Add validate-config subcommand #575
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cwize1
requested changes
Feb 5, 2026
cwize1
requested changes
Feb 5, 2026
liulanze
reviewed
Feb 6, 2026
vinceaperri
force-pushed
the
user/vinceaperri/validate-config-cmd
branch
from
e8c90a6 to
014bff7
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new validate-config subcommand to the Image Customizer CLI that validates customize configuration files without performing customization (and without requiring a base image), with optional validation of referenced local file/dir resources and OCI artifacts. It also introduces an optimization to reuse an already-resolved OCI descriptor during subsequent image download/customization steps.
Changes:
- Add
validate-configCLI subcommand, docs, and supporting library entrypoint (ValidateConfigWithConfigFileOptions) with resource-validation controls (files|oci|all). - Extend config validation to optionally validate referenced local resources (scripts, additionalFiles, additionalDirs, user SSH keys/password files, SELinux policy dir) and OCI references/signatures.
- Add caching of resolved OCI descriptor in
ResolvedConfigand plumb it through download paths to avoid re-resolve/re-verify work.
Reviewed changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| toolkit/tools/pkg/imagecustomizerlib/validateconfigoptions.go | New options type + validation for validate-config behavior (build-dir requirement for OCI). |
| toolkit/tools/pkg/imagecustomizerlib/validateconfigoptions_test.go | Unit tests for ValidateConfigOptions.IsValid(). |
| toolkit/tools/pkg/imagecustomizerlib/configvalidation.go | Adds ValidateConfigWithConfigFileOptions, extends ValidateConfig API, and gates file/OCI validations. |
| toolkit/tools/pkg/imagecustomizerlib/configvalidation_test.go | Adds extensive tests for new validation behaviors and partial-config support. |
| toolkit/tools/imagecustomizerapi/validateresourcetype.go | Introduces ValidateResourceType enum and validation. |
| toolkit/tools/imagecustomizerapi/validateresourcetype_test.go | Tests for ValidateResourceType.IsValid(). |
| toolkit/tools/imagecustomizerapi/validateresourcetypes.go | Introduces ValidateResourceTypes helper methods (Contains, ValidateFiles, ValidateOci). |
| toolkit/tools/imagecustomizerapi/validateresourcetypes_test.go | Tests for ValidateResourceTypes helpers. |
| toolkit/tools/imagecustomizer/main.go | Wires new validate-config command and CLI parsing into the main entrypoint. |
| docs/imagecustomizer/api/cli/validate-config.md | New documentation page for validate-config. |
| docs/imagecustomizer/api/cli/cli.md | Adds validate-config to the CLI command index. |
| docs/imagecustomizer/api/cli/customize.md | Adjusts nav ordering to accommodate new command. |
| docs/imagecustomizer/api/cli/inject-files.md | Adjusts nav ordering to accommodate new command. |
| toolkit/tools/pkg/imagecustomizerlib/resolvedconfig.go | Adds InputImageOciDescriptor cache field for resolved OCI descriptor reuse. |
| toolkit/tools/pkg/imagecustomizerlib/oras.go | Adds openOciImage helper and improved OCI error wrapping; supports passing a pre-resolved descriptor. |
| toolkit/tools/pkg/imagecustomizerlib/downloadimage.go | Plumbs resolved OCI descriptor into OCI/AzureLinux download paths. |
| toolkit/tools/pkg/imagecustomizerlib/downloadimageazurelinux.go | Uses shared Azure Linux signature options helper and accepts optional OCI descriptor. |
| toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go | Ensures build dir exists before validation; passes descriptor into downloadImage. |
| toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go | Updates tests for updated ValidateConfig signature and resource-validation argument. |
| toolkit/tools/pkg/imagecustomizerlib/baseconfigs_test.go | Updates tests for updated ValidateConfig signature. |
| toolkit/tools/pkg/imagecreatorlib/validation.go | Updates call site for updated ValidateConfig signature. |
| .github/workflows/binary-build.yml | Uses retry wrapper for zizmor download in workflow validation step. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Addresses PR comment: nit: customized
…ValidateConfig to make it optional.
…heck The OCI signature check during validation requires a temp directory inside the build directory. This directory must exist before ValidateConfig is called when validating Azure Linux OCI images.
…t in some cases and all callers have to anyway.
cwize1
requested changes
Feb 9, 2026
… to prevent ErrNoRpmSourcesSpecified requirement
vinceaperri
force-pushed
the
user/vinceaperri/validate-config-cmd
branch
from
5ca4f17 to
a29e089
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 23 out of 23 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 23 out of 23 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
cwize1
approved these changes
Feb 12, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a new
validate-configsubcommand that validates configuration files without requiring a base image. Includes support for configurable resource validation (URLs, local files, etc.).Checklist