Skip to content

ROX-27488: Inject BUILD_TAG directly and rid of dirty check#13940

Merged
msugakov merged 5 commits intomasterfrom
misha/ROX-27488-rid-of-dirty-check
Jan 27, 2025
Merged

ROX-27488: Inject BUILD_TAG directly and rid of dirty check#13940
msugakov merged 5 commits intomasterfrom
misha/ROX-27488-rid-of-dirty-check

Conversation

@msugakov
Copy link
Copy Markdown
Contributor

@msugakov msugakov commented Jan 23, 2025
edited
Loading

Description

There's a dirty check in the task which determines image tags. Introduced in https://github.com/stackrox/konflux-tasks/pull/16/files#diff-dae71ea775e4866963dd6d233ae0acd9f2ed19cdaed18a565323ca6af48ac35dR62.
Version suffixes also aren't needed because that's also handled in image tag tasks.

Commits in this PR have explanations, in case you're wondering why things are done this way.

Part of the changes here are extracted from #13422 (for historical context).

User-facing documentation

  • CHANGELOG is updated OR update is not needed
  • documentation PR is created and is linked above OR is not needed

Testing and quality

  • the change is production ready: the change is GA or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

No change.

How I validated my change

Checklist template for myself 
| image | image tag | version label | embedded version|
| --------- | --------------- |------------------- | --------------------------- |
| - [x] `central-db` | ? | ? | n/a |
| - [x] `main` | ? | ? | ? |
| - [x] `operator` | ? | ? | ? |
| - [x] `operator-bundle` | ? | ? | n/a |
| - [x] `roxctl` | ? | ? | ? |
| - [x] `scanner-v4` | ? | ? | ? |
| - [x] `scanner-v4-db` | ? | ? | n/a |

- Style 1: ``
- Style 2: ``
- Style 3: ``

See comment(s) below with the results of checking.

@msugakov msugakov added konflux-build Run Konflux in PR. Push commit to trigger it. backport-for-4.6-konflux-release https://redhat-internal.slack.com/archives/C05TS9N0S7L/p1730134914487439 labels Jan 23, 2025
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Jan 23, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@rhacs-bot
Copy link
Copy Markdown
Contributor

rhacs-bot commented Jan 23, 2025
edited
Loading

Images are ready for the commit at 31774f1.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.7.x-523-g31774f1c15.

@codecov
Copy link
Copy Markdown

codecov bot commented Jan 23, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 48.88%. Comparing base (bfd6063) to head (31774f1).
Report is 17 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #13940      +/-   ##
==========================================
+ Coverage   48.85%   48.88%   +0.02%     
==========================================
  Files        2496     2496              
  Lines      180733   180746      +13     
==========================================
+ Hits        88306    88360      +54     
+ Misses      85417    85371      -46     
- Partials     7010     7015       +5
Flag Coverage Δ
go-unit-tests 48.88% <ø> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@msugakov msugakov force-pushed the misha/ROX-27488-rid-of-dirty-check branch from 6ab63a8 to ba6cde5 Compare January 23, 2025 17:42
@stackrox stackrox deleted a comment from openshift-ci bot Jan 23, 2025
@stackrox stackrox deleted a comment from openshift-ci bot Jan 23, 2025
@msugakov
Get rid of tag suffixes and inject BUILD_TAG directly
bd4c1e4 
We used to rely on the Makefile which would run `git describe ...`
and append MAIN|COLLECTOR|SCANNER_TAG_SUFFIX to that to derive the
version for embedding in binaries.

Instead, we can pass the exact version via the `BUILD_TAG`
environment variable. This completely bypasses `git describe ...` and
so it's also necessary for the proper git-tag support which is
https://issues.redhat.com/browse/ROX-26026

Use of `BUILD_TAG` allows eliminating all *_TAG_SUFFIX variables
which we introduced just to make Konflux builds with `-fast` suffix
in version/tag deployable.
@msugakov
Rename MAIN_IMAGE_TAG BUILD_ARG to BUILD_TAG
30bcca6 
Because it's not always "main" image and because it makes things
more straightforward, in my opinion, when ARG and ENV are called the
same way.
@msugakov
Delete fail-build-if-git-is-dirty.sh
38d3f3f 
Since versions/tags are provided directly and `git describe` isn't
called, there should not be unintended `-dirty` suffixes and so
`fail-build-if-git-is-dirty` isn't needed any more in containers.

The similar dirty check is done in the task which produces
versions/tags in the pipeline since
https://github.com/stackrox/konflux-tasks/pull/16/files#diff-dae71ea775e4866963dd6d233ae0acd9f2ed19cdaed18a565323ca6af48ac35dR62
@msugakov
Fix main version embedded in the operator
17a04f1 
While checking the operator image, I noticed that
- `operator` tag is `4.7.0-514-gba6cde5b55-fast`
- `main` tag is `4.7.x-514-gba6cde5b55-fast`
- MainVersion embedded in `operator` binary is
  `4.7.0-514-gba6cde5b55-fast`

The last thing is wrong. MainVersion must match the `main` tag, i.e.
have `.x` instead of `.0`.
It does not matter a whole lot in the grand scheme of things because
the specific images will come from the bundle CSV in case of
bundle-based deployments, but I want to fix it nevertheless.
@msugakov msugakov force-pushed the misha/ROX-27488-rid-of-dirty-check branch from 2a3fbce to 17a04f1 Compare January 24, 2025 11:39
@msugakov
Copy link
Copy Markdown
Contributor Author

msugakov commented Jan 24, 2025

/retest operator-on-push

@msugakov
Copy link
Copy Markdown
Contributor Author

msugakov commented Jan 24, 2025

/retest main-on-push

@msugakov
Copy link
Copy Markdown
Contributor Author

msugakov commented Jan 24, 2025

/retest operator-bundle-on-push

@stackrox stackrox deleted a comment from openshift-ci bot Jan 24, 2025
@stackrox stackrox deleted a comment from openshift-ci bot Jan 24, 2025
@stackrox stackrox deleted a comment from openshift-ci bot Jan 24, 2025
@msugakov
Copy link
Copy Markdown
Contributor Author

msugakov commented Jan 24, 2025
edited
Loading

Testing round

image image tag version label embedded version
- [x] central-db 1 1 n/a
- [x] main 1 1 1
- [x] operator 2 1 1
- [x] operator-bundle 3 2 n/a
- [x] roxctl 1 1 1
- [x] scanner-v4 1 1 1
- [x] scanner-v4-db 1 1 n/a
  • Style 1: 4.7.x-522-g17a04f194d-fast
  • Style 2: 4.7.0-522-g17a04f194d-fast
  • Style 3: v4.7.0-522-g17a04f194d-fast

@msugakov msugakov marked this pull request as ready for review January 24, 2025 18:24
@msugakov msugakov requested review from a team as code owners January 24, 2025 18:24
@msugakov msugakov removed the request for review from a team January 24, 2025 18:24
@msugakov msugakov requested a review from vladbologa January 24, 2025 18:24
@msugakov msugakov requested a review from tommartensen January 24, 2025 18:24
@msugakov
Copy link
Copy Markdown
Contributor Author

msugakov commented Jan 24, 2025

/retest operator-on-push

@stackrox stackrox deleted a comment from openshift-ci bot Jan 24, 2025
tommartensen
tommartensen approved these changes Jan 27, 2025
View reviewed changes
@msugakov msugakov enabled auto-merge (squash) January 27, 2025 12:12
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Jan 27, 2025
edited
Loading

@msugakov: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/ocp-4-12-scanner-v4-install-tests 31774f1 link false /test ocp-4-12-scanner-v4-install-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@msugakov msugakov merged commit 7c69cf9 into master Jan 27, 2025
@msugakov msugakov deleted the misha/ROX-27488-rid-of-dirty-check branch January 27, 2025 13:51
ajheflin pushed a commit that referenced this pull request Jun 24, 2025
@msugakov @ajheflin
ROX-27488: Inject BUILD_TAG directly and rid of dirty check (#13940)
f7779db
msugakov added a commit that referenced this pull request Jun 26, 2025
@msugakov
ROX-27488: Inject BUILD_TAG directly and rid of dirty check (#13940)
8e6dc86
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tommartensen tommartensen tommartensen approved these changes

@vladbologa vladbologa Awaiting requested review from vladbologa vladbologa was automatically assigned from stackrox/install

Assignees

No one assigned

Labels

area/helm area/operator area/postgres area/scanner backport-for-4.6-konflux-release https://redhat-internal.slack.com/archives/C05TS9N0S7L/p1730134914487439 konflux-build Run Konflux in PR. Push commit to trigger it.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@msugakov @rhacs-bot @tommartensen