Move rebasebot periodics into repo-owned configs#79774
Merged
openshift-merge-bot[bot] merged 2 commits intoJun 4, 2026
Merged
Conversation
openshift-ci
Bot
added
the
do-not-merge/hold
openshift-ci
Bot
added
the
approved
Contributor
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughPromotes the rebasebot build image to ci/rebasebot:latest, trims scheduled tests from the rebasebot operator manifest, and adds many generated ci-operator periodic YAMLs registering scheduled rebasebot jobs across migtools and OpenShift repos (crons, resources, secrets, commands, zz_generated_metadata). ChangesRebasebot promotion and periodics
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 15✅ Passed checks (15 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Contributor
|
@coderabbitai[bot]: your |
Contributor
|
@openshift-merge-bot[bot]: your |
Contributor
Author
|
/pj-rehearse periodic-ci-openshift-cluster-api-provider-aws-main-periodics-cluster-api-provider-aws |
Contributor
Author
|
/pj-rehearse periodic-ci-openshift-cluster-api-provider-aws-main-periodics-rebasebot periodic-ci-openshift-eng-rebasebot-main-cluster-api-provider-gcp |
Contributor
|
@RadekManak: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
Contributor
Author
|
Blocked by #79778 |
Contributor
Author
|
/pj-rehearse periodic-ci-openshift-cluster-api-provider-aws-main-periodics-rebasebot periodic-ci-openshift-eng-rebasebot-main-cluster-api-provider-gcp |
Contributor
|
@RadekManak: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
Contributor
Author
|
/pj-rehearse periodic-ci-openshift-cluster-api-provider-aws-main-periodics-rebasebot |
Contributor
|
@RadekManak: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
Contributor
|
@RadekManak: job(s): periodic-ci-openshift-eng-rebasebot-main-cluster-api-provider-gcp either don't exist or were not found to be affected, and cannot be rehearsed |
Contributor
Author
|
/pj-rehearse periodic-ci-openshift-cluster-api-provider-aws-main-periodics-rebasebot |
Contributor
|
@RadekManak: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
RadekManak
force-pushed
the
t3code/0f1f7101
branch
from
1fbc1d5 to
a50aa25
Compare
openshift-ci
Bot
removed
the
approved
RadekManak
changed the title
RadekManak
force-pushed
the
t3code/0f1f7101
branch
from
a50aa25 to
bb1e513
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 11
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@ci-operator/config/migtools/filebrowser/migtools-filebrowser-oadp-dev__periodics.yaml`:
- Around line 19-20: The job currently sources a remote, mutable shell script
via source <(curl --silent
https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_filebrowser_oadp-dev.env.sh),
which can change at runtime and access mounted credentials; replace this by
either inlining the required env variables into this config (or another reviewed
file in-repo) or change the curl target to a pinned immutable revision (e.g., a
specific commit SHA) so the job sources a fixed, reviewed script; locate the
commands block containing the URL above and update it to one of these two safe
options.
In `@ci-operator/config/migtools/kopia/migtools-kopia-oadp-1.5__periodics.yaml`:
- Around line 19-20: The job is sourcing a mutable remote shell via the commands
line (source <(curl --silent
https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_kopia_oadp-1.5.env.sh)),
which can change at runtime while credentials are mounted; instead either (A)
copy the required env values into this config (or another reviewed file in this
repo) and source a local file, or (B) fetch a pinned immutable revision by
replacing the refs/heads/oadp-dev URL with a specific commit SHA or tag URL for
rebase-configs/migtools_kopia_oadp-1.5.env.sh so the sourced script is
immutable. Ensure the change updates the commands entry to reference the local
file or the fixed commit URL and remove any runtime dependency on a branch head.
In `@ci-operator/config/migtools/kopia/migtools-kopia-oadp-dev__periodics.yaml`:
- Around line 19-20: The commands block currently sources a mutable remote
script via "source <(curl ... refs/heads/oadp-dev)" which is unsafe for a
credentialed job; replace this by either inlining the required environment
variables into the commands block (move the values from the remote script into
this config or another reviewed file) or fetch a pinned immutable revision
instead of the branch head (change "refs/heads/oadp-dev" to a specific commit
SHA or a tagged release) so the "source <(...)" invocation is no longer pulling
arbitrary branch changes while secrets are mounted.
In
`@ci-operator/config/migtools/kubevirt-velero-plugin/migtools-kubevirt-velero-plugin-main__periodics.yaml`:
- Around line 19-20: The pipeline currently sources a mutable remote script via
the commands block using the inline command starting with "source <(curl ...
refs/heads/oadp-dev/rebase-configs/migtools_kubevirt_velero_plugin_main.env.sh)",
which risks executing unreviewed code while credentials are mounted; replace
this by either inlining the required environment variables directly into the job
config (copy values from that remote script into this YAML) or fetching a
pinned, immutable revision (use a specific commit SHA or tagged ref instead of
refs/heads/oadp-dev) and download it without sourcing from stdout; update the
commands to reference the in-repo file or the pinned URL and ensure no direct
"source <(curl ...)" pattern remains.
In
`@ci-operator/config/migtools/udistribution/migtools-udistribution-main__periodics.yaml`:
- Around line 19-20: The job is sourcing a remote, mutable shell script via the
line starting with source <(curl --silent
https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_udistribution_main.env.sh),
which allows unreviewed changes to run with mounted credentials; fix it by
either embedding the required environment variable definitions directly into
this periodic config (or another reviewed file in this repo) or replace the URL
with a pinned immutable revision (use a specific commit SHA or tag in place of
refs/heads/oadp-dev) and update the command string accordingly so the job no
longer fetches from a mutable branch at runtime.
In
`@ci-operator/config/openshift/cloud-provider-ibm/openshift-cloud-provider-ibm-main__periodics.yaml`:
- Around line 20-21: The branch discovery currently only queries the first
GitHub branches page and proceeds even if BRANCH_NAME is empty; update the
BRANCH_NAME resolution (the export BRANCH_NAME assignment) to fetch enough
branches (use per_page=100 and iterate/paginate through pages until no more
results) or otherwise request enough pages to cover expected branches, then
validate that BRANCH_NAME is non-empty and abort (exit non‑zero) with a clear
error log before invoking rebasebot (the rebasebot --source ... line) if no
matching release-<major>.<minor> branch was found.
In
`@ci-operator/config/openshift/cloud-provider-powervs/openshift-cloud-provider-powervs-main__periodics.yaml`:
- Around line 20-23: The branch discovery and rebase source are pointed at
IBM-Cloud/cloud-provider-ibm but this periodic should target the PowerVS
upstream; update the curl URL that sets BRANCH_NAME to query the
IBM-Cloud/cloud-provider-powervs branches and change the rebasebot --source
value to use https://github.com/IBM-Cloud/cloud-provider-powervs:${BRANCH_NAME}
(keep the existing --dest and --rebase targets unchanged) so BRANCH_NAME and the
rebasebot --source refer to the PowerVS repo.
In
`@ci-operator/config/openshift/cluster-api-provider-azure/openshift-cluster-api-provider-azure-main__periodics.yaml`:
- Line 25: Rebasebot only accepts a single --post-rebase-hook target; fix this
by adding a small wrapper script (e.g.,
hack/rebasebot-hook-scripts/run-post-rebase-manifests.sh) that calls the two
existing scripts update-ocp-manifests-gen.sh and generate-ocp-manifests.sh
(preserve exit codes and mark it executable), then update the --post-rebase-hook
value to point to the new wrapper's git: URL instead of listing both git:
entries after the same flag.
In
`@ci-operator/config/openshift/kubernetes-autoscaler/openshift-kubernetes-autoscaler-main__periodics.yaml`:
- Around line 19-21: The commands block sets UPSTREAM_VERSION by curling GitHub
and may yield empty result; harden it by enabling strict shell options (e.g.,
set -euo pipefail) at the top of the commands, use curl --fail (or similar) so
HTTP failures abort, and add an explicit non-empty check for UPSTREAM_VERSION
before calling rebasebot (produce an error message and exit non-zero if empty).
Ensure the changes are applied in the same commands stanza that defines
UPSTREAM_VERSION and the subsequent call to rebasebot so the job fails fast when
release discovery fails.
In
`@ci-operator/config/openshift/kubernetes-sigs-karpenter/openshift-kubernetes-sigs-karpenter-main__periodics.yaml`:
- Around line 20-22: MOST_RECENT_UPSTREAM_RELEASE can end up as a peeled
annotated tag (refs/tags/<tag>^{}) which makes the rebasebot --source ref
invalid; change the pipeline that sets MOST_RECENT_UPSTREAM_RELEASE so it first
filters out peeled/annotated tag lines (those ending with ^{}) from the git
ls-remote --tags output, then select the top remaining tag and strip the
refs/tags/ prefix before passing it to rebasebot --source.
In
`@ci-operator/config/openshift/velero/openshift-velero-oadp-1.5__periodics.yaml`:
- Around line 19-20: The periodic job currently sources an env script from
refs/heads/oadp-dev which mismatches the declared branch (branch: oadp-1.5);
update the curl target in the commands block (the source <(curl
...openshift_velero_oadp-1.5.env.sh) line) to use refs/heads/oadp-1.5 instead of
refs/heads/oadp-dev so the job pulls the env from the same branch, or if
oadp-dev is intentional, add a comment in the commands explaining why and
reference the branch mismatch for future reviewers.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: f9ba3cd0-8556-4563-82c5-bbe6be997932
📒 Files selected for processing (42)
ci-operator/config/migtools/filebrowser/migtools-filebrowser-oadp-dev__periodics.yamlci-operator/config/migtools/kopia/migtools-kopia-oadp-1.5__periodics.yamlci-operator/config/migtools/kopia/migtools-kopia-oadp-dev__periodics.yamlci-operator/config/migtools/kubevirt-velero-plugin/migtools-kubevirt-velero-plugin-main__periodics.yamlci-operator/config/migtools/udistribution/migtools-udistribution-main__periodics.yamlci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yamlci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main__periodics.yamlci-operator/config/openshift/aws-karpenter-provider-aws/openshift-aws-karpenter-provider-aws-main__periodics.yamlci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main__periodics.yamlci-operator/config/openshift/cloud-provider-aws/openshift-cloud-provider-aws-main__periodics.yamlci-operator/config/openshift/cloud-provider-azure/openshift-cloud-provider-azure-main__periodics.yamlci-operator/config/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-main__periodics.yamlci-operator/config/openshift/cloud-provider-ibm/openshift-cloud-provider-ibm-main__periodics.yamlci-operator/config/openshift/cloud-provider-nutanix/openshift-cloud-provider-nutanix-main__periodics.yamlci-operator/config/openshift/cloud-provider-powervs/openshift-cloud-provider-powervs-main__periodics.yamlci-operator/config/openshift/cloud-provider-vpc-controller/openshift-cloud-provider-vpc-controller-master__periodics.yamlci-operator/config/openshift/cloud-provider-vsphere/openshift-cloud-provider-vsphere-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-aws/openshift-cluster-api-provider-aws-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-azure/openshift-cluster-api-provider-azure-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-gcp/openshift-cluster-api-provider-gcp-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-ibmcloud/openshift-cluster-api-provider-ibmcloud-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-nutanix/openshift-cluster-api-provider-nutanix-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-vsphere/openshift-cluster-api-provider-vsphere-main__periodics.yamlci-operator/config/openshift/cluster-api/openshift-cluster-api-main__periodics.yamlci-operator/config/openshift/grafana-tempo-operator/openshift-grafana-tempo-operator-main__periodics.yamlci-operator/config/openshift/kubernetes-autoscaler/openshift-kubernetes-autoscaler-main__periodics.yamlci-operator/config/openshift/kubernetes-nmstate/openshift-kubernetes-nmstate-main__periodics.yamlci-operator/config/openshift/kubernetes-sigs-karpenter/openshift-kubernetes-sigs-karpenter-main__periodics.yamlci-operator/config/openshift/oadp-operator/openshift-oadp-operator-oadp-1.5__periodics.yamlci-operator/config/openshift/oadp-operator/openshift-oadp-operator-oadp-dev__periodics.yamlci-operator/config/openshift/open-telemetry-opentelemetry-operator/openshift-open-telemetry-opentelemetry-operator-main__periodics.yamlci-operator/config/openshift/openstack-ironic-prometheus-exporter/openshift-openstack-ironic-prometheus-exporter-main__periodics.yamlci-operator/config/openshift/openstack-ironic-python-agent/openshift-openstack-ironic-python-agent-main__periodics.yamlci-operator/config/openshift/openstack-ironic/openshift-openstack-ironic-main__periodics.yamlci-operator/config/openshift/openstack-networking-generic-switch/openshift-openstack-networking-generic-switch-main__periodics.yamlci-operator/config/openshift/openstack-sushy/openshift-openstack-sushy-main__periodics.yamlci-operator/config/openshift/topolvm/openshift-topolvm-main__periodics.yamlci-operator/config/openshift/velero-plugin-for-aws/openshift-velero-plugin-for-aws-oadp-dev__periodics.yamlci-operator/config/openshift/velero-plugin-for-gcp/openshift-velero-plugin-for-gcp-oadp-dev__periodics.yamlci-operator/config/openshift/velero-plugin-for-microsoft-azure/openshift-velero-plugin-for-microsoft-azure-oadp-dev__periodics.yamlci-operator/config/openshift/velero/openshift-velero-oadp-1.5__periodics.yamlci-operator/config/openshift/velero/openshift-velero-oadp-dev__periodics.yaml
✅ Files skipped from review due to trivial changes (3)
- ci-operator/config/openshift/openstack-networking-generic-switch/openshift-openstack-networking-generic-switch-main__periodics.yaml
- ci-operator/config/openshift/openstack-ironic-python-agent/openshift-openstack-ironic-python-agent-main__periodics.yaml
- ci-operator/config/openshift/cloud-provider-nutanix/openshift-cloud-provider-nutanix-main__periodics.yaml
🚧 Files skipped from review as they are similar to previous changes (2)
- ci-operator/config/openshift/cluster-api-provider-aws/openshift-cluster-api-provider-aws-main__periodics.yaml
- ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml
Comment on lines
+19
to
+20
| commands: | | ||
| source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_filebrowser_oadp-dev.env.sh) |
Contributor
There was a problem hiding this comment.
Avoid sourcing a mutable remote shell script in a credentialed job.
This step executes shell fetched from another repo’s branch head at runtime while the GitHub app keys are mounted. Any change in that external branch can silently change this job’s behavior or read the mounted credentials without a corresponding review here. Please keep the env values in this config (or another reviewed file in this repo), or at least fetch a pinned immutable revision instead of refs/heads/oadp-dev.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/migtools/filebrowser/migtools-filebrowser-oadp-dev__periodics.yaml`
around lines 19 - 20, The job currently sources a remote, mutable shell script
via source <(curl --silent
https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_filebrowser_oadp-dev.env.sh),
which can change at runtime and access mounted credentials; replace this by
either inlining the required env variables into this config (or another reviewed
file in-repo) or change the curl target to a pinned immutable revision (e.g., a
specific commit SHA) so the job sources a fixed, reviewed script; locate the
commands block containing the URL above and update it to one of these two safe
options.
Comment on lines
+19
to
+20
| commands: | | ||
| source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_kopia_oadp-1.5.env.sh) |
Contributor
There was a problem hiding this comment.
Avoid sourcing a mutable remote shell script in a credentialed job.
This step executes shell fetched from another repo’s branch head at runtime while the GitHub app keys are mounted. Any change in that external branch can silently change this job’s behavior or read the mounted credentials without a corresponding review here. Please keep the env values in this config (or another reviewed file in this repo), or at least fetch a pinned immutable revision instead of refs/heads/oadp-dev.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@ci-operator/config/migtools/kopia/migtools-kopia-oadp-1.5__periodics.yaml`
around lines 19 - 20, The job is sourcing a mutable remote shell via the
commands line (source <(curl --silent
https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_kopia_oadp-1.5.env.sh)),
which can change at runtime while credentials are mounted; instead either (A)
copy the required env values into this config (or another reviewed file in this
repo) and source a local file, or (B) fetch a pinned immutable revision by
replacing the refs/heads/oadp-dev URL with a specific commit SHA or tag URL for
rebase-configs/migtools_kopia_oadp-1.5.env.sh so the sourced script is
immutable. Ensure the change updates the commands entry to reference the local
file or the fixed commit URL and remove any runtime dependency on a branch head.
Comment on lines
+19
to
+20
| commands: | | ||
| source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_kopia_oadp-dev.env.sh) |
Contributor
There was a problem hiding this comment.
Avoid sourcing a mutable remote shell script in a credentialed job.
This step executes shell fetched from another repo’s branch head at runtime while the GitHub app keys are mounted. Any change in that external branch can silently change this job’s behavior or read the mounted credentials without a corresponding review here. Please keep the env values in this config (or another reviewed file in this repo), or at least fetch a pinned immutable revision instead of refs/heads/oadp-dev.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@ci-operator/config/migtools/kopia/migtools-kopia-oadp-dev__periodics.yaml`
around lines 19 - 20, The commands block currently sources a mutable remote
script via "source <(curl ... refs/heads/oadp-dev)" which is unsafe for a
credentialed job; replace this by either inlining the required environment
variables into the commands block (move the values from the remote script into
this config or another reviewed file) or fetch a pinned immutable revision
instead of the branch head (change "refs/heads/oadp-dev" to a specific commit
SHA or a tagged release) so the "source <(...)" invocation is no longer pulling
arbitrary branch changes while secrets are mounted.
Comment on lines
+19
to
+20
| commands: | | ||
| source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_kubevirt_velero_plugin_main.env.sh) |
Contributor
There was a problem hiding this comment.
Avoid sourcing a mutable remote shell script in a credentialed job.
This step executes shell fetched from another repo’s branch head at runtime while the GitHub app keys are mounted. Any change in that external branch can silently change this job’s behavior or read the mounted credentials without a corresponding review here. Please keep the env values in this config (or another reviewed file in this repo), or at least fetch a pinned immutable revision instead of refs/heads/oadp-dev.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/migtools/kubevirt-velero-plugin/migtools-kubevirt-velero-plugin-main__periodics.yaml`
around lines 19 - 20, The pipeline currently sources a mutable remote script via
the commands block using the inline command starting with "source <(curl ...
refs/heads/oadp-dev/rebase-configs/migtools_kubevirt_velero_plugin_main.env.sh)",
which risks executing unreviewed code while credentials are mounted; replace
this by either inlining the required environment variables directly into the job
config (copy values from that remote script into this YAML) or fetching a
pinned, immutable revision (use a specific commit SHA or tagged ref instead of
refs/heads/oadp-dev) and download it without sourcing from stdout; update the
commands to reference the in-repo file or the pinned URL and ensure no direct
"source <(curl ...)" pattern remains.
Comment on lines
+19
to
+20
| commands: | | ||
| source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_udistribution_main.env.sh) |
Contributor
There was a problem hiding this comment.
Avoid sourcing a mutable remote shell script in a credentialed job.
This step executes shell fetched from another repo’s branch head at runtime while the GitHub app keys are mounted. Any change in that external branch can silently change this job’s behavior or read the mounted credentials without a corresponding review here. Please keep the env values in this config (or another reviewed file in this repo), or at least fetch a pinned immutable revision instead of refs/heads/oadp-dev.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/migtools/udistribution/migtools-udistribution-main__periodics.yaml`
around lines 19 - 20, The job is sourcing a remote, mutable shell script via the
line starting with source <(curl --silent
https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_udistribution_main.env.sh),
which allows unreviewed changes to run with mounted credentials; fix it by
either embedding the required environment variable definitions directly into
this periodic config (or another reviewed file in this repo) or replace the URL
with a pinned immutable revision (use a specific commit SHA or tag in place of
refs/heads/oadp-dev) and update the command string accordingly so the job no
longer fetches from a mutable branch at runtime.
Comment on lines
+20
to
+23
| export BRANCH_NAME=$(curl --silent --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/IBM-Cloud/cloud-provider-ibm/branches" | grep -E '"name": "release-[0-9]+\.[0-9]+"' | awk -F'"' '{print $4}' | sort -V | tail -n 1) | ||
| rebasebot --source https://github.com/IBM-Cloud/cloud-provider-ibm:${BRANCH_NAME} \ | ||
| --dest openshift/cloud-provider-powervs:main \ | ||
| --rebase openshift-cloud-team/cloud-provider-powervs:rebase-bot-main \ |
Contributor
There was a problem hiding this comment.
Point the job at the PowerVS upstream, not cloud-provider-ibm.
Lines 20-21 fetch the branch list from IBM-Cloud/cloud-provider-ibm and use that same repo as --source, while the destination/rebase targets are cloud-provider-powervs. That wires this periodic to the wrong upstream and will generate invalid rebases.
Suggested fix
- export BRANCH_NAME=$(curl --silent --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/IBM-Cloud/cloud-provider-ibm/branches" | grep -E '"name": "release-[0-9]+\.[0-9]+"' | awk -F'"' '{print $4}' | sort -V | tail -n 1)
- rebasebot --source https://github.com/IBM-Cloud/cloud-provider-ibm:${BRANCH_NAME} \
+ export BRANCH_NAME=$(curl --silent --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/IBM-Cloud/cloud-provider-powervs/branches" | grep -E '"name": "release-[0-9]+\.[0-9]+"' | awk -F'"' '{print $4}' | sort -V | tail -n 1)
+ rebasebot --source https://github.com/IBM-Cloud/cloud-provider-powervs:${BRANCH_NAME} \
--dest openshift/cloud-provider-powervs:main \
--rebase openshift-cloud-team/cloud-provider-powervs:rebase-bot-main \📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| export BRANCH_NAME=$(curl --silent --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/IBM-Cloud/cloud-provider-ibm/branches" | grep -E '"name": "release-[0-9]+\.[0-9]+"' | awk -F'"' '{print $4}' | sort -V | tail -n 1) | |
| rebasebot --source https://github.com/IBM-Cloud/cloud-provider-ibm:${BRANCH_NAME} \ | |
| --dest openshift/cloud-provider-powervs:main \ | |
| --rebase openshift-cloud-team/cloud-provider-powervs:rebase-bot-main \ | |
| export BRANCH_NAME=$(curl --silent --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/IBM-Cloud/cloud-provider-powervs/branches" | grep -E '"name": "release-[0-9]+\.[0-9]+"' | awk -F'"' '{print $4}' | sort -V | tail -n 1) | |
| rebasebot --source https://github.com/IBM-Cloud/cloud-provider-powervs:${BRANCH_NAME} \ | |
| --dest openshift/cloud-provider-powervs:main \ | |
| --rebase openshift-cloud-team/cloud-provider-powervs:rebase-bot-main \ |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/cloud-provider-powervs/openshift-cloud-provider-powervs-main__periodics.yaml`
around lines 20 - 23, The branch discovery and rebase source are pointed at
IBM-Cloud/cloud-provider-ibm but this periodic should target the PowerVS
upstream; update the curl URL that sets BRANCH_NAME to query the
IBM-Cloud/cloud-provider-powervs branches and change the rebasebot --source
value to use https://github.com/IBM-Cloud/cloud-provider-powervs:${BRANCH_NAME}
(keep the existing --dest and --rebase targets unchanged) so BRANCH_NAME and the
rebasebot --source refer to the PowerVS repo.
| --dest openshift/cluster-api-provider-azure:main \ | ||
| --rebase openshift-cloud-team/cluster-api-provider-azure:rebase-bot-main \ | ||
| --update-go-modules \ | ||
| --post-rebase-hook git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh \ |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
python - <<'PY'
import shlex
cmd = r'''rebasebot --post-rebase-hook git:https://example/update.sh git:https://example/generate.sh --slack-webhook /tmp/webhook'''
for i, arg in enumerate(shlex.split(cmd), 1):
print(f"{i}: {arg}")
PYRepository: openshift/release
Length of output: 1985
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE="ci-operator/config/openshift/cluster-api-provider-azure/openshift-cluster-api-provider-azure-main__periodics.yaml"
echo "=== File exists? ==="
ls -l "$FILE" || true
echo "=== Lines around 25 ==="
nl -ba "$FILE" | sed -n '15,40p' || true
echo "=== Tokenization (python/shlex) with current snippet ==="
python3 - <<'PY'
import shlex
cmd = r'''rebasebot --post-rebase-hook git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh --slack-webhook /tmp/webhook'''
for i, arg in enumerate(shlex.split(cmd), 1):
print(f"{i}: {arg}")
PYRepository: openshift/release
Length of output: 1956
🌐 Web query:
rebasebot --post-rebase-hook git: usage supports multiple hooks same flag
💡 Result:
The openshift-eng/rebasebot tool does not natively support providing the same hook flag (e.g., --post-rebase-hook) multiple times to register multiple hooks in a single command execution [1][2]. According to the official documentation and implementation details for openshift-eng/rebasebot, lifecycle hooks are defined as specific flag-based configuration points (such as --pre-rebase-hook, --post-rebase-hook, etc.) [1][2]. If you need to run multiple scripts or commands as part of a post-rebase process, the recommended approach is to create a single wrapper script (e.g., a shell script) that executes the desired operations in sequence and reference that single script within the --post-rebase-hook flag [1]. The flag format for a hook script is: git:https_repository_clone_url/branch:repo/relative/path/to/script [1] Example of setting a single hook via command line: rebasebot --post-rebase-hook=git:https://github.com/example/repo/main:scripts/post-rebase-wrapper.sh [1] If you attempt to pass the flag multiple times, standard CLI parsing behavior for this tool typically results in the last specified value taking precedence, rather than aggregating them [1][3].
Citations:
- 1: https://github.com/openshift-eng/rebasebot
- 2: https://github.com/openshift-eng/rebasebot/blob/main/AGENTS.md
- 3: https://robot-framework.readthedocs.io/en/v6.1.1/_modules/robot/rebot.html
Fix --post-rebase-hook usage so both scripts run reliably
rebasebot expects a single hook target for --post-rebase-hook; the current command provides two git: hook specs after one flag, so only one (or neither) will be applied. Rebasebot’s guidance is to reference one wrapper script; create a wrapper that runs update-ocp-manifests-gen.sh and generate-ocp-manifests.sh, and point --post-rebase-hook at that wrapper (instead of trying to pass both via multiple git: values on the same flag).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/cluster-api-provider-azure/openshift-cluster-api-provider-azure-main__periodics.yaml`
at line 25, Rebasebot only accepts a single --post-rebase-hook target; fix this
by adding a small wrapper script (e.g.,
hack/rebasebot-hook-scripts/run-post-rebase-manifests.sh) that calls the two
existing scripts update-ocp-manifests-gen.sh and generate-ocp-manifests.sh
(preserve exit codes and mark it executable), then update the --post-rebase-hook
value to point to the new wrapper's git: URL instead of listing both git:
entries after the same flag.
Comment on lines
+19
to
+21
| commands: | | ||
| UPSTREAM_VERSION=$(curl --silent --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/kubernetes/autoscaler/releases" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | grep -E 'cluster-autoscaler-[0-9.]+' | sort -V | tail -n1) | ||
| rebasebot --source https://github.com/kubernetes/autoscaler:"${UPSTREAM_VERSION}" \ |
Contributor
There was a problem hiding this comment.
Fail fast if release discovery returns no tag.
If the GitHub API call is rate-limited or its output stops matching this pipeline, UPSTREAM_VERSION becomes empty and the job still calls rebasebot with an invalid source ref. Add set -euo pipefail, curl --fail, and an explicit non-empty check before invoking rebasebot.
Suggested hardening
commands: |
- UPSTREAM_VERSION=$(curl --silent --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/kubernetes/autoscaler/releases" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | grep -E 'cluster-autoscaler-[0-9.]+' | sort -V | tail -n1)
+ set -euo pipefail
+ UPSTREAM_VERSION=$(curl --fail --silent --show-error --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/kubernetes/autoscaler/releases" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | grep -E '^cluster-autoscaler-[0-9.]+$' | sort -V | tail -n1)
+ test -n "${UPSTREAM_VERSION}"
rebasebot --source https://github.com/kubernetes/autoscaler:"${UPSTREAM_VERSION}" \📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| commands: | | |
| UPSTREAM_VERSION=$(curl --silent --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/kubernetes/autoscaler/releases" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | grep -E 'cluster-autoscaler-[0-9.]+' | sort -V | tail -n1) | |
| rebasebot --source https://github.com/kubernetes/autoscaler:"${UPSTREAM_VERSION}" \ | |
| commands: | | |
| set -euo pipefail | |
| UPSTREAM_VERSION=$(curl --fail --silent --show-error --header "X-GitHub-Api-Version:2022-11-28" "https://api.github.com/repos/kubernetes/autoscaler/releases" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | grep -E '^cluster-autoscaler-[0-9.]+$' | sort -V | tail -n1) | |
| test -n "${UPSTREAM_VERSION}" | |
| rebasebot --source https://github.com/kubernetes/autoscaler:"${UPSTREAM_VERSION}" \ |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/kubernetes-autoscaler/openshift-kubernetes-autoscaler-main__periodics.yaml`
around lines 19 - 21, The commands block sets UPSTREAM_VERSION by curling GitHub
and may yield empty result; harden it by enabling strict shell options (e.g.,
set -euo pipefail) at the top of the commands, use curl --fail (or similar) so
HTTP failures abort, and add an explicit non-empty check for UPSTREAM_VERSION
before calling rebasebot (produce an error message and exit non-zero if empty).
Ensure the changes are applied in the same commands stanza that defines
UPSTREAM_VERSION and the subsequent call to rebasebot so the job fails fast when
release discovery fails.
Comment on lines
+20
to
+22
| # kubernetes-sigs/karpenter does not seem to cut z-stream releases in git branches, but the tags point to full releases, so get most recent tag | ||
| export MOST_RECENT_UPSTREAM_RELEASE=$(git ls-remote --tags --sort='-v:refname' https://github.com/kubernetes-sigs/karpenter | head -n 1 | cut -f 2 | sed 's#refs/tags/##') | ||
| rebasebot --source https://github.com/kubernetes-sigs/karpenter:$MOST_RECENT_UPSTREAM_RELEASE \ |
Contributor
There was a problem hiding this comment.
Filter out peeled annotated tags before picking the latest release.
git ls-remote --tags returns both refs/tags/<tag> and refs/tags/<tag>^{} for annotated tags. With the current head -n 1, MOST_RECENT_UPSTREAM_RELEASE can end up as vX.Y.Z^{}, which makes the --source ref invalid and breaks the job.
Suggested fix
- export MOST_RECENT_UPSTREAM_RELEASE=$(git ls-remote --tags --sort='-v:refname' https://github.com/kubernetes-sigs/karpenter | head -n 1 | cut -f 2 | sed 's#refs/tags/##')
+ export MOST_RECENT_UPSTREAM_RELEASE=$(
+ git ls-remote --tags --sort='-v:refname' https://github.com/kubernetes-sigs/karpenter \
+ | cut -f 2 \
+ | grep -v '\^{}$' \
+ | head -n 1 \
+ | sed 's#refs/tags/##'
+ )🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/kubernetes-sigs-karpenter/openshift-kubernetes-sigs-karpenter-main__periodics.yaml`
around lines 20 - 22, MOST_RECENT_UPSTREAM_RELEASE can end up as a peeled
annotated tag (refs/tags/<tag>^{}) which makes the rebasebot --source ref
invalid; change the pipeline that sets MOST_RECENT_UPSTREAM_RELEASE so it first
filters out peeled/annotated tag lines (those ending with ^{}) from the git
ls-remote --tags output, then select the top remaining tag and strip the
refs/tags/ prefix before passing it to rebasebot --source.
Comment on lines
+19
to
+20
| commands: | | ||
| source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/openshift_velero_oadp-1.5.env.sh) |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
base='https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads'
file='rebase-configs/openshift_velero_oadp-1.5.env.sh'
for branch in oadp-dev oadp-1.5; do
url="${base}/${branch}/${file}"
code=$(curl -sS -o /tmp/"${branch}".env.sh -w '%{http_code}' "$url")
printf '%s -> HTTP %s\n' "$url" "$code"
done
if [[ -f /tmp/oadp-dev.env.sh && -f /tmp/oadp-1.5.env.sh ]]; then
diff -u /tmp/oadp-dev.env.sh /tmp/oadp-1.5.env.sh || true
fiRepository: openshift/release
Length of output: 1985
Align OADP 1.5 periodic env.sh source branch with branch: oadp-1.5
ci-operator/config/openshift/velero/openshift-velero-oadp-1.5__periodics.yaml declares branch: oadp-1.5, but line 20 sources rebase-configs/openshift_velero_oadp-1.5.env.sh from refs/heads/oadp-dev, so oadp-dev changes can silently affect the “1.5” job. Point the URL to .../refs/heads/oadp-1.5/... (or justify why oadp-dev is intended).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/velero/openshift-velero-oadp-1.5__periodics.yaml`
around lines 19 - 20, The periodic job currently sources an env script from
refs/heads/oadp-dev which mismatches the declared branch (branch: oadp-1.5);
update the curl target in the commands block (the source <(curl
...openshift_velero_oadp-1.5.env.sh) line) to use refs/heads/oadp-1.5 instead of
refs/heads/oadp-dev so the job pulls the env from the same branch, or if
oadp-dev is intentional, add a comment in the commands explaining why and
reference the branch mismatch for future reviewers.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (2)
ci-operator/config/migtools/udistribution/migtools-udistribution-main__periodics.yaml (1)
19-20:⚠️ Potential issue | 🟠 Major | ⚡ Quick winPin the sourced env script to an immutable revision.
This job still
sources shell from a branch head while the GitHub app credentials are mounted, so an unrelated change inoadp-rebasecan silently change the behavior of this credentialed periodic. Please inline the env values here or fetch a pinned commit instead ofrefs/heads/oadp-dev.Suggested change
- source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_udistribution_main.env.sh) + source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/<pinned-commit-sha>/rebase-configs/migtools_udistribution_main.env.sh)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@ci-operator/config/migtools/udistribution/migtools-udistribution-main__periodics.yaml` around lines 19 - 20, The commands block currently sources a script from a branch HEAD which is mutable; update the commands key so it no longer pulls from refs/heads/oadp-dev — either inline the required environment variables directly into the commands block or fetch the script by a pinned immutable revision (replace the URL's refs/heads/oadp-dev with a specific commit SHA) and verify the curl URL (the existing https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_udistribution_main.env.sh) is updated accordingly.ci-operator/config/migtools/filebrowser/migtools-filebrowser-oadp-dev__periodics.yaml (1)
19-20:⚠️ Potential issue | 🟠 Major | ⚡ Quick winPin the sourced env script to an immutable revision.
This job still
sources shell from a branch head while the GitHub app credentials are mounted, so an unrelated change inoadp-rebasecan silently change the behavior of this credentialed periodic. Please inline the env values here or fetch a pinned commit instead ofrefs/heads/oadp-dev.Suggested change
- source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_filebrowser_oadp-dev.env.sh) + source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/<pinned-commit-sha>/rebase-configs/migtools_filebrowser_oadp-dev.env.sh)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@ci-operator/config/migtools/filebrowser/migtools-filebrowser-oadp-dev__periodics.yaml` around lines 19 - 20, The periodic currently sources a branch-head script via the command "source <(curl --silent https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_filebrowser_oadp-dev.env.sh)" which allows remote changes to alter behavior; replace this by either inlining the environment variables directly into the commands block or fetching a pinned immutable revision (use a specific commit SHA in the raw.githubusercontent URL instead of refs/heads/oadp-dev) so the sourced script cannot change unexpectedly, and update the commands line to use the new raw URL or the inlined env values accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@ci-operator/config/openshift/cluster-api-provider-vsphere/openshift-cluster-api-provider-vsphere-main__periodics.yaml`:
- Line 25: The post-rebase-hook entry currently references the dynamic ref
"main" for the two git: hooks
(git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh
and ...:generate-ocp-manifests.sh); pin these hooks to an immutable ref by
replacing "main" with the specific commit SHA for that repo (or vendor the two
scripts into this repo and point the hooks to the vendored paths), ensuring the
post-rebase-hook preserves the same script names update-ocp-manifests-gen.sh and
generate-ocp-manifests.sh but uses either git:<repo>:<commitSHA>:<path> or local
file references so behavior cannot change due to upstream commits.
In
`@ci-operator/config/openshift/cluster-api/openshift-cluster-api-main__periodics.yaml`:
- Line 25: The post-rebase hook specification using "--post-rebase-hook
git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh
git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh"
should not reference the mutable "main" branch; update the job to either vendor
the two scripts or pin each git: URL to an immutable commit SHA (replace
"/main:" with "/<commit-sha>:") so the hooks (update-ocp-manifests-gen.sh and
generate-ocp-manifests.sh) cannot change behavior without review.
---
Duplicate comments:
In
`@ci-operator/config/migtools/filebrowser/migtools-filebrowser-oadp-dev__periodics.yaml`:
- Around line 19-20: The periodic currently sources a branch-head script via the
command "source <(curl --silent
https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_filebrowser_oadp-dev.env.sh)"
which allows remote changes to alter behavior; replace this by either inlining
the environment variables directly into the commands block or fetching a pinned
immutable revision (use a specific commit SHA in the raw.githubusercontent URL
instead of refs/heads/oadp-dev) so the sourced script cannot change
unexpectedly, and update the commands line to use the new raw URL or the inlined
env values accordingly.
In
`@ci-operator/config/migtools/udistribution/migtools-udistribution-main__periodics.yaml`:
- Around line 19-20: The commands block currently sources a script from a branch
HEAD which is mutable; update the commands key so it no longer pulls from
refs/heads/oadp-dev — either inline the required environment variables directly
into the commands block or fetch the script by a pinned immutable revision
(replace the URL's refs/heads/oadp-dev with a specific commit SHA) and verify
the curl URL (the existing
https://raw.githubusercontent.com/oadp-rebasebot/oadp-rebase/refs/heads/oadp-dev/rebase-configs/migtools_udistribution_main.env.sh)
is updated accordingly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 98afd26b-d539-4817-88d3-0d17e1eb65b7
⛔ Files ignored due to path filters (42)
ci-operator/jobs/migtools/filebrowser/migtools-filebrowser-oadp-dev-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/migtools/kopia/migtools-kopia-oadp-1.5-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/migtools/kopia/migtools-kopia-oadp-dev-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/migtools/kubevirt-velero-plugin/migtools-kubevirt-velero-plugin-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/migtools/udistribution/migtools-udistribution-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift-eng/rebasebot/openshift-eng-rebasebot-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/aws-karpenter-provider-aws/openshift-aws-karpenter-provider-aws-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cloud-provider-aws/openshift-cloud-provider-aws-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cloud-provider-azure/openshift-cloud-provider-azure-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cloud-provider-ibm/openshift-cloud-provider-ibm-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cloud-provider-nutanix/openshift-cloud-provider-nutanix-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cloud-provider-powervs/openshift-cloud-provider-powervs-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cloud-provider-vpc-controller/openshift-cloud-provider-vpc-controller-master-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cloud-provider-vsphere/openshift-cloud-provider-vsphere-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cluster-api-provider-aws/openshift-cluster-api-provider-aws-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cluster-api-provider-azure/openshift-cluster-api-provider-azure-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cluster-api-provider-gcp/openshift-cluster-api-provider-gcp-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cluster-api-provider-ibmcloud/openshift-cluster-api-provider-ibmcloud-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cluster-api-provider-nutanix/openshift-cluster-api-provider-nutanix-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cluster-api-provider-vsphere/openshift-cluster-api-provider-vsphere-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/cluster-api/openshift-cluster-api-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/grafana-tempo-operator/openshift-grafana-tempo-operator-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/kubernetes-autoscaler/openshift-kubernetes-autoscaler-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/kubernetes-nmstate/openshift-kubernetes-nmstate-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/kubernetes-sigs-karpenter/openshift-kubernetes-sigs-karpenter-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/oadp-operator/openshift-oadp-operator-oadp-1.5-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/oadp-operator/openshift-oadp-operator-oadp-dev-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/open-telemetry-opentelemetry-operator/openshift-open-telemetry-opentelemetry-operator-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/openstack-ironic-prometheus-exporter/openshift-openstack-ironic-prometheus-exporter-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/openstack-ironic-python-agent/openshift-openstack-ironic-python-agent-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/openstack-ironic/openshift-openstack-ironic-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/openstack-networking-generic-switch/openshift-openstack-networking-generic-switch-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/openstack-sushy/openshift-openstack-sushy-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/topolvm/openshift-topolvm-main-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/velero-plugin-for-aws/openshift-velero-plugin-for-aws-oadp-dev-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/velero-plugin-for-gcp/openshift-velero-plugin-for-gcp-oadp-dev-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/velero-plugin-for-microsoft-azure/openshift-velero-plugin-for-microsoft-azure-oadp-dev-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/velero/openshift-velero-oadp-1.5-periodics.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift/velero/openshift-velero-oadp-dev-periodics.yamlis excluded by!ci-operator/jobs/**
📒 Files selected for processing (43)
ci-operator/config/migtools/filebrowser/migtools-filebrowser-oadp-dev__periodics.yamlci-operator/config/migtools/kopia/migtools-kopia-oadp-1.5__periodics.yamlci-operator/config/migtools/kopia/migtools-kopia-oadp-dev__periodics.yamlci-operator/config/migtools/kubevirt-velero-plugin/migtools-kubevirt-velero-plugin-main__periodics.yamlci-operator/config/migtools/udistribution/migtools-udistribution-main__periodics.yamlci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yamlci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main__periodics.yamlci-operator/config/openshift/aws-karpenter-provider-aws/openshift-aws-karpenter-provider-aws-main__periodics.yamlci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main__periodics.yamlci-operator/config/openshift/cloud-provider-aws/openshift-cloud-provider-aws-main__periodics.yamlci-operator/config/openshift/cloud-provider-azure/openshift-cloud-provider-azure-main__periodics.yamlci-operator/config/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-main__periodics.yamlci-operator/config/openshift/cloud-provider-ibm/openshift-cloud-provider-ibm-main__periodics.yamlci-operator/config/openshift/cloud-provider-nutanix/openshift-cloud-provider-nutanix-main__periodics.yamlci-operator/config/openshift/cloud-provider-powervs/openshift-cloud-provider-powervs-main__periodics.yamlci-operator/config/openshift/cloud-provider-vpc-controller/openshift-cloud-provider-vpc-controller-master__periodics.yamlci-operator/config/openshift/cloud-provider-vsphere/openshift-cloud-provider-vsphere-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-aws/openshift-cluster-api-provider-aws-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-azure/openshift-cluster-api-provider-azure-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-gcp/openshift-cluster-api-provider-gcp-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-ibmcloud/openshift-cluster-api-provider-ibmcloud-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-nutanix/openshift-cluster-api-provider-nutanix-main__periodics.yamlci-operator/config/openshift/cluster-api-provider-vsphere/openshift-cluster-api-provider-vsphere-main__periodics.yamlci-operator/config/openshift/cluster-api/openshift-cluster-api-main__periodics.yamlci-operator/config/openshift/grafana-tempo-operator/openshift-grafana-tempo-operator-main__periodics.yamlci-operator/config/openshift/kubernetes-autoscaler/openshift-kubernetes-autoscaler-main__periodics.yamlci-operator/config/openshift/kubernetes-nmstate/openshift-kubernetes-nmstate-main__periodics.yamlci-operator/config/openshift/kubernetes-sigs-karpenter/openshift-kubernetes-sigs-karpenter-main__periodics.yamlci-operator/config/openshift/oadp-operator/openshift-oadp-operator-oadp-1.5__periodics.yamlci-operator/config/openshift/oadp-operator/openshift-oadp-operator-oadp-dev__periodics.yamlci-operator/config/openshift/open-telemetry-opentelemetry-operator/openshift-open-telemetry-opentelemetry-operator-main__periodics.yamlci-operator/config/openshift/openstack-ironic-prometheus-exporter/openshift-openstack-ironic-prometheus-exporter-main__periodics.yamlci-operator/config/openshift/openstack-ironic-python-agent/openshift-openstack-ironic-python-agent-main__periodics.yamlci-operator/config/openshift/openstack-ironic/openshift-openstack-ironic-main__periodics.yamlci-operator/config/openshift/openstack-networking-generic-switch/openshift-openstack-networking-generic-switch-main__periodics.yamlci-operator/config/openshift/openstack-sushy/openshift-openstack-sushy-main__periodics.yamlci-operator/config/openshift/topolvm/openshift-topolvm-main__periodics.yamlci-operator/config/openshift/velero-plugin-for-aws/openshift-velero-plugin-for-aws-oadp-dev__periodics.yamlci-operator/config/openshift/velero-plugin-for-gcp/openshift-velero-plugin-for-gcp-oadp-dev__periodics.yamlci-operator/config/openshift/velero-plugin-for-microsoft-azure/openshift-velero-plugin-for-microsoft-azure-oadp-dev__periodics.yamlci-operator/config/openshift/velero/openshift-velero-oadp-1.5__periodics.yamlci-operator/config/openshift/velero/openshift-velero-oadp-dev__periodics.yamlcore-services/sanitize-prow-jobs/_config.yaml
💤 Files with no reviewable changes (1)
- ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml
✅ Files skipped from review due to trivial changes (3)
- ci-operator/config/openshift/cluster-api-provider-gcp/openshift-cluster-api-provider-gcp-main__periodics.yaml
- ci-operator/config/openshift/cloud-provider-vpc-controller/openshift-cloud-provider-vpc-controller-master__periodics.yaml
- ci-operator/config/openshift/cluster-api-provider-aws/openshift-cluster-api-provider-aws-main__periodics.yaml
🚧 Files skipped from review as they are similar to previous changes (31)
- ci-operator/config/migtools/kopia/migtools-kopia-oadp-1.5__periodics.yaml
- ci-operator/config/openshift/grafana-tempo-operator/openshift-grafana-tempo-operator-main__periodics.yaml
- ci-operator/config/openshift/cloud-provider-nutanix/openshift-cloud-provider-nutanix-main__periodics.yaml
- ci-operator/config/migtools/kopia/migtools-kopia-oadp-dev__periodics.yaml
- ci-operator/config/openshift/openstack-ironic-prometheus-exporter/openshift-openstack-ironic-prometheus-exporter-main__periodics.yaml
- ci-operator/config/openshift/cluster-api-provider-azure/openshift-cluster-api-provider-azure-main__periodics.yaml
- ci-operator/config/openshift/kubernetes-nmstate/openshift-kubernetes-nmstate-main__periodics.yaml
- ci-operator/config/openshift/kubernetes-autoscaler/openshift-kubernetes-autoscaler-main__periodics.yaml
- ci-operator/config/openshift/openstack-networking-generic-switch/openshift-openstack-networking-generic-switch-main__periodics.yaml
- ci-operator/config/openshift/velero-plugin-for-gcp/openshift-velero-plugin-for-gcp-oadp-dev__periodics.yaml
- ci-operator/config/openshift/openstack-ironic-python-agent/openshift-openstack-ironic-python-agent-main__periodics.yaml
- ci-operator/config/openshift/cluster-api-provider-nutanix/openshift-cluster-api-provider-nutanix-main__periodics.yaml
- ci-operator/config/openshift/openstack-sushy/openshift-openstack-sushy-main__periodics.yaml
- ci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main__periodics.yaml
- ci-operator/config/migtools/kubevirt-velero-plugin/migtools-kubevirt-velero-plugin-main__periodics.yaml
- ci-operator/config/openshift/topolvm/openshift-topolvm-main__periodics.yaml
- ci-operator/config/openshift/velero/openshift-velero-oadp-dev__periodics.yaml
- ci-operator/config/openshift/velero/openshift-velero-oadp-1.5__periodics.yaml
- ci-operator/config/openshift/velero-plugin-for-aws/openshift-velero-plugin-for-aws-oadp-dev__periodics.yaml
- ci-operator/config/openshift/cloud-provider-ibm/openshift-cloud-provider-ibm-main__periodics.yaml
- ci-operator/config/openshift/velero-plugin-for-microsoft-azure/openshift-velero-plugin-for-microsoft-azure-oadp-dev__periodics.yaml
- ci-operator/config/openshift/oadp-operator/openshift-oadp-operator-oadp-dev__periodics.yaml
- ci-operator/config/openshift/cluster-api-provider-ibmcloud/openshift-cluster-api-provider-ibmcloud-main__periodics.yaml
- ci-operator/config/openshift/aws-karpenter-provider-aws/openshift-aws-karpenter-provider-aws-main__periodics.yaml
- ci-operator/config/openshift/cloud-provider-gcp/openshift-cloud-provider-gcp-main__periodics.yaml
- ci-operator/config/openshift/kubernetes-sigs-karpenter/openshift-kubernetes-sigs-karpenter-main__periodics.yaml
- ci-operator/config/openshift/cloud-provider-vsphere/openshift-cloud-provider-vsphere-main__periodics.yaml
- ci-operator/config/openshift/cloud-provider-azure/openshift-cloud-provider-azure-main__periodics.yaml
- ci-operator/config/openshift/oadp-operator/openshift-oadp-operator-oadp-1.5__periodics.yaml
- ci-operator/config/openshift/cloud-provider-powervs/openshift-cloud-provider-powervs-main__periodics.yaml
- ci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main__periodics.yaml
| --dest openshift/cluster-api-provider-vsphere:main \ | ||
| --rebase openshift-cloud-team/cluster-api-provider-vsphere:rebase-bot-main \ | ||
| --update-go-modules \ | ||
| --post-rebase-hook git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh \ |
Contributor
There was a problem hiding this comment.
Pin the post-rebase hooks to an immutable ref.
These hook scripts are pulled from openshift/cluster-capi-operator/main at runtime while the job has mounted credentials, so an unrelated commit in that repo can change this periodic’s behavior without review here. Please vendor the scripts or point each git: hook at a commit SHA instead of main.
Suggested change
- --post-rebase-hook git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh \
+ --post-rebase-hook git:https://github.com/openshift/cluster-capi-operator/<pinned-commit-sha>:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh git:https://github.com/openshift/cluster-capi-operator/<pinned-commit-sha>:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh \🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/cluster-api-provider-vsphere/openshift-cluster-api-provider-vsphere-main__periodics.yaml`
at line 25, The post-rebase-hook entry currently references the dynamic ref
"main" for the two git: hooks
(git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh
and ...:generate-ocp-manifests.sh); pin these hooks to an immutable ref by
replacing "main" with the specific commit SHA for that repo (or vendor the two
scripts into this repo and point the hooks to the vendored paths), ensuring the
post-rebase-hook preserves the same script names update-ocp-manifests-gen.sh and
generate-ocp-manifests.sh but uses either git:<repo>:<commitSHA>:<path> or local
file references so behavior cannot change due to upstream commits.
| --dest openshift/cluster-api:main \ | ||
| --rebase openshift-cloud-team/cluster-api:rebase-bot-main \ | ||
| --update-go-modules \ | ||
| --post-rebase-hook git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh \ |
Contributor
There was a problem hiding this comment.
Pin the post-rebase hooks to an immutable ref.
These hook scripts are pulled from openshift/cluster-capi-operator/main at runtime while the job has mounted credentials, so an unrelated commit in that repo can change this periodic’s behavior without review here. Please vendor the scripts or point each git: hook at a commit SHA instead of main.
Suggested change
- --post-rebase-hook git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh \
+ --post-rebase-hook git:https://github.com/openshift/cluster-capi-operator/<pinned-commit-sha>:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh git:https://github.com/openshift/cluster-capi-operator/<pinned-commit-sha>:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh \🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/cluster-api/openshift-cluster-api-main__periodics.yaml`
at line 25, The post-rebase hook specification using "--post-rebase-hook
git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/update-ocp-manifests-gen.sh
git:https://github.com/openshift/cluster-capi-operator/main:hack/rebasebot-hook-scripts/generate-ocp-manifests.sh"
should not reference the mutable "main" branch; update the job to either vendor
the two scripts or pin each git: URL to an immutable commit SHA (replace
"/main:" with "/<commit-sha>:") so the hooks (update-ocp-manifests-gen.sh and
generate-ocp-manifests.sh) cannot change behavior without review.
Contributor
Author
|
@coderabbitai This PR moves configuration from single file to repo-owned periodics file. Close any issues you found not related to this move as not relevant. |
Contributor
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# List all review comments made by coderabbitai on PR `#79774`
gh pr view 79774 --repo openshift/release --json reviews,comments 2>/dev/null | jq '.'
# Also get review comments (inline)
gh api repos/openshift/release/pulls/79774/comments --paginate 2>/dev/null | jq '[.[] | select(.user.login == "coderabbitai") | {id: .id, body: .body[0:200], path: .path, line: .line}]'Length of output: 122413 🏁 Script executed: #!/bin/bash
# Get all inline review comments by coderabbitai
gh api repos/openshift/release/pulls/79774/comments --paginate | jq '[.[] | select(.user.login == "coderabbitai[bot]") | {id: .id, body: .body[0:300], path: .path, line: .original_line}]'Length of output: 6529 🏁 Script executed: #!/bin/bash
# Get review thread IDs via GraphQL to resolve them
gh api graphql -f query='
{
repository(owner: "openshift", name: "release") {
pullRequest(number: 79774) {
reviewThreads(first: 50) {
nodes {
id
isResolved
comments(first: 1) {
nodes {
databaseId
author { login }
}
}
}
}
}
}
}' | jq '[.data.repository.pullRequest.reviewThreads.nodes[] | select(.comments.nodes[0].author.login == "coderabbitai[bot]") | {threadId: .id, commentId: .comments.nodes[0].databaseId, isResolved: .isResolved}]'Length of output: 681 🏁 Script executed: #!/bin/bash
# Check all review threads
gh api graphql -f query='
{
repository(owner: "openshift", name: "release") {
pullRequest(number: 79774) {
reviewThreads(first: 50) {
nodes {
id
isResolved
comments(first: 1) {
nodes {
databaseId
author { login }
body
}
}
}
}
}
}
}' | jq '[.data.repository.pullRequest.reviewThreads.nodes[] | {threadId: .id, commentId: .comments.nodes[0].databaseId, author: .comments.nodes[0].author.login, isResolved: .isResolved, bodySnippet: .comments.nodes[0].body[0:80]}]'Length of output: 3811 🏁 Script executed: #!/bin/bash
# Resolve all 13 coderabbitai review threads
thread_ids=(
"PRRT_kwDOBHvUUM6GbCnv"
"PRRT_kwDOBHvUUM6GbCnz"
"PRRT_kwDOBHvUUM6GbCn0"
"PRRT_kwDOBHvUUM6GbCn6"
"PRRT_kwDOBHvUUM6GbCn-"
"PRRT_kwDOBHvUUM6GbCoE"
"PRRT_kwDOBHvUUM6GbCoQ"
"PRRT_kwDOBHvUUM6GbCoh"
"PRRT_kwDOBHvUUM6GbCom"
"PRRT_kwDOBHvUUM6GbCow"
"PRRT_kwDOBHvUUM6GbCox"
"PRRT_kwDOBHvUUM6GbNGi"
"PRRT_kwDOBHvUUM6GbNGs"
)
for tid in "${thread_ids[@]}"; do
echo "Resolving thread $tid..."
gh api graphql -f query="mutation { resolveReviewThread(input: {threadId: \"$tid\"}) { thread { id isResolved } } }" \
| jq -r '.data.resolveReviewThread.thread | " -> isResolved: \(.isResolved)"'
doneLength of output: 2123
[resolve] |
Contributor
Author
|
/hold cancel |
openshift-ci
Bot
removed
the
do-not-merge/hold
RadekManak
force-pushed
the
t3code/0f1f7101
branch
from
8d484dd to
d2eee1f
Compare
Contributor
Author
|
@JoelSpeed @elmiko @mpryc @damdo @brandisher @bryan-cox @elfosardo @thiagoalessio @IshwarKanse |
Member
|
conflict resolve pr |
Contributor
|
@RadekManak, Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
Member
|
/approve |
Split the rebasebot periodic jobs out of the central rebasebot config into target repository __periodics files, regenerate the repo-owned prow jobs, and update sanitization to follow the new job locations.
Add the missing component OWNERS files for the new migtools kopia and udistribution config and job directories so follow-up configuration changes can be self-serviced.
RadekManak
force-pushed
the
t3code/0f1f7101
branch
from
e881552 to
7bbc4cf
Compare
openshift-ci
Bot
removed
the
needs-rebase
Contributor
|
[REHEARSALNOTIFIER]
A total of 41 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs. A full list of affected jobs can be found here Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
Contributor
|
/approve For kubernetes-nmstate and whatever else I am allowed to approve |
Contributor
|
/approve |
Contributor
|
/lgtm |
Contributor
openshift-ci
Bot
added
the
approved
Contributor
Author
|
/pj-rehearse ack |
Contributor
|
@RadekManak: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
openshift-merge-bot
Bot
added
the
rehearsals-ack
Contributor
|
@RadekManak: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
TimurMP
pushed a commit
to TimurMP/release
that referenced
this pull request
Jun 4, 2026
* Move rebasebot periodics into repo-owned configs Split the rebasebot periodic jobs out of the central rebasebot config into target repository __periodics files, regenerate the repo-owned prow jobs, and update sanitization to follow the new job locations. * Add OWNERS for new migtools rebasebot configs Add the missing component OWNERS files for the new migtools kopia and udistribution config and job directories so follow-up configuration changes can be self-serviced.
bitoku
added a commit
to bitoku/release
that referenced
this pull request
Jun 9, 2026
Set up repo-owned rebasebot periodic jobs for all openshift/cri-o release branches (4.12 through 5.1), rebasing from upstream cri-o/cri-o release branches. Follows the pattern established in PR openshift#79774. Assisted-by: Claude Code <https://claude.com/claude-code>
bitoku
added a commit
to bitoku/release
that referenced
this pull request
Jun 9, 2026
Set up repo-owned rebasebot periodic jobs for all openshift/cri-o release branches (4.12 through 5.1), rebasing from upstream cri-o/cri-o release branches. Follows the pattern established in PR openshift#79774. Assisted-by: Claude Code <https://claude.com/claude-code>
bitoku
added a commit
to bitoku/release
that referenced
this pull request
Jun 9, 2026
Set up repo-owned rebasebot periodic jobs for all openshift/cri-o release branches (4.12 through 5.1), rebasing from upstream cri-o/cri-o release branches. Follows the pattern established in PR openshift#79774. Assisted-by: Claude Code <https://claude.com/claude-code>
bitoku
added a commit
to bitoku/release
that referenced
this pull request
Jun 9, 2026
Set up repo-owned rebasebot periodic jobs for all openshift/cri-o release branches (4.12 through 5.1), rebasing from upstream cri-o/cri-o release branches. Follows the pattern established in PR openshift#79774. Assisted-by: Claude Code <https://claude.com/claude-code>
bitoku
added a commit
to bitoku/release
that referenced
this pull request
Jun 9, 2026
Set up repo-owned rebasebot periodic jobs for all openshift/cri-o release branches (4.12 through 5.1), rebasing from upstream cri-o/cri-o release branches. Follows the pattern established in PR openshift#79774. Assisted-by: Claude Code <https://claude.com/claude-code>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Repo-owned periodic configs make each repository responsible for its own rebasebot job definition instead of keeping all of them in the shared
openshift-eng/rebasebotconfig.Using
__periodics.yamlalso follows the repository's existing variant-periodics pattern: periodic jobs are kept separate from the default branch config so they are not copied as part of the normal branch fast-forwarding and branching flow. That keeps branch-specific periodic configuration alongside the repo and branch it actually targets.Summary
openshift-eng/rebasebotand into repo-owned__periodics.yamlconfigsmaintargets likemaster,oadp-dev, andoadp-1.5, while switching the wrapper to the sharedci/rebasebot:latestimageConfig changes
ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yamlci-operator/config/<org>/<repo>/<org>-<repo>-<branch>__periodics.yamlci-operator/config/openshift/cloud-provider-aws/openshift-cloud-provider-aws-main__periodics.yaml