Building RPMs using COPR #161
Conversation
📝 WalkthroughWalkthroughAdds COPR-based RPM build and retrieval: Makefile now includes COPR targets, new containerfiles and scripts to create/watch COPR builds and extract RPMs, boot image build accepts overridable Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer / Make
participant Podman as Podman
participant CLI as COPR CLI Container
participant COPR as COPR Service
participant Builder as rpms-copr Container
participant Repo as RPM Repository
Dev->>Podman: make rpm-copr
Podman->>CLI: run COPR CLI container (mount SRPMs, config, secret)
CLI->>COPR: create-build (upload SRPMs)
COPR-->>CLI: returns build ID
CLI->>Dev: write build ID (/srpms/build.txt)
CLI->>COPR: watch-build (poll until complete)
COPR-->>CLI: build completed
Podman->>Builder: run rpms-copr container with COPR build ID
Builder->>COPR: copr download-build (fetch RPMs)
COPR-->>Builder: provide RPMs
Builder->>Repo: extract/move RPMs and run createrepo
Repo-->>Dev: RPMs available for downstream builds
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (2)
packaging/rpms-copr.Containerfile (1)
14-14: Hardcoded chroot limits flexibility.The
epel-9chroot is hardcoded. Consider making it configurable via an ARG for different target distributions.Apply this diff to make the chroot configurable:
ARG COPR_BUILD_ID= ARG BUILDER_RPM_REPO_PATH=/home/microshift/microshift/_output/rpmbuild/RPMS +ARG COPR_CHROOT=epel-9 # hadolint ignore=DL3003,DL4006,SC3040 RUN <<EOT bash set -xeuo pipefail - copr download-build --rpms --chroot "epel-9-$(uname -m)" --dest /tmp/rpms ${COPR_BUILD_ID} + copr download-build --rpms --chroot "${COPR_CHROOT}-$(uname -m)" --dest /tmp/rpms ${COPR_BUILD_ID} mkdir -p /home/microshift/microshift - cd /tmp/rpms/"epel-9-$(uname -m)"/ + cd /tmp/rpms/"${COPR_CHROOT}-$(uname -m)"/ rpm2cpio microshift-*.src.rpm | cpio -idmv tar xf microshift-*.tar.gz -C /home/microshift/microshift --strip-components=1 mkdir -p ${BUILDER_RPM_REPO_PATH} - mv /tmp/rpms/"epel-9-$(uname -m)"/*.rpm ${BUILDER_RPM_REPO_PATH}/ + mv /tmp/rpms/"${COPR_CHROOT}-$(uname -m)"/*.rpm ${BUILDER_RPM_REPO_PATH}/ createrepo -v ${BUILDER_RPM_REPO_PATH} rm -rf /tmp/rpms EOTsrc/copr/create-build.sh (1)
4-11: Consider using JSON output format instead of parsing text.The code parses
copr-clioutput withgrepandcut, which is fragile if the output format changes. Thecopr-clitool supports--output-format jsonfor the build command, providing structured output that eliminates this parsing fragility.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
Makefile(3 hunks)packaging/microshift-runner.Containerfile(1 hunks)packaging/rpms-copr.Containerfile(1 hunks)src/copr/copr-cli.Containerfile(1 hunks)src/copr/copr.mk(1 hunks)src/copr/create-build.sh(1 hunks)
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings
Learnt from: pmtk
Repo: microshift-io/microshift PR: 151
File: docs/workflows.md:74-76
Timestamp: 2025-12-04T13:35:05.230Z
Learning: The COPR group microshift-io/microshift exists at https://copr.fedorainfracloud.org/coprs/g/microshift-io/microshift/ and is used for publishing MicroShift RPM packages in the microshift-io/microshift repository.
Learnt from: ggiguash
Repo: microshift-io/microshift PR: 57
File: .github/workflows/builders.yaml:75-84
Timestamp: 2025-10-17T10:53:08.461Z
Learning: In the microshift repository, the RPM-to-Debian conversion workflow follows this pattern: `convert.sh` receives an RPM directory as input and outputs .deb files to a `deb/` subdirectory within that directory. The `install.sh` script expects to receive the parent RPM directory (not the deb subdirectory) and uses recursive `find` commands to locate the .deb files in subdirectories.
Learnt from: ggiguash
Repo: microshift-io/microshift PR: 137
File: src/quickrpm.sh:83-98
Timestamp: 2025-11-26T06:46:33.353Z
Learning: In the microshift-io/microshift repository, the quickrpm.sh script only supports RHEL 9 or above (and equivalent CentOS/Fedora versions), where util-linux includes the `--nooverlap` flag for losetup.
📚 Learning: 2025-10-17T07:44:32.742Z
Learnt from: ggiguash
Repo: microshift-io/microshift PR: 92
File: .github/workflows/release.yaml:44-50
Timestamp: 2025-10-17T07:44:32.742Z
Learning: When Podman builds an image without a registry prefix (e.g., `podman build -t microshift-okd`), it automatically adds the `localhost/` prefix and `:latest` tag, resulting in `localhost/microshift-okd:latest`. This means the Makefile in microshift-io/microshift building with `-t microshift-okd` produces `localhost/microshift-okd:latest` without explicit retagging.
Applied to files:
packaging/microshift-runner.Containerfilesrc/copr/copr.mkMakefile
📚 Learning: 2025-12-04T13:35:05.230Z
Learnt from: pmtk
Repo: microshift-io/microshift PR: 151
File: docs/workflows.md:74-76
Timestamp: 2025-12-04T13:35:05.230Z
Learning: The COPR group microshift-io/microshift exists at https://copr.fedorainfracloud.org/coprs/g/microshift-io/microshift/ and is used for publishing MicroShift RPM packages in the microshift-io/microshift repository.
Applied to files:
src/copr/create-build.shpackaging/rpms-copr.Containerfilesrc/copr/copr.mksrc/copr/copr-cli.ContainerfileMakefile
📚 Learning: 2025-10-17T10:53:08.461Z
Learnt from: ggiguash
Repo: microshift-io/microshift PR: 57
File: .github/workflows/builders.yaml:75-84
Timestamp: 2025-10-17T10:53:08.461Z
Learning: In the microshift repository, the RPM-to-Debian conversion workflow follows this pattern: `convert.sh` receives an RPM directory as input and outputs .deb files to a `deb/` subdirectory within that directory. The `install.sh` script expects to receive the parent RPM directory (not the deb subdirectory) and uses recursive `find` commands to locate the .deb files in subdirectories.
Applied to files:
src/copr/create-build.shpackaging/rpms-copr.Containerfilesrc/copr/copr.mk
📚 Learning: 2025-11-26T06:46:33.353Z
Learnt from: ggiguash
Repo: microshift-io/microshift PR: 137
File: src/quickrpm.sh:83-98
Timestamp: 2025-11-26T06:46:33.353Z
Learning: In the microshift-io/microshift repository, the quickrpm.sh script only supports RHEL 9 or above (and equivalent CentOS/Fedora versions), where util-linux includes the `--nooverlap` flag for losetup.
Applied to files:
src/copr/create-build.shpackaging/rpms-copr.Containerfile
🔇 Additional comments (14)
packaging/microshift-runner.Containerfile (1)
4-6: LGTM!The ARG makes the builder image configurable while maintaining backward compatibility with the default value.
src/copr/create-build.sh (1)
1-2: LGTM!Proper error handling with
set -euo pipefail.packaging/rpms-copr.Containerfile (1)
1-6: LGTM!Good practices: disabling weak dependencies and cleaning DNF cache.
Makefile (4)
39-39: LGTM!Making
BUILDER_IMAGEoverridable enables the COPR workflow while maintaining backward compatibility.
45-46: LGTM!Standard approach for computing project directory and modular include.
119-120: LGTM!Clear error message guiding users to both RPM build workflows.
132-132: LGTM!Correctly propagates
BUILDER_IMAGEto the container build asRPM_BUILDER_IMAGE.src/copr/copr.mk (6)
10-34: LGTM!Excellent documentation of the COPR workflow with clear step-by-step instructions.
35-51: LGTM!Target structure mirrors the main
rpmtarget, maintaining consistency.
52-58: LGTM!Proper secret management: removes stale secret before creating new one.
60-66: LGTM!Simple CLI container build.
67-75: LGTM!Proper dependencies and secret handling for delete operation.
76-84: LGTM!Correct implementation for repo regeneration.
src/copr/copr-cli.Containerfile (1)
1-1: No action required. Fedora 42 was released on April 15, 2025, and is available as a base image.
| ARG COPR_BUILD_ID= | ||
| ARG BUILDER_RPM_REPO_PATH=/home/microshift/microshift/_output/rpmbuild/RPMS |
There was a problem hiding this comment.
Validate COPR_BUILD_ID is provided.
COPR_BUILD_ID is required but has an empty default. The script should fail early if not provided.
Add validation after the ARG declarations:
ARG COPR_BUILD_ID=
ARG BUILDER_RPM_REPO_PATH=/home/microshift/microshift/_output/rpmbuild/RPMS
+RUN if [ -z "${COPR_BUILD_ID}" ]; then \
+ echo "ERROR: COPR_BUILD_ID build argument is required" >&2; \
+ exit 1; \
+ fi
+
# hadolint ignore=DL3003,DL4006,SC3040Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In packaging/rpms-copr.Containerfile around lines 8 to 9, ARG COPR_BUILD_ID is
declared with an empty default but is required; add a validation immediately
after the ARG declarations that checks if COPR_BUILD_ID is empty and, if so,
prints a clear error message and exits non‑zero to fail the build early (e.g.,
test the variable and call exit 1). Ensure the validation runs during image
build so the Docker/Cool variant fails fast when COPR_BUILD_ID is not provided.
| @@ -0,0 +1,104 @@ | |||
| COPR_CONFIG ?= $(HOME)/.config/copr | |||
| COPR_REPO_NAME ?= "@microshift-io/microshift" | |||
| COPR_BUILD_ID ?= $$(cat "${SRPM_WORKDIR}/build.txt") | |||
There was a problem hiding this comment.
Validate SRPM_WORKDIR before reading build.txt.
COPR_BUILD_ID reads from ${SRPM_WORKDIR}/build.txt but SRPM_WORKDIR may not be set or the file may not exist. Targets using COPR_BUILD_ID should validate this.
Add validation to targets that use COPR_BUILD_ID:
.PHONY: rpm-copr
rpm-copr:
+ @if [ -z "${SRPM_WORKDIR}" ]; then \
+ echo "ERROR: SRPM_WORKDIR is not set" ; \
+ exit 1 ; \
+ fi
+ @if [ ! -f "${SRPM_WORKDIR}/build.txt" ]; then \
+ echo "ERROR: ${SRPM_WORKDIR}/build.txt not found. Run 'make copr-create-build' first" ; \
+ exit 1 ; \
+ fi
@echo "Building MicroShift RPM image using COPR"Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In src/copr/copr.mk around line 3, COPR_BUILD_ID is unconditionally defined by
reading "${SRPM_WORKDIR}/build.txt" which can fail if SRPM_WORKDIR is unset or
the file doesn't exist; update the Makefile so targets that use COPR_BUILD_ID
first validate SRPM_WORKDIR is set and that "${SRPM_WORKDIR}/build.txt" exists
before attempting to read it, and emit a clear make error (or skip/handle
gracefully) if validation fails; implement this by moving the file-read into a
recipe or guarded shell expression used by those targets (or by making
COPR_BUILD_ID empty by default and having targets perform a check using test -n
and test -f and failing with @echo and exit 1 when missing).
| .PHONY: copr-create-build | ||
| copr-create-build: copr-cfg-ensure-podman-secret copr-cli | ||
| @echo "Creating the COPR build" | ||
| sudo podman run \ | ||
| --rm \ | ||
| --secret ${COPR_SECRET_NAME} \ | ||
| --env COPR_REPO_NAME="${COPR_REPO_NAME}" \ | ||
| --volume "${SRPM_WORKDIR}:/srpms:Z" \ | ||
| --volume "./src/copr/create-build.sh:/create-build.sh:Z" \ | ||
| "${COPR_CLI_IMAGE}" \ | ||
| bash -c "bash -x /create-build.sh" | ||
|
|
There was a problem hiding this comment.
Validate SRPM_WORKDIR in copr-create-build.
The target mounts ${SRPM_WORKDIR} but doesn't validate it's set or that the directory exists.
Add validation at the start of the target:
.PHONY: copr-create-build
copr-create-build: copr-cfg-ensure-podman-secret copr-cli
+ @if [ -z "${SRPM_WORKDIR}" ]; then \
+ echo "ERROR: SRPM_WORKDIR is not set" ; \
+ exit 1 ; \
+ fi
+ @if [ ! -d "${SRPM_WORKDIR}" ]; then \
+ echo "ERROR: ${SRPM_WORKDIR} directory not found" ; \
+ exit 1 ; \
+ fi
@echo "Creating the COPR build"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| .PHONY: copr-create-build | |
| copr-create-build: copr-cfg-ensure-podman-secret copr-cli | |
| @echo "Creating the COPR build" | |
| sudo podman run \ | |
| --rm \ | |
| --secret ${COPR_SECRET_NAME} \ | |
| --env COPR_REPO_NAME="${COPR_REPO_NAME}" \ | |
| --volume "${SRPM_WORKDIR}:/srpms:Z" \ | |
| --volume "./src/copr/create-build.sh:/create-build.sh:Z" \ | |
| "${COPR_CLI_IMAGE}" \ | |
| bash -c "bash -x /create-build.sh" | |
| .PHONY: copr-create-build | |
| copr-create-build: copr-cfg-ensure-podman-secret copr-cli | |
| @if [ -z "${SRPM_WORKDIR}" ]; then \ | |
| echo "ERROR: SRPM_WORKDIR is not set" ; \ | |
| exit 1 ; \ | |
| fi | |
| @if [ ! -d "${SRPM_WORKDIR}" ]; then \ | |
| echo "ERROR: ${SRPM_WORKDIR} directory not found" ; \ | |
| exit 1 ; \ | |
| fi | |
| @echo "Creating the COPR build" | |
| sudo podman run \ | |
| --rm \ | |
| --secret ${COPR_SECRET_NAME} \ | |
| --env COPR_REPO_NAME="${COPR_REPO_NAME}" \ | |
| --volume "${SRPM_WORKDIR}:/srpms:Z" \ | |
| --volume "./src/copr/create-build.sh:/create-build.sh:Z" \ | |
| "${COPR_CLI_IMAGE}" \ | |
| bash -c "bash -x /create-build.sh" |
🤖 Prompt for AI Agents
In src/copr/copr.mk around lines 85 to 96, the copr-create-build target mounts
${SRPM_WORKDIR} but does not validate that SRPM_WORKDIR is set or that the
directory exists; add a validation at the start of the target that (1) verifies
the SRPM_WORKDIR variable is non-empty and (2) verifies the path exists and is a
directory, and if either check fails, print a clear error to stderr and exit the
recipe with a non-zero status so the make target aborts before running podman.
Use simple shell checks (e.g., [ -n "${SRPM_WORKDIR}" ] and [ -d
"${SRPM_WORKDIR}" ]) and ensure the error message references the variable name
and the failing condition.
| .PHONY: copr-watch-build | ||
| copr-watch-build: copr-cli | ||
| @echo "Watching the COPR build" | ||
| sudo podman run \ | ||
| --rm \ | ||
| --volume "${SRPM_WORKDIR}:/srpms:Z" \ | ||
| "${COPR_CLI_IMAGE}" \ | ||
| bash -c "copr-cli watch-build \$$(cat /srpms/build.txt)" |
There was a problem hiding this comment.
Validate SRPM_WORKDIR in copr-watch-build.
The target reads ${SRPM_WORKDIR}/build.txt but doesn't validate the directory or file exists.
Add validation:
.PHONY: copr-watch-build
copr-watch-build: copr-cli
+ @if [ -z "${SRPM_WORKDIR}" ]; then \
+ echo "ERROR: SRPM_WORKDIR is not set" ; \
+ exit 1 ; \
+ fi
+ @if [ ! -f "${SRPM_WORKDIR}/build.txt" ]; then \
+ echo "ERROR: ${SRPM_WORKDIR}/build.txt not found. Run 'make copr-create-build' first" ; \
+ exit 1 ; \
+ fi
@echo "Watching the COPR build"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| .PHONY: copr-watch-build | |
| copr-watch-build: copr-cli | |
| @echo "Watching the COPR build" | |
| sudo podman run \ | |
| --rm \ | |
| --volume "${SRPM_WORKDIR}:/srpms:Z" \ | |
| "${COPR_CLI_IMAGE}" \ | |
| bash -c "copr-cli watch-build \$$(cat /srpms/build.txt)" | |
| .PHONY: copr-watch-build | |
| copr-watch-build: copr-cli | |
| @if [ -z "${SRPM_WORKDIR}" ]; then \ | |
| echo "ERROR: SRPM_WORKDIR is not set" ; \ | |
| exit 1 ; \ | |
| fi | |
| @if [ ! -f "${SRPM_WORKDIR}/build.txt" ]; then \ | |
| echo "ERROR: ${SRPM_WORKDIR}/build.txt not found. Run 'make copr-create-build' first" ; \ | |
| exit 1 ; \ | |
| fi | |
| @echo "Watching the COPR build" | |
| sudo podman run \ | |
| --rm \ | |
| --volume "${SRPM_WORKDIR}:/srpms:Z" \ | |
| "${COPR_CLI_IMAGE}" \ | |
| bash -c "copr-cli watch-build \$$(cat /srpms/build.txt)" |
🤖 Prompt for AI Agents
In src/copr/copr.mk around lines 97 to 104, the copr-watch-build target uses
${SRPM_WORKDIR}/build.txt without validating that SRPM_WORKDIR exists or that
build.txt is present; add a check before running podman that SRPM_WORKDIR is a
directory and that "${SRPM_WORKDIR}/build.txt" is a readable file, printing a
clear error and exiting with non‑zero status if either check fails, then proceed
to run the podman command only when both checks pass.
| #!/usr/bin/env bash | ||
| set -euo pipefail | ||
|
|
||
| out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)" |
There was a problem hiding this comment.
Handle glob expansion failure.
If no SRPM files match microshift*.src.rpm, the command will fail with an unclear error.
Apply this diff to validate the SRPM exists:
+if ! ls /srpms/microshift*.src.rpm 1> /dev/null 2>&1; then
+ echo "ERROR: No SRPM files found matching /srpms/microshift*.src.rpm"
+ exit 1
+fi
+
out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)" | |
| if ! ls /srpms/microshift*.src.rpm 1> /dev/null 2>&1; then | |
| echo "ERROR: No SRPM files found matching /srpms/microshift*.src.rpm" | |
| exit 1 | |
| fi | |
| out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)" |
🤖 Prompt for AI Agents
In src/copr/create-build.sh around line 4, the copr-cli command assumes the glob
/srpms/microshift*.src.rpm expands to at least one file; if it doesn't the
command fails with an unclear error. Before invoking copr-cli, test whether any
files match that glob (e.g., capture the glob expansion into a variable or
array, check its length), and if none are found print a clear error and exit
non‑zero; otherwise pass the expanded file path(s) to copr-cli (properly
quoted/iterated to handle spaces) so the command only runs when SRPM(s) actually
exist.
pmtk
force-pushed
the
copr-local
branch
6 times, most recently
from
aae666c to
97d4fab
Compare
There was a problem hiding this comment.
Actionable comments posted: 5
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/release.yaml (1)
227-234:inputs.buildis undefined – conditionals will always evaluate to false.The workflow defines
ushift-gitref,okd-version-tag, andcopr-repoinputs, but lines 228 and 234 referenceinputs.buildwhich doesn't exist. These steps will be skipped.- name: Login to GitHub Container Registry - if: contains(fromJSON('["all", "bootc-image"]'), inputs.build) + # Remove condition or add 'build' input if selective behavior is needed uses: ./.github/actions/podman-login - name: Publish Bootc container image manifest - if: contains(fromJSON('["all", "bootc-image"]'), inputs.build) + # Remove condition or add 'build' input if selective behavior is needed shell: bash
🤖 Fix all issues with AI agents
In @.github/actions/build/action.yaml:
- Line 48: The workflow conditional is referencing the wrong input name: update
the if expression that currently uses "inputs.rpm-builder" to use the correct
input identifier "inputs.rpm-image" so the branch evaluating "==
'microshift-okd-rpm'" works as intended; locate the conditional expression (the
if: inputs.rpm-builder == 'microshift-okd-rpm' line) and replace rpm-builder
with rpm-image.
- Line 52: The conditional uses the wrong input name: change the occurrence of
"if: inputs.rpm-builder == 'microshift-okd-rpm'" to use the correct input key
"rpm-image" (e.g., "if: inputs.rpm-image == 'microshift-okd-rpm'") so the action
reads the intended input; update any other references of "rpm-builder" in this
file to "rpm-image" to keep names consistent.
In `@packaging/rpms-copr.Containerfile`:
- Around line 11-18: The RUN block contains a shell cd (cd
/tmp/rpms/"epel-9-$(uname -m)"/) which triggers hadolint DL3003; either add
DL3003 to the hadolint ignore list on that RUN (augment the existing "# hadolint
ignore=DL4006" to include DL3003) or refactor the RUN to avoid cd (use absolute
paths or a subshell/pushd/popd pattern) so the DL3003 violation is removed;
update the RUN block containing the cd command accordingly.
In `@src/copr/create-build.sh`:
- Around line 1-4: The script src/copr/create-build.sh uses the COPR_REPO_NAME
variable without verifying it is non-empty; add an explicit validation at the
top of the script (before calling copr-cli) that checks COPR_REPO_NAME is set
and not empty, prints a clear error message to stderr (including the variable
name) and exits non-zero if the check fails, then proceed to run the existing
copr-cli build command; reference COPR_REPO_NAME and the copr-cli invocation
when adding the guard.
♻️ Duplicate comments (3)
src/copr/create-build.sh (1)
4-4: Handle glob expansion failure.If no SRPM files match
microshift*.src.rpm, the command fails with an unclear error.Proposed fix
+shopt -s nullglob +srpms=(/srpms/microshift*.src.rpm) +shopt -u nullglob +if [[ ${`#srpms`[@]} -eq 0 ]]; then + echo "ERROR: No SRPM files found matching /srpms/microshift*.src.rpm" + exit 1 +fi + -out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)" +out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" "${srpms[@]}")"packaging/rpms-copr.Containerfile (1)
8-9: ValidateCOPR_BUILD_IDis provided.
COPR_BUILD_IDhas an empty default but is required. The build should fail early if not provided.Proposed fix
ARG COPR_BUILD_ID= ARG BUILDER_RPM_REPO_PATH=/home/microshift/microshift/_output/rpmbuild/RPMS +RUN if [ -z "${COPR_BUILD_ID}" ]; then \ + echo "ERROR: COPR_BUILD_ID build argument is required" >&2; \ + exit 1; \ + fi + # hadolint ignore=DL4006src/copr/copr.mk (1)
85-104: SRPM_WORKDIR validation still missing.Previous review comments requested validation that
SRPM_WORKDIRis set and exists before these targets run. This remains unaddressed.
🧹 Nitpick comments (1)
.github/workflows/release.yaml (1)
24-73: COPR build job looks correct.The sequence follows the required pattern: SRPM build → COPR create → watch. Artifacts are properly persisted for downstream jobs.
One minor note: the
COPR_CONFIGsecret is written to/tmp/copr-configwithout restrictive permissions. Consider addingchmod 600after writing.Suggested improvement
echo "${COPR_CONFIG}" > /tmp/copr-config + chmod 600 /tmp/copr-config
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (9)
.github/actions/build/action.yaml.github/actions/prebuild/action.yaml.github/workflows/release.yamlMakefilepackaging/bootc.Containerfilepackaging/rpms-copr.Containerfilesrc/copr/copr-cli.Containerfilesrc/copr/copr.mksrc/copr/create-build.sh
🚧 Files skipped from review as they are similar to previous changes (1)
- src/copr/copr-cli.Containerfile
🧰 Additional context used
📓 Path-based instructions (3)
Makefile
📄 CodeRabbit inference engine (CLAUDE.md)
Build system follows three sequential stages: SRPM Build (
make srpm), RPM Build (make rpm), and Bootc Image (make image). Each stage must be completed before the next can be executed.
Files:
Makefile
**/*.sh
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.sh: Shell scripts should pass linting with shellcheck as part of themake checkvalidation step
Build scripts must detect architecture automatically viauname -mto determine between x86_64 or aarch64
Files:
src/copr/create-build.sh
.github/workflows/*.yaml
📄 CodeRabbit inference engine (CLAUDE.md)
CI/CD workflows should validate builds with
builders.yaml, test quickstart scripts withinstallers.yaml, support manual release workflow viarelease.yaml, and run daily OKD ARM builds viarelease-okd.yaml
Files:
.github/workflows/release.yaml
🧠 Learnings (16)
📓 Common learnings
Learnt from: pmtk
Repo: microshift-io/microshift PR: 151
File: docs/workflows.md:74-76
Timestamp: 2025-12-04T13:35:05.230Z
Learning: The COPR group microshift-io/microshift exists at https://copr.fedorainfracloud.org/coprs/g/microshift-io/microshift/ and is used for publishing MicroShift RPM packages in the microshift-io/microshift repository.
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to packaging/Containerfile* : SRPM build container must clone MicroShift from upstream repository at `USHIFT_GITREF` and replace component images with OKD references via `src/image/prebuild.sh`
Learnt from: ggiguash
Repo: microshift-io/microshift PR: 57
File: .github/workflows/builders.yaml:75-84
Timestamp: 2025-10-17T10:53:08.461Z
Learning: In the microshift repository, the RPM-to-Debian conversion workflow follows this pattern: `convert.sh` receives an RPM directory as input and outputs .deb files to a `deb/` subdirectory within that directory. The `install.sh` script expects to receive the parent RPM directory (not the deb subdirectory) and uses recursive `find` commands to locate the .deb files in subdirectories.
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to packaging/Containerfile* : RPM build container requires SRPM image from previous stage and outputs to `RPM_OUTDIR`
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to packaging/Containerfile* : Bootc image build requires RPM image from previous stage, is configurable via `WITH_KINDNET`, `WITH_TOPOLVM`, `WITH_OLM`, and `EMBED_CONTAINER_IMAGES`, and is based on `BOOTC_IMAGE_URL:BOOTC_IMAGE_TAG`
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to src/image/prebuild.sh : Replace component images with OKD references during SRPM build stage
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to ansible/** : Ansible roles should support automated builds and deployments for both containerized and host-based MicroShift installations
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to src/image/prebuild.sh : Replace component images with OKD references during SRPM build stage
Applied to files:
.github/actions/prebuild/action.yamlpackaging/bootc.Containerfilepackaging/rpms-copr.Containerfile.github/actions/build/action.yamlMakefilesrc/copr/create-build.sh.github/workflows/release.yamlsrc/copr/copr.mk
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to packaging/Containerfile* : RPM build container requires SRPM image from previous stage and outputs to `RPM_OUTDIR`
Applied to files:
.github/actions/prebuild/action.yamlpackaging/bootc.Containerfilepackaging/rpms-copr.Containerfile.github/actions/build/action.yamlMakefilesrc/copr/create-build.sh.github/workflows/release.yamlsrc/copr/copr.mk
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Always build SRPM before RPM, and RPM before bootc image to maintain dependency chain
Applied to files:
.github/actions/prebuild/action.yamlpackaging/bootc.Containerfilepackaging/rpms-copr.Containerfile.github/actions/build/action.yamlMakefile.github/workflows/release.yamlsrc/copr/copr.mk
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to src/rpm/** : RPM installation scripts should manage repository creation/deletion and execute post-install configuration before service start
Applied to files:
.github/actions/prebuild/action.yamlpackaging/rpms-copr.Containerfile
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to packaging/Containerfile* : Bootc image build requires RPM image from previous stage, is configurable via `WITH_KINDNET`, `WITH_TOPOLVM`, `WITH_OLM`, and `EMBED_CONTAINER_IMAGES`, and is based on `BOOTC_IMAGE_URL:BOOTC_IMAGE_TAG`
Applied to files:
packaging/bootc.Containerfilepackaging/rpms-copr.Containerfile.github/actions/build/action.yamlMakefile.github/workflows/release.yaml
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to packaging/Containerfile* : SRPM build container must clone MicroShift from upstream repository at `USHIFT_GITREF` and replace component images with OKD references via `src/image/prebuild.sh`
Applied to files:
packaging/bootc.Containerfilepackaging/rpms-copr.Containerfile.github/actions/build/action.yamlMakefilesrc/copr/create-build.sh.github/workflows/release.yamlsrc/copr/copr.mk
📚 Learning: 2025-10-17T07:44:32.742Z
Learnt from: ggiguash
Repo: microshift-io/microshift PR: 92
File: .github/workflows/release.yaml:44-50
Timestamp: 2025-10-17T07:44:32.742Z
Learning: When Podman builds an image without a registry prefix (e.g., `podman build -t microshift-okd`), it automatically adds the `localhost/` prefix and `:latest` tag, resulting in `localhost/microshift-okd:latest`. This means the Makefile in microshift-io/microshift building with `-t microshift-okd` produces `localhost/microshift-okd:latest` without explicit retagging.
Applied to files:
packaging/bootc.Containerfile.github/actions/build/action.yamlMakefile.github/workflows/release.yamlsrc/copr/copr.mk
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to Makefile : Build system follows three sequential stages: SRPM Build (`make srpm`), RPM Build (`make rpm`), and Bootc Image (`make image`). Each stage must be completed before the next can be executed.
Applied to files:
packaging/bootc.Containerfile.github/actions/build/action.yamlMakefile.github/workflows/release.yamlsrc/copr/copr.mk
📚 Learning: 2025-12-04T13:35:05.230Z
Learnt from: pmtk
Repo: microshift-io/microshift PR: 151
File: docs/workflows.md:74-76
Timestamp: 2025-12-04T13:35:05.230Z
Learning: The COPR group microshift-io/microshift exists at https://copr.fedorainfracloud.org/coprs/g/microshift-io/microshift/ and is used for publishing MicroShift RPM packages in the microshift-io/microshift repository.
Applied to files:
packaging/rpms-copr.Containerfile.github/actions/build/action.yamlMakefilesrc/copr/create-build.sh.github/workflows/release.yamlsrc/copr/copr.mk
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to packaging/Containerfile* : Containerfiles should pass linting with hadolint as part of the `make check` validation step
Applied to files:
packaging/rpms-copr.Containerfile
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to ansible/** : Ansible roles should support automated builds and deployments for both containerized and host-based MicroShift installations
Applied to files:
packaging/rpms-copr.Containerfile.github/actions/build/action.yaml.github/workflows/release.yaml
📚 Learning: 2025-10-17T10:53:08.461Z
Learnt from: ggiguash
Repo: microshift-io/microshift PR: 57
File: .github/workflows/builders.yaml:75-84
Timestamp: 2025-10-17T10:53:08.461Z
Learning: In the microshift repository, the RPM-to-Debian conversion workflow follows this pattern: `convert.sh` receives an RPM directory as input and outputs .deb files to a `deb/` subdirectory within that directory. The `install.sh` script expects to receive the parent RPM directory (not the deb subdirectory) and uses recursive `find` commands to locate the .deb files in subdirectories.
Applied to files:
packaging/rpms-copr.Containerfile.github/actions/build/action.yamlMakefilesrc/copr/create-build.sh.github/workflows/release.yamlsrc/copr/copr.mk
📚 Learning: 2025-11-26T06:46:33.353Z
Learnt from: ggiguash
Repo: microshift-io/microshift PR: 137
File: src/quickrpm.sh:83-98
Timestamp: 2025-11-26T06:46:33.353Z
Learning: In the microshift-io/microshift repository, the quickrpm.sh script only supports RHEL 9 or above (and equivalent CentOS/Fedora versions), where util-linux includes the `--nooverlap` flag for losetup.
Applied to files:
packaging/rpms-copr.Containerfile.github/actions/build/action.yamlsrc/copr/create-build.sh
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to .github/workflows/*.yaml : CI/CD workflows should validate builds with `builders.yaml`, test quickstart scripts with `installers.yaml`, support manual release workflow via `release.yaml`, and run daily OKD ARM builds via `release-okd.yaml`
Applied to files:
.github/actions/build/action.yaml.github/workflows/release.yaml
📚 Learning: 2025-12-13T11:22:03.985Z
Learnt from: CR
Repo: microshift-io/microshift PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-13T11:22:03.985Z
Learning: Applies to src/okd/** : OKD version auto-detection should query latest-amd64 or latest-arm64 tags based on detected architecture
Applied to files:
Makefile.github/workflows/release.yaml
🪛 GitHub Actions: linters
packaging/rpms-copr.Containerfile
[error] 12-12: Hadolint failed on containerfile with DL3003: Use WORKDIR to switch to a directory. (This is reported as a warning by Hadolint, but the step exited with an error in the CI pipeline.)
🔇 Additional comments (15)
.github/actions/prebuild/action.yaml (1)
31-31: LGTM!Adding
/mnt/srpmaligns with the COPR workflow'sSRPM_WORKDIRusage.packaging/bootc.Containerfile (1)
4-6: LGTM!The
RPM_IMAGEbuild argument enables flexible RPM source selection while maintaining backward compatibility with the defaultmicroshift-okd-rpm.src/copr/create-build.sh (1)
6-10: LGTM!Build ID extraction with proper error handling.
.github/actions/build/action.yaml (2)
34-37: LGTM!The
rpm-imageinput enables flexible RPM image selection for COPR workflows.
79-83: LGTM!Correctly propagates
RPM_IMAGEto the bootc image build.packaging/rpms-copr.Containerfile (1)
14-14: LGTM on architecture detection.Using
uname -mfor architecture detection aligns with coding guidelines.Makefile (3)
41-48: LGTM – COPR integration cleanly wired in.Making
RPM_IMAGEoverridable with?=enables the COPR workflow path. ThePROJECT_DIRpattern is idiomatic and the include is correctly placed.
121-121: Good UX improvement.Error message now guides users to both RPM build paths.
133-133: Correct build-arg addition.Passing
RPM_IMAGEas a build-arg enables the bootc stage to consume RPMs from either local or COPR builds..github/workflows/release.yaml (2)
18-21: COPR repo input properly configured.Default matches the known COPR group. Based on learnings, this aligns with the existing
@microshift-io/microshiftCOPR repository.
253-262: COPR regenerate step properly placed in release flow.Regenerating repos after successful builds ensures package availability. Same suggestion applies here: add
chmod 600after writing the config file.src/copr/copr.mk (4)
1-7: Variables and defaults look reasonable.The
$$()inCOPR_BUILD_IDcorrectly defers shell expansion to recipe time.
10-33: Helpful documentation for the COPR workflow.The
copr-helptarget provides clear usage guidance aligned with the PR description.
52-58: Secret rotation approach is correct.Deleting and recreating ensures the secret reflects the current config file state.
67-83: COPR CLI invocations look correct.Both
copr-delete-buildandcopr-regenerate-reposproperly use the secret and CLI image.
✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.
| .PHONY: rpm-copr | ||
| rpm-copr: | ||
| @echo "Building MicroShift RPM image using COPR" | ||
| sudo podman build \ | ||
| --tag "${COPR_BUILDER_IMAGE}" \ | ||
| --build-arg COPR_BUILD_ID="${COPR_BUILD_ID}" \ | ||
| --file packaging/rpms-copr.Containerfile . | ||
|
|
||
| @echo "Extracting the MicroShift RPMs" | ||
| outdir="$${RPM_OUTDIR:-$$(mktemp -d /tmp/microshift-rpms-XXXXXX)}" && \ | ||
| mntdir="$$(sudo podman image mount "${COPR_BUILDER_IMAGE}")" && \ | ||
| sudo cp -r "$${mntdir}/home/microshift/microshift/_output/rpmbuild/RPMS/." "$${outdir}" && \ | ||
| sudo podman image umount "${COPR_BUILDER_IMAGE}" && \ | ||
| echo "" && \ | ||
| echo "Build completed successfully" && \ | ||
| echo "RPMs are available in '$${outdir}'" |
There was a problem hiding this comment.
Missing cleanup trap on error in rpm-copr.
If the cp command fails, the image remains mounted. Use a trap like the existing rpm target does.
Suggested fix
`@echo` "Extracting the MicroShift RPMs"
outdir="$${RPM_OUTDIR:-$$(mktemp -d /tmp/microshift-rpms-XXXXXX)}" && \
mntdir="$$(sudo podman image mount "${COPR_BUILDER_IMAGE}")" && \
+ trap "sudo podman image umount '${COPR_BUILDER_IMAGE}' >/dev/null" EXIT && \
sudo cp -r "$${mntdir}/home/microshift/microshift/_output/rpmbuild/RPMS/." "$${outdir}" && \
- sudo podman image umount "${COPR_BUILDER_IMAGE}" && \
echo "" && \
echo "Build completed successfully" && \
echo "RPMs are available in '$${outdir}'"| #!/usr/bin/env bash | ||
| set -euo pipefail | ||
|
|
||
| out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)" |
There was a problem hiding this comment.
Validate COPR_REPO_NAME is set.
The script uses COPR_REPO_NAME but doesn't validate it's non-empty, which would cause a cryptic copr-cli error.
Proposed fix
#!/usr/bin/env bash
set -euo pipefail
+if [[ -z "${COPR_REPO_NAME:-}" ]]; then
+ echo "ERROR: COPR_REPO_NAME environment variable is required"
+ exit 1
+fi
+
out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)" | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| if [[ -z "${COPR_REPO_NAME:-}" ]]; then | |
| echo "ERROR: COPR_REPO_NAME environment variable is required" | |
| exit 1 | |
| fi | |
| out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)" |
🤖 Prompt for AI Agents
In `@src/copr/create-build.sh` around lines 1 - 4, The script
src/copr/create-build.sh uses the COPR_REPO_NAME variable without verifying it
is non-empty; add an explicit validation at the top of the script (before
calling copr-cli) that checks COPR_REPO_NAME is set and not empty, prints a
clear error message to stderr (including the variable name) and exits non-zero
if the check fails, then proceed to run the existing copr-cli build command;
reference COPR_REPO_NAME and the copr-cli invocation when adding the guard.
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @.github/workflows/nightly-copr.yaml:
- Around line 95-103: The workflow passes an unsupported input named rpm-image
to the local custom action (uses: ./.github/actions/build) which actionlint
flags; either remove or rename the rpm-image input in the workflow to match an
existing input the build action exposes, or add rpm-image to the action’s
metadata (action.yml) under inputs with a sensible default/description so the
build action accepts it; locate the action by the uses: ./.github/actions/build
reference and update its action.yml inputs section (or the workflow step) to
ensure rpm-image is defined and used consistently by the build logic.
- Around line 32-49: Guard the COPR steps so they skip on forked PRs by adding a
conditional that checks the PR fork flag; update the step named "Create COPR
build" (and the related copr-create-build / copr-watch-build invocation block(s)
referenced elsewhere) to include an if expression like: only run when there is
no forked PR (e.g. if: ${{ github.event.pull_request == null ||
github.event.pull_request.head.repo.fork == false }}), or similarly move the
check to the containing job so the COPR_CONFIG secret is never referenced for
forked PRs.
| - name: Create COPR build | ||
| shell: bash | ||
| env: | ||
| COPR_CONFIG: | | ||
| ${{ secrets.COPR_CONFIG }} | ||
| run: | | ||
| set -euo pipefail | ||
| cd ${GITHUB_WORKSPACE}/ | ||
| echo "${COPR_CONFIG}" > /tmp/copr-config | ||
| make copr-create-build \ | ||
| SRPM_WORKDIR=/mnt/srpm \ | ||
| COPR_REPO_NAME=${{ env.COPR_REPO_NAME }} \ | ||
| COPR_CONFIG=/tmp/copr-config | ||
| make copr-watch-build \ | ||
| SRPM_WORKDIR=/mnt/srpm \ | ||
| COPR_REPO_NAME=${{ env.COPR_REPO_NAME }} |
There was a problem hiding this comment.
Guard COPR secret usage on forked PRs.
Forked PRs won’t get COPR_CONFIG, so these steps will fail. Consider skipping COPR jobs/steps for forked PRs.
✅ Example guard
build-rpms:
+ if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }}
runs-on: ubuntu-24.04
steps:
...
regenerate-copr-repo:
+ if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }}
runs-on: ubuntu-24.04
steps:
...Also applies to: 122-151
🤖 Prompt for AI Agents
In @.github/workflows/nightly-copr.yaml around lines 32 - 49, Guard the COPR
steps so they skip on forked PRs by adding a conditional that checks the PR fork
flag; update the step named "Create COPR build" (and the related
copr-create-build / copr-watch-build invocation block(s) referenced elsewhere)
to include an if expression like: only run when there is no forked PR (e.g. if:
${{ github.event.pull_request == null ||
github.event.pull_request.head.repo.fork == false }}), or similarly move the
check to the containing job so the COPR_CONFIG secret is never referenced for
forked PRs.
| - name: Run the build action | ||
| uses: ./.github/actions/build | ||
| with: | ||
| ushift-gitref: nil # RPMs are not built, so no need for git ref or OKD version | ||
| okd-version-tag: nil | ||
| bootc-image-url: quay.io/centos-bootc/centos-bootc | ||
| bootc-image-tag: stream10 | ||
| rpm-image: microshift-okd-rpm-copr | ||
| build: bootc-image |
There was a problem hiding this comment.
rpm-image input isn’t defined for the build action.
Actionlint reports this input is unsupported, so it will be ignored and the build may use the wrong RPM image. Align the workflow with the action’s defined inputs or update the action to accept rpm-image.
🧰 Tools
🪛 actionlint (1.7.10)
102-102: input "rpm-image" is not defined in action "build-microshift" defined at "./.github/actions/build". available inputs are "bootc-image-tag", "bootc-image-url", "build", "isolated-network", "node-count", "okd-version-tag", "ovnk-networking", "ushift-gitref"
(action)
🤖 Prompt for AI Agents
In @.github/workflows/nightly-copr.yaml around lines 95 - 103, The workflow
passes an unsupported input named rpm-image to the local custom action (uses:
./.github/actions/build) which actionlint flags; either remove or rename the
rpm-image input in the workflow to match an existing input the build action
exposes, or add rpm-image to the action’s metadata (action.yml) under inputs
with a sensible default/description so the build action accepts it; locate the
action by the uses: ./.github/actions/build reference and update its action.yml
inputs section (or the workflow step) to ensure rpm-image is defined and used
consistently by the build logic.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In @.github/actions/build/action.yaml:
- Around line 46-48: The "Prepare the build and run environment" step currently
only runs when `if: inputs.rpm-image == 'microshift-okd-rpm'`, which skips
prebuild for custom RPM images and breaks non-default paths; remove that `if`
condition (or change it so the step runs for all `inputs.rpm-image` values) so
the `uses: ./.github/actions/prebuild` step always executes and ensures the
environment is prepared for bootc build/run.
♻️ Duplicate comments (1)
.github/workflows/nightly-copr.yaml (1)
32-49: Guard COPR secret usage on forked PRs.
Forked PRs won’t receiveCOPR_CONFIG, so these steps will fail.Proposed fix
- name: Create COPR build + if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }} shell: bash env: COPR_CONFIG: | ${{ secrets.COPR_CONFIG }} ... - name: Delete PR build - if: github.event_name == 'pull_request' + if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false }} shell: bash env: COPR_CONFIG: | ${{ secrets.COPR_CONFIG }}Also applies to: 140-150
| - name: Prepare the build and run environment | ||
| if: inputs.rpm-image == 'microshift-okd-rpm' | ||
| uses: ./.github/actions/prebuild |
There was a problem hiding this comment.
Don’t skip prebuild for custom RPM images.
Bootc build/run still need the environment setup; skipping prebuild can break non-default rpm-image paths.
Proposed fix
- - name: Prepare the build and run environment
- if: inputs.rpm-image == 'microshift-okd-rpm'
+ - name: Prepare the build and run environment🤖 Prompt for AI Agents
In @.github/actions/build/action.yaml around lines 46 - 48, The "Prepare the
build and run environment" step currently only runs when `if: inputs.rpm-image
== 'microshift-okd-rpm'`, which skips prebuild for custom RPM images and breaks
non-default paths; remove that `if` condition (or change it so the step runs for
all `inputs.rpm-image` values) so the `uses: ./.github/actions/prebuild` step
always executes and ensures the environment is prepared for bootc build/run.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@packaging/rpms-copr.Containerfile`:
- Around line 13-24: The hard-coded COPR chroot string "epel-9-$(uname -m)"
should be parameterized: introduce an ARG (e.g., COPR_CHROOT) with a sensible
default (like "epel-9-$(uname -m)") and replace all occurrences of the literal
chroot in the Dockerfile block (the copr download-build call and the /tmp/rpms
path used in cd and mv) with that ARG; keep existing variables such as
COPR_BUILD_ID and BUILDER_RPM_REPO_PATH unchanged so callers/workflows can
override the chroot (e.g., to epel-10) without causing build/download
mismatches.
♻️ Duplicate comments (2)
packaging/rpms-copr.Containerfile (1)
8-9: Fail fast when COPR_BUILD_ID is missing.
This was flagged previously; still needed..github/workflows/nightly-copr.yaml (1)
32-65: Guard COPR secret usage on forked PRs.
This was flagged previously; still needed so fork PRs don’t fail.✅ Example guard
jobs: build-rpms: + if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }} runs-on: ubuntu-24.04
| echo "# Download the RPMs from COPR" && \ | ||
| copr download-build --rpms --chroot "epel-9-$(uname -m)" --dest /tmp/rpms ${COPR_BUILD_ID} && \ | ||
| \ | ||
| echo "# Extract the MicroShift source code into /home/microshift/microshift" && \ | ||
| mkdir -p /home/microshift/microshift && \ | ||
| cd /tmp/rpms/"epel-9-$(uname -m)"/ && \ | ||
| rpm2cpio microshift-*.src.rpm | cpio -idmv && \ | ||
| tar xf microshift-*.tar.gz -C /home/microshift/microshift --strip-components=1 && \ | ||
| \ | ||
| echo "# Move the RPMs" && \ | ||
| mkdir -p ${BUILDER_RPM_REPO_PATH} && \ | ||
| mv /tmp/rpms/"epel-9-$(uname -m)"/*.rpm ${BUILDER_RPM_REPO_PATH}/ && \ |
There was a problem hiding this comment.
Parameterize COPR chroot to avoid build/download mismatches.
The workflow passes a chroot (e.g., epel-10), but this file hard-codes epel-9. That can break copr download-build. Consider an ARG with a sane default.
🔧 Suggested fix
ARG COPR_BUILD_ID=
+ARG COPR_CHROOT=
ARG BUILDER_RPM_REPO_PATH=/home/microshift/microshift/_output/rpmbuild/RPMS
# hadolint ignore=DL4006,DL3003
RUN \
+ CHROOT="${COPR_CHROOT:-epel-9-$(uname -m)}" && \
echo "# Download the RPMs from COPR" && \
- copr download-build --rpms --chroot "epel-9-$(uname -m)" --dest /tmp/rpms ${COPR_BUILD_ID} && \
+ copr download-build --rpms --chroot "${CHROOT}" --dest /tmp/rpms ${COPR_BUILD_ID} && \
\
echo "# Extract the MicroShift source code into /home/microshift/microshift" && \
mkdir -p /home/microshift/microshift && \
- cd /tmp/rpms/"epel-9-$(uname -m)"/ && \
+ cd /tmp/rpms/"${CHROOT}"/ && \
rpm2cpio microshift-*.src.rpm | cpio -idmv && \
tar xf microshift-*.tar.gz -C /home/microshift/microshift --strip-components=1 && \
\
echo "# Move the RPMs" && \
mkdir -p ${BUILDER_RPM_REPO_PATH} && \
- mv /tmp/rpms/"epel-9-$(uname -m)"/*.rpm ${BUILDER_RPM_REPO_PATH}/ && \
+ mv /tmp/rpms/"${CHROOT}"/*.rpm ${BUILDER_RPM_REPO_PATH}/ && \
\
echo "# Create the repository and cleanup" && \🤖 Prompt for AI Agents
In `@packaging/rpms-copr.Containerfile` around lines 13 - 24, The hard-coded COPR
chroot string "epel-9-$(uname -m)" should be parameterized: introduce an ARG
(e.g., COPR_CHROOT) with a sensible default (like "epel-9-$(uname -m)") and
replace all occurrences of the literal chroot in the Dockerfile block (the copr
download-build call and the /tmp/rpms path used in cd and mv) with that ARG;
keep existing variables such as COPR_BUILD_ID and BUILDER_RPM_REPO_PATH
unchanged so callers/workflows can override the chroot (e.g., to epel-10)
without causing build/download mismatches.
1 participant
Usage:
Part of #71
Summary by CodeRabbit
New Features
Chores
✏️ Tip: You can customize this high-level summary in your review settings.