RHOAIENG-25226: update params-latest.env references to new konflux repositories #1118
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hmm, our CI doesn't have access to these repositories neither 😢 https://github.com/opendatahub-io/notebooks/actions/runs/15115580363/job/42485298409?pr=1118 |
|
we don't have opendatahub-io konflux builds yet, so this is on hold |
|
FWI: We have a new set of registries for py312 under opendatahub org (filter out by py 312 or 311 version here)
and also we need to add the notebooks repo also here: https://github.com/opendatahub-io/odh-konflux-central/blob/main/.github/workflows/odh-konflux-release-onboarder.yml NOTE: the registry name does not include the |
|
Caution There are some errors in your PipelineRun template.
List of images referenced from the Python code generation scripts for Tekton pipelines.The structure of this file must be compatible withhttps://docs.renovatebot.com/modules/manager/tekton/Specifically, see
|
WalkthroughThe environment parameter file was updated to replace fully qualified external image URLs with internal image names including SHA256 digests. This change applies uniformly to all listed images for different runtimes and Python versions. No code or exported entities were modified. Changes
Poem
Possibly related PRs
📜 Recent review detailsConfiguration used: .coderabbit.yaml 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
✨ Finishing Touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
manifests/base/params-latest.env(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-16T11:32:09.203Z
Learning: In the opendatahub-io/notebooks repository, there is a known issue with missing `runtimes/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml` file that causes rocm runtime tests to fail with "no such file or directory" error. This is tracked in JIRA RHOAIENG-22044 and was intended to be fixed in PR #1015.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/test/test_notebook.ipynb:22-29
Timestamp: 2025-07-02T18:27:51.097Z
Learning: jiridanek consistently creates comprehensive follow-up GitHub issues from PR review comments in opendatahub-io/notebooks, turning specific code quality concerns into systematic improvements tracked with proper context, acceptance criteria, and cross-references. Issue #1266 demonstrates this pattern by expanding a specific error handling concern in load_expected_versions() into a repository-wide improvement initiative.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-30T19:44:57.656Z
Learning: In the opendatahub-io/notebooks repository, jiridanek effectively manages comprehensive PR reviews by tracking all feedback as follow-up GitHub issues rather than blocking merge of high-quality implementations. This demonstrates excellent project management practices for balancing current deliverables with future improvements.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1306
File: jupyter/trustyai/ubi9-python-3.12/test/test_notebook.ipynb:71-88
Timestamp: 2025-07-04T06:05:30.580Z
Learning: jiridanek requested GitHub issue creation for TrustyAI test notebook URL configurability and network error handling improvements during PR #1306 review. Issue #1323 was created with ⚠️ emoji in title for visibility, comprehensive problem description covering incorrect hardcoded URLs (pointing to Python 3.11 instead of 3.12), missing network error handling, maintenance burden, multiple solution options with code examples, phased acceptance criteria, implementation guidance, testing approach, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/kustomize/base/service.yaml:5-15
Timestamp: 2025-07-02T18:59:15.788Z
Learning: jiridanek creates targeted GitHub issues for specific test quality improvements identified during PR reviews in opendatahub-io/notebooks. Issue #1268 demonstrates this by converting a review comment about insufficient tf2onnx conversion test validation into a comprehensive improvement plan with clear acceptance criteria, code examples, and ROCm-specific context.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-03T13:33:55.209Z
Learning: jiridanek requested GitHub issue creation for smart-open library S3/GCS backend compatibility concern in PR #1269. Issue #1296 was successfully created with comprehensive problem description, acceptance criteria, implementation guidance, testing approach, and proper context linking, following the established pattern of systematic issue tracking for technical improvements.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-03T12:44:00.167Z
Learning: jiridanek requested GitHub issue creation for smart-open library S3/GCS backend compatibility concern in PR #1269. Issue #1289 was successfully created with comprehensive problem description, acceptance criteria, implementation guidance, testing approach, and proper context linking, following the established pattern of systematic issue tracking for technical improvements.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1258
File: codeserver/ubi9-python-3.11/Dockerfile.cpu:55-56
Timestamp: 2025-07-03T08:22:25.348Z
Learning: jiridanek directs security concerns raised during PR reviews to existing comprehensive security issues rather than addressing them in individual PRs. Issue #1241 "Security: Add checksum verification for downloaded binaries in Python 3.12 images" serves as the central tracking issue for all binary download security concerns across the opendatahub-io/notebooks repository.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1306
File: jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu:4-4
Timestamp: 2025-07-04T05:49:10.314Z
Learning: jiridanek directs base image pinning security concerns to existing comprehensive issue #1242 "Improve Docker FROM image versioning by avoiding :latest tags" rather than addressing them in individual PRs, continuing the established pattern of systematic security and quality tracking in opendatahub-io/notebooks.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm:56-66
Timestamp: 2025-07-02T18:19:49.397Z
Learning: jiridanek consistently creates comprehensive follow-up GitHub issues for security concerns raised during PR reviews in opendatahub-io/notebooks, ensuring systematic tracking and resolution of supply-chain security improvements like GPG signature verification for package repositories.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-tensorflow-notebook-imagestream.yaml:45-45
Timestamp: 2025-06-13T08:34:01.300Z
Learning: When updating dependency versions in `manifests/base/*-imagestream.yaml`, the project convention is to modify only the newest tag (e.g., "2025.1") and intentionally leave earlier tags (e.g., "2024.2") unchanged.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1269
File: codeserver/ubi9-python-3.12/nginx/root/usr/share/container-scripts/nginx/common.sh:1-3
Timestamp: 2025-07-03T12:07:19.365Z
Learning: jiridanek consistently requests GitHub issue creation for technical improvements identified during code reviews in opendatahub-io/notebooks, ensuring systematic tracking of code quality enhancements like shell script portability issues with comprehensive descriptions, solution options, and acceptance criteria.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1269
File: codeserver/ubi9-python-3.12/utils/process.sh:17-19
Timestamp: 2025-07-03T14:00:00.909Z
Learning: jiridanek efficiently identifies when CodeRabbit review suggestions are already covered by existing comprehensive issues, demonstrating excellent issue management and avoiding duplicate tracking of the same improvements across multiple locations.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1151
File: jupyter/tensorflow/ubi9-python-3.12/test/test_notebook.ipynb:31-34
Timestamp: 2025-07-01T07:03:05.385Z
Learning: jiridanek demonstrates excellent pattern recognition for identifying duplicated code issues across the opendatahub-io/notebooks repository. When spotting a potential problem in test notebooks, he correctly assesses that such patterns are likely replicated across multiple similar files rather than being isolated incidents, leading to more effective systematic solutions.
manifests/base/params-latest.env (13)
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-tensorflow-notebook-imagestream.yaml:45-45
Timestamp: 2025-06-13T08:34:01.300Z
Learning: When updating dependency versions in `manifests/base/*-imagestream.yaml`, the project convention is to modify only the newest tag (e.g., "2025.1") and intentionally leave earlier tags (e.g., "2024.2") unchanged.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1154
File: manifests/base/jupyter-pytorch-notebook-imagestream.yaml:0-0
Timestamp: 2025-06-16T11:06:33.139Z
Learning: In the opendatahub-io/notebooks repository, N-1 versions of images in manifest files (like imagestream.yaml files) should not be updated regularly. The versions of packages like codeflare-sdk in N-1 images are frozen to what was released when the image was moved from N to N-1 version. N-1 images are only updated for security vulnerabilities of packages, not for regular version bumps. This is why the version of packages in N-1 images may be quite old compared to the latest N version.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1306
File: jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu:4-4
Timestamp: 2025-07-04T05:49:10.314Z
Learning: jiridanek directs base image pinning security concerns to existing comprehensive issue #1242 "Improve Docker FROM image versioning by avoiding :latest tags" rather than addressing them in individual PRs, continuing the established pattern of systematic security and quality tracking in opendatahub-io/notebooks.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1269
File: codeserver/ubi9-python-3.12/kustomize/base/pod.yaml:11-11
Timestamp: 2025-07-03T16:17:17.301Z
Learning: jiridanek requested GitHub issue creation for renaming placeholder image reference in codeserver/ubi9-python-3.12/kustomize/base/pod.yaml during PR #1269 review to improve code self-documentation. Issue #1313 was created with comprehensive problem description, multiple implementation options (UPPERCASE_WITH_UNDERSCORES, lowercase-with-dashes, environment variable style), acceptance criteria, and proper context linking, continuing the established pattern of systematic code quality improvements through detailed issue tracking.
Learnt from: grdryn
PR: opendatahub-io/notebooks#1320
File: rstudio/rhel9-python-3.11/Dockerfile.cuda:34-35
Timestamp: 2025-07-04T10:41:13.061Z
Learning: In the opendatahub-io/notebooks repository, when adapting NVIDIA CUDA Dockerfiles, the project intentionally maintains consistency with upstream NVIDIA patterns even when it might involve potential risks like empty variable expansions in package installation commands. This is considered acceptable because the containers only run on RHEL 9 with known yum/dnf behavior, and upstream consistency is prioritized over defensive coding practices.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-26T16:19:31.295Z
Learning: In the opendatahub-io/notebooks repository, the Playwright Docker image version in `.github/workflows/build-notebooks-TEMPLATE.yaml` (format: `mcr.microsoft.com/playwright:v1.53.1-noble`) must always match the `@playwright/test` version specified in the `tests/browser/package.json` file. Both versions need to be updated together to maintain consistency between CI/CD pipeline and project dependencies.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-26T16:19:31.295Z
Learning: In the opendatahub-io/notebooks repository, the Playwright Docker image version in `.github/workflows/build-notebooks-TEMPLATE.yaml` (format: `mcr.microsoft.com/playwright:v1.53.1-noble`) must always match the `@playwright/test` version specified in the `tests/browser/package.json` file. Both versions need to be updated together to maintain consistency between CI/CD pipeline and project dependencies.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-06-16T11:32:09.203Z
Learning: In the opendatahub-io/notebooks repository, there is a known issue with missing `runtimes/rocm/pytorch/ubi9-python-3.11/kustomize/base/kustomization.yaml` file that causes rocm runtime tests to fail with "no such file or directory" error. This is tracked in JIRA RHOAIENG-22044 and was intended to be fixed in PR #1015.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm:34-37
Timestamp: 2025-07-02T18:19:23.024Z
Learning: In the opendatahub-io/notebooks repository, issue #1241 "Security: Add checksum verification for downloaded binaries in Python 3.12 images" covers the security concern about verifying downloaded binaries including the oc client. Red Hat does not provide signed RPM packages for the OpenShift CLI (oc) in UBI9 official repositories, making manual binary download with checksum verification the recommended approach.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1259
File: jupyter/rocm/tensorflow/ubi9-python-3.12/Pipfile:13-15
Timestamp: 2025-07-03T07:03:45.020Z
Learning: The Python 3.11 infrastructure for ROCm TensorFlow images in opendatahub-io/notebooks is already properly configured in the Makefile with both BASE_DIRS entries for Pipfile lock renewals and all-images targets for CI builds, requiring only commenting out the corresponding Python 3.12 entries when downgrading due to wheel availability issues.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1218
File: jupyter/datascience/ubi9-python-3.11/Pipfile:34-36
Timestamp: 2025-06-28T14:13:27.890Z
Learning: In the opendatahub-io/notebooks repository, the dependency pinning strategy follows a deliberate pattern: core `jupyterlab` package uses exact pinning (==) across all notebook images to ensure UI consistency, while JupyterLab extensions and all server components (jupyter-server, jupyter-server-proxy, jupyter-server-terminals) use compatible release (~=) pinning to allow automatic security updates and bug fixes while maintaining API compatibility.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#0
File: :0-0
Timestamp: 2025-07-01T10:41:56.419Z
Learning: jiridanek's team uses containerized dependency locking for cross-platform compatibility in opendatahub-io/notebooks. They run `pipenv lock` inside UBI9 containers with specific platform arguments (`--platform=linux/amd64 --python-version 3.12`) to avoid host OS dependency conflicts when generating Pipfile.lock files.
Learnt from: jiridanek
PR: opendatahub-io/notebooks#1151
File: jupyter/tensorflow/ubi9-python-3.12/kustomize/base/statefulset.yaml:11-17
Timestamp: 2025-07-01T06:50:37.115Z
Learning: jiridanek manages StatefulSet selector issues systematically across multiple images in opendatahub-io/notebooks. When the same configuration issue (empty spec.selector and template.metadata.labels) appears in different images like jupyter/minimal and jupyter/tensorflow, he tracks them under a single coordinated effort rather than creating duplicate issues for each affected image.
🪛 GitHub Actions: Validation of image references (image SHAs) in params.env and runtime images
manifests/base/params-latest.env
[error] 1-1: Image definition for 'odh-workbench-jupyter-minimal-cpu-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-jupyter-minimal-cuda-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-jupyter-minimal-rocm-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-jupyter-datascience-cpu-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-jupyter-pytorch-cuda-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-jupyter-pytorch-rocm-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-jupyter-tensorflow-cuda-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-jupyter-tensorflow-rocm-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-jupyter-trustyai-cpu-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-codeserver-datascience-cpu-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-rstudio-minimal-cpu-py311-c9s-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-workbench-rstudio-minimal-cuda-py311-c9s-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-pipeline-runtime-minimal-cpu-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-pipeline-runtime-datascience-cpu-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-pipeline-runtime-pytorch-cuda-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-pipeline-runtime-pytorch-rocm-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-pipeline-runtime-tensorflow-cuda-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: Image definition for 'odh-pipeline-runtime-tensorflow-rocm-py311-ubi9-n' isn't okay due to unauthorized access error when downloading image config metadata with skopeo tool.
[error] 1-1: The 'manifests/base/params-latest.env' file isn't valid due to multiple unauthorized access errors when validating image definitions.
|
@jiridanek I've made some corrections, rebased the branch, and added the new Python 3.12 references. When you get a chance, please take a look. @moulalis Could you also create registries for RStudio? In upstream, we prebuild these images. |
jiridanek
added
ok-to-test
tide/merge-method-squash
|
@jiridanek: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
…flux/component-updates/component-update-odh-workbench-jupyter-tensorflow-cuda-py311-ubi9-n-v2-23 chore(deps): update odh-workbench-jupyter-tensorflow-cuda-py311-ubi9-n-v2-23 to 5fed803
…py312 version (opendatahub-io#1118) Co-authored-by: atheo89 <[email protected]>
…py312 version (opendatahub-io#1118) Co-authored-by: atheo89 <[email protected]>
4 participants
Related to: https://issues.redhat.com/browse/RHOAIENG-28188
Description
How Has This Been Tested?
no testing
@moulalis I'm unable to see the new repos in https://quay.io/organization/opendatahub, for example https://quay.io/opendatahub/odh-workbench-jupyter-minimal-cpu-py311-ubi9-n gives me 403.
Merge criteria:
Summary by CodeRabbit