Skip to content

feat: add workflow to trigger image rebuilds across downstream repos#577

Merged
pramodbindal merged 7 commits intomainfrom
feat/trigger-image-rebuilds
Mar 26, 2026
Merged

feat: add workflow to trigger image rebuilds across downstream repos#577
pramodbindal merged 7 commits intomainfrom
feat/trigger-image-rebuilds

Conversation

@waveywaves
Copy link
Collaborator

@waveywaves waveywaves commented Mar 24, 2026

Summary

  • Adds a new manually-dispatched GitHub Actions workflow trigger-image-rebuilds.yaml
  • Triggers Konflux image rebuilds by updating .konflux/patches/.placeholder in each downstream repo
  • Creates the .placeholder file if it doesn't already exist in a repo
  • Uses the GitHub Contents API to commit directly (same pattern as tektoncd-results@e106311)

Inputs

Input Required Description
version Yes Release version (e.g., 1.15, 1.22, next) — maps to release-v{version}.x branch (next maps to main)
repo No Filter to a specific downstream repo name (empty = all repos)

How it works

  1. Reads all downstream repo names from config/downstream/repos/*.yaml
  2. For each repo, checks if the target branch exists
  3. Checks if .konflux/patches/.placeholder exists on that branch
  4. Creates or updates the file with rebuild <timestamp> content
  5. The commit triggers Konflux to rebuild images

Test plan

  • Dispatch workflow with version=1.15 and repo=tektoncd-results to test single-repo mode
  • Verify the .placeholder file is updated and a Konflux build is triggered
  • Dispatch with version=1.15 and empty repo to test all-repos mode

waveywaves and others added 6 commits March 24, 2026 17:07
@waveywaves @claude
feat: add workflow to trigger image rebuilds across downstream repos
0fffd94 
Adds a manually-dispatched workflow that triggers Konflux image rebuilds
by updating .konflux/patches/.placeholder in each downstream repo.
Creates the placeholder file if it doesn't already exist.

Inputs:
- version: release version (e.g., "1.15", "next")
- repo: optional filter to target a specific repo

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@waveywaves @claude
fix: add input validation and strict error handling
361532b 
- Add set -euo pipefail to catch silent failures
- Validate version format (must be 'next' or 'X.Y')
- Detect repo name typos (error when target repo not found in config)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@waveywaves @claude
fix: collapse duplicated PUT paths, add error handling on API calls
65dff27 
- Merge identical update/create code paths into one with conditional SHA arg
- Check PUT exit code and track FAILED counter separately
- Remove --silent so API errors are visible in workflow logs
- Use base64 -w 0 to prevent platform-dependent line wrapping
- Exit non-zero if any repo failed

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@waveywaves @claude
fix: add concurrency control to prevent parallel dispatch races
65b8f12 
Prevents two dispatches for the same version from racing on SHA
fetch/PUT across repos. Matches pattern used by generate-konflux.yaml.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@waveywaves @claude
fix: pin yq to v4.52.4 with SHA256 checksum verification
b1b0427 
Prevents supply chain attacks and breaking changes from unpinned
latest version. Verifies checksum before installing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@waveywaves @claude
feat: add GitHub Step Summary with per-repo results table
ec350d8 
Writes a markdown summary with repo links, branch, status, and
commit links so operators can verify rebuilds without checking
each repo individually.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pramodbindal
pramodbindal reviewed Mar 24, 2026
View reviewed changes
.github/workflows/trigger-image-rebuilds.yaml
exit 1
fi

if [[ "$VERSION" == "next" ]]; then
Copy link
Member

@pramodbindal pramodbindal Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for next version branch is next only

@divyansh42
Copy link
Collaborator

divyansh42 commented Mar 24, 2026

@waveywaves I think this will only work for the new config. i.e 1.21 and above
For the older config we need to have another workflow

@waveywaves @claude
fix: use 'next' branch instead of 'main' for next version
e863f21 
Downstream repos use a 'next' branch, not 'main'.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@waveywaves
Copy link
Collaborator Author

waveywaves commented Mar 24, 2026

@divyansh42 Thanks for the review! I looked into this and both old (1.15) and new (1.22) versions have .konflux/patches/*** in their CEL trigger filters:

# 1.15 (tektoncd-pipeline controller push)
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
  == "release-v1.15.x" &&
  ("upstream/***".pathChanged() || ".konflux/patches/***".pathChanged() || ".konflux/rpms/***".pathChanged() || ...)

# 1.22 (tektoncd-pipeline controller push)
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
  == "release-v1.22.x" &&
  ("upstream/***".pathChanged() || ".konflux/patches/***".pathChanged() || ".konflux/rpms/***".pathChanged() || ...)

So touching .konflux/patches/.placeholder should trigger builds on both old and new configs. Could you clarify what specifically about the old config (< 1.21) would not work with this approach? Is it something at the Konflux application/component level or a different repo structure?

Also fixed @pramodbindal's comment — next version now maps to the next branch instead of main.

@pramodbindal
Copy link
Member

pramodbindal commented Mar 25, 2026

@divyansh42 Thanks for the review! I looked into this and both old (1.15) and new (1.22) versions have .konflux/patches/*** in their CEL trigger filters:

# 1.15 (tektoncd-pipeline controller push)
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
  == "release-v1.15.x" &&
  ("upstream/***".pathChanged() || ".konflux/patches/***".pathChanged() || ".konflux/rpms/***".pathChanged() || ...)

# 1.22 (tektoncd-pipeline controller push)
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
  == "release-v1.22.x" &&
  ("upstream/***".pathChanged() || ".konflux/patches/***".pathChanged() || ".konflux/rpms/***".pathChanged() || ...)

So touching .konflux/patches/.placeholder should trigger builds on both old and new configs. Could you clarify what specifically about the old config (< 1.21) would not work with this approach? Is it something at the Konflux application/component level or a different repo structure?

Also fixed @pramodbindal's comment — next version now maps to the next branch instead of main.

We are migrating all the releases to follow same pattern.

@divyansh42
Copy link
Collaborator

divyansh42 commented Mar 25, 2026

@divyansh42 Thanks for the review! I looked into this and both old (1.15) and new (1.22) versions have .konflux/patches/*** in their CEL trigger filters:

# 1.15 (tektoncd-pipeline controller push)
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
  == "release-v1.15.x" &&
  ("upstream/***".pathChanged() || ".konflux/patches/***".pathChanged() || ".konflux/rpms/***".pathChanged() || ...)

# 1.22 (tektoncd-pipeline controller push)
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
  == "release-v1.22.x" &&
  ("upstream/***".pathChanged() || ".konflux/patches/***".pathChanged() || ".konflux/rpms/***".pathChanged() || ...)

So touching .konflux/patches/.placeholder should trigger builds on both old and new configs. Could you clarify what specifically about the old config (< 1.21) would not work with this approach? Is it something at the Konflux application/component level or a different repo structure?
Also fixed @pramodbindal's comment — next version now maps to the next branch instead of main.

We are migrating all the releases to follow same pattern.

Thanks for clarifying that @pramodbindal
Yes, what I meant is config structure, earlier we were using different config structure for 1.20 and below release but now it is same for all the version.
I added the comment as I wasn't aware about the change.
Thanks @waveywaves

@pramodbindal pramodbindal added this pull request to the merge queue Mar 26, 2026
Merged via the queue into main with commit 2e7319a Mar 26, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pramodbindal pramodbindal pramodbindal approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@waveywaves @divyansh42 @pramodbindal