From 5f5c8ed586282c59729d9aa557432549ed57dfca Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 1 Feb 2026 07:33:54 +0000
Subject: [PATCH] Address code review feedback: add constant for cache duration
 and fix bash tests

- Define certCheckCacheDuration constant for better maintainability
- Fix bash test syntax in tls_cert_reload.bats for command existence checks
- Fix function call syntax without command substitution

Co-authored-by: rchincha <45800463+rchincha@users.noreply.github.com>
---
 pkg/api/tlscert.go                 | 8 +++++++-
 test/blackbox/tls_cert_reload.bats | 6 +++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/pkg/api/tlscert.go b/pkg/api/tlscert.go
index 50fde898..bf9c5b9a 100644
--- a/pkg/api/tlscert.go
+++ b/pkg/api/tlscert.go
@@ -12,6 +12,12 @@ import (
 	"zotregistry.dev/zot/v2/pkg/log"
 )
 
+const (
+	// certCheckCacheDuration is the minimum time between file stat checks when fsnotify is unavailable.
+	// This prevents excessive file system calls during high TLS handshake rates.
+	certCheckCacheDuration = 1 * time.Second
+)
+
 // CertReloader handles automatic reloading of TLS certificates without downtime.
 // It monitors certificate and key files for changes and reloads them dynamically
 // using a GetCertificate callback in tls.Config.
@@ -37,7 +43,7 @@ func NewCertReloader(certPath, keyPath string, logger log.Logger) (*CertReloader
 		certPath:    certPath,
 		keyPath:     keyPath,
 		log:         logger,
-		checkCache:  1 * time.Second, // Only check file stats at most once per second
+		checkCache:  certCheckCacheDuration,
 		stopWatcher: make(chan struct{}),
 	}
 
diff --git a/test/blackbox/tls_cert_reload.bats b/test/blackbox/tls_cert_reload.bats
index 36df1e0c..7d55d5bd 100644
--- a/test/blackbox/tls_cert_reload.bats
+++ b/test/blackbox/tls_cert_reload.bats
@@ -2,12 +2,12 @@ load helpers_zot
 load ../port_helper
 
 function verify_prerequisites {
-    if [ ! $(command -v curl) ]; then
+    if ! command -v curl > /dev/null 2>&1; then
         echo "you need to install curl as a prerequisite to running the tests" >&3
         return 1
     fi
 
-    if [ ! $(command -v openssl) ]; then
+    if ! command -v openssl > /dev/null 2>&1; then
         echo "you need to install openssl as a prerequisite to running the tests" >&3
         return 1
     fi
@@ -63,7 +63,7 @@ function regenerate_server_cert() {
 
 function setup_file() {
     # Verify prerequisites are available
-    if ! $(verify_prerequisites); then
+    if ! verify_prerequisites; then
         exit 1
     fi