Skip to content

ROX-34007: Make create-custom-snapshot always run#20016

Open
msugakov wants to merge 39 commits intomasterfrom
misha/change-ccs-activation-cel
Open

ROX-34007: Make create-custom-snapshot always run#20016
msugakov wants to merge 39 commits intomasterfrom
misha/change-ccs-activation-cel

Conversation

@msugakov
Copy link
Copy Markdown
Contributor

@msugakov msugakov commented Apr 15, 2026

Description

but skip real tasks if in PRs where Konflux is not enabled. This is alternative way to do #19892.

With the help of https://pipelinesascode.com/docs/guides/creating-pipelines/cel-expressions/.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

No change.

How I validated my change

What I haven't tested is how it works with tags but I'm sure it should work as expected given that testing with branches went fine.

PR without activation

#20026 - everything gets quickly skipped and the pipeline succeeds.

  1. Push https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-chsbx-determine-actual-build/logs
  2. /test ... comment https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-jjxdb-determine-actual-build/logs
  3. /konflux-retest ... comment https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-nnjzv-determine-actual-build/logs
  4. Label change (not konflux-build) https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-9p5f2-determine-actual-build/logs

PR with konflux in the branch name

#20027 - the tasks get really executed after determine-actual-build gives a green light.
Though I cancel Konflux builds after I see that happening to save on resources.

  1. Push https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-z4wv2-determine-actual-build/logs
  2. /retest ... comment https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-55mrs-determine-actual-build/logs
  3. /konflux-retest ... comment https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-rc882-determine-actual-build/logs
  4. Label change (not konflux-build) https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-5xwz6-determine-actual-build/logs

PR with konflux-build label

#20122 - initially no activation without a label (run), then tasks get really executed after the label is placed.
Though I cancelled pipelines to save resources.

  1. konflux-build label added https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-mmg5j-determine-actual-build/logs
  2. /test ... comment https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-42q8z-determine-actual-build/logs
  3. /konflux-retest ... comment https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-zgs6q-determine-actual-build/logs
  4. Commit push - https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-dr8hk-determine-actual-build/logs
  5. Label change (not konflux-build) https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-vf7gt-determine-actual-build/logs

Then, upon removal of konflux-build, the pipeline does not start at all. It would be nice if it activated but one can anyway push a commit or do something else to trigger the pipeline.

Branch pushes (no PRs)

  1. No pipeline at all on pushing to non-matching branch https://github.com/stackrox/stackrox/commits/misha-test-ccs-no-activation
  2. Activated on pushing to release-* branch (https://github.com/stackrox/stackrox/commits/release-misha-test-cel/) - https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/pipelineruns/create-custom-snapshot-nbx4h/logs?task=determine-actual-build
  3. Activated on /test comment in release-* branch (35c634a#commitcomment-183018739) https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-acs-tenant/applications/acs/taskruns/create-custom-snapshot-2j2ft-determine-actual-build

@msugakov msugakov added do-not-merge/work-in-progress konflux-build Run Konflux in PR. Push commit to trigger it. labels Apr 15, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Apr 15, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@msugakov msugakov force-pushed the misha/change-ccs-activation-cel branch from 1e7d7bc to fec0285 Compare April 15, 2026 09:28
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 15, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.76%. Comparing base (0584c42) to head (e5a23c7).
⚠️ Report is 4 commits behind head on master.

Additional details and impacted files
@@           Coverage Diff           @@
##           master   #20016   +/-   ##
=======================================
  Coverage   49.76%   49.76%           
=======================================
  Files        2767     2767           
  Lines      209544   209544           
=======================================
+ Hits       104275   104284    +9     
+ Misses      97573    97569    -4     
+ Partials     7696     7691    -5     
Flag Coverage Δ
go-unit-tests 49.76% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 15, 2026

🚀 Build Images Ready

Images are ready for commit 01e624c. To use with deploy scripts:

export MAIN_IMAGE_TAG=4.11.x-685-g01e624c2b5

@msugakov
Copy link
Copy Markdown
Contributor Author

Doesn't seem to work. Requested Konflux support https://redhat-internal.slack.com/archives/C04PZ7H0VA8/p1776256616552199

@msugakov msugakov added ci-fail-fast Stop testing after the first test fails (not supported in all test sets) konflux-build Run Konflux in PR. Push commit to trigger it. and removed ci-fail-fast Stop testing after the first test fails (not supported in all test sets) konflux-build Run Konflux in PR. Push commit to trigger it. labels Apr 15, 2026
@msugakov msugakov changed the title Try use CEL in task build: Make create-custom-snapshot always run Apr 15, 2026
@msugakov msugakov changed the title build: Make create-custom-snapshot always run ROX-34007: Make create-custom-snapshot always run Apr 15, 2026
@stackrox stackrox deleted a comment from red-hat-konflux bot Apr 15, 2026
@stackrox stackrox deleted a comment from red-hat-konflux bot Apr 15, 2026
Comment thread .tekton/create-custom-snapshot.yaml Outdated
}

is_pull_request="false"
[[ "{{ pull_request_number }}" == "" ]] || is_pull_request="true"
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also saw that the pull request number was literally "{{ pull_request_number }}"

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I learned when it's literally "{{ pull_request_number }}" it means this pipeline runs for branch (or tag) push. Checking for empty string is unnecessary in this case but I'd still keep it.

[[ "{{ pull_request_number }}" == "" ]] || is_pull_request="true"
assert_boolean is_pull_request "pull_request_number: {{ pull_request_number }}"

is_matching_target_branch='{{ cel: target_branch.startsWith("release-") }}'
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is interesting. Can {{ cel: ...}} be used anywhere? Are there other templating sources documented?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment thread .tekton/create-custom-snapshot.yaml Outdated
- name: post-metric-start
taskRef: *post-bigquery-metrics-ref

# TODO: event_type=on-comment and the rest
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is "the rest"?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a leftover from the time before I did the full round of testing. Now this comment is gone.

Copy link
Copy Markdown
Contributor

@tommartensen tommartensen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is interesting, if you want, please continue investigating!

@msugakov msugakov force-pushed the misha/change-ccs-activation-cel branch from 01e624c to e5a23c7 Compare April 21, 2026 11:30
@msugakov msugakov marked this pull request as ready for review April 21, 2026 11:30
@msugakov msugakov requested review from a team and rhacs-bot as code owners April 21, 2026 11:31
@rhacs-bot rhacs-bot requested a review from a team April 21, 2026 11:31
@msugakov
Copy link
Copy Markdown
Contributor Author

Had to rebase because Style GHA job wasn't happy for unrelated reason.

@msugakov msugakov requested a review from tommartensen April 21, 2026 11:31
@tommartensen
Copy link
Copy Markdown
Contributor

Then, upon removal of konflux-build, the pipeline does not start at all. It would be nice if it activated but one can anyway push a commit or do something else to trigger the pipeline.

Scenario: PR with konflux-build label. Full Konflux pipelines fail and create-custom-snapshot is red. Engineer decides they don't want Konflux builds after all and remove label konflux-build. Where can we tell them that re-running the pipeline will make it green?

@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Apr 21, 2026

@msugakov: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/gke-ui-e2e-tests e5a23c7 link true /test gke-ui-e2e-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

konflux-build Run Konflux in PR. Push commit to trigger it.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants