From beb4a563d458d138d9fd1b1a65d381d80cc5d3c8 Mon Sep 17 00:00:00 2001 From: Siddharth Sharma Date: Mon, 13 Apr 2026 12:29:12 -0400 Subject: [PATCH 1/2] packages-openshift.yaml: update for 4.23 Update ocp_version to 4.23 and switch rhel-9.8 repo IDs to match the repo names injected at build time. Drop rhel-9.8-early-kernel as the kernel is now covered by rhel-9-server-ose-rpms. rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED --- packages-openshift.yaml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/packages-openshift.yaml b/packages-openshift.yaml index 7658205b..8db9279a 100644 --- a/packages-openshift.yaml +++ b/packages-openshift.yaml @@ -2,7 +2,7 @@ metadata: # This should match the /etc/os-release manipulation we do below when # injecting `OPENSHIFT_VERSION`. It's used by CI to determine the repos to # inject when building the layered image. - ocp_version: "4.22" + ocp_version: "4.23" conditional-include: - if: @@ -15,11 +15,10 @@ conditional-include: - if: osversion == "rhel-9.8" include: repos: - - rhel-9.8-baseos - - rhel-9.8-appstream - - rhel-9.8-early-kernel - - rhel-9.8-fast-datapath - - rhel-9.8-server-ose-4.22 + - rhel-98-baseos + - rhel-98-appstream + - rhel-9-fast-datapath-rpms + - rhel-9-server-ose-rpms - if: osversion == "rhel-10.2" include: repos: @@ -120,7 +119,7 @@ postprocess: #!/usr/bin/env bash set -xeuo pipefail cat >> /usr/lib/os-release < Date: Mon, 13 Apr 2026 16:57:44 -0400 Subject: [PATCH 2/2] node-image: fix repo handling for Konflux builds ART's art-unsigned.repo uses arch-suffixed section IDs (e.g. [rhel-98-baseos-x86_64]) rather than the plain names referenced in packages-openshift.yaml, causing rpm-ostree treefile-apply to fail with "Unknown repo: '...'" for RHEL builds. Fix by: - Moving `source /etc/os-release` before the repo injection in build-node-image.sh, and only adding the CentOS source .repo files for CentOS/SCOS builds. RHEL builds should only use the repos already injected by ART (art-unsigned.repo) and the yumrepos secret. - Removing the explicit repos: lists from the rhel-9.8 and rhel-10.2 conditional-include blocks in packages-openshift.yaml. Since CentOS repos are no longer added for RHEL builds, there is nothing to restrict; rpm-ostree will use whatever repos ART has configured. rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED --- build-node-image.sh | 9 ++++++--- packages-openshift.yaml | 18 +++--------------- 2 files changed, 9 insertions(+), 18 deletions(-) diff --git a/build-node-image.sh b/build-node-image.sh index 00a6a618..b8d83fc4 100755 --- a/build-node-image.sh +++ b/build-node-image.sh @@ -14,11 +14,14 @@ if [ "${OPENSHIFT_CI}" != 0 ]; then /run/src/ci/get-ocp-repo.sh /etc/yum.repos.d/ocp.repo fi -# add all the repos from the src repo into `/etc/yum.repos.d` so dnf sees them -cat /run/src/*.repo >> /etc/yum.repos.d/git.repo - source /etc/os-release +# add CentOS repos from the source - only needed for CentOS/SCOS builds. +# For RHEL builds, ART injects the correct repos via art-unsigned.repo. +if [ $ID = centos ]; then + cat /run/src/*.repo >> /etc/yum.repos.d/git.repo +fi + # XXX: For SCOS, only allow certain packages to come from ART; everything else # should come from CentOS. We should eventually sever this. if [ $ID = centos ]; then diff --git a/packages-openshift.yaml b/packages-openshift.yaml index 8db9279a..32ccb995 100644 --- a/packages-openshift.yaml +++ b/packages-openshift.yaml @@ -12,21 +12,9 @@ conditional-include: - osversion != "centos-10" include: repos: [ENOEXIST] # We want an error in this case - - if: osversion == "rhel-9.8" - include: - repos: - - rhel-98-baseos - - rhel-98-appstream - - rhel-9-fast-datapath-rpms - - rhel-9-server-ose-rpms - - if: osversion == "rhel-10.2" - include: - repos: - - rhel-10.2-baseos - - rhel-10.2-appstream - - rhel-10.2-early-kernel - - rhel-10.2-fast-datapath - - rhel-10.2-server-ose-4.22 + # rhel-9.8 and rhel-10.2: no explicit repo includes needed. + # ART injects art-unsigned.repo with the correct arch-specific repos. + # build-node-image.sh ensures CentOS repos are not added for RHEL builds. - if: osversion == "centos-9" include: repos: