Skip to content

Add Konflux build support for node image#1932

Draft
redhat-chai-bot wants to merge 2 commits into
openshift:masterfrom
redhat-chai-bot:ship-help/konflux-build-support
Draft

Add Konflux build support for node image#1932
redhat-chai-bot wants to merge 2 commits into
openshift:masterfrom
redhat-chai-bot:ship-help/konflux-build-support

Conversation

@redhat-chai-bot
Copy link
Copy Markdown

@redhat-chai-bot redhat-chai-bot commented Apr 28, 2026

Summary

Follow-up to #1929. Adds dedicated Konflux build files for the OCP node image, keeping the existing build path untouched.

New files

  • Containerfile.konflux — Dedicated Containerfile for Konflux builds. Same multi-stage structure as the existing Containerfile (build → metadata → final) but calls konflux-build-node-image.sh instead of build-node-image.sh.

  • konflux-build-node-image.sh — Standalone build script for Konflux. Uses rpm-ostree install directly (instead of rpm-ostree experimental compose treefile-apply with packages-openshift.yaml). All postprocess steps from packages-openshift.yaml are embedded inline.

Key design decisions

  • New files only — no modifications to existing Containerfile, build-node-image.sh, or packages-openshift.yaml. Both build paths coexist on master.
  • No packages-openshift.yaml reference — package list and postprocess steps are self-contained in the new script.
  • Separate script (not a --konflux flag) — keeps the two build paths fully independent so they can evolve in parallel.

What this enables

This is a starting point to get Konflux builds working for the node image. The intent is to be able to build something and have Scott, MCO, RHCOS, and others review the results by enabling the builds.

TODO

  • Finalize the base image reference in Containerfile.konflux for the Konflux pipeline
  • Validate that rpm-ostree install produces equivalent results to treefile-apply
  • Wire up Konflux pipeline configuration

Part of ART-14453.

/cc @openshift/team-coreos

This PR was drafted by Ship Help Bot on behalf of the ART team as a starting point for discussion.

ship-help-bot: Add Konflux build support for node image
7b89f7e 
Add dedicated Containerfile.konflux and konflux-build-node-image.sh for
building the OCP node image via Konflux. These new files are fully
independent of the existing Containerfile and build-node-image.sh,
allowing both build paths to coexist on master without risk of breaking
existing builds.

Key differences from the existing build path:
- Uses direct rpm-ostree install instead of treefile-apply
- Does not reference packages-openshift.yaml
- Embeds all postprocess steps inline in the build script
- No OPENSHIFT_CI conditional logic (Konflux handles repo injection)
- No OKD/CentOS-specific repo filtering

This is a follow-up to openshift#1929 and is part of the effort tracked in
ART-14453 to get node layer RHCOS builds to Konflux.

This is intended as a starting point for discussion. The Containerfile
base image reference and other details will need to be refined as the
Konflux build pipeline is set up.
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 28, 2026

@redhat-ship-help: GitHub didn't allow me to request PR reviews from the following users: openshift/team-coreos.

Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs.

Details

In response to this:

Summary

Follow-up to #1929. Adds dedicated Konflux build files for the OCP node image, keeping the existing build path untouched.

New files

  • Containerfile.konflux — Dedicated Containerfile for Konflux builds. Same multi-stage structure as the existing Containerfile (build → metadata → final) but calls konflux-build-node-image.sh instead of build-node-image.sh.

  • konflux-build-node-image.sh — Standalone build script for Konflux. Uses rpm-ostree install directly (instead of rpm-ostree experimental compose treefile-apply with packages-openshift.yaml). All postprocess steps from packages-openshift.yaml are embedded inline.

Key design decisions

  • New files only — no modifications to existing Containerfile, build-node-image.sh, or packages-openshift.yaml. Both build paths coexist on master.
  • No packages-openshift.yaml reference — package list and postprocess steps are self-contained in the new script.
  • Separate script (not a --konflux flag) — keeps the two build paths fully independent so they can evolve in parallel.

What this enables

This is a starting point to get Konflux builds working for the node image. The intent is to be able to build something and have Scott, MCO, RHCOS, and others review the results by enabling the builds.

TODO

  • Finalize the base image reference in Containerfile.konflux for the Konflux pipeline
  • Validate that rpm-ostree install produces equivalent results to treefile-apply
  • Wire up Konflux pipeline configuration

Part of ART-14453.

/cc @openshift/team-coreos

This PR was drafted by Ship Help Bot on behalf of the ART team as a starting point for discussion.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 28, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 28, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: redhat-ship-help
Once this PR has been reviewed and has the lgtm label, please assign aaradhak for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 28, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 28, 2026

Hi @redhat-ship-help. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@thegreyd thegreyd mentioned this pull request Apr 28, 2026
Closed
@thegreyd
Copy link
Copy Markdown

thegreyd commented Apr 28, 2026

Testing with openshift-eng/ocp-build-data#10135

@thegreyd
Copy link
Copy Markdown

thegreyd commented Apr 28, 2026

/ok-to-test

@openshift-ci openshift-ci Bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 28, 2026
thegreyd
thegreyd reviewed Apr 28, 2026
View reviewed changes
Comment thread konflux-build-node-image.sh Outdated
# in the branch-specific packages-openshift.yaml. For master, we use
# the latest version.
cat >> /usr/lib/os-release <<EOF
OPENSHIFT_VERSION="4.22"
Copy link
Copy Markdown

@thegreyd thegreyd Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
OPENSHIFT_VERSION="4.22"
OPENSHIFT_VERSION="4.23"

@jlebon
Copy link
Copy Markdown
Member

jlebon commented Apr 28, 2026

Did you see #1919 BTW? That'll impact Konflux onboarding. See also https://redhat.atlassian.net/browse/ART-14812.

It's currently stuck on CI (which, would appreciate help with that if you can!): #1919 (comment)

@thegreyd
Copy link
Copy Markdown

thegreyd commented Apr 28, 2026

Ah I was not aware of that, checking 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@thegreyd thegreyd thegreyd left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@redhat-chai-bot @thegreyd @jlebon