[ROSAENG-61017] Onboard openshift-online/rosa-trusted-actions to Prow#81734
[ROSAENG-61017] Onboard openshift-online/rosa-trusted-actions to Prow#81734bergmannf wants to merge 1 commit into
Conversation
Enable Prow merge automation (Tide + plugins) and add an OpenAPI spec validation presubmit job for rosa-trusted-actions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Skipping CI for Draft Pull Request. |
WalkthroughThe change onboards ChangesROSA Trusted Actions onboarding
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 15✅ Passed checks (15 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bergmannf The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
[REHEARSALNOTIFIER]
Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals. Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
ci-operator/config/openshift-online/rosa-trusted-actions/openshift-online-rosa-trusted-actions-main.yaml (1)
4-4: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winPin the build-root image instead of using
:latest.Use an immutable digest or explicitly versioned image tag so CI behavior cannot change without a reviewed configuration change.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@ci-operator/config/openshift-online/rosa-trusted-actions/openshift-online-rosa-trusted-actions-main.yaml` at line 4, Replace the floating :latest tag in the build-root image declaration with an immutable digest or explicitly versioned Node.js image tag, ensuring future image updates require a reviewed configuration change.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In
`@ci-operator/config/openshift-online/rosa-trusted-actions/openshift-online-rosa-trusted-actions-main.yaml`:
- Line 4: Replace the floating :latest tag in the build-root image declaration
with an immutable digest or explicitly versioned Node.js image tag, ensuring
future image updates require a reviewed configuration change.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: f4d0de2d-efda-46b4-9b57-1143a0f2c3c4
⛔ Files ignored due to path filters (2)
ci-operator/jobs/openshift-online/rosa-trusted-actions/OWNERSis excluded by!ci-operator/jobs/**ci-operator/jobs/openshift-online/rosa-trusted-actions/openshift-online-rosa-trusted-actions-main-presubmits.yamlis excluded by!ci-operator/jobs/**
📒 Files selected for processing (5)
ci-operator/config/openshift-online/rosa-trusted-actions/OWNERSci-operator/config/openshift-online/rosa-trusted-actions/openshift-online-rosa-trusted-actions-main.yamlcore-services/prow/02_config/openshift-online/rosa-trusted-actions/OWNERScore-services/prow/02_config/openshift-online/rosa-trusted-actions/_pluginconfig.yamlcore-services/prow/02_config/openshift-online/rosa-trusted-actions/_prowconfig.yaml
Enable Prow merge automation (Tide + plugins) and add an OpenAPI spec validation presubmit job for rosa-trusted-actions.
This is a draft as we are still in the process of renaming the repository from rosa-trusted-actions-server to rosa-trusted-actions
Summary by CodeRabbit
openshift-online/rosa-trusted-actionsto OpenShift CI and Prow.validate-specpresubmit job that runsmake validate-specusing the repository’s Node.js 22 build environment.approvedandlgtmlabels while blocking configured merge-prevention labels.needs-rebaseexternal plugin.