Skip to content

OCM-24478 | ci: add ROSA changelog tag job #79632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
olucasfreitas wants to merge 1 commit into
base: main
Choose a base branch
from
Open

OCM-24478 | ci: add ROSA changelog tag job #79632

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions ci-operator/config/openshift/rosa/openshift-rosa-master.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,20 @@ tests:
secret:
mount_path: /tmp/secret
name: rosa-codecov-token
- as: changelog-history
commands: |
unset GOFLAGS
export GITHUB_TOKEN=$(cat /tmp/github/oauth)
if ! command -v jq >/dev/null 2>&1; then
dnf install -y jq >/dev/null
fi
Comment on lines +66 to +68
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add error handling for jq installation.

If dnf install fails, the script continues to make changelog-pr without checking the exit code, which may result in unclear error messages if the changelog target depends on jq.

🛡️ Proposed fix to add error handling 
     if ! command -v jq >/dev/null 2>&1; then
-      dnf install -y jq >/dev/null
+      if ! dnf install -y jq >/dev/null 2>&1; then
+        echo "ERROR: Failed to install jq dependency"
+        exit 1
+      fi
     fi

Alternatively, consider using a base image that already includes jq to avoid runtime installation overhead.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if ! command -v jq >/dev/null 2>&1; then
dnf install -y jq >/dev/null
fi
if ! command -v jq >/dev/null 2>&1; then
if ! dnf install -y jq >/dev/null 2>&1; then
echo "ERROR: Failed to install jq dependency"
exit 1
fi
fi
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ci-operator/config/openshift/rosa/openshift-rosa-master.yaml` around lines 66
- 68, The script currently attempts to install jq with "dnf install -y jq" but
doesn’t check the install exit code, so if installation fails the script
proceeds to run "make changelog-pr" and fails later; update the block that uses
"command -v jq" and "dnf install -y jq" to test the dnf command’s exit status
and immediately print a clear error and exit non‑zero on failure (or set
errexit/pipefail at the top), e.g., ensure the failure path for "dnf install -y
jq" stops execution with a descriptive message about jq installation failure;
alternatively, document or switch to a base image that already includes jq to
avoid runtime installation.

make changelog-pr
container:
from: src
postsubmit: true
secret:
mount_path: /tmp/github
name: github-credentials-openshift-ci-robot-private-git-cloner
zz_generated_metadata:
branch: master
org: openshift
Expand Down
70 changes: 70 additions & 0 deletions ci-operator/jobs/openshift/rosa/openshift-rosa-master-postsubmits.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,75 @@
postsubmits:
openshift/rosa:
- agent: kubernetes
always_run: true
branches:
- ^master$
cluster: build05
decorate: true
decoration_config:
skip_cloning: true
labels:
ci.openshift.io/generator: prowgen
max_concurrency: 1
name: branch-ci-openshift-rosa-master-changelog-history
spec:
containers:
- args:
- --gcs-upload-secret=/secrets/gcs/service-account.json
- --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
- --oauth-token-path=/usr/local/github-credentials/oauth
- --report-credentials-file=/etc/report/credentials
- --secret-dir=/secrets/github-credentials-openshift-ci-robot-private-git-cloner
- --target=changelog-history
command:
- ci-operator
env:
- name: HTTP_SERVER_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
imagePullPolicy: Always
name: ""
ports:
- containerPort: 8080
name: http
resources:
requests:
cpu: 10m
volumeMounts:
- mountPath: /secrets/gcs
name: gcs-credentials
readOnly: true
- mountPath: /usr/local/github-credentials
name: github-credentials-openshift-ci-robot-private-git-cloner
readOnly: true
- mountPath: /secrets/github-credentials-openshift-ci-robot-private-git-cloner
name: github-credentials-openshift-ci-robot-private-git-cloner
readOnly: true
- mountPath: /secrets/manifest-tool
name: manifest-tool-local-pusher
readOnly: true
- mountPath: /etc/pull-secret
name: pull-secret
readOnly: true
- mountPath: /etc/report
name: result-aggregator
readOnly: true
serviceAccountName: ci-operator
volumes:
- name: github-credentials-openshift-ci-robot-private-git-cloner
secret:
secretName: github-credentials-openshift-ci-robot-private-git-cloner
- name: manifest-tool-local-pusher
secret:
secretName: manifest-tool-local-pusher
- name: pull-secret
secret:
secretName: registry-pull-credentials
- name: result-aggregator
secret:
secretName: result-aggregator
- agent: kubernetes
always_run: true
branches:
Expand Down