Skip to content

Move installing opm binaries to iib-worker Dockerfile#1300

Open
lipoja wants to merge 1 commit intorelease-engineering:mainfrom
lipoja:move_binaries_to_iib
Open

Move installing opm binaries to iib-worker Dockerfile#1300
lipoja wants to merge 1 commit intorelease-engineering:mainfrom
lipoja:move_binaries_to_iib

Conversation

@lipoja
Copy link
Contributor

@lipoja lipoja commented Mar 2, 2026
edited by sourcery-ai bot
Loading

Summary by Sourcery

Update worker configuration and failure handling for OPM version mapping and Docker cleanup behavior.

New Features:

  • Define a central OCP-to-opm binary version mapping in the main worker configuration, including support for newer OCP versions.

Enhancements:

  • Adjust failed request handling to reset Docker configuration instead of invoking the generic cleanup routine when a request is already in a final state or otherwise fails.

@sourcery-ai
Copy link

sourcery-ai bot commented Mar 2, 2026
edited
Loading

Reviewer's Guide

Introduce a central iib_ocp_opm_mapping in the main Config, adjust the development config to rely on base formatting, and change failure cleanup behavior in general tasks to reset Docker configuration instead of running the broader build cleanup, in preparation for moving binaries into the iib image (with additional changes in the workers Dockerfile).

Sequence diagram for updated failed_request_callback error handling

sequenceDiagram
    participant CeleryWorker
    participant failed_request_callback
    participant reset_docker_config
    participant set_request_state

    CeleryWorker ->> failed_request_callback: on_task_failure(request, exc, task_id, args, kwargs, einfo)
    alt exc is IIBError
        failed_request_callback ->> failed_request_callback: msg = str(exc)
    else exc is FinalStateOverwriteError
        failed_request_callback ->> failed_request_callback: log.info("Request is in final state")
        failed_request_callback ->> reset_docker_config: reset_docker_config()
        failed_request_callback -->> CeleryWorker: return
    else exc is other Exception
        failed_request_callback ->> failed_request_callback: msg = "An unknown error occurred. See logs for details"
        failed_request_callback ->> failed_request_callback: log.error(msg, exc_info=exc)
    end

    failed_request_callback ->> reset_docker_config: reset_docker_config()
    failed_request_callback ->> set_request_state: set_request_state(request_id, failed, msg)
    set_request_state -->> failed_request_callback: state updated
    failed_request_callback -->> CeleryWorker: return
Loading

Class diagram for updated Config and DevelopmentConfig

classDiagram
    class Config {
        +Dict~str, Tuple~int, int~~ iib_binary_ranges
        +Dict~str, str~ iib_ocp_opm_mapping
        +str iib_opm_pprof_lock_required_min_version
        +str iib_image_push_template
    }

    class DevelopmentConfig {
        +str iib_registry
        +Optional~str~ iib_request_logs_dir
        +Optional~str~ iib_request_related_bundles_dir
        +Optional~str~ iib_request_recursive_related_bundles_dir
        +str iib_dogpile_backend
        +dict iib_ocp_opm_mapping
    }

    DevelopmentConfig --|> Config
Loading

File-Level Changes

Change Details Files
Add and standardize a global OCP-to-opm binary mapping in core configuration and simplify the development override.
  • Define a typed iib_ocp_opm_mapping dictionary on the main Config class with explicit OCP version to opm binary mappings, including newer versions up to v4.22.
  • Reformat DevelopmentConfig.iib_request_recursive_related_bundles_dir declaration to a multi-line assignment for style/typing consistency.
  • Retain but effectively supersede the older iib_ocp_opm_mapping in DevelopmentConfig by moving the canonical mapping to the base Config.
 iib/workers/config.py
Adjust failed request handling to only reset Docker configuration instead of performing full build cleanup.
  • Import reset_docker_config from iib.workers.tasks.utils into general.py.
  • Replace calls to the internal _cleanup() helper in failed_request_callback with reset_docker_config(), both for FinalStateOverwriteError and generic error paths, to narrow the side effects on failure.
 iib/workers/tasks/general.py
Update the workers Docker image to host or reference the opm binaries within the iib image rather than externally.
  • Modify Dockerfile-workers to install, copy, or otherwise embed opm binaries directly into the workers image, aligning with the new iib_ocp_opm_mapping configuration.
  • Adjust any image paths or environment configuration in Dockerfile-workers necessary to use the in-image binaries.
 docker/Dockerfile-workers
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@qodo-code-review
Copy link

qodo-code-review bot commented Mar 2, 2026

Review Summary by Qodo

Move binaries to IIB worker Dockerfile with verification

✨ Enhancement 🐞 Bug fix

Grey Divider

Walkthroughs

Description 
• Move OPM binaries to worker Dockerfile with SHA256 verification
• Add OCP-OPM version mapping as default configuration
• Replace _cleanup() with reset_docker_config() in containerized IIB
• Install multiple OPM versions and operator-sdk with checksums
Diagram 
flowchart LR
  A["Dockerfile-workers"] -->|"Install OPM variants<br/>with SHA256 checks"| B["Multiple OPM versions<br/>in /usr/local/bin"]
  C["config.py"] -->|"Add default mapping"| D["iib_ocp_opm_mapping<br/>configuration"]
  E["general.py"] -->|"Replace cleanup call"| F["reset_docker_config<br/>for containerized IIB"]
  B --> G["Default OPM symlink"]
Loading

Grey Divider

File Changes

1. docker/Dockerfile-workers ✨ Enhancement +21/-9

Refactor binary installation with checksums

• Refactored binary installation to use a helper function with SHA256 verification
• Added 8 OPM versions (v1.26.4, v1.28.0, v1.40.0, v1.44.0, v1.48.0, v1.50.0, v1.57.0, v1.61.0)
• Moved binaries to /usr/local/bin instead of /usr/bin
• Integrated operator-sdk installation into the OPM installation block with checksum validation
• Set default OPM symlink using -sfn flag for safer linking

docker/Dockerfile-workers

2. iib/workers/config.py ⚙️ Configuration changes +25/-3

Add OCP-OPM version mapping to base config

• Added iib_ocp_opm_mapping dictionary as default configuration in base Config class
• Maps OpenShift versions (v0.0 through v4.22) to corresponding OPM versions
• Removed duplicate iib_ocp_opm_mapping from DevelopmentConfig class
• Reformatted iib_request_recursive_related_bundles_dir for better code style

iib/workers/config.py

3. iib/workers/tasks/general.py 🐞 Bug fix +3/-3

Replace cleanup with reset_docker_config

• Imported reset_docker_config function from utils module
• Replaced two _cleanup() calls with reset_docker_config() in failed_request_callback()
• Prevents podman rmi errors in containerized IIB environments

iib/workers/tasks/general.py

Grey Divider

Qodo Logo

@qodo-code-review
Copy link

qodo-code-review bot commented Mar 2, 2026
edited
Loading

Code Review by Qodo

🐞 Bugs (4) 📘 Rule violations (0) 📎 Requirement gaps (0)

Grey Divider


Action required

1. Dockerfile command chaining bug 🐞 Bug ✓ Correctness
Description 
The Dockerfile RUN block is missing a command separator between ln -sfn ... and `install_binary
..., so the shell will treat install_binary as extra args to ln` (or otherwise fail), preventing
proper installation of the default opm symlink and operator-sdk. This can break runtime because
the code expects a default opm binary name to exist.
Code

docker/Dockerfile-workers[R49-50]

+    ln -sfn /usr/local/bin/opm-v1.26.4 /usr/local/bin/opm \
+    install_binary "operator-sdk" "https://github.com/operator-framework/operator-sdk/releases/download/v1.15.0/operator-sdk_linux_amd64" "d2065f1f7a0d03643ad71e396776dac0ee809ef33195e0f542773b377bab1b2a"
Evidence 
The RUN command does not separate ln from the following install_binary call, which is required
when writing multiple commands in a single shell invocation. The application defaults to using
iib_default_opm='opm', and OPM selection falls back to that value when mapping isn’t applied;
therefore the symlink must be created successfully.

docker/Dockerfile-workers[31-50]
iib/workers/config.py[103-110]
iib/workers/tasks/opm_operations.py[1490-1517]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`docker/Dockerfile-workers` has a malformed multi-command `RUN` step: `ln -sfn ...` is not terminated before calling `install_binary ...`, which can break the build and/or prevent creating the default `opm` symlink and installing `operator-sdk`.

### Issue Context
The worker code expects a default `opm` binary name (`iib_default_opm = &#x27;opm&#x27;`). If the symlink isn’t created, tasks may fail when they fall back to the default opm.

### Fix Focus Areas
- docker/Dockerfile-workers[49-50]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

2. Unused _cleanup import 🐞 Bug ⛯ Reliability
Description 
iib/workers/tasks/general.py still imports _cleanup but no longer uses it after switching the
failure callback to reset_docker_config(). This should fail mandatory flake8 with F401 (unused
import).
Code

iib/workers/tasks/general.py[R10-11]

+from iib.workers.tasks.utils import request_logger, reset_docker_config
from iib.workers.tasks.build import _cleanup
Evidence 
The file imports _cleanup but the function body now calls reset_docker_config() instead; flake8
is configured as a mandatory tox environment and .flake8 does not ignore unused-import errors nor
exempt this file.

iib/workers/tasks/general.py[7-12]
iib/workers/tasks/general.py[33-44]
tox.ini[57-65]
.flake8[1-24]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`iib/workers/tasks/general.py` imports `_cleanup` but no longer calls it, which will fail flake8 (unused import).

### Issue Context
flake8 is a mandatory tox environment and `.flake8` does not ignore F401 for this file.

### Fix Focus Areas
- iib/workers/tasks/general.py[7-12]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Remediation recommended

3. Failure cleanup reduced 🐞 Bug ⛯ Reliability
Description 
failed_request_callback no longer calls _cleanup(), so it won’t remove local podman images after
failures. Over time (especially with containerized workflows that don’t call _cleanup()
elsewhere), this can lead to disk growth and stale floating-tag images remaining on the worker.
Code

iib/workers/tasks/general.py[R34-44]

        msg = str(exc)
    elif isinstance(exc, FinalStateOverwriteError):
        log.info(f"Request {request_id} is in a final state,ignoring update.")
-        _cleanup()
+        reset_docker_config()
        return
    else:
        msg = 'An unknown error occurred. See logs for details'
        log.error(msg, exc_info=exc)

-    _cleanup()
+    reset_docker_config()
    set_request_state(request_id, 'failed', msg)
Evidence 
The _cleanup() function explicitly removes all container images to prevent disk exhaustion and to
refresh images referenced by floating tags. The failure callback previously invoked cleanup but now
only resets docker config, removing the image cleanup behavior on task errors.

iib/workers/tasks/build.py[150-168]
iib/workers/tasks/general.py[33-44]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`failed_request_callback` no longer removes local container images on failures, despite `_cleanup()` being explicitly designed to prevent disk exhaustion and stale floating-tag images.

### Issue Context
Containerized workflows do not appear to call `_cleanup()` as part of their normal flow, so relying on other tasks to clean up may not be sufficient.

### Fix Focus Areas
- iib/workers/tasks/general.py[33-44]
- iib/workers/tasks/build.py[150-168]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

4. Dev OPM mapping outdated 🐞 Bug ✓ Correctness
Description 
DevelopmentConfig overrides iib_ocp_opm_mapping with an older subset, so dev runs will not use
the newly-added v4.17+ mappings (and it also disagrees with base mapping for v4.16). This can cause
dev behavior to diverge from production and fall back to the default opm for newer index versions.
Code

iib/workers/config.py[R43-64]

+    iib_ocp_opm_mapping: Dict[str, str] = {
+        # keep v0.0, v4.5 for iib-api-tests
+        "v0.0": "opm-v1.28.0",
+        "v4.5": "opm-v1.26.4",
+        "v4.6": "opm-v1.26.4",
+        "v4.7": "opm-v1.26.4",
+        "v4.8": "opm-v1.26.4",
+        "v4.9": "opm-v1.26.4",
+        "v4.10": "opm-v1.26.4",
+        "v4.11": "opm-v1.26.4",
+        "v4.12": "opm-v1.26.4",
+        "v4.13": "opm-v1.26.4",
+        "v4.14": "opm-v1.26.4",
+        "v4.15": "opm-v1.26.4",
+        "v4.16": "opm-v1.26.4",
+        "v4.17": "opm-v1.40.0",
+        "v4.18": "opm-v1.44.0",
+        "v4.19": "opm-v1.48.0",
+        "v4.20": "opm-v1.50.0",
+        "v4.21": "opm-v1.50.0",
+        "v4.22": "opm-v1.61.0",
+    }
Evidence 
Base Config now includes mappings through v4.22, but DevelopmentConfig replaces the mapping with
only v4.6–v4.16, and maps v4.16 to a different opm version. OPM selection only switches when the
index version key exists; otherwise it keeps the default opm.

iib/workers/config.py[43-64]
iib/workers/config.py[274-293]
iib/workers/tasks/opm_operations.py[1506-1517]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`DevelopmentConfig` overrides `iib_ocp_opm_mapping` with an outdated subset, which prevents dev runs from using the new v4.17+ opm selections and makes v4.16 inconsistent with the base config.

### Issue Context
OPM selection only switches when the mapping contains the index version key; otherwise it keeps the default opm.

### Fix Focus Areas
- iib/workers/config.py[43-64]
- iib/workers/config.py[274-293]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Grey Divider

ⓘ The new review experience is currently in Beta. Learn more

Grey Divider

Qodo Logo

sourcery-ai[bot]
sourcery-ai bot reviewed Mar 2, 2026
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • Now that Config defines a global iib_ocp_opm_mapping, consider whether the override in DevelopmentConfig is still needed or if it should be removed/updated to avoid diverging mappings and confusion about the single source of truth.
  • Replacing _cleanup() with reset_docker_config() in failed_request_callback narrows the cleanup behavior; if _cleanup() previously handled additional teardown beyond Docker config, consider whether that logic still needs to be invoked on failure in some way.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- Now that `Config` defines a global `iib_ocp_opm_mapping`, consider whether the override in `DevelopmentConfig` is still needed or if it should be removed/updated to avoid diverging mappings and confusion about the single source of truth.
- Replacing `_cleanup()` with `reset_docker_config()` in `failed_request_callback` narrows the cleanup behavior; if `_cleanup()` previously handled additional teardown beyond Docker config, consider whether that logic still needs to be invoked on failure in some way.
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@lipoja lipoja force-pushed the move_binaries_to_iib branch from 051ff0a to 3955ecc Compare March 2, 2026 16:58
@lipoja lipoja changed the title Move binaries to iib Move installing opm binaries to iib-worker Dockerfile Mar 2, 2026
@lipoja lipoja force-pushed the move_binaries_to_iib branch from 3955ecc to 4aac09e Compare March 2, 2026 17:00
qodo-code-review[bot]
qodo-code-review bot reviewed Mar 2, 2026
View reviewed changes
docker/Dockerfile-workers
Comment on lines +49 to +50
ln -sfn /usr/local/bin/opm-v1.26.4 /usr/local/bin/opm \
install_binary "operator-sdk" "https://github.com/operator-framework/operator-sdk/releases/download/v1.15.0/operator-sdk_linux_amd64" "d2065f1f7a0d03643ad71e396776dac0ee809ef33195e0f542773b377bab1b2a"
Copy link

@qodo-code-review qodo-code-review bot Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Dockerfile command chaining bug 🐞 Bug ✓ Correctness

The Dockerfile RUN block is missing a command separator between ln -sfn ... and `install_binary
..., so the shell will treat install_binary as extra args to ln` (or otherwise fail), preventing
proper installation of the default opm symlink and operator-sdk. This can break runtime because
the code expects a default opm binary name to exist.
Agent Prompt 
### Issue description
`docker/Dockerfile-workers` has a malformed multi-command `RUN` step: `ln -sfn ...` is not terminated before calling `install_binary ...`, which can break the build and/or prevent creating the default `opm` symlink and installing `operator-sdk`.

### Issue Context
The worker code expects a default `opm` binary name (`iib_default_opm = 'opm'`). If the symlink isn’t created, tasks may fail when they fall back to the default opm.

### Fix Focus Areas
- docker/Dockerfile-workers[49-50]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

iib/workers/tasks/general.py Outdated
Comment on lines 10 to 11
from iib.workers.tasks.utils import request_logger, reset_docker_config
from iib.workers.tasks.build import _cleanup
Copy link

@qodo-code-review qodo-code-review bot Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

2. Unused _cleanup import 🐞 Bug ⛯ Reliability

iib/workers/tasks/general.py still imports _cleanup but no longer uses it after switching the
failure callback to reset_docker_config(). This should fail mandatory flake8 with F401 (unused
import).
Agent Prompt 
### Issue description
`iib/workers/tasks/general.py` imports `_cleanup` but no longer calls it, which will fail flake8 (unused import).

### Issue Context
flake8 is a mandatory tox environment and `.flake8` does not ignore F401 for this file.

### Fix Focus Areas
- iib/workers/tasks/general.py[7-12]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@qodo-code-review qodo-code-review[bot] qodo-code-review[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lipoja