-
Notifications
You must be signed in to change notification settings - Fork 174
ROX-33123: Bump apollo-ci image to 0.5.4 #19778
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
237c7e4
Bump apollo-ci to 0.5.4, which also includes roxie
6c1373e
Include claude skill and command for future apollo-ci bumping
494eeef
Style fix: add text annotation
47647d5
Update .claude/skills/bump-apollo-ci/SKILL.md
mclasmeier dee051a
Update .claude/commands/bump-apollo-ci.md
mclasmeier 52bf428
Portable sed
d84baca
Merge remote-tracking branch 'origin/mc/apollo-ci-bump-roxie' into mc…
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| --- | ||
| name: bump-apollo-ci-openshift-release | ||
| description: Bump apollo-ci in openshift/release for specific project/branch | ||
| --- | ||
|
|
||
| Bump apollo-ci image tags in the openshift/release repository for a specific StackRox or Scanner branch. | ||
|
|
||
| Follow `.claude/skills/bump-apollo-ci-openshift-release/SKILL.md` for detailed instructions. | ||
|
|
||
| Ask the user: | ||
| - PROJECT: `stackrox` or `scanner` | ||
| - BRANCH: `master`, `release-4.7`, `release-2.36`, `nightlies`, etc. | ||
| - OLD_VERSION (e.g., "0.4.8") | ||
| - NEW_VERSION (e.g., "0.5.4") | ||
| - RELEASE_REPO_PATH: Path to openshift/release checkout | ||
|
|
||
| This skill updates only files matching the pattern: `PROJECT-PROJECT-BRANCH*.yaml` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| --- | ||
| name: bump-apollo-ci | ||
| description: Bump all apollo-ci container images to a new version | ||
| --- | ||
|
|
||
| Bump all apollo-ci container image references in the stackrox/stackrox repository. | ||
|
|
||
| CRITICAL: Follow the comprehensive checklist in `.claude/skills/bump-apollo-ci/SKILL.md` to ensure ALL files are updated. | ||
|
|
||
| Ask the user: | ||
| - OLD_VERSION (current version to replace, e.g., "0.5.4") | ||
| - NEW_VERSION (target version, e.g., "0.5.5") | ||
| - Also bump in openshift/release repository? If yes, use `bump-apollo-ci-openshift-release` skill after completing the stackrox bump | ||
|
|
||
| Then systematically update ALL occurrences following the skill documentation: | ||
| 1. Use pattern-based search and replace for standard files | ||
| 2. Explicitly update special cases (especially BUILD_IMAGE_VERSION) | ||
| 3. Verify zero old references remain | ||
| 4. Show git diff summary |
158 changes: 158 additions & 0 deletions
158
.claude/skills/bump-apollo-ci-openshift-release/SKILL.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,158 @@ | ||
| --- | ||
| name: bump-apollo-ci-openshift-release | ||
| description: Bump apollo-ci image tags in the openshift/release repository CI operator configs for specific StackRox/Scanner branches | ||
| user-invocable: true | ||
| --- | ||
|
|
||
| # Bump Apollo CI in openshift/release | ||
|
|
||
| Updates apollo-ci `tag:` fields in ci-operator configs for specific project/branch combinations. | ||
|
|
||
| ## File Pattern | ||
|
|
||
| Files: `ci-operator/config/stackrox/{PROJECT}/{PROJECT}-{PROJECT}-{BRANCH}*.yaml` | ||
|
|
||
| Examples: `stackrox-stackrox-master*.yaml` (master + OCP variants), `stackrox-scanner-release-2.36.yaml` | ||
|
|
||
| ## Procedure | ||
|
|
||
| ### 1. Get information | ||
|
|
||
| **IMPORTANT**: Use `AskUserQuestion` to gather the following parameters interactively with clickable options: | ||
|
|
||
| **Question 1 - Project:** | ||
| - Options: `stackrox` (Main StackRox platform repository) | `scanner` (StackRox Scanner repository) | ||
|
|
||
| **Question 2 - Branch:** | ||
| - Options: `master` (Main development branch) | `release-4.7` | `release-2.36` | `nightlies` | ||
| - Always include an "Other" option for custom branches | ||
|
|
||
| **Question 3 - New Version:** | ||
| - Always query the user for this one -- no auto-detection and/or pre-filled-in suggestions. | ||
|
|
||
| **Question 4 - Old Version:** | ||
| - Options: `Auto-detect (Recommended)` (Automatically find current version in config files) | `Specify version` (Manually specify old version) | ||
|
|
||
| **Question 5 - Release Repo Path:** | ||
| - Ask for path to openshift/release checkout | ||
| - Suggest common locations if detectable | ||
|
|
||
| After gathering all parameters via AskUserQuestion, proceed with the following steps. | ||
|
|
||
| ### 2. Check repository is clean | ||
|
|
||
| Before making any changes, verify the repository has no uncommitted changes: | ||
| ```bash | ||
| if ! git -C RELEASE_REPO_PATH diff-index --quiet HEAD --; then | ||
| echo "❌ Repository has uncommitted changes. Please commit or stash them before proceeding." | ||
| git -C RELEASE_REPO_PATH status --short | ||
| exit 1 | ||
| fi | ||
| ``` | ||
|
|
||
| If the repository is dirty, inform the user and stop. They must clean up the repository before proceeding. | ||
|
|
||
| ### 3. Create branch from origin/main | ||
|
|
||
| Fetch latest changes and create new branch: | ||
| ```bash | ||
| git -C RELEASE_REPO_PATH fetch origin | ||
| BRANCH_NAME="PROJECT-BRANCH-apollo-ci-bump-NEW_VERSION" | ||
| git -C RELEASE_REPO_PATH checkout -b "$BRANCH_NAME" origin/main | ||
| ``` | ||
|
|
||
| ### 4. Show matching files and detect current versions | ||
| ```bash | ||
| PATTERN="ci-operator/config/stackrox/PROJECT/PROJECT-PROJECT-BRANCH*.yaml" | ||
| git -C RELEASE_REPO_PATH ls-files "$PATTERN" | ||
|
|
||
| # Show what versions currently exist across all matching files | ||
| git -C RELEASE_REPO_PATH grep -h "tag: \(stackrox-test\|scanner-test\|stackrox-ui-test\)-" -- "$PATTERN" | \ | ||
| sed 's/.*tag: //' | sort -u | ||
| ``` | ||
| **Important**: Different files may have different versions. The bulk replace will update ALL versions to NEW_VERSION. | ||
|
|
||
| ### 5. Bulk replace (handles mixed versions) | ||
|
|
||
| **If user selected "Auto-detect" for old version:** | ||
| Replace ANY version pattern with the new version: | ||
| ```bash | ||
| git -C RELEASE_REPO_PATH ls-files "$PATTERN" | \ | ||
| xargs -I {} sed -i.bak -E \ | ||
| 's/tag: (stackrox-test|scanner-test|stackrox-ui-test)-[0-9]+\.[0-9]+\.[0-9]+$/tag: \1-NEW_VERSION/' \ | ||
| "RELEASE_REPO_PATH/{}" | ||
|
|
||
| # Clean up backup files | ||
| find RELEASE_REPO_PATH -name '*.bak' -type f -delete | ||
| ``` | ||
|
|
||
| **If user specified a specific OLD_VERSION:** | ||
| Replace only that specific version: | ||
| ```bash | ||
| git -C RELEASE_REPO_PATH ls-files "$PATTERN" | \ | ||
| xargs -I {} sed -i.bak -E \ | ||
| 's/tag: (stackrox-test|scanner-test|stackrox-ui-test)-OLD_VERSION$/tag: \1-NEW_VERSION/' \ | ||
| "RELEASE_REPO_PATH/{}" | ||
|
|
||
| # Clean up backup files | ||
| find RELEASE_REPO_PATH -name '*.bak' -type f -delete | ||
| ``` | ||
|
|
||
| ### 6. Verify replacement succeeded | ||
| ```bash | ||
| # Show what versions remain after replacement | ||
| git -C RELEASE_REPO_PATH grep -h "tag: \(stackrox-test\|scanner-test\|stackrox-ui-test\)-" -- "$PATTERN" | \ | ||
| sed 's/.*tag: //' | sort -u | ||
| # Expected: Only NEW_VERSION should appear | ||
|
|
||
| # If a specific OLD_VERSION was targeted, verify it's gone: | ||
| git -C RELEASE_REPO_PATH grep -c "tag: .*-OLD_VERSION" -- "$PATTERN" 2>/dev/null | wc -l | ||
| # Expected: 0 | ||
| ``` | ||
|
|
||
| ### 7. Normalize configs | ||
| Run to ensure configs are properly formatted (note: this may show errors for other projects' configs - ignore those): | ||
| ```bash | ||
| make -C RELEASE_REPO_PATH ci-operator-config | ||
| ``` | ||
|
|
||
| ### 8. Review changes | ||
| ```bash | ||
| git -C RELEASE_REPO_PATH diff --stat | ||
| # Expected: Only ci-operator/config/ files changed (jobs/ unchanged for image bumps) | ||
| ``` | ||
|
|
||
| ### 9. Commit changes | ||
|
|
||
| Add and commit the changes: | ||
| ```bash | ||
| git -C RELEASE_REPO_PATH add ci-operator/config/stackrox/PROJECT/ | ||
| git -C RELEASE_REPO_PATH commit -m "$(cat <<'EOF' | ||
| Bump StackRox apollo-ci for PROJECT/BRANCH from OLD_VERSION to NEW_VERSION | ||
|
|
||
| Updates apollo-ci image tags in CI operator configs for PROJECT BRANCH. | ||
| EOF | ||
| )" | ||
| ``` | ||
|
|
||
| ### 10. Inform user | ||
|
|
||
| Display a summary and exit: | ||
| ```text | ||
| ✅ Successfully bumped apollo-ci to version NEW_VERSION! | ||
|
|
||
| **Summary:** | ||
| - Repository: RELEASE_REPO_PATH | ||
| - Branch: BRANCH_NAME | ||
| - Files changed: N files | ||
| - Version bump: OLD_VERSION → NEW_VERSION | ||
| - Commit: COMMIT_HASH | ||
| ``` | ||
|
|
||
| ## Important | ||
|
|
||
| - **Normalize configs:** Always run `make ci-operator-config` after editing (may show errors for other projects - ignore those) | ||
| - **Variants:** stackrox-test, scanner-test, stackrox-ui-test (no stackrox-build) | ||
| - **Pattern includes OCP variants:** `BRANCH*.yaml` matches all (e.g., master__ocp-4-18) | ||
| - **Clean repository required:** The repository must have no uncommitted changes before starting | ||
| - **Branch naming:** New branches follow the pattern `PROJECT-BRANCH-apollo-ci-bump-NEW_VERSION` | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,142 @@ | ||
| --- | ||
| name: bump-apollo-ci | ||
| description: ALWAYS use when user asks to "bump apollo-ci", "update apollo-ci", or "upgrade apollo-ci" to any version. Updates all apollo-ci/stackrox-test/scanner-test/stackrox-ui-test/stackrox-build container image references across this repository. | ||
| user-invocable: true | ||
| --- | ||
|
|
||
| # Bump Apollo CI Images | ||
|
|
||
| Updates all apollo-ci container image references using git-aware commands that only modify tracked files on the current branch. | ||
|
|
||
| ## Apollo CI Image Variants | ||
|
|
||
| Four variants exist: | ||
| - `stackrox-test` - Main test container | ||
| - `scanner-test` - Scanner-specific tests | ||
| - `stackrox-ui-test` - UI-specific tests | ||
| - `stackrox-build` - Build container (special format: see BUILD_IMAGE_VERSION below) | ||
|
|
||
| ## What Gets Updated | ||
|
|
||
| ### Pattern-Based (automatic via regex) | ||
|
|
||
| - GitHub Actions workflows: `image: quay.io/stackrox-io/apollo-ci:(variant)-VERSION` | ||
| - Dockerfiles: `FROM quay.io/stackrox-io/apollo-ci:(variant)-VERSION` | ||
| - Dev containers: `"image":"quay.io/stackrox-io/apollo-ci:(variant)-VERSION"` | ||
| - Shell scripts: `quay.io/stackrox-io/apollo-ci:(variant)-VERSION` | ||
| - Comments: Any mention of `apollo-ci:*-VERSION` or `stackrox-build-VERSION` | ||
|
|
||
| ### Special Cases (explicit handling) | ||
|
|
||
| **`BUILD_IMAGE_VERSION`** - CRITICAL! Contains only `stackrox-build-X.X.X` (no `quay.io/stackrox-io/apollo-ci:` prefix) | ||
|
|
||
| ## Procedure | ||
|
|
||
| ### 1. Get versions and scope | ||
| Ask the user if not provided: | ||
| - OLD_VERSION (e.g., "0.5.4") | ||
| - NEW_VERSION (e.g., "0.5.5") | ||
| - **Also bump in openshift/release?** If yes, use the `bump-apollo-ci-openshift-release` skill after completing the stackrox repo bump | ||
|
|
||
| Note: OLD_VERSION can also be "whatever is currently in the config" if you want to auto-detect it. | ||
|
|
||
| ### 2. Check repository is clean | ||
|
|
||
| Before making any changes, verify the repository has no uncommitted changes: | ||
| ```bash | ||
| if ! git diff-index --quiet HEAD --; then | ||
| echo "❌ Repository has uncommitted changes. Please commit or stash them before proceeding." | ||
| git status --short | ||
| exit 1 | ||
| fi | ||
mclasmeier marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| ``` | ||
|
|
||
| If the repository is dirty, inform the user and stop. They must clean up the repository before proceeding. | ||
|
|
||
| ### 3. Create branch from origin/master | ||
|
|
||
| Fetch latest changes and create new branch with format `apollo-ci-bump-NEW_VERSION`: | ||
| ```bash | ||
| git fetch origin | ||
| BRANCH_NAME="apollo-ci-bump-NEW_VERSION" | ||
| git checkout -b "$BRANCH_NAME" origin/master | ||
| ``` | ||
|
|
||
| ### 4. Find occurrences | ||
| ```bash | ||
| git grep -n "apollo-ci.*OLD_VERSION\|stackrox-build-OLD_VERSION" -- \ | ||
| '*.yaml' '*.yml' '*.sh' '*.txt' '*.json' 'Dockerfile*' 'BUILD_IMAGE_VERSION' | ||
| ``` | ||
|
|
||
| ### 5. Bulk replace | ||
| ```bash | ||
| git ls-files '*.yaml' '*.yml' '*.sh' '*.txt' '*.json' 'Dockerfile*' | \ | ||
| xargs sed -i.bak 's/apollo-ci:\(stackrox-test\|scanner-test\|stackrox-ui-test\|stackrox-build\)-OLD_VERSION/apollo-ci:\1-NEW_VERSION/g' | ||
|
|
||
| # Clean up backup files | ||
| find . -name '*.bak' -type f -delete | ||
| ``` | ||
coderabbitai[bot] marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| ### 6. Update BUILD_IMAGE_VERSION | ||
| ```bash | ||
| echo "stackrox-build-NEW_VERSION" > BUILD_IMAGE_VERSION | ||
| ``` | ||
|
|
||
| ### 7. Verify zero old references | ||
| ```bash | ||
| git grep -c "apollo-ci.*OLD_VERSION\|stackrox-build-OLD_VERSION" -- \ | ||
| '*.yaml' '*.yml' '*.sh' '*.txt' '*.json' 'Dockerfile*' 'BUILD_IMAGE_VERSION' | wc -l | ||
| # Expected: 0 | ||
| ``` | ||
|
|
||
| ### 8. Review changes | ||
| ```bash | ||
| git diff --stat | ||
| # Expected: ~14-16 files changed | ||
| ``` | ||
|
|
||
| ### 9. Commit changes | ||
|
|
||
| Add and commit all changes: | ||
| ```bash | ||
| git add -A | ||
| git commit -m "$(cat <<'EOF' | ||
| Bump apollo-ci from OLD_VERSION to NEW_VERSION | ||
|
|
||
| Updates all apollo-ci container image references from version OLD_VERSION to NEW_VERSION. | ||
| This includes stackrox-test, scanner-test, stackrox-ui-test, and stackrox-build variants. | ||
| EOF | ||
| )" | ||
| ``` | ||
|
|
||
| ### 10. Inform user | ||
|
|
||
| Display the branch name and next steps: | ||
| ```text | ||
| ✅ Changes committed to branch: BRANCH_NAME | ||
|
|
||
| Branch: BRANCH_NAME | ||
| Files changed: N files | ||
|
|
||
| Next steps: | ||
| 1. Review the changes: git show | ||
| 2. Push the branch: git push origin BRANCH_NAME | ||
| 3. Create a PR in the stackrox/stackrox repository | ||
| 4. If you selected "Also bump in openshift/release", run the bump-apollo-ci-openshift-release skill next | ||
| ``` | ||
|
|
||
| ## Important | ||
|
|
||
| - **Scope:** Only git-tracked files on current branch. Multiple checkouts must be updated independently. | ||
| - **All variants must match:** All four variants use the same version number. | ||
| - **BUILD_IMAGE_VERSION:** Easy to forget! No prefix, just `stackrox-build-X.X.X`. | ||
| - **Clean repository required:** The repository must have no uncommitted changes before starting. | ||
| - **Branch naming:** New branches follow the pattern `apollo-ci-bump-NEW_VERSION`. | ||
|
|
||
| ## Troubleshooting | ||
|
|
||
| If files are missed, check: | ||
| ```bash | ||
| git grep "OLD_VERSION" # Find remaining references | ||
| git status # Check if files are tracked | ||
| ``` | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.