Skip to content

Add script to update ReleasePlan Jira fixVersion query#449

Open
AnnaZivkovic wants to merge 1 commit into
openshift:mainfrom
AnnaZivkovic:update-RP
Open

Add script to update ReleasePlan Jira fixVersion query#449
AnnaZivkovic wants to merge 1 commit into
openshift:mainfrom
AnnaZivkovic:update-RP

Conversation

@AnnaZivkovic

@AnnaZivkovic AnnaZivkovic commented Jul 8, 2026

Copy link
Copy Markdown

Adds hack/update-releaseplan-jira-query.sh to patch the Jira collector fixVersion on the ReleasePlan CR each release cycle.

Usage: hack/update-releaseplan-jira-query.sh

Summary by CodeRabbit

  • Chores
    • Added a utility script that updates the ReleasePlan Jira query based on a specified release version.
    • Improved input validation to accept only safe version formats.
    • Added an automatic verification step to confirm the updated query was correctly applied and persisted after the change.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ad306f86-4b73-47ed-9f63-692810883c9c

📥 Commits

Reviewing files that changed from the base of the PR and between 8ac995a and 7529b40.

📒 Files selected for processing (1)
  • hack/update-releaseplan-jira-query.sh
🚧 Files skipped from review as they are similar to previous changes (1)
  • hack/update-releaseplan-jira-query.sh

Walkthrough

Adds a new bash script that accepts a fix-version argument, builds a Jira JQL query, patches a ReleasePlan collector query with oc patch, and verifies the updated value with oc get and jsonpath.

Changes

Release Plan Jira Query Script

Layer / File(s) Summary
Script workflow
hack/update-releaseplan-jira-query.sh
Validates a required fix-version argument, checks allowed characters, builds the Jira query, patches the ReleasePlan collector parameter, and verifies the stored value matches the expected query.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the new script that updates the ReleasePlan Jira fixVersion query.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only adds a shell script; no Ginkgo tests or test titles were added or changed.
Test Structure And Quality ✅ Passed PR only adds a shell script; no Ginkgo/test files were changed, so the test-structure check is not applicable.
Microshift Test Compatibility ✅ Passed Only a Bash hack script was added; no Ginkgo e2e tests or MicroShift-relevant API usage changed.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Only a shell script was added; no Ginkgo tests or cluster-topology assumptions were introduced.
Topology-Aware Scheduling Compatibility ✅ Passed Only a hack script changes a ReleasePlan Jira query; no manifests, controllers, or scheduling constraints were added.
Ote Binary Stdout Contract ✅ Passed Only a hack shell script changed; no OTE binary stdout paths (main/init/TestMain/suite setup) were added or modified.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed The PR only adds a shell script for patching a ReleasePlan; no Ginkgo tests or IPv4/public-internet assumptions are present.
No-Weak-Crypto ✅ Passed The new shell script only validates a string and patches a ReleasePlan; it contains no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret comparisons.
Container-Privileges ✅ Passed Patch only adds a shell script; no container/K8s manifest changes introduce privileged=true, hostPID/Network/IPC, SYS_ADMIN, or allowPrivilegeEscalation=true.
No-Sensitive-Data-In-Logs ✅ Passed Script logs only the release version and internal resource names; no passwords, tokens, PII, or hostnames are exposed.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from aleskandro and jcpowermac July 8, 2026 17:32
@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign annazivkovic for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
hack/update-releaseplan-jira-query.sh (2)

23-25: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Verification step doesn't assert success.

The script prints the post-patch value but never compares it to the expected ${QUERY}, so a failed/partial patch (e.g. wrong index silently updating an unrelated field) wouldn't be caught automatically.

✅ Proposed assertion
 echo "Done. Verifying:"
-oc get releaseplan "${RELEASEPLAN}" -n "${NAMESPACE}" -o jsonpath='{.spec.collectors.items[0].params[1].value}'
-echo
+ACTUAL=$(oc get releaseplan "${RELEASEPLAN}" -n "${NAMESPACE}" -o jsonpath='{.spec.collectors.items[0].params[1].value}')
+echo "${ACTUAL}"
+if [[ "${ACTUAL}" != "${QUERY}" ]]; then
+  echo "Error: patched value does not match expected query" >&2
+  exit 1
+fi
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hack/update-releaseplan-jira-query.sh` around lines 23 - 25, The verification
in update-releaseplan-jira-query.sh only prints the current value from oc get
releaseplan and does not assert that the patched query matches the expected
${QUERY}. Update the post-patch check near the final oc get releaseplan command
to compare the returned value against ${QUERY} and fail the script if they
differ, so the verification step in the release plan update flow actually
validates the intended field was changed.

18-21: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick win

Hardcoded JSON-patch array indices are fragile.

/spec/collectors/items/0/params/1/value (line 21) assumes a fixed position for the fixVersion param. If the collectors/params ordering ever changes (e.g. a new param inserted before the query, or another collector added), this patch will silently target the wrong field instead of failing loudly, since oc patch --type=json replace only errors when the index is entirely out of bounds, not when it points at an unrelated field.

Consider resolving the target index dynamically (e.g. via oc get -o json | jq to find the param whose key/name matches the query field) or, at minimum, fetching and printing the pre-patch value at that path so drift is caught before applying.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hack/update-releaseplan-jira-query.sh` around lines 18 - 21, The JSON patch
in update-releaseplan-jira-query.sh is relying on hardcoded array positions for
the query field, which can silently hit the wrong collector/param when ordering
changes. Update the script to locate the target parameter dynamically in the
releaseplan JSON before calling oc patch, using the existing RELEASEPLAN,
NAMESPACE, and QUERY flow. If you keep positional patching, at least read and
print the current value at the resolved path first so drift is detected before
applying the replacement.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@hack/update-releaseplan-jira-query.sh`:
- Line 6: Validate the user-supplied FIX_VERSION before it is used to build
QUERY or passed to oc patch, since the current shell variable is interpolated
into both JQL and the JSON patch payload. Add a strict format check immediately
after FIX_VERSION is assigned in update-releaseplan-jira-query.sh, rejecting
values that contain quotes or other unsafe characters and exiting with a clear
usage/error message. Keep the existing QUERY construction and oc patch
invocation unchanged except for using the validated FIX_VERSION value.

---

Nitpick comments:
In `@hack/update-releaseplan-jira-query.sh`:
- Around line 23-25: The verification in update-releaseplan-jira-query.sh only
prints the current value from oc get releaseplan and does not assert that the
patched query matches the expected ${QUERY}. Update the post-patch check near
the final oc get releaseplan command to compare the returned value against
${QUERY} and fail the script if they differ, so the verification step in the
release plan update flow actually validates the intended field was changed.
- Around line 18-21: The JSON patch in update-releaseplan-jira-query.sh is
relying on hardcoded array positions for the query field, which can silently hit
the wrong collector/param when ordering changes. Update the script to locate the
target parameter dynamically in the releaseplan JSON before calling oc patch,
using the existing RELEASEPLAN, NAMESPACE, and QUERY flow. If you keep
positional patching, at least read and print the current value at the resolved
path first so drift is detected before applying the replacement.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e2147f59-8155-4872-9cba-a140aebeaf70

📥 Commits

Reviewing files that changed from the base of the PR and between 54644eb and a30d30e.

📒 Files selected for processing (1)
  • hack/update-releaseplan-jira-query.sh

Comment thread hack/update-releaseplan-jira-query.sh
Adds hack/update-releaseplan-jira-query.sh to patch the Jira collector
fixVersion on the ReleasePlan CR each release cycle.

Usage: hack/update-releaseplan-jira-query.sh <fix-version>
@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown

@AnnaZivkovic: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/ci-bundle-multiarch-tuning-operator-bundle 7529b40 link true /test ci-bundle-multiarch-tuning-operator-bundle
ci/prow/images 7529b40 link true /test images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant