CNTRLPLANE-3619: add azure CPO overrides for 4.22.0-4.22.3#8908
CNTRLPLANE-3619: add azure CPO overrides for 4.22.0-4.22.3#8908celebdor wants to merge 4 commits into
Conversation
|
Pipeline controller notification For optional jobs, comment This repository is configured in: LGTM mode |
|
@celebdor: This pull request references CNTRLPLANE-3619 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "5.0." or "openshift-5.0.", but it targets "openshift-4.22.z" instead. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Central YAML (inherited) Review profile: CHILL Plan: Enterprise Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (5)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughThis PR adds a new Sequence Diagram(s)sequenceDiagram
participant User
participant Skill as create-cpo-override skill
participant Cincinnati
participant ProductPages as Product Pages MCP
participant VerifyScript as verify-pr-in-image.sh
participant Skopeo
User->>Skill: invoke /create-cpo-override
Skill->>Cincinnati: resolve z-stream ranges
Skill->>ProductPages: fetch cutoff dates when available
Skill->>VerifyScript: verify required PRs in image
VerifyScript->>Skopeo: inspect image with optional authfile
Skopeo-->>VerifyScript: image metadata
VerifyScript-->>Skill: verification result
Skill->>Skopeo: test image pullability
Skopeo-->>Skill: pullability result
Skill-->>User: present summary and PR text
Compact metadata
Related issues: None specified. Related PRs: None specified. Suggested labels: documentation, skills Suggested reviewers: None specified. Poem
🚥 Pre-merge checks | ✅ 11✅ Passed checks (11 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8908 +/- ##
=======================================
Coverage 43.28% 43.28%
=======================================
Files 771 771
Lines 95503 95503
=======================================
Hits 41335 41335
Misses 51284 51284
Partials 2884 2884 see 1 file with indirect coverage changes
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.claude/skills/create-cpo-override/SKILL.md:
- Around line 386-390: The PR description generation in the create-cpo-override
skill currently depends on reading the validate-pr-override-images skill, which
violates skill isolation. Update the logic around the PR description contract so
it embeds the required validation lines directly or reads them from a shared
non-skill source, and remove any reference to inspecting
`.claude/skills/validate-pr-override-images/SKILL.md` from the
create-cpo-override skill.
In @.claude/skills/validate-pr-override-images/verify-pr-in-image.sh:
- Around line 22-25: The authfile setup in verify-pr-in-image.sh only checks
AUTHFILE, so the workflow’s PULL_SECRET value is never used. Update the script’s
authfile handling (the AUTHFILE_ARGS block) to accept PULL_SECRET as well, or
normalize PULL_SECRET to AUTHFILE before this check, so the documented
pull-secret path is reachable.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 24c94d47-8240-453e-bf8c-c682c23e2f55
⛔ Files ignored due to path filters (1)
docs/content/reference/aggregated-docs.mdis excluded by!docs/content/reference/aggregated-docs.md
📒 Files selected for processing (4)
.claude/skills/create-cpo-override/SKILL.md.claude/skills/validate-pr-override-images/verify-pr-in-image.shdocs/content/contribute/cpo-overrides.mdhypershift-operator/controlplaneoperator-overrides/assets/overrides.yaml
f1ec48f to
25770e8
Compare
|
/approve |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: celebdor, csrwng The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Scheduling tests matching the |
Interactive skill that automates CPO image override creation: resolves images from stable/fast payloads or Konflux builds, verifies PRs are included, edits overrides.yaml, and prepares PR descriptions compatible with /validate-pr-override-images. Includes development cutoff verification via the Product Pages MCP server to prevent upgrade regressions when the override range ends before the next z-stream ships. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…e repos - Add AUTHFILE env var support for registries requiring authentication. - Add --no-tags to skopeo inspect to fetch the manifest directly instead of enumerating every tag. Fixes timeouts on repos like ocp-v4.0-art-dev which have hundreds of thousands of tags. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
….0-4.22.3 Add azure CPO image overrides for 4.22 to backport API-driven Azure topology and private connectivity (CNTRLPLANE-3619, PR openshift#8721) and etcd data re-encryption after encryption key rotation (CNTRLPLANE-3656, PR openshift#8790). 4.22.4 does not need an override: both PRs merged 2026-06-26, before the 4.22.4 development cutoff (2026-07-01). - 4.22.0-4.22.3: CNTRLPLANE-3619 (PR openshift#8721), CNTRLPLANE-3656 (PR openshift#8790) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
25770e8 to
7ffc7a3
Compare
|
New changes are detected. LGTM label has been removed. |
|
@celebdor: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Now I have everything I need. Let me compile the final report: Test Failure Analysis CompleteJob InformationJob 1: e2e-aks-override
Job 2: e2e-aws-override
Test Failure AnalysisErrorSummaryNeither failure is caused by the PR changes in #8908 (which adds Azure CPO overrides for 4.22.0–4.22.3 in Root CauseAKS Job — Two independent pre-existing test failures:
AWS Job — Transient ExternalDNS infrastructure failure: All 4 failing tests (TestCreateClusterCustomConfig, TestAutoscaling, TestCreateCluster, TestCreateClusterProxy) share the exact same failure pattern: the hosted cluster API endpoint DNS name (e.g., PR #8908 Change Impact: The PR adds CPO image overrides for Azure platform versions 4.22.0–4.22.3 under Recommendations
Evidence
|
|
/verified by ahitacat Deployed the new operator Created a cluster with ocp version "4.22.1" from the hosted cluster The control plane operator shows the annotations I have also tested the key rotation and worked. |
|
@ahitacat: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Summary
verify-pr-in-image.sh: addAUTHFILEsupport and--no-tagsto avoid skopeo timeouts on large repos likeocp-v4.0-art-devcreate-cpo-overrideskill with Product Pages MCP integration for development cutoff verificationbranch: 4.22 wants: #8721, #8790
4.22.4 does not need an override: both PRs merged 2026-06-26, before the 4.22.4 development cutoff (2026-07-01).
Test plan
go test ./hypershift-operator/controlplaneoperator-overrides/...passesverify-pr-in-image.shconfirms PR CNTRLPLANE-3619: backport API-driven Azure topology and private connectivity (Phase 1) #8721 and CNTRLPLANE-3661: add etcd data re-encryption after encryption key rotation (#8219) #8790 are in the override imagequay.io/redhat-user-workloads//validate-pr-override-imagespasses against this PR🤖 Generated with Claude Code
Summary by CodeRabbit