ART-14091: Add support for ignorable repos in scan-sources#3116
ART-14091: Add support for ignorable repos in scan-sources#3116locriandev wants to merge 1 commit into
Conversation
|
@locriandev: This pull request references ART-14091 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdds optional ChangesIgnorable scan sources flow
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Suggested labels
Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 10 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (10 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Added RHCOS scanning support in commit f73d1fc. The ignorable repo filtering now applies to both:
This ensures that routine RHEL updates in repos marked as |
|
✅ All unit tests passing (commit 0816af5) Fixed test failures:
Test results: 2910 tests passed across all packages (artcommon, doozer, elliott, pyartcd, ocp-build-data-validator) |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@doozer/doozerlib/runtime.py`:
- Around line 368-370: The optional scan_sources handling in runtime.py is too
strict because Repo.scan_sources can be null, but the current scan_sources setup
always calls ScanSources.model_validate whenever the key exists. Update the
repo_data parsing around scan_sources in the runtime logic so that a
present-but-None value is treated the same as a missing field and skipped before
validation, while still validating only non-null values through
ScanSources.model_validate.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift-eng/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 068dc8cf-930f-490b-9d27-4e8b30f31376
📒 Files selected for processing (1)
doozer/doozerlib/runtime.py
| scan_sources = None | ||
| if 'scan_sources' in repo_data: | ||
| scan_sources = ScanSources.model_validate(repo_data['scan_sources']) |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win
Preserve null for optional scan_sources.
Line 369 validates whenever the key exists, so old-style group.yml now rejects scan_sources: null even though Repo.scan_sources is optional. Treat None the same as an omitted field before calling model_validate.
Suggested fix
- scan_sources = None
- if 'scan_sources' in repo_data:
- scan_sources = ScanSources.model_validate(repo_data['scan_sources'])
+ scan_sources = None
+ scan_sources_data = repo_data.get('scan_sources')
+ if scan_sources_data not in (None, Missing):
+ scan_sources = ScanSources.model_validate(scan_sources_data)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@doozer/doozerlib/runtime.py` around lines 368 - 370, The optional
scan_sources handling in runtime.py is too strict because Repo.scan_sources can
be null, but the current scan_sources setup always calls
ScanSources.model_validate whenever the key exists. Update the repo_data parsing
around scan_sources in the runtime logic so that a present-but-None value is
treated the same as a missing field and skipped before validation, while still
validating only non-null values through ScanSources.model_validate.
Implements the ability to mark repos as ignorable to prevent mass rebuilds from RHEL base package updates. rh-pre-commit.version: 2.4.0 rh-pre-commit.check-secrets: ENABLED
69fffc0 to
5a44b0a
Compare
|
@locriandev: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Summary
This PR adds support for marking repos as ignorable in scan-sources to prevent mass rebuilds from routine RHEL updates.
Config
Needs to go along with ocp-build-data changes to
group.ymlin thereposstanza, e.g.Testing
https://art-jenkins.apps.prod-stable-spoke1-dc-iad2.itup.redhat.com/job/aos-cd-builds/job/build%252Focp4-scan-konflux/51918/
Summary by CodeRabbit
New Features
ignorableflag to control whether a repository participates in scan comparisons.Bug Fixes
Tests
scan_sources/ignorablehandling behavior.