Skip to content

USHIFT-5992: Update script to use release data from konflux #5341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 20, 2025
Merged

USHIFT-5992: Update script to use release data from konflux #5341

merged 1 commit into from
Aug 20, 2025

Conversation

kasturinarra
Copy link

@kasturinarra kasturinarra commented Aug 19, 2025
edited
Loading

Which issue(s) this PR addresses: This PR addresses being able to check and retrieve ocp release data from konflux.

knarra@knarra-thinkpadx1carbon7th:~/automation/Openshift/microshift/scripts/advisory_publication$ sh advisory_publication_report.sh 4.19.9
{
    "RHSA-2025:20444": {
        "type": "extras",
        "url": "https://gitlab.cee.redhat.com/rhtap-release/advisories/-/raw/main/data/advisories/ocp-art-tenant/2025/20444/advisory.yaml",
        "cves": {
            "CVE-2024-45339": {}
        }
    },
    "RHSA-2025:20447": {
        "type": "image",
        "url": "https://gitlab.cee.redhat.com/rhtap-release/advisories/-/raw/main/data/advisories/ocp-art-tenant/2025/20447/advisory.yaml",
        "cves": {
            "CVE-2024-45339": {},
            "CVE-2025-22869": {
                "jira_ticket": {
                    "id": "OCPBUGS-52524",
                    "summary": "CVE-2025-22869 microshift: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [openshift-4.19]",
                    "status": "Closed",
                    "resolution": "Not a Bug"
                }
            }
        }
    },
    "RHBA-2025:20452": {
        "type": "metadata",
        "url": "https://gitlab.cee.redhat.com/rhtap-release/advisories/-/raw/main/data/advisories/ocp-art-tenant/2025/20452/advisory.yaml",
        "cves": {}
    }
}

Closes #

@openshift-ci openshift-ci bot requested review from pacevedom and pmtk August 19, 2025 08:01
@kasturinarra kasturinarra force-pushed the fix_advisory_robust branch 4 times, most recently from bca689c to d7ce972 Compare August 19, 2025 08:48
agullon
agullon reviewed Aug 19, 2025
View reviewed changes
scripts/advisory_publication/advisory_publication_report.py Outdated
import jira.client
import requests
import urllib3
import json
import jira
import yaml

SERVER_URL = 'https://issues.redhat.com/'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please update this var to something more descriptive like JIRA_URL?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, updated !!

agullon
agullon reviewed Aug 19, 2025
View reviewed changes
scripts/advisory_publication/advisory_publication_report.py
import jira.client
import requests
import urllib3
import json
import jira
import yaml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it feels the imports are not in order, not sure what should be the correct order but I think, for example, json and yaml should be closer. Can you reorganize them, please?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added the imports as per pep8 standards and the order right now looks good.
The provided imports should be reordered and grouped into three distinct sections, separated by a blank line, as per PEP 8 guidelines.

  1. Standard Library Imports: These are modules that come with Python
  2. Third-Party Imports: These are modules from external packages that you've installed.
  3. Local Application/Library Specific Imports: These are modules that are part of the same project

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, I didn't know that about PEP 8 guidellines. It's perfect then. Thanks.

@agullon
Copy link
Contributor

agullon commented Aug 19, 2025

It looks really good, great work. I just want to highlight that, currently, with this approach we can not fetch the list of CVEs from the RPM advisory. The reason is that RPM is not available on brew yet, only on Errata. This script change only support the new shipment version with konflux. If we need to list the CVEs from an RPM Errata script we have to use this script from a previos repo version branch, like release-4.19. cc @jogeo

@kasturinarra kasturinarra changed the title Update script to use release data from konflux USHIFT-5992: Update script to use release data from konflux Aug 19, 2025
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Aug 19, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Aug 19, 2025
edited by openshift-ci bot
Loading

@kasturinarra: This pull request references USHIFT-5992 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.20.0" version, but no target version was set.

In response to this:

Which issue(s) this PR addresses: This PR addresses being able to check and retrieve ocp release data from konflux.

knarra@knarra-thinkpadx1carbon7th:~/automation/Openshift/microshift/scripts/advisory_publication$ sh advisory_publication_report.sh 4.19.9
{
   "RHSA-2025:20444": {
       "type": "extras",
       "url": "https://gitlab.cee.redhat.com/rhtap-release/advisories/-/raw/main/data/advisories/ocp-art-tenant/2025/20444/advisory.yaml",
       "cves": {
           "CVE-2024-45339": {}
       }
   },
   "RHSA-2025:20447": {
       "type": "image",
       "url": "https://gitlab.cee.redhat.com/rhtap-release/advisories/-/raw/main/data/advisories/ocp-art-tenant/2025/20447/advisory.yaml",
       "cves": {
           "CVE-2024-45339": {},
           "CVE-2025-22869": {
               "jira_ticket": {
                   "id": "OCPBUGS-52524",
                   "summary": "CVE-2025-22869 microshift: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [openshift-4.19]",
                   "status": "Closed",
                   "resolution": "Not a Bug"
               }
           }
       }
   },
   "RHBA-2025:20452": {
       "type": "metadata",
       "url": "https://gitlab.cee.redhat.com/rhtap-release/advisories/-/raw/main/data/advisories/ocp-art-tenant/2025/20452/advisory.yaml",
       "cves": {}
   }
}

Closes #

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@kasturinarra kasturinarra force-pushed the fix_advisory_robust branch 4 times, most recently from 2f01176 to a0ebcd7 Compare August 19, 2025 18:46
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 20, 2025

@kasturinarra: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@agullon
Copy link
Contributor

agullon commented Aug 20, 2025

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 20, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 20, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: agullon, kasturinarra

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 20, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit da86480 into openshift:main Aug 20, 2025
9 checks passed
@kasturinarra
Copy link
Author

It looks really good, great work. I just want to highlight that, currently, with this approach we can not fetch the list of CVEs from the RPM advisory. The reason is that RPM is not available on brew yet, only on Errata. This script change only support the new shipment version with konflux. If we need to list the CVEs from an RPM Errata script we have to use this script from a previos repo version branch, like release-4.19. cc @jogeo

@agullon one question here, yesterday i saw an announcement something like below, does that mean that when we are checking for any release, we will have to use scripts from both 4.20 and 4.19 branches to support both konflux and errata releases ?

4.19.9 has been successfully shipped through Konflux and the following advisories are now available:
images: https://access.redhat.com/errata/RHSA-2025:13848
extras: https://access.redhat.com/errata/RHSA-2025:13849
metadata: https://access.redhat.com/errata/RHBA-2025:13850
rpm: https://access.redhat.com/errata/RHBA-2025:13827 (shipped through ErrataTool)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pacevedom pacevedom Awaiting requested review from pacevedom

@pmtk pmtk Awaiting requested review from pmtk

1 more reviewer

@agullon agullon agullon left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@agullon agullon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kasturinarra @agullon @openshift-ci-robot