[WIP] Manually bump to 1.36.0

[pierDipi]

When we bump the metadata for a major version, images are not yet available for SO components on
the Konflux registry, so we use the :latest tag temporarily by passing "true" as argument to
various latest_* functions.

Eventually, once images are available, SHAs will be replaced/used.

Part of #2989

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[pierDipi]

@mgencur this is the issue SERVERLESS_BUNDLE in dockerfile.sh is empty

[pierDipi]

++++ skopeo inspect --no-tags=true docker://quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-136/serverless-bundle:latest
++++ jq -r .Digest
FATA[0001] Error parsing image name "docker://quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-136/serverless-bundle:latest": reading manifest latest in quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-136/serverless-bundle: unauthorized: access to the requested resource is not authorized 
++++ echo ''
+++ digest=
+++ '[' '' = '' ']'
+++ '[' false = true ']'
+++ echo ''
+++ return
++ image=
++ [[ '' == '' ]]
+++ image_with_sha registry.ci.openshift.org/knative/serverless-bundle:release-1.36.0
+++ image=registry.ci.openshift.org/knative/serverless-bundle:release-1.36.0
+++ return_input_on_empty=false
++++ skopeo inspect --no-tags=true docker://registry.ci.openshift.org/knative/serverless-bundle:release-1.36.0
++++ jq -r .Digest
FATA[0000] Error parsing image name "docker://registry.ci.openshift.org/knative/serverless-bundle:release-1.36.0": reading manifest release-1.36.0 in registry.ci.openshift.org/knative/serverless-bundle: manifest unknown 

it can't find either
quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-136/serverless-bundle
registry.ci.openshift.org/knative/serverless-bundle:release-1.36.0

(expected)

[pierDipi]

I'm wondering if we need to also fallback to knative-main in get_bundle_for_version when not even CI registry.ci.openshift.org/knative/serverless-bundle:release-1.36.0 is available?

  # As a backup, try also CI registry.
  if [[ "${image}" == "" ]]; then
    image=$(image_with_sha "registry.ci.openshift.org/knative/serverless-bundle:release-${version}")
  fi
  if [[ "${image}" == "" ]]; then
    image=$(image_with_sha "registry.ci.openshift.org/knative/serverless-bundle:knative-main")
  fi

[mgencur]

This will fix it for the Dockerfile: https://gist.github.com/mgencur/5316c4655abcb92e28a3455ee02a0b5f
But I'm still checking if the final catalog can be generated properly if the latest bundle doesn't exist yet.

[mgencur]

My solution can't build the catalog properly because it requires the image to exist:

INFO    16:41:10.114 Generating catalog for OCP 4.14
INFO[0000] rendering index "registry.redhat.io/redhat/redhat-operator-index:v4.14" as file-based catalog 
INFO[0404] wrote rendered file-based catalog to "/tmp/knative.JC1YvFt4/tmp.hVU6K2GqdC" 
FATA[0002] Error parsing image name "docker://quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-136/serverless-bundle:latest": reading manifest latest in quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-136/serverless-bundle: unauthorized: access to the requested resource is not authorized 
2024/11/27 16:49:45 render reference "quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-136/serverless-bundle:latest": error resolving name for image ref quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-136/serverless-bundle:latest: unexpected status from HEAD request to https://quay.io/v2/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-136/serverless-bundle/manifests/latest: 401 UNAUTHORIZED
ERROR   16:49:45.652 🚨 Error (code: 1) occurred at ./hack/generate/catalog.sh:49, with command: opm alpha render-template basic --migrate-level="$level" "${catalog_template}" -oyaml > "${index_dir}/v${ocp_version}/catalog/serverless-operator/catalog.yaml"

[pierDipi]

maybe if it doesn't, we can keep it that way for a few days until the new bundle is in there, the new bundle will be available as soon as we merge PRs like this one

[mgencur]

So, yeah. We could fall back to registry.ci.openshift.org/knative/serverless-bundle:knative-main

[mgencur]

Nit. Not sure the formatting change is intentional?

[pierDipi]

the command go run ./hack/cmd/bumpso/bumpso.go --branch release-1.35 decided the format for some reason

[mgencur]

/lgtm

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 511168a and 2 for PR HEAD 2b9b69a in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 511168a and 2 for PR HEAD 2b9b69a in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 511168a and 2 for PR HEAD 2b9b69a in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 511168a and 2 for PR HEAD 2b9b69a in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 511168a and 2 for PR HEAD 2b9b69a in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 511168a and 2 for PR HEAD 2b9b69a in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 511168a and 2 for PR HEAD 2b9b69a in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 511168a and 2 for PR HEAD 2b9b69a in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD baf5e6a and 2 for PR HEAD 2b9b69a in total

[mgencur]

This needs rebase now.

[mgencur]

/lgtm

[pierDipi]

Since the other bot PR conflicts, I'm adjusting the release merge order and removing conflicting commits from bots

[mgencur]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mgencur, pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mgencur,pierDipi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[pierDipi]

cp: cannot stat '/go/src/github.com/openshift-knative/serverless-operator//go/src/github.com/openshift-knative/serverless-operator/olm-catalog/serverless-operator-index/Dockerfile': No such file or directory
13:13:20.223 ERROR:   🚨 Error (code: 1) occurred at ./hack/lib/catalogsource.bash:217, with command: tmp_dockerfile=$(replace_images "${from_dir}/${dockerfile_path}")

[openshift-ci]

New changes are detected. LGTM label has been removed.

[pierDipi]

Upgrade test failed to install the previous version:

             "conditions": [
                    {
                        "lastTransitionTime": "2024-11-29T12:37:37Z",
                        "lastUpdateTime": "2024-11-29T12:37:37Z",
                        "message": "requirements not yet checked",
                        "phase": "Pending",
                        "reason": "RequirementsUnknown"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:37:37Z",
                        "lastUpdateTime": "2024-11-29T12:37:37Z",
                        "message": "one or more requirements couldn't be found",
                        "phase": "Pending",
                        "reason": "RequirementsNotMet"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:37:40Z",
                        "lastUpdateTime": "2024-11-29T12:37:40Z",
                        "message": "all requirements found, attempting install",
                        "phase": "InstallReady",
                        "reason": "AllRequirementsMet"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:37:41Z",
                        "lastUpdateTime": "2024-11-29T12:37:41Z",
                        "message": "waiting for install components to report healthy",
                        "phase": "Installing",
                        "reason": "InstallSucceeded"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:37:41Z",
                        "lastUpdateTime": "2024-11-29T12:37:42Z",
                        "message": "installing: waiting for deployment knative-operator-webhook to become ready: deployment \"knative-operator-webhook\" not available: Deployment does not have minimum availability.",
                        "phase": "Installing",
                        "reason": "InstallWaiting"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:42:41Z",
                        "lastUpdateTime": "2024-11-29T12:42:41Z",
                        "message": "install timeout",
                        "phase": "Failed",
                        "reason": "InstallCheckFailed"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:42:42Z",
                        "lastUpdateTime": "2024-11-29T12:42:42Z",
                        "message": "installing: waiting for deployment knative-operator-webhook to become ready: deployment \"knative-operator-webhook\" not available: Deployment does not have minimum availability.",
                        "phase": "Pending",
                        "reason": "NeedsReinstall"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:42:42Z",
                        "lastUpdateTime": "2024-11-29T12:42:42Z",
                        "message": "all requirements found, attempting install",
                        "phase": "InstallReady",
                        "reason": "AllRequirementsMet"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:42:43Z",
                        "lastUpdateTime": "2024-11-29T12:42:43Z",
                        "message": "waiting for install components to report healthy",
                        "phase": "Installing",
                        "reason": "InstallSucceeded"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:42:43Z",
                        "lastUpdateTime": "2024-11-29T12:42:44Z",
                        "message": "installing: waiting for deployment knative-operator-webhook to become ready: deployment \"knative-operator-webhook\" not available: Deployment does not have minimum availability.",
                        "phase": "Installing",
                        "reason": "InstallWaiting"
                    },
                    {
                        "lastTransitionTime": "2024-11-29T12:47:42Z",
                        "lastUpdateTime": "2024-11-29T12:47:42Z",
                        "message": "install failed: deployment knative-operator-webhook not ready before timeout: deployment \"knative-operator-webhook\" exceeded its progress deadline",
                        "phase": "Failed",
                        "reason": "InstallCheckFailed"
                    }

[pierDipi]

                "containerStatuses": [
                    {
                        "image": "registry.redhat.io/openshift-serverless-1/serverless-openshift-kn-rhel8-operator@sha256:d246f92cd503a276324159252c4856c25ae84f156c9307da84cf683e52a64e9e",
                        "imageID": "",
                        "lastState": {},
                        "name": "knative-operator",
                        "ready": false,
                        "restartCount": 0,
                        "started": false,
                        "state": {
                            "waiting": {
                                "message": "Back-off pulling image \"registry.redhat.io/openshift-serverless-1/serverless-openshift-kn-rhel8-operator@sha256:d246f92cd503a276324159252c4856c25ae84f156c9307da84cf683e52a64e9e\"",
                                "reason": "ImagePullBackOff"
                            }
                        }
                    }
                ],

[creydr]

ICSP seems to be OK:

serverless-operator/olm-catalog/serverless-operator-index/image_content_source_policy.yaml

Lines 155 to 156 in af4586a

	- mirrors: ["quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-135/serverless-openshift-kn-operator"]
	source: "registry.redhat.io/openshift-serverless-1/serverless-openshift-kn-rhel8-operator"

But image is missing in quay:

docker pull quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-135/serverless-openshift-kn-operator@sha256:d246f92cd503a276324159252c4856c25ae84f156c9307da84cf683e52a64e9e
Error response from daemon: manifest for quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-135/serverless-openshift-kn-operator@sha256:d246f92cd503a276324159252c4856c25ae84f156c9307da84cf683e52a64e9e not found: manifest unknown: manifest unknown

[pierDipi]

The problem is: the previous version is using the official images and we don't apply the ImageContentSourcePolicy but I'm not sure how do we need to configure the ImageContentSourcePolicy to handle multiple versions for the source "source"

[creydr]

The problem is: the previous version is using the official images and we don't apply the ImageContentSourcePolicy but I'm not sure how do we need to configure the ImageContentSourcePolicy to handle multiple versions for the source "source"

Not sure if I get the first part, but regarding "handling multiple versions for a source": mirrors in the ICSP is an array

[openshift-merge-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@pierDipi: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/417-test-upgrade-aws-417	af4586a	link	true	/test 417-test-upgrade-aws-417
ci/prow/417-upstream-e2e	0c609d4	link	false	/test 417-upstream-e2e
ci/prow/417-upstream-e2e-kafka	0c609d4	link	false	/test 417-upstream-e2e-kafka
ci/prow/417-images	0c609d4	link	true	/test 417-images
ci/prow/417-test-upgrade	0c609d4	link	true	/test 417-test-upgrade
ci/prow/417-operator-e2e	0c609d4	link	true	/test 417-operator-e2e

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.