chore(deps): bump ARO-Tools to enforce shellIdentity in pipeline schema (AROSLSRE-1380)#5917
Conversation
There was a problem hiding this comment.
Pull request overview
This PR bumps the workspace’s github.com/Azure/ARO-Tools/* module dependencies from 2277df76598b (2026-06-17) to 4612291d5420 (2026-07-03) so ARO-HCP’s pipeline validation picks up the updated pipeline schema (notably making shellIdentity required on Shell steps), closing a validation gap that previously only surfaced during downstream EV2RA manifest generation.
Changes:
- Bump ARO-Tools pseudo-versions across all affected workspace modules and refresh
go.sumaccordingly. - Pick up related transitive dependency updates (notably
armresourcegraphmoving tov0.10.0in several modules). - Keep module graphs in sync across tooling and test modules.
Reviewed changes
Copilot reviewed 10 out of 20 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tooling/yamlwrap/go.mod | Bump ARO-Tools/tools/yamlwrap and indirect testutil to the new ARO-Tools pseudo-version. |
| tooling/yamlwrap/go.sum | Refresh sums for updated ARO-Tools dependencies. |
| tooling/templatize/go.mod | Bump ARO-Tools deps (config, pipelines, multiple tools/*) to the new pseudo-version; refresh indirects. |
| tooling/templatize/go.sum | Refresh sums for updated ARO-Tools deps and related transitive updates (incl. armresourcegraph v0.10.0). |
| tooling/secret-sync/go.mod | Bump ARO-Tools/tools/secret-sync and related indirect ARO-Tools modules to the new pseudo-version. |
| tooling/secret-sync/go.sum | Refresh sums for updated ARO-Tools deps. |
| tooling/pipeline-documentation/go.mod | Bump ARO-Tools/pipelines to the new pseudo-version. |
| tooling/pipeline-documentation/go.sum | Refresh sums for updated ARO-Tools/pipelines. |
| tooling/helmtest/go.mod | Bump ARO-Tools config, pipelines, testutil, and indirect tooling modules to the new pseudo-version. |
| tooling/helmtest/go.sum | Refresh sums for updated ARO-Tools deps. |
| tooling/hcpctl/go.mod | Bump ARO-Tools/tools/cmdutils and update armresourcegraph to v0.10.0. |
| tooling/hcpctl/go.sum | Refresh sums for updated deps (but currently missing the armresourcegraph v0.10.0/go.mod checksum line). |
| tooling/grafanactl/go.mod | Bump ARO-Tools/tools/grafanactl and indirect cmdutils; add armresourcegraph v0.10.0 indirect. |
| tooling/grafanactl/go.sum | Refresh sums for updated deps (includes armresourcegraph v0.10.0 + /go.mod checksum). |
| tooling/aro-hcp-exporter/go.mod | Update armresourcegraph to v0.10.0. |
| tooling/aro-hcp-exporter/go.sum | Refresh sums for updated deps (but currently missing the armresourcegraph v0.10.0/go.mod checksum line). |
| test/go.mod | Bump ARO-Tools/config and ARO-Tools/tools/prow-job-executor plus indirect ARO-Tools modules to the new pseudo-version. |
| test/go.sum | Refresh sums for updated ARO-Tools deps and transitive updates (incl. armresourcegraph v0.10.0 + /go.mod). |
| mgmt-agent/go.mod | Bump ARO-Tools/testutil to the new pseudo-version. |
| mgmt-agent/go.sum | Refresh sums for updated ARO-Tools/testutil. |
|
/lgtm |
…SLSRE-1380) Bumps the github.com/Azure/ARO-Tools modules from 2277df76598b (2026-06-17) to 4612291d5420 (2026-07-03), which makes shellIdentity a required field on shellStepBase in the pipeline schema (Azure/ARO-Tools#262). This lands the enforcement so that a Shell step missing shellIdentity now fails ARO-HCP 'make validate-config-pipelines' at PR time, instead of only breaking the sdp-pipelines EV2 bump after merge (the regression that hit ARO-28045 / Azure#5834). All in-repo pipelines validate cleanly against the stricter schema; the known offenders were already fixed in Azure#5889 and Azure#5890.
c3665e6 to
c380ad1
Compare
|
@copilot Thanks for the review. Good catch — the two Fixed in c380ad1 by running No further action or commit needed from you — this is resolved. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mmazur, raelga, roivaz The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/test e2e-parallel |
Refs: https://issues.redhat.com/browse/AROSLSRE-1380
What
Bumps the
github.com/Azure/ARO-Tools/*modules across the workspace from2277df76598b(2026-06-17) to4612291d5420(2026-07-03).The notable change in that range is Azure/ARO-Tools#262, which makes
shellIdentitya required field onshellStepBasein the pipeline schema.Why
shellIdentityis effectively mandatory: sdp-pipelines EV2RA manifest generation validates it unconditionally and aborts if it is unset. But ARO-HCP CI only validates pipelines against the schema (never runs EV2RA generation), so until now aShellstep missingshellIdentitypassed every ARO-HCP check and only exploded at bump time in sdp-pipelines.That is exactly the regression that hit ARO-28045 / #5834 (reverted in #5888, relanded in #5889). Landing this bump makes
make validate-config-pipelinesfail fast at PR time for any Shell step missing an identity, closing the detection gap tracked in AROSLSRE-1380.Testing
make bump-aro-tools(bumps all modules to@main+go mod tidy+go work sync).make validate-config-pipelinespasses against the stricter schema — all in-repo pipelines already declareshellIdentity(known offenders fixed in fix(swift-vnet): reland #5834 with shellIdentity on mgmt Shell steps (ARO-28045) #5889 and fix(pipelines): declare shellIdentity on dev-ci ci-bot-secret Shell steps (AROSLSRE-1380) #5890).go build ./...clean across all changed modules (templatize, pipeline-documentation, secret-sync, hcpctl, grafanactl, helmtest, yamlwrap, mgmt-agent, test).Special notes for your reviewer
Pure dependency bump — only
go.mod/go.sumchange (20 files). No source changes. This is the follow-up that makes the ARO-Tools#262 schema enforcement live in ARO-HCP.