Skip to content

build an extra image rebasebot-podman#81455

Open
hongkailiu wants to merge 2 commits into
openshift:mainfrom
hongkailiu:rebasebot-podman
Open

build an extra image rebasebot-podman#81455
hongkailiu wants to merge 2 commits into
openshift:mainfrom
hongkailiu:rebasebot-podman

Conversation

@hongkailiu

@hongkailiu hongkailiu commented Jul 3, 2026

Copy link
Copy Markdown
Member

/cc nobody

Summary by CodeRabbit

This PR updates the OpenShift CI operator configuration for the rebasebot workflow (ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml) to add an additional rebasebot-podman image variant.

Concretely, it introduces a reusable base_images.nested-podman base (nested-podman in the ci namespace, latest) and uses that base to build rebasebot-podman via an inline dockerfile_literal. The new image sets up a “Docker-like” interface by symlinking /usr/local/bin/docker to Podman, copies the rebasebot source from /go/src/github.com/openshift-eng/rebasebot into the image as src, installs uv and the rebasebot Python package (pip install .), then prepares /working for execution before switching to USER 1001:1001. The existing rebasebot image definition remains unchanged.

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@hongkailiu: GitHub didn't allow me to request PR reviews from the following users: nobody.

Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs.

Details

In response to this:

/cc nobody

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@hongkailiu

Copy link
Copy Markdown
Member Author

/pj-rehearse

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@hongkailiu: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

This PR adds a nested-podman base image reference and a new rebasebot-podman image build in the rebasebot CI config, with inline Dockerfile steps and source input wiring.

Changes

Rebasebot podman image config

Layer / File(s) Summary
Base image and podman build
ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml
Adds base_images.nested-podman and defines images.items.to: rebasebot-podman from that base with an inline Dockerfile, source input, and final user/workdir setup.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • openshift/release#81431: Both PRs wire a nested-podman base image into CI image builds and add related input/build configuration.

Suggested labels: rehearsals-ack

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change: adding the new rebasebot-podman image.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed The PR only changes ci-operator YAML; no Ginkgo test titles were added or modified.
Test Structure And Quality ✅ Passed Only a ci-operator YAML changed; no Ginkgo test code was added or modified, so the test-structure review is not applicable.
Microshift Test Compatibility ✅ Passed PR only changes CI config/YAML; no new Ginkgo test code or MicroShift-sensitive APIs were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Only a YAML image config line changed; no Ginkgo e2e tests were added or modified, so SNO compatibility is not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed Only ci-operator image/build config changed; no replicas, nodeSelectors, affinity, spread constraints, or PDBs were added.
Ote Binary Stdout Contract ✅ Passed PR only edits a ci-operator YAML image config; no process-level code or stdout logging paths were changed, so the OTE stdout contract isn't implicated.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; the PR only changes ci-operator image config.
No-Weak-Crypto ✅ Passed The only changed file is a CI YAML/Dockerfile literal; it contains no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB or secret-comparison code.
Container-Privileges ✅ Passed No privileged:true, hostPID/network/IPC, allowPrivilegeEscalation, or SYS_ADMIN fields were added; USER root appears only in Dockerfile build steps.
No-Sensitive-Data-In-Logs ✅ Passed The only changed file is a ci-operator YAML build config; it contains no logging statements, credentials, hostnames, or user/customer data.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: hongkailiu
Once this PR has been reviewed and has the lgtm label, please assign elmiko for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml`:
- Line 41: The working directory permissions are too broad because the current
chmod in the container setup makes the directory world-writable. Update the
chmod in the build/setup step that follows the chown to default so it uses a
tighter mode such as 0755, or 0770 only if group write access is required, and
keep the fix localized to the directory permission setting in this YAML.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: cecd2055-61f0-4bfa-bc0c-4f75804afcf9

📥 Commits

Reviewing files that changed from the base of the PR and between 33d91b3 and 645fd9f.

📒 Files selected for processing (1)
  • ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml

Comment thread ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml Outdated
@hongkailiu hongkailiu force-pushed the rebasebot-podman branch 2 times, most recently from e5211be to 430ecae Compare July 3, 2026 16:05
@hongkailiu

Copy link
Copy Markdown
Member Author

/pj-rehearse

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@hongkailiu: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@hongkailiu

Copy link
Copy Markdown
Member Author

/pj-rehearse pull-ci-openshift-eng-rebasebot-main-images

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@hongkailiu: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@hongkailiu

Copy link
Copy Markdown
Member Author

/pj-rehearse pull-ci-openshift-eng-rebasebot-main-images

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@hongkailiu: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@hongkailiu

Copy link
Copy Markdown
Member Author

/pj-rehearse pull-ci-openshift-eng-rebasebot-main-images

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@hongkailiu: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@hongkailiu

Copy link
Copy Markdown
Member Author

/pj-rehearse pull-ci-openshift-eng-rebasebot-main-images

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@hongkailiu: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@hongkailiu

Copy link
Copy Markdown
Member Author

/pj-rehearse pull-ci-openshift-eng-rebasebot-main-images

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@hongkailiu: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

We can install others on demand later.
@hongkailiu

Copy link
Copy Markdown
Member Author

/pj-rehearse pull-ci-openshift-eng-rebasebot-main-images

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

[REHEARSALNOTIFIER]
@hongkailiu: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name Repo Type Reason
pull-ci-openshift-eng-rebasebot-main-images openshift-eng/rebasebot presubmit Ci-operator config changed
pull-ci-openshift-eng-rebasebot-main-lint openshift-eng/rebasebot presubmit Ci-operator config changed
pull-ci-openshift-eng-rebasebot-main-unit openshift-eng/rebasebot presubmit Ci-operator config changed
Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@hongkailiu: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

[REHEARSALNOTIFIER]
@hongkailiu: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name Repo Type Reason
pull-ci-openshift-eng-rebasebot-main-images openshift-eng/rebasebot presubmit Ci-operator config changed
pull-ci-openshift-eng-rebasebot-main-lint openshift-eng/rebasebot presubmit Ci-operator config changed
pull-ci-openshift-eng-rebasebot-main-unit openshift-eng/rebasebot presubmit Ci-operator config changed
Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@hongkailiu: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant