USHIFT-6074: Add support on releases scenarios to use artifacts from konflux#5596
USHIFT-6074: Add support on releases scenarios to use artifacts from konflux#5596agullon wants to merge 10 commits intoopenshift:mainfrom
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@agullon: This pull request references USHIFT-6074 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: agullon The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
/retest |
@ggiguash Very small difference. The only difference is the MicroShift version under test. In this PR, the bootc image is fetched from In periodics scenarios the version under test is fetched from final repositories, meaning it's already GA published. There is an exception to the previous statement: if no z-stream exist yet (for example in |
@ggiguash The goal of this PR is to test, during the Release Testing process, the MicroShfit bootc images produced by konflux before they are GA. We need to validate the artifacts before they are GA. For this reason, in the code added for this PR there's no a fallback mechanism into the GA'ed images. Instead, the bootc images under test are always fecthed from |
|
/retest |
openshift-ci-robot
added
the
verified
|
@agullon: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@agullon: The DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/verified remove |
openshift-ci-robot
removed
the
verified
|
@agullon: The DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
test/bin/common_versions.sh
Outdated
| if [[ "${LATEST_RELEASE_TYPE}" == "ec" ]]; then | ||
| KONFLUX_LREL_RELEASE_IMAGE_URL="https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/microshift/ocp-dev-preview/${LATEST_RELEASE_VERSION}/el9/bootc-pullspec.txt" | ||
| else | ||
| KONFLUX_LREL_RELEASE_IMAGE_URL="https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/microshift/ocp/${LATEST_RELEASE_VERSION}/el9/bootc-pullspec.txt" | ||
| fi |
There was a problem hiding this comment.
We need to discuss this. Currently, pre-release bootc image references are published at openshift mirror, but this is not how we agreed with the ART team originally.
/hold
|
/hold until we agree with ART team a common place to share the MicroShift bootc images |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
/test e2e-aws-tests-bootc-release e2e-aws-tests-bootc-release-arm |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
/retest |
5 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest |
|
/retest |
This change adds support for testing the latest released bootc image from Konflux by introducing new LREL (Latest RELease) test scenarios: - Add el96-lrel@published-images-standard1 scenario - Add el96-lrel@published-images-standard2 scenario - Refactor get_lrel_release_image_url() for better maintainability - Rename variables to follow LREL naming convention - Update common_versions.sh template with new release variables
… is only available behind the VPN for stage
pre-commit.check-secrets: ENABLED
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds shell helpers to resolve the latest Red Hat/MicroShift boot image URL and export LATEST_RELEASE_IMAGE_URL plus additional minor-version exports; updates a containerfile template to optionally FROM that URL; removes two crel published-image scenario scripts and adds two lrel published-image scenario scripts enabling image signature verification. Changes
Sequence DiagramsequenceDiagram
participant Script as Version Script
participant Func as get_lrel_release_image_url()
participant Bootc as get_redhat_bootc_image_url()
participant Mirror as OpenShift Mirror
participant Registry as Red Hat Registry
participant Containerfile as Containerfile Template
Script->>Func: call with BREW_LREL_RELEASE_VERSION
alt ec or rc release
Func->>Mirror: fetch bootc-pullspec.txt
Mirror-->>Func: return pullspec
else standard release
Func->>Bootc: request image URL for registry.redhat.io
Bootc->>Registry: skopeo inspect + jq for digest
Registry-->>Bootc: return digest/pullspec
Bootc-->>Func: return image URL
alt no result
Func->>Bootc: try registry.stage.redhat.io
Bootc->>Registry: inspect image
Registry-->>Bootc: return digest/pullspec
Bootc-->>Func: return image URL
end
end
Func-->>Script: return LATEST_RELEASE_IMAGE_URL
Script->>Containerfile: export LATEST_RELEASE_IMAGE_URL
Containerfile->>Containerfile: conditional FROM uses URL
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Comment |
pre-commit.check-secrets: ENABLED
pre-commit.check-secrets: ENABLED
|
@agullon: This pull request references USHIFT-6074 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@test/bin/common_versions.sh`:
- Around line 71-88: The skopeo/jq pipeline in get_redhat_bootc_image_url can
fail under set -e and abort the script; change how sha_id is captured so
failures produce an empty sha_id instead of exiting: replace the current
assignment with a safe command substitution that swallows errors (e.g.,
sha_id=$((skopeo inspect --raw
"docker://${registry}/openshift4/microshift-bootc-rhel9:v${release_version}" |
jq -r ".manifests[] | select(.platform.architecture==\"${arch}\") | .digest")
2>/dev/null || true) or wrap the pipeline in { ...; } || true) so skopeo/jq
errors return an empty sha_id, preserve the existing digest validation (the
sha_id regex check) and ensure image_url remains empty on failure; update the
template and regenerate the file.
In `@test/scenarios-bootc/releases/el96-lrel`@published-images-standard1.sh:
- Around line 12-16: scenario_create_vms calls prepare_kickstart with
LATEST_RELEASE_IMAGE_URL but doesn’t guard against it being empty; add an
explicit check immediately before prepare_kickstart in scenario_create_vms to
detect an empty or invalid LATEST_RELEASE_IMAGE_URL and call a clear
failure/skip (e.g., echo/log a descriptive message and exit/skip the test) so
prepare_kickstart is never invoked with an empty pullspec; refer to the
scenario_create_vms function, the prepare_kickstart invocation, and the
LATEST_RELEASE_IMAGE_URL variable when making the change.
---
Duplicate comments:
In `@test/assets/common_versions.sh.template`:
- Around line 71-88: The template currently contains doubled braces that will
produce an invalid shell script (e.g. get_redhat_bootc_image_url() {{, "{ARCH}",
and the regex [0-9a-f]{{64}}), so update the template to emit valid bash: change
the function start/end to a single brace (get_redhat_bootc_image_url() { ... }),
use proper shell variable expansions like "${ARCH}" instead of "{ARCH}", and
emit the regex quantifier as {64} (i.e. ^sha256:[0-9a-f]{64}$); keep references
to the same symbols (get_redhat_bootc_image_url, arch, sha_id, registry,
release_version) so the generated script runs without the pipeline failure.
In `@test/scenarios-bootc/releases/el96-lrel`@published-images-standard2.sh:
- Around line 12-16: The scenario_create_vms function uses
LATEST_RELEASE_IMAGE_URL without a guard; add the same presence check used in
the standard1 script so the code verifies LATEST_RELEASE_IMAGE_URL before
calling prepare_kickstart/launch_vm. Specifically, in scenario_create_vms (and
before prepare_kickstart/launch_vm) call the existing guard helper (e.g.,
exit_if_image_not_found or the equivalent validation used for standard1) to
ensure LATEST_RELEASE_IMAGE_URL is set and exit with an error if not, so the
script does not proceed with an unset release image URL.
pre-commit.check-secrets: ENABLED
|
@agullon: This pull request references USHIFT-6074 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@test/assets/common_versions.sh.template`:
- Around line 95-112: The curl calls in get_lrel_release_image_url can cause
script exits or return HTML on 404; update the curl invocations to use robust
flags (e.g., --fail --silent --show-error and -L) and check the command exit
status before assigning image_url so failures leave image_url empty;
additionally validate the returned content (in get_lrel_release_image_url and
get_redhat_bootc_image_url) against a simple pullspec pattern (e.g., contains a
registry/namespace/image form or does not contain HTML tags like <!DOCTYPE or
<html>) and if validation fails set image_url to empty so callers can skip
gracefully. Ensure the loop over registries breaks only when a non-empty,
validated image_url is returned.
---
Duplicate comments:
In `@test/bin/common_versions.sh`:
- Around line 95-112: The get_lrel_release_image_url function currently assigns
curl output directly to image_url, risking silent failures; change the two curl
calls to run curl with --fail and a timeout (e.g., -m) and capture both output
and exit status, only assign image_url when curl succeeds (non-zero/empty =>
treat as failure), log or echo the error/context and let the code fall back to
the registry loop (using get_redhat_bootc_image_url) if curl fails; also apply
the same robust curl handling to the similar template usage so failures are not
silently ignored.
In `@test/scenarios-bootc/releases/el96-lrel`@published-images-standard1.sh:
- Around line 10-22: The scenario can silently fall back if
LATEST_RELEASE_IMAGE_URL is empty; add an explicit guard at the start of
scenario_create_vms to check LATEST_RELEASE_IMAGE_URL (or the resolved
start_image) and fail or skip early before prepare_kickstart is called; use the
existing exit_if_image_not_found/launch_vm flow as a template but make the
intent explicit by checking for an empty/undefined LATEST_RELEASE_IMAGE_URL (or
empty start_image) and calling a clear error/skip (instead of continuing to
prepare_kickstart) so test won’t unknowingly validate against a GA fallback
image.
|
/retest |
|
@agullon: This pull request references USHIFT-6074 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@agullon: This pull request references USHIFT-6074 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@test/bin/common_versions.sh`:
- Around line 101-109: The mirror URLs are using the literal "{ARCH}"
placeholder so curl returns 404 and image_url is empty; update the URL
construction where release_version is checked (the curl invocations that set
image_url in the EC and RC branches) to use the resolved architecture variable
(e.g., ${UNAME_M} or the script's computed arch variable) instead of "{ARCH}",
and also update any template/generator that emits these URLs to substitute the
same arch variable so the bootc-pullspec.txt requests succeed.
|
@agullon: This pull request references USHIFT-6074 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
test/bin/common_versions.sh (1)
78-83: Architecture mapping only covers x86/aarch64.If
UNAME_Miss390xorppc64le,archremains empty and the jq select won't match any manifest. The function fails gracefully (returns empty), but if these architectures should be supported, add mappings.if [[ "${UNAME_M}" =~ x86 ]]; then arch="amd64" elif [[ "${UNAME_M}" =~ aarch ]]; then arch="arm64" + elif [[ "${UNAME_M}" == "s390x" ]]; then + arch="s390x" + elif [[ "${UNAME_M}" == "ppc64le" ]]; then + arch="ppc64le" fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/bin/common_versions.sh` around lines 78 - 83, The arch mapping block in common_versions.sh leaves arch empty for s390x and ppc64le, causing jq selects to fail; update the conditional that sets local arch (checking UNAME_M) to handle those architectures by adding branches that set arch="s390x" for matches like s390x and arch="ppc64le" for matches like ppc64le (or fall back to using UNAME_M as the arch value), ensuring UNAME_M and arch are used consistently where the jq select runs.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@test/bin/common_versions.sh`:
- Around line 78-83: The arch mapping block in common_versions.sh leaves arch
empty for s390x and ppc64le, causing jq selects to fail; update the conditional
that sets local arch (checking UNAME_M) to handle those architectures by adding
branches that set arch="s390x" for matches like s390x and arch="ppc64le" for
matches like ppc64le (or fall back to using UNAME_M as the arch value), ensuring
UNAME_M and arch are used consistently where the jq select runs.
pre-commit.check-secrets: ENABLED
|
/retest |
|
@agullon: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
6 participants
Add 2 new scenarios to test latest released microshift-bootc image created from konflux. This image can be fetched from different places:
registry.redhat.ioregistry.stage.redhat.iohttps://mirror.openshift.com/pub/openshift-v4/${UNAME_M}/microshift/ocp-dev-preview/https://mirror.openshift.com/pub/openshift-v4/${UNAME_M}/microshift/ocp/Summary by CodeRabbit
New Features
Tests
Other