microshift USHIFT-5765: common_versions.sh script generator

This PR is the first step: it introduces a script to generate the variables for common_versions.sh. Next steps are up for discussion (making it part of rebase).

Jun 09 '25 12:06 vanhalenar

@vanhalenar: This pull request references USHIFT-5765 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set.

In response to this:

This PR is the first step: it introduces a script to generate the variables for common_versions.sh. Next steps are up for discussion (making it part of rebase).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Jun 09 '25 12:06 openshift-ci-robot

/retest /lgtm

Jun 30 '25 09:06 pmtk

/retest-required

Remaining retests: 0 against base HEAD 880568a0fd9b1de1da232e4eabb478828e56b7e0 and 2 for PR HEAD 5b3e2874ce47a7a72bb919ff17bafc858a91271c in total

Jun 30 '25 10:06 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 0d45f36f88f822b81b1f89d8eaaf17300d8b76e8 and 1 for PR HEAD 5b3e2874ce47a7a72bb919ff17bafc858a91271c in total

Jun 30 '25 12:06 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 0d45f36f88f822b81b1f89d8eaaf17300d8b76e8 and 2 for PR HEAD 5b3e2874ce47a7a72bb919ff17bafc858a91271c in total

Jun 30 '25 20:06 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 0d45f36f88f822b81b1f89d8eaaf17300d8b76e8 and 2 for PR HEAD 5b3e2874ce47a7a72bb919ff17bafc858a91271c in total

Jul 01 '25 00:07 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD ef70e1cfd90ab3bfa1f925987d1ddd778285ca23 and 1 for PR HEAD 5b3e2874ce47a7a72bb919ff17bafc858a91271c in total

Jul 01 '25 09:07 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 3aaa6f44851e07e466d87c511ea90d709b785f03 and 0 for PR HEAD 5b3e2874ce47a7a72bb919ff17bafc858a91271c in total

Jul 01 '25 11:07 openshift-ci-robot

/hold

Revision 5b3e2874ce47a7a72bb919ff17bafc858a91271c was retested 3 times: holding

Jul 01 '25 13:07 openshift-ci-robot

/lgtm cancel

Jul 05 '25 05:07 ggiguash

Not sure about how or who should execute this new script, but I suggest you add a bash script to run the python one. Move this new python script into pyutils (maybe you can reuse something from common.py) and use a similar bash script like build_bootc_images.sh to execute the python script.

Sep 03 '25 15:09 agullon

I also suggest splitting the new python script in 2 files: one with the code and another one with the content in output var. You can name this last one common_versions.sh.template or something similar. I think this is a good practice because this new template is quite big, and it's easier to review changes in the future.

Sep 03 '25 15:09 agullon

Not sure about how or who should execute this new script, but I suggest you add a bash script to run the python one. Move this new python script into pyutils (maybe you can reuse something from common.py) and use a similar bash script like build_bootc_images.sh to execute the python script.

Maybe we should have one common venv for all the scripts? Then it would be just matter of running ./script.py

Sep 30 '25 12:09 pmtk

I also suggest splitting the new python script in 2 files: one with the code and another one with the content in output var. You can name this last one common_versions.sh.template or something similar. I think this is a good practice because this new template is quite big, and it's easier to review changes in the future.

I split the script and I put the template into test/assets.

Oct 03 '25 11:10 vanhalenar

Not sure about how or who should execute this new script, but I suggest you add a bash script to run the python one. Move this new python script into pyutils (maybe you can reuse something from common.py) and use a similar bash script like build_bootc_images.sh to execute the python script.

I've added a bash script, similar to the build_bootc_images one.

Oct 03 '25 11:10 vanhalenar

It looks good to me

Oct 06 '25 12:10 agullon

Regarding the comments from common_versions.sh that I removed, they're still in generate_common_versions.py, just a bit reworded to reflect the changes. Should I include them in the generated common_versions.sh or not? I thought that if the script is being auto-generated, it makes more sense to not have comments there.

Oct 06 '25 12:10 vanhalenar

Regarding the comments from common_versions.sh that I removed, they're still in generate_common_versions.py, just a bit reworded to reflect the changes. Should I include them in the generated common_versions.sh or not? I thought that if the script is being auto-generated, it makes more sense to not have comments there.

From the point of view of someone reading the code to understand how it's working, I think there's more value having the comments in the common_versions.sh. The reason is, for example: if I'm trying to understand how scenarios.sh works I need to understand how the vars in common_versions.sh are defined, so it'll be easier to have the comments right there.

Oct 06 '25 12:10 agullon

Regarding the comments from common_versions.sh that I removed, they're still in generate_common_versions.py, just a bit reworded to reflect the changes. Should I include them in the generated common_versions.sh or not? I thought that if the script is being auto-generated, it makes more sense to not have comments there.

From the point of view of someone reading the code to understand how it's working, I think there's more value having the comments in the common_versions.sh. The reason is, for example: if I'm trying to understand how scenarios.sh works I need to understand how the vars in common_versions.sh are defined, so it'll be easier to have the comments right there.

Alright, I've added back comments to common_versions.sh itself.

Oct 06 '25 12:10 vanhalenar

/unhold /retest /lgtm

Oct 08 '25 07:10 pmtk

/verified by ci

Oct 08 '25 07:10 pmtk

@pmtk: This PR has been marked as verified by ci.

In response to this:

/verified by ci

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Oct 08 '25 07:10 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 6c9875bf77f08ccbdbc86f9302aae07ae4629734 and 2 for PR HEAD c1a850ac2a3b38724b1effb68c1b149758c77a1f in total

Oct 08 '25 09:10 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD 4a0e02e7054bf4db526143ac92fadc8ea215f5a1 and 1 for PR HEAD c1a850ac2a3b38724b1effb68c1b149758c77a1f in total

Oct 08 '25 12:10 openshift-ci-robot

/retest-required

Remaining retests: 0 against base HEAD f1ba832ade6623663763ce8928e134ddc8462340 and 0 for PR HEAD c1a850ac2a3b38724b1effb68c1b149758c77a1f in total

Oct 08 '25 15:10 openshift-ci-robot

/hold

Revision c1a850ac2a3b38724b1effb68c1b149758c77a1f was retested 3 times: holding

Oct 08 '25 17:10 openshift-ci-robot

/unhold /lgtm

Oct 10 '25 08:10 pmtk

And the operator deployed more unsigned images...

Oct 14 09:29:02 el96-crel-optional-sigstore-bootc-host1 40_microshift_running_check.sh[975]: - "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:96d51e3a64bf30cbd92836c7cbd82f06edca16eef78ab1432757d34c16628659" for Pod "cert-manager-7cfb4fbb84-xp2g6" in namespace "cert-manager": Failed to pull image "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:96d51e3a64bf30cbd92836c7cbd82f06edca16eef78ab1432757d34c16628659": SignatureValidationFailed: unable to pull image or OCI artifact: pull image err: copying system image from manifest list: Source image rejected: A signature was required, but no signature exists (2 non-sigstore signatures, 0 sigstore non-signature attachments); artifact err: provided artifact is a container image
Oct 14 09:29:02 el96-crel-optional-sigstore-bootc-host1 40_microshift_running_check.sh[975]: - "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:96d51e3a64bf30cbd92836c7cbd82f06edca16eef78ab1432757d34c16628659" for Pod "cert-manager-cainjector-854f669657-dh6dt" in namespace "cert-manager": Failed to pull image "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:96d51e3a64bf30cbd92836c7cbd82f06edca16eef78ab1432757d34c16628659": SignatureValidationFailed: unable to pull image or OCI artifact: pull image err: copying system image from manifest list: Source image rejected: A signature was required, but no signature exists (2 non-sigstore signatures, 0 sigstore non-signature attachments); artifact err: provided artifact is a container image
Oct 14 09:29:02 el96-crel-optional-sigstore-bootc-host1 40_microshift_running_check.sh[975]: - "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:96d51e3a64bf30cbd92836c7cbd82f06edca16eef78ab1432757d34c16628659" for Pod "cert-manager-webhook-68fd6d5f5c-lls2p" in namespace "cert-manager": Failed to pull image "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:96d51e3a64bf30cbd92836c7cbd82f06edca16eef78ab1432757d34c16628659": SignatureValidationFailed: unable to pull image or OCI artifact: pull image err: copying system image from manifest list: Source image rejected: A signature was required, but no signature exists (2 non-sigstore signatures, 0 sigstore non-signature attachments); artifact err: provided artifact is a container image

Oct 14 '25 11:10 pmtk

@vanhalenar: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Oct 14 '25 12:10 openshift-ci[bot]

/lgtm /verified by CI

Oct 14 '25 14:10 pmtk