feat: add RPM-only build mode for presubmit CI#6961
Conversation
Skip composer config and image builds when running with -rpm_only flag. Move rpm-install scenarios from scenarios-bootc/ to scenarios-rpm/. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
|
Skipping CI for Draft Pull Request. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: agullon The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdds RPM-only build handling in ChangesRPM-only CI flow
Estimated code review effort🎯 2 (Simple) | ⏱️ ~5 minutes 🚥 Pre-merge checks | ✅ 14 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (14 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
osbuild-composer is not installed in rpm_only mode, so create-workers fails trying to start osbuild-worker systemd units that don't exist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
parallel --citation returns non-zero on newer versions (RHEL 10), which kills the script under set -euo pipefail. Creating the file directly is simpler and version-agnostic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
configure-composer.sh installs parallel, mock, nginx etc. needed by build_rpms.sh. Skipping it in rpm_only mode caused parallel not found. The create-workers step is still skipped via COMPOSER_CLI_BUILDS=false. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
RPM-install scenarios pull container images directly from upstream registries and don't need the local Quay mirror. The mirror requires container-images-list which is only generated during image builds. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/bin/ci_phase_boot_and_test.sh`:
- Around line 56-59: Reset SKIP_MIRROR_REGISTRY before the scenario branching in
ci_phase_boot_and_test.sh so inherited values do not leak into non-RPM jobs.
Update the pre-submit logic around the SCENARIO_TYPE and SCENARIO_SOURCES checks
to initialize SKIP_MIRROR_REGISTRY to false (or explicitly clear it) before
setting it to true for the rpm-presubmits path, and ensure the non-RPM branches
leave it disabled so scenario.sh sees the correct value.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 5ef256d2-d333-4097-a80d-9ac3d8a2059d
📒 Files selected for processing (2)
test/bin/ci_phase_boot_and_test.shtest/bin/scenario.sh
| # RPM-only presubmits skip the mirror registry — scenarios pull images directly. | ||
| if [[ "${SCENARIO_TYPE:-}" =~ ^rpm-presubmits-.*$ ]]; then | ||
| export SKIP_MIRROR_REGISTRY=true | ||
| elif [[ "${SCENARIO_SOURCES:-}" =~ .*releases.* ]]; then |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win
Reset SKIP_MIRROR_REGISTRY before branching.
This only exports true on the RPM-only path. Since scenario.sh now reads the inherited environment, a caller that already has SKIP_MIRROR_REGISTRY=true will also skip mirror setup for non-RPM jobs. Initialize it to false first, or clear it in the non-RPM branches.
Suggested fix
+# Default for all scenarios; override only for RPM-only presubmits.
+export SKIP_MIRROR_REGISTRY=false
+
# RPM-only presubmits skip the mirror registry — scenarios pull images directly.
if [[ "${SCENARIO_TYPE:-}" =~ ^rpm-presubmits-.*$ ]]; then
export SKIP_MIRROR_REGISTRY=true
elif [[ "${SCENARIO_SOURCES:-}" =~ .*releases.* ]]; then📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # RPM-only presubmits skip the mirror registry — scenarios pull images directly. | |
| if [[ "${SCENARIO_TYPE:-}" =~ ^rpm-presubmits-.*$ ]]; then | |
| export SKIP_MIRROR_REGISTRY=true | |
| elif [[ "${SCENARIO_SOURCES:-}" =~ .*releases.* ]]; then | |
| # Default for all scenarios; override only for RPM-only presubmits. | |
| export SKIP_MIRROR_REGISTRY=false | |
| # RPM-only presubmits skip the mirror registry — scenarios pull images directly. | |
| if [[ "${SCENARIO_TYPE:-}" =~ ^rpm-presubmits-.*$ ]]; then | |
| export SKIP_MIRROR_REGISTRY=true | |
| elif [[ "${SCENARIO_SOURCES:-}" =~ .*releases.* ]]; then |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@test/bin/ci_phase_boot_and_test.sh` around lines 56 - 59, Reset
SKIP_MIRROR_REGISTRY before the scenario branching in ci_phase_boot_and_test.sh
so inherited values do not leak into non-RPM jobs. Update the pre-submit logic
around the SCENARIO_TYPE and SCENARIO_SOURCES checks to initialize
SKIP_MIRROR_REGISTRY to false (or explicitly clear it) before setting it to true
for the rpm-presubmits path, and ensure the non-RPM branches leave it disabled
so scenario.sh sees the correct value.
SCENARIO_TYPE is not propagated to EC2 via SSH — use SCENARIO_SOURCES which is already passed. Also fix el10 directory typo (presumits -> presubmits). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Without this, rpm scenarios get type 'unknown', causing wrong output directory names and broken VM domain lookups. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
In the normal flow, build_images.sh creates vm-storage/ as ec2-user. When virsh pool-build runs later, it finds the dir already exists and keeps ec2-user ownership. In rpm_only mode, build_images.sh is skipped, so pool-build creates it as root, causing permission denied when scenario.sh tries to mkdir inside it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
The rpm-install scenarios need installer ISOs to boot VMs via kickstart. In normal flow, build_images.sh creates them. In rpm_only mode, download them from the build cache instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
286676e to
f940d1c
Compare
Remove remove.robot and upgrade-successful.robot temporarily to validate the CI pipeline end-to-end with just the install test. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
- Extract common functions to scenarios-rpm/common-scenarios-rpm.sh - Merge el9/el10 scenario directories into scenarios-rpm/presubmits/ - Rename scenarios to el98@standard1, el102@standard1, el98@upgrade - Add install_microshift() bash function replacing install.robot - Run suites/standard1/ for functional validation after RPM install Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
- Move functional tests (standard, storage, router, configuration, network, low-latency) to scenarios-rpm/presubmits for both el98/el102 - Move upgrade/backup/ostree scenarios from presubmits to periodics - Remove duplicated scenarios between presubmits and periodics - Remove empty scenarios/presubmits directory 22 RPM presubmit scenarios now provide fast (~34 min) functional feedback. Ostree-specific tests (upgrades, greenboot, backups) remain in bootc presubmits and periodics. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
- el102: use configure_cdn_repo for fast-datapath (subscription-manager doesn't have it on RHEL 10) - storage: wait for LVMS operator pod before running tests (greenboot normally handles this) - multi-nic: start greenboot-healthcheck explicitly (RF Setup waits for it but it never ran as a boot-time oneshot) - low-latency: keep local repo after install so additional RPMs like microshift-low-latency can be installed - dual-stack/ipv6: add NM connectivity check after RPM install to avoid race with NetworkManager restart from %post scriptlet Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Remove el98/el102 duplication — one set of 11 scenario files that derive RHEL version from SCENARIO_TYPE (rpm-presubmits-el9 or rpm-presubmits-el10). common-scenarios-rpm.sh reads SCENARIO_TYPE from _output/scenario_type (written by iso-build step) and sets RPM_RHEL_VERSION, RPM_INSTALLER_IMAGE, and configure_rpm_repos() accordingly. 22 scenario files -> 11 (one per suite). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Add download_isos action to manage_build_cache.sh that downloads only installer ISOs from the cache. Replace inline S3 sync in ci_phase_iso_build.sh with the new method. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
- CRITICAL: remove || echo suppression in download_isos, let failures propagate via run_aws_cli - HIGH: fail explicitly when no cache access in rpm_only mode (ISOs are mandatory) - HIGH: validate cache_last is non-empty before using it - IMPORTANT: expand standard1.sh to run full suites/standard1/ not just version.robot - IMPORTANT: add explicit el9 case and warning for unknown SCENARIO_TYPE values - IMPORTANT: log nmcli connectivity result and warn if not 'full' Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Split the scenario lifecycle into create -> setup -> run: - scenario_create_vms: only prepare_kickstart + launch_vm - scenario_setup_vms: configure firewall, RHSM, repos, install MicroShift - scenario_run_tests: only run_tests Default scenario_setup_vms in common-scenarios-rpm.sh handles the common case. Scenarios with extra setup (storage, multi-nic, low-latency, upgrade) override it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Every scenario now defines scenario_setup_vms explicitly, calling rpm_setup_and_install_microshift (or rpm_configure_vm for upgrade). No default scenario_setup_vms in common — each scenario owns its setup lifecycle. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
rpm_configure_vm and rpm_install_microshift are now called explicitly in each scenario_setup_vms, making the lifecycle clearer. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Single function handles repo setup, dnf install, NM connectivity check, service start, and endpoint readiness wait. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
This reverts commit 4dbc14b.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
- upgrade: restore Y-1 rhocp repos in configure_rpm_repos for previous MicroShift version install - low-latency: reboot after installing microshift-low-latency (tuned requires reboot, not just service restart) - multi-nic: reboot instead of manual greenboot-healthcheck start (service refuses manual start, only runs at boot) - dual-stack/ipv6: reboot after install to ensure clean network state (NM restart during RPM install disrupts IPv6) - storage: wait for vg-manager and topolvm-node daemonsets in addition to lvms-operator deployment - Add rpm_reboot_and_wait helper for scenarios needing clean boot Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
- storage: wait for topolvm-node daemonset to be created by the lvms-operator before waiting for it to be ready (it's created at runtime, not a static resource) - low-latency: disable — tuned profile needs kernel-rt and specific configuration that RPM mode doesn't provide yet Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
topolvm-node is a legacy daemonset that's deleted during migration, not created. The current LVMS uses vg-manager instead. Waiting for lvms-operator + vg-manager is sufficient. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Pure k8s functional tests with no ostree/greenboot dependencies. Also remove low-latency (needs kernel-rt + tuned config), remove storage (reboot tests need greenboot), and add storage to periodics. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
…-latency disabled - Remove el96-prel and el96-yminus2 upgrade-ok from bootc presubmits (already exist in bootc periodics) - Add low-latency as disabled to scenarios/periodics (needs kernel-rt) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Aligns with scenarios-bootc/ and scenarios-rpm/ naming convention. Updates get_scenario_type_from_path and default SCENARIO_SOURCES. Also adds storage (partial), optional (partial), and gitops-telemetry-clusterid RPM presubmit scenarios. Moves all bootc el9/el10 presubmits to periodics. Restores deleted ostree presubmits into ostree periodics. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Split scenarios-bootc/el9/periodics, scenarios-bootc/el10/periodics, and scenarios-ostree/periodics into periodics-1 and periodics-2 directories (~15 scenarios each) to reduce per-job runtime. Also move scenario_rpm.sh to test/bin/. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
microshift-gitops is not in the local build repo — it's installed from the CDN gitops repo which needs entitlement certs configured differently. Rename scenario to telemetry-clusterid (the tests that pass). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
periodics-1: upgrades, rollbacks, backup/recovery, greenboot periodics-2: functional tests (config, storage, networking, optional, ai-model-serving, fips, osconfig, standard suites) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
- Added new test suites for OTP workloads to the osconfig lifecycle test scenario. - Removed the outdated el102-src@osconfig-lifecycle.sh script as it is no longer needed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
…_run_tests - Removed the outdated lifecycle.robot test suite from the scenario_run_tests function to streamline test execution. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Split router.robot into router-ownership.robot (3 tests, ~8m) and router-verify.robot (4 tests, ~10m) with shared router.resource. Split optional scenario into optional1 (cert-manager + olm, ~13m) and optional2 (gateway-api + tls-scanner, ~11m). Redistribute standard suites across 7 scenarios (was 6) by referencing specific .robot files instead of directory globs. Rename osconfig-lifecycle-core-api to kustomize-core-api and add networking and validation scenarios. Total scenarios: 13 → 17. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
- Move hostname.robot back to standard1 (hostname assertion expects 'standard' in VM name) - Move feature-gates and validate-certificate-rotation to validation - Add networking-smoke.robot to networking scenario - Revert optional split (tls-scanner not needed in presubmits) - Remove hostname.robot from networking scenario (was duplicated) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED
Summary
-rpm_onlyflag toci_phase_iso_build.shthat skips composer config and image builds, only building RPMsmanage_composer_config.sh createwhen running in RPM-only modescenarios-bootc/toscenarios-rpm/Context
Shift Week project: RPM-based presubmit CI reduces total CI time from ~55 min to ~30-35 min (~35-40% faster) by eliminating the image build phase for scenarios that don't need ostree/bootc deployment.
Test plan
ci_phase_iso_build.sh -rpm_onlyand verify it exits afterbuild_rpms.sh🤖 Generated with Claude Code
Summary by CodeRabbit
-rpm_onlycommand-line option to run an RPM-focused build and stop after RPM package creation.