NO-ISSUE: Add 4.21 and 4.22 jobs for lvm-operator#79040
NO-ISSUE: Add 4.21 and 4.22 jobs for lvm-operator#79040pacevedom wants to merge 1 commit intoopenshift:mainfrom
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@pacevedom: This pull request explicitly references no jira issue. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository YAML (base), Central YAML (inherited) Review profile: CHILL Plan: Enterprise Run ID: ⛔ Files ignored due to path filters (6)
📒 Files selected for processing (2)
WalkthroughTwo new OpenShift LVM operator release CI configurations (versions 4.21 and 4.22) are added with complete build, test, and promotion pipelines. A separate microshift infrastructure script is updated to enforce matching Go toolchain versions during builds, with its corresponding step registry reference updated to use a specific release image. ChangesLVM Operator Release Configurations (4.21 & 4.22)
MicroShift RPM Install AWS Go Toolchain Enforcement
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes 🚥 Pre-merge checks | ✅ 12✅ Passed checks (12 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
/pj-rehearse ? |
|
@pacevedom: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
openshift-ci
Bot
added
the
approved
|
@pacevedom: job(s): ? either don't exist or were not found to be affected, and cannot be rehearsed |
|
/pj-rehearse max |
|
@pacevedom: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse max |
|
@pacevedom: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 6
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.21.yaml`:
- Around line 47-50: The Dockerfile uses a non-deterministic Snyk download (curl
.../cli/latest/snyk-linux) without integrity verification; update the RUN steps
that use SNYK_DIR to download a pinned Snyk release (use an explicit versioned
URL instead of "latest") and add a checksum verification step (e.g., download
the corresponding .sha256 or .sha256sum and verify with sha256sum -c or compare
the computed checksum) before running chmod and adding SNYK_DIR to PATH so the
build fails on checksum mismatch.
- Around line 400-428: Add a timeout: 4h0m0s to the baremetal integration test
steps that currently lack it: insert timeout: 4h0m0s under the test step that
contains the lvms-sno-integration-test (part of the
e2e-baremetalds-sno-dualstack-qe-integration-tests job) and likewise under the
test step that contains lvms-mno-integration-test (part of the
e2e-baremetalds-mno-dualstack-qe-integration-tests job) so both test blocks have
the same 4-hour cutoff as the AWS QE jobs.
In
`@ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.22.yaml`:
- Around line 47-50: The Dockerfile currently downloads the SNYK CLI from a
"latest" URL without integrity checks (the RUN curl .../snyk-linux and ENV PATH
lines referencing SNYK_DIR); change this to pin a specific Snyk release (use a
versioned URL) and add a verification step: download the corresponding checksum
(or signature) for that version, verify the binary's SHA256 (or GPG) before
chmod +x, and fail the build if verification fails; keep using ${SNYK_DIR} and
the PATH ENV but ensure the steps explicitly use curl -fSL (or similar), compare
the checksum with sha256sum, and remove the binary on mismatch so the build
cannot proceed with an unverified artifact.
- Around line 400-428: The baremetal QE integration test steps are missing a
timeout guard; add timeout: 4h0m0s to the test job definitions that run
"./integration-test run-suite..."—specifically the job blocks containing the
test entries with as: lvms-sno-integration-test and as:
lvms-mno-integration-test (the
e2e-baremetalds-sno/mno-dualstack-qe-integration-tests workflow entries) so each
of those test steps includes timeout: 4h0m0s at the same level as
cli/from/resources to prevent hung runners from consuming clusters indefinitely.
In
`@ci-operator/step-registry/openshift/microshift/infra/rpm-install-aws/openshift-microshift-infra-rpm-install-aws-commands.sh`:
- Around line 74-95: The toolchain/bootstrap block that installs Go and Python
tools is missing its REBASE_TO guard because the opening if for REBASE_TO was
commented out; restore the conditional so the commands that reference
required_go, current_go, GOROOT, and pip3 (the block around the grep for go.mod,
the go install steps, and python3 -m ensurepip / pip3 install) only run when
REBASE_TO is set. Concretely, re-enable the leading "if [ -n \"${REBASE_TO}\" ];
then" that wraps the toolchain/bootstrap steps (matching the existing closing
"if [ -n \"${REBASE_TO}\" ]; then" at the end) so non-rebase jobs skip the
Go/Python bootstrap.
- Line 84: Update the curl invocation that downloads the Go tarball (the line
containing curl -sSfL "https://go.dev/dl/go${required_go}.linux-amd64.tar.gz" -o
/tmp/go.tar.gz) to include retry and timeout controls such as --retry (e.g. 5),
--retry-delay (e.g. 5), --connect-timeout (e.g. 10) and --max-time (e.g. 300) so
transient network failures are retried and the request doesn’t hang; keep
existing flags (-sSfL) and output destination unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 7686f16e-c8e6-43fe-9da9-6bd52779fd14
⛔ Files ignored due to path filters (6)
ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-release-4.21-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-release-4.21-postsubmits.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-release-4.21-presubmits.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-release-4.22-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-release-4.22-postsubmits.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-release-4.22-presubmits.yamlis excluded by!ci-operator/jobs/**
📒 Files selected for processing (4)
ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.21.yamlci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.22.yamlci-operator/step-registry/openshift/microshift/infra/rpm-install-aws/openshift-microshift-infra-rpm-install-aws-commands.shci-operator/step-registry/openshift/microshift/infra/rpm-install-aws/openshift-microshift-infra-rpm-install-aws-ref.yaml
| RUN mkdir -p ${SNYK_DIR} | ||
| RUN curl https://static.snyk.io/cli/latest/snyk-linux -o ${SNYK_DIR}/snyk | ||
| RUN chmod +x ${SNYK_DIR}/snyk | ||
| ENV PATH=$PATH:${SNYK_DIR} |
There was a problem hiding this comment.
Same Snyk curl supply-chain concern as in the 4.22 config — pin the version and verify the checksum.
curl .../cli/latest/snyk-linux is non-deterministic and lacks an integrity check. See the parallel comment on the 4.22 file for the suggested fix pattern.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.21.yaml`
around lines 47 - 50, The Dockerfile uses a non-deterministic Snyk download
(curl .../cli/latest/snyk-linux) without integrity verification; update the RUN
steps that use SNYK_DIR to download a pinned Snyk release (use an explicit
versioned URL instead of "latest") and add a checksum verification step (e.g.,
download the corresponding .sha256 or .sha256sum and verify with sha256sum -c or
compare the computed checksum) before running chmod and adding SNYK_DIR to PATH
so the build fails on checksum mismatch.
| test: | ||
| - as: lvms-sno-integration-test | ||
| cli: latest | ||
| commands: | | ||
| ./integration-test run-suite -c 1 --junit-path ${ARTIFACT_DIR}/junit_results.xml openshift/lvm-operator/test/integration/qe_tests/sno | ||
| from: lvm-operator-integration-test | ||
| resources: | ||
| requests: | ||
| cpu: 100m | ||
| memory: 200Mi | ||
| workflow: cucushift-installer-rehearse-baremetalds-ipi-ovn-dualstack-sno-lvms | ||
| - as: e2e-baremetalds-mno-dualstack-qe-integration-tests | ||
| cron: '@weekly' | ||
| steps: | ||
| cluster_profile: equinix-ocp-metal-qe | ||
| env: | ||
| LVM_OPERATOR_SUB_INSTALL_NAMESPACE: openshift-lvm-storage | ||
| LVM_OPERATOR_SUB_SOURCE: lvm-catalogsource | ||
| test: | ||
| - as: lvms-mno-integration-test | ||
| cli: latest | ||
| commands: | | ||
| ./integration-test run-suite -c 1 --junit-path ${ARTIFACT_DIR}/junit_results.xml openshift/lvm-operator/test/integration/qe_tests/mno | ||
| from: lvm-operator-integration-test | ||
| resources: | ||
| requests: | ||
| cpu: 100m | ||
| memory: 200Mi | ||
| workflow: cucushift-installer-rehearse-baremetalds-ipi-ovn-dualstack-mno-lvms |
There was a problem hiding this comment.
Both baremetal QE integration test steps are missing timeout: 4h0m0s.
e2e-baremetalds-sno-dualstack-qe-integration-tests and e2e-baremetalds-mno-dualstack-qe-integration-tests run the same -c 1 --junit-path integration suite as the AWS QE jobs (all of which carry an explicit 4-hour timeout), but the baremetal steps omit it. On expensive bare-metal hardware a hung test step would block the cluster with no automatic cutoff.
Apply the same timeout: 4h0m0s fix shown in the 4.22 comment to both baremetal test steps here.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.21.yaml`
around lines 400 - 428, Add a timeout: 4h0m0s to the baremetal integration test
steps that currently lack it: insert timeout: 4h0m0s under the test step that
contains the lvms-sno-integration-test (part of the
e2e-baremetalds-sno-dualstack-qe-integration-tests job) and likewise under the
test step that contains lvms-mno-integration-test (part of the
e2e-baremetalds-mno-dualstack-qe-integration-tests job) so both test blocks have
the same 4-hour cutoff as the AWS QE jobs.
| RUN mkdir -p ${SNYK_DIR} | ||
| RUN curl https://static.snyk.io/cli/latest/snyk-linux -o ${SNYK_DIR}/snyk | ||
| RUN chmod +x ${SNYK_DIR}/snyk | ||
| ENV PATH=$PATH:${SNYK_DIR} |
There was a problem hiding this comment.
Pin the Snyk CLI to a specific version and verify its integrity.
curl .../snyk-linux pins to latest at image-build time, making the image non-deterministic across rebuilds. More importantly, the downloaded binary is not integrity-verified, which is a supply-chain risk — a compromised or tampered binary would silently execute inside CI.
🛡️ Suggested hardening
- RUN curl https://static.snyk.io/cli/latest/snyk-linux -o ${SNYK_DIR}/snyk
- RUN chmod +x ${SNYK_DIR}/snyk
+ # Pin to a known release; update SNYK_VERSION + SNYK_SHA256 when upgrading.
+ ENV SNYK_VERSION=v1.1292.1
+ RUN curl -fsSL https://static.snyk.io/cli/${SNYK_VERSION}/snyk-linux -o ${SNYK_DIR}/snyk \
+ && echo "<expected-sha256> ${SNYK_DIR}/snyk" | sha256sum -c - \
+ && chmod +x ${SNYK_DIR}/snyk🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.22.yaml`
around lines 47 - 50, The Dockerfile currently downloads the SNYK CLI from a
"latest" URL without integrity checks (the RUN curl .../snyk-linux and ENV PATH
lines referencing SNYK_DIR); change this to pin a specific Snyk release (use a
versioned URL) and add a verification step: download the corresponding checksum
(or signature) for that version, verify the binary's SHA256 (or GPG) before
chmod +x, and fail the build if verification fails; keep using ${SNYK_DIR} and
the PATH ENV but ensure the steps explicitly use curl -fSL (or similar), compare
the checksum with sha256sum, and remove the binary on mismatch so the build
cannot proceed with an unverified artifact.
| test: | ||
| - as: lvms-sno-integration-test | ||
| cli: latest | ||
| commands: | | ||
| ./integration-test run-suite -c 1 --junit-path ${ARTIFACT_DIR}/junit_results.xml openshift/lvm-operator/test/integration/qe_tests/sno | ||
| from: lvm-operator-integration-test | ||
| resources: | ||
| requests: | ||
| cpu: 100m | ||
| memory: 200Mi | ||
| workflow: cucushift-installer-rehearse-baremetalds-ipi-ovn-dualstack-sno-lvms | ||
| - as: e2e-baremetalds-mno-dualstack-qe-integration-tests | ||
| cron: '@weekly' | ||
| steps: | ||
| cluster_profile: equinix-ocp-metal-qe | ||
| env: | ||
| LVM_OPERATOR_SUB_INSTALL_NAMESPACE: openshift-lvm-storage | ||
| LVM_OPERATOR_SUB_SOURCE: lvm-catalogsource | ||
| test: | ||
| - as: lvms-mno-integration-test | ||
| cli: latest | ||
| commands: | | ||
| ./integration-test run-suite -c 1 --junit-path ${ARTIFACT_DIR}/junit_results.xml openshift/lvm-operator/test/integration/qe_tests/mno | ||
| from: lvm-operator-integration-test | ||
| resources: | ||
| requests: | ||
| cpu: 100m | ||
| memory: 200Mi | ||
| workflow: cucushift-installer-rehearse-baremetalds-ipi-ovn-dualstack-mno-lvms |
There was a problem hiding this comment.
Add timeout to the baremetal QE integration test steps.
Both e2e-baremetalds-sno-dualstack-qe-integration-tests and e2e-baremetalds-mno-dualstack-qe-integration-tests run the same ./integration-test run-suite -c 1 --junit-path ... command used by the AWS QE variants, all of which explicitly carry timeout: 4h0m0s. The baremetal tests omit that guard, so a hung runner would consume the cluster indefinitely.
⏱️ Proposed fix
- as: e2e-baremetalds-sno-dualstack-qe-integration-tests
...
- as: lvms-sno-integration-test
...
resources:
requests:
cpu: 100m
memory: 200Mi
+ timeout: 4h0m0s
workflow: cucushift-installer-rehearse-baremetalds-ipi-ovn-dualstack-sno-lvms
- as: e2e-baremetalds-mno-dualstack-qe-integration-tests
...
- as: lvms-mno-integration-test
...
resources:
requests:
cpu: 100m
memory: 200Mi
+ timeout: 4h0m0s
workflow: cucushift-installer-rehearse-baremetalds-ipi-ovn-dualstack-mno-lvms🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.22.yaml`
around lines 400 - 428, The baremetal QE integration test steps are missing a
timeout guard; add timeout: 4h0m0s to the test job definitions that run
"./integration-test run-suite..."—specifically the job blocks containing the
test entries with as: lvms-sno-integration-test and as:
lvms-mno-integration-test (the
e2e-baremetalds-sno/mno-dualstack-qe-integration-tests workflow entries) so each
of those test steps includes timeout: 4h0m0s at the same level as
cli/from/resources to prevent hung runners from consuming clusters indefinitely.
| #if [ -n "${REBASE_TO}" ]; then | ||
| # Under this condition we need to force traps at the last moment to not override the one above. | ||
| echo "REBASE_TO is set to ${REBASE_TO}" | ||
| export PATH="${HOME}/.local/bin:${PATH}" | ||
|
|
||
| # Install the exact Go version required by microshift's go.mod | ||
| required_go=$(grep '^go ' /go/src/github.com/openshift/microshift/go.mod | awk '{print $2}') | ||
| current_go=$(go version 2>/dev/null | awk '{print $3}' | sed 's/^go//') | ||
| if [[ "${current_go}" != "${required_go}" ]]; then | ||
| echo "Go version mismatch: have ${current_go:-none}, need ${required_go}. Installing..." | ||
| curl -sSfL "https://go.dev/dl/go${required_go}.linux-amd64.tar.gz" -o /tmp/go.tar.gz | ||
| mkdir -p /tmp/goroot | ||
| tar -C /tmp/goroot -xzf /tmp/go.tar.gz | ||
| rm /tmp/go.tar.gz | ||
| export GOROOT=/tmp/goroot/go | ||
| export PATH="${GOROOT}/bin:${PATH}" | ||
| echo "Installed Go $(go version)" | ||
| fi | ||
|
|
||
| python3 -m ensurepip --upgrade | ||
| pip3 install setuptools-rust cryptography pyyaml pygithub gitpython | ||
|
|
||
| if [ -n "${REBASE_TO}" ]; then |
There was a problem hiding this comment.
Restore the REBASE_TO guard for the toolchain/bootstrap block.
Line 74 is commented out, so Lines 75-94 run even when REBASE_TO is empty. That makes non-rebase jobs perform Go/Python bootstrap unnecessarily and increases failure surface.
💡 Proposed fix
-#if [ -n "${REBASE_TO}" ]; then
+if [ -n "${REBASE_TO}" ]; then
# Under this condition we need to force traps at the last moment to not override the one above.
echo "REBASE_TO is set to ${REBASE_TO}"
export PATH="${HOME}/.local/bin:${PATH}"
# Install the exact Go version required by microshift's go.mod
required_go=$(grep '^go ' /go/src/github.com/openshift/microshift/go.mod | awk '{print $2}')
current_go=$(go version 2>/dev/null | awk '{print $3}' | sed 's/^go//')
if [[ "${current_go}" != "${required_go}" ]]; then
echo "Go version mismatch: have ${current_go:-none}, need ${required_go}. Installing..."
curl -sSfL "https://go.dev/dl/go${required_go}.linux-amd64.tar.gz" -o /tmp/go.tar.gz
mkdir -p /tmp/goroot
tar -C /tmp/goroot -xzf /tmp/go.tar.gz
rm /tmp/go.tar.gz
export GOROOT=/tmp/goroot/go
export PATH="${GOROOT}/bin:${PATH}"
echo "Installed Go $(go version)"
fi
python3 -m ensurepip --upgrade
pip3 install setuptools-rust cryptography pyyaml pygithub gitpython
-if [ -n "${REBASE_TO}" ]; then
cp "${CLUSTER_PROFILE_DIR}"/pull-secret "${HOME}"/.pull-secret.json🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/step-registry/openshift/microshift/infra/rpm-install-aws/openshift-microshift-infra-rpm-install-aws-commands.sh`
around lines 74 - 95, The toolchain/bootstrap block that installs Go and Python
tools is missing its REBASE_TO guard because the opening if for REBASE_TO was
commented out; restore the conditional so the commands that reference
required_go, current_go, GOROOT, and pip3 (the block around the grep for go.mod,
the go install steps, and python3 -m ensurepip / pip3 install) only run when
REBASE_TO is set. Concretely, re-enable the leading "if [ -n \"${REBASE_TO}\" ];
then" that wraps the toolchain/bootstrap steps (matching the existing closing
"if [ -n \"${REBASE_TO}\" ]; then" at the end) so non-rebase jobs skip the
Go/Python bootstrap.
| current_go=$(go version 2>/dev/null | awk '{print $3}' | sed 's/^go//') | ||
| if [[ "${current_go}" != "${required_go}" ]]; then | ||
| echo "Go version mismatch: have ${current_go:-none}, need ${required_go}. Installing..." | ||
| curl -sSfL "https://go.dev/dl/go${required_go}.linux-amd64.tar.gz" -o /tmp/go.tar.gz |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify the current download path and whether timeout/retry flags are missing.
rg -n -C2 'go\.dev/dl/go\$\{required_go\}\.linux-amd64\.tar\.gz|curl -sSfL' \
ci-operator/step-registry/openshift/microshift/infra/rpm-install-aws/openshift-microshift-infra-rpm-install-aws-commands.shRepository: openshift/release
Length of output: 379
🏁 Script executed:
#!/bin/bash
# Check for other curl commands in this script to see if they use retry/timeout
rg -n 'curl' ci-operator/step-registry/openshift/microshift/infra/rpm-install-aws/openshift-microshift-infra-rpm-install-aws-commands.shRepository: openshift/release
Length of output: 153
🏁 Script executed:
#!/bin/bash
# Search for other Go tarball downloads in the codebase to see common patterns
rg -n 'go\.dev/dl/go.*\.tar\.gz|curl.*--retry' --type sh -A2 -B2 | head -100Repository: openshift/release
Length of output: 13248
Add retry/timeout controls to the Go tarball download to prevent transient network failures.
The download at line 84 uses only -sSfL flags without retry or timeout controls, making it susceptible to transient network issues that cause avoidable CI flakes. This pattern is inconsistent with other external downloads in the codebase, which commonly include --retry, --retry-delay, --connect-timeout, and --max-time flags.
💡 Proposed fix
- curl -sSfL "https://go.dev/dl/go${required_go}.linux-amd64.tar.gz" -o /tmp/go.tar.gz
+ curl -sSfL \
+ --retry 5 \
+ --retry-all-errors \
+ --connect-timeout 10 \
+ --max-time 300 \
+ "https://go.dev/dl/go${required_go}.linux-amd64.tar.gz" \
+ -o /tmp/go.tar.gz📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| curl -sSfL "https://go.dev/dl/go${required_go}.linux-amd64.tar.gz" -o /tmp/go.tar.gz | |
| curl -sSfL \ | |
| --retry 5 \ | |
| --retry-all-errors \ | |
| --connect-timeout 10 \ | |
| --max-time 300 \ | |
| "https://go.dev/dl/go${required_go}.linux-amd64.tar.gz" \ | |
| -o /tmp/go.tar.gz |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/step-registry/openshift/microshift/infra/rpm-install-aws/openshift-microshift-infra-rpm-install-aws-commands.sh`
at line 84, Update the curl invocation that downloads the Go tarball (the line
containing curl -sSfL "https://go.dev/dl/go${required_go}.linux-amd64.tar.gz" -o
/tmp/go.tar.gz) to include retry and timeout controls such as --retry (e.g. 5),
--retry-delay (e.g. 5), --connect-timeout (e.g. 10) and --max-time (e.g. 300) so
transient network failures are retried and the request doesn’t hang; keep
existing flags (-sSfL) and output destination unchanged.
|
[REHEARSALNOTIFIER]
A total of 38 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs. A full list of affected jobs can be found here Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
|
/pj-rehearse max |
|
@pacevedom: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pacevedom, suleymanakbas91 The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@pacevedom: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
3 participants
Summary
This pull request adds OpenShift CI infrastructure support for LVM Operator releases targeting OpenShift 4.21 and 4.22.
LVM Operator CI Configuration
Two new CI operator configuration files are introduced for the LVM Operator:
openshift-lvm-operator-release-4.21.yaml— Defines the complete CI/CD pipeline for the 4.21 release branch, including:lvmsnamespaceopenshift-lvm-operator-release-4.22.yaml— Mirrors the 4.21 configuration structure for the 4.22 release branch with equivalent build artifacts, test pipelines, and deployment targetsGenerated Prow job definitions are created for both versions, covering presubmit validation, postsubmit testing, and periodic scheduled runs.
MicroShift Infrastructure Enhancement
The MicroShift AWS RPM installation step was updated to enforce the exact Go toolchain version specified in the project's
go.modwhenREBASE_TOis set. The step now:The corresponding step reference was updated to source from a specific base image (
rhel-9-release-golang-1.25-openshift-4.23) instead of a generic root image.