sed: "$releasever" for
sles and the intended token for opensuse-leap), and reuse existing variables
$INSTALL_CMD_PREFIX, $ZYPPER_PARAMETERS, $INSTALL_PACKAGE_NAME and
$ZYPPER_VERSION so the final behavior is identical.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7df591bc-3ca1-43f3-b94a-0abbb3748510

📥 Commits

Reviewing files that changed from the base of the PR and between a3d7c89 and 46db7ff.

📒 Files selected for processing (1)

• install.sh