Skip to content

OCPCLOUD-3513: feat: add gh-summary target to download manifests from GitHub#617

Open
hongkailiu wants to merge 1 commit into
openshift:mainfrom
hongkailiu:gh-summary
Open

OCPCLOUD-3513: feat: add gh-summary target to download manifests from GitHub#617
hongkailiu wants to merge 1 commit into
openshift:mainfrom
hongkailiu:gh-summary

Conversation

@hongkailiu

@hongkailiu hongkailiu commented Jun 18, 2026

Copy link
Copy Markdown
Member

Add a new Makefile target that downloads the manifests-summary.yaml file from a specific commit in the GitHub repository using REPO_OWNER, REPO_NAME, and PULL_BASE_SHA environment variables.

Those environment variables will be expose by Prow.

/hold

Require #616 to go first.

Summary by CodeRabbit

  • Chores
    • Enhanced the build verification workflow to automatically retrieve the latest manifests summary from GitHub during verification.
    • Added configurable defaults for the repository owner, repository name, and base SHA used to locate the downloaded summary.
    • Ensured the summary is saved to a stable local path before verification continues.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 18, 2026
@openshift-ci-robot

openshift-ci-robot commented Jun 18, 2026

Copy link
Copy Markdown

@hongkailiu: This pull request references OCPCLOUD-3513 which is a valid jira issue.

Details

In response to this:

Add a new Makefile target that downloads the manifests-summary.yaml file from a specific commit in the GitHub repository using REPO_OWNER, REPO_NAME, and PULL_BASE_SHA environment variables.

Those environment variables will be expose by Prow.

/hold

Require #616 to go first.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 18, 2026
@coderabbitai

coderabbitai Bot commented Jun 18, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9915a393-f72f-406c-b847-8ba359a09a25

📥 Commits

Reviewing files that changed from the base of the PR and between 6c2fd3d and f2c69ce.

📒 Files selected for processing (1)
  • openshift/Makefile
🚧 Files skipped from review as they are similar to previous changes (1)
  • openshift/Makefile

Walkthrough

The openshift/Makefile gains a MAKEFILE_DIR variable computed from the current Makefile path. A new gh-summary phony target uses curl -fsSL to download manifests-summary.yaml from GitHub, constructing the URL from REPO_OWNER, REPO_NAME, and PULL_BASE_SHA, writing the result to $(MAKEFILE_DIR)/manifests-summary.yaml. The verify target is updated to depend on verify-gh-summary.

Changes

GitHub manifest download in verify

Layer / File(s) Summary
Manifest summary download and integration
openshift/Makefile
MAKEFILE_DIR is computed from the current Makefile path to provide the download destination; default variables REPO_OWNER, REPO_NAME, and PULL_BASE_SHA are added to configure GitHub repository reference; a new gh-summary phony target downloads manifests-summary.yaml from GitHub using curl -fsSL and writes it to $(MAKEFILE_DIR)/manifests-summary.yaml; the verify target is updated to depend on verify-gh-summary.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and specifically describes the main change: adding a new gh-summary target to download manifests from GitHub, which directly aligns with the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed This PR modifies only openshift/Makefile to add a build target; it contains no Ginkgo tests or test code, making the check not applicable.
Test Structure And Quality ✅ Passed The custom check requires reviewing Ginkgo test code quality, but this PR only modifies openshift/Makefile (adding gh-summary target for downloading files). No Ginkgo tests were added or modified.
Microshift Test Compatibility ✅ Passed No new Ginkgo e2e tests are added in this PR. The PR only modifies openshift/Makefile to add a gh-summary target. The MicroShift test compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No Ginkgo e2e tests are added in this PR. Changes are only to openshift/Makefile for downloading manifests-summary.yaml. The SNO compatibility check only applies when new tests are added.
Topology-Aware Scheduling Compatibility ✅ Passed This PR only modifies openshift/Makefile to add a build automation target that downloads a file from GitHub. No deployment manifests, operator code, or controllers are added or modified, so the top...
Ote Binary Stdout Contract ✅ Passed PR only modifies openshift/Makefile with build targets; contains no binary/executable code changes. OTE Binary Stdout Contract check applies to Go binary source code (main(), init(), etc.), not Mak...
Ipv6 And Disconnected Network Test Compatibility ✅ Passed PR modifies openshift/Makefile only—no Ginkgo e2e tests are added, so IPv6/disconnected network test check is not applicable.
No-Weak-Crypto ✅ Passed The PR adds a Makefile target for downloading a file from GitHub using curl. No weak cryptographic algorithms, custom crypto implementations, or insecure comparison operations are present.
Container-Privileges ✅ Passed PR only modifies openshift/Makefile to add a download target; no container/K8s manifests with privilege settings are added or modified.
No-Sensitive-Data-In-Logs ✅ Passed No logging statements in the changes; curl uses silent mode (-fsSL), and variables contain only public repository metadata, not sensitive data.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from RadekManak and racheljpg June 18, 2026 02:08
@openshift-ci

openshift-ci Bot commented Jun 18, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign racheljpg for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@openshift/Makefile`:
- Around line 9-20: The gh-summary target uses REPO_OWNER, REPO_NAME, and
PULL_BASE_SHA environment variables in the curl command without validating they
are set first, causing unclear error messages when running locally where these
variables are empty. Add conditional checks at the beginning of the gh-summary
target to verify that all three variables (REPO_OWNER, REPO_NAME, and
PULL_BASE_SHA) are defined and non-empty before executing the curl command, and
print a clear error message indicating which variable is missing if the check
fails.
- Line 16: The MAKEFILE_DIR assignment that uses $(dir $(abspath $(lastword
$(MAKEFILE_LIST)))) is currently positioned after the include
provider-version.mk statement at line 4. This causes the assignment to capture
provider-version.mk as the last file in MAKEFILE_LIST instead of
openshift/Makefile. Move the MAKEFILE_DIR assignment to occur before the include
provider-version.mk statement so that when the variable is evaluated, the
lastword in MAKEFILE_LIST will correctly reference the main Makefile rather than
the included file.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f3e01209-81d7-42e5-8f37-2dc02217d17f

📥 Commits

Reviewing files that changed from the base of the PR and between 77b3287 and 4942d19.

📒 Files selected for processing (1)
  • openshift/Makefile

Comment thread openshift/Makefile Outdated
Comment thread openshift/Makefile Outdated
Add a new Makefile target that downloads the manifests-summary.yaml
file from a specific commit in the GitHub repository using REPO_OWNER,
REPO_NAME, and PULL_BASE_SHA environment variables.

Those environment variables will be expose by [Prow](https://docs.prow.k8s.io/docs/jobs/#job-environment-variables).

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Hongkai Liu <hongkailiu@users.noreply.github.com>
@hongkailiu

Copy link
Copy Markdown
Member Author

From this job:

make[1]: Entering directory '/go/src/sigs.k8s.io/cluster-api-provider-aws/openshift'
curl -fsSL "https://raw.githubusercontent.com/openshift/cluster-api-provider-aws/77b3287fd6d469dc4fe8f57ad6db25fa30a4ad45/openshift/manifests-summary.yaml" -o "/go/src/sigs.k8s.io/cluster-api-provider-aws/openshift//manifests-summary.yaml"

The env. variables have the expected values.

@openshift-ci

openshift-ci Bot commented Jun 18, 2026

Copy link
Copy Markdown

@hongkailiu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-serial-1of2 f2c69ce link true /test e2e-aws-serial-1of2
ci/prow/verify-commits f2c69ce link false /test verify-commits
ci/prow/verify f2c69ce link true /test verify

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants