Conversation
Signed-off-by: cozystack-bot <[email protected]>
cozystack-bot
requested review from
klinch0,
kvaps and
lllamnyp
as code owners
WalkthroughImage references are updated across multiple components, primarily promoting v0.35.0-beta.1 to v0.35.0 and bumping several app images. One functional config addition: Kamaji gains an extraArgs --migrate-image. Several digests are updated; some tags change with unchanged digests. Changes
Sequence Diagram(s)sequenceDiagram
participant H as Helm/Values
participant K as Kamaji Controller
participant P as Kamaji Process
H->>K: Deploy/upgrade with image v0.35.0
H->>K: extraArgs: --migrate-image=<kamaji:v0.35.0>
K->>P: Start pod with --migrate-image
P->>P: Execute migration using specified image
P-->>K: Migration complete
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested reviewers
Poem
Tip 🔌 Remote MCP (Model Context Protocol) integration is now available!Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats. ✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
![gemini-code-assist[bot]](proxy.php?url=https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @cozystack-bot, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request automates the preparation for the v0.35.0 release by updating various internal and external component image versions and their corresponding SHA256 digests across the codebase. This ensures all deployed components align with the new release version.
Highlights
- Core Component Updates: The main cozystack installer, API, controller, and dashboard components have been updated to v0.35.0 from their beta versions.
- Application Image Bumps: Several application-specific images, including clickhouse-backup, nginx-cache, mariadb-backup, grafana, and various Kubernetes-related images (cluster-autoscaler, kubevirt-cloud-provider, kubevirt-csi-driver), have been bumped to their latest stable minor versions.
- System Service Image Updates: Images for system services like matchbox, objectstorage-sidecar, s3manager, kamaji, kubeovn-webhook, kubeovn, kubevirt-csi-node, and objectstorage-controller have been updated to reflect the v0.35.0 release or newer digests.
- Configuration Alignment: Configuration files, such as values.yaml and configmap.yaml, have been adjusted to reference the new v0.35.0 tags and digests, ensuring consistency across the deployment.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request prepares for release v0.35.0 by updating various version numbers and image tags across the repository. While most changes appear correct, I've identified several instances where image tags were updated without a corresponding change in the SHA256 digest, or where the digest was updated for an existing tag. These inconsistencies could lead to deploying incorrect or outdated components and should be addressed to ensure the release is stable and predictable.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/clickhouse-backup:0.12.0@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205 | |||
| ghcr.io/cozystack/cozystack/clickhouse-backup:0.13.0@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205 | |||
There was a problem hiding this comment.
The image tag has been updated from 0.12.0 to 0.13.0, but the SHA256 digest has not changed. This likely means the new tag points to the old image content, which could lead to deploying an incorrect version. Please ensure the digest is updated to match the new image version.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/nginx-cache:0.6.1@sha256:c1944c60a449e36e29153a38db6feee41139d38b02fe3670efb673feb3bc0ee6 | |||
| ghcr.io/cozystack/cozystack/nginx-cache:0.7.0@sha256:c1944c60a449e36e29153a38db6feee41139d38b02fe3670efb673feb3bc0ee6 | |||
There was a problem hiding this comment.
The image tag has been updated from 0.6.1 to 0.7.0, but the SHA256 digest remains the same. This is likely an error and could result in deploying an older version of the software. Please update the digest to correspond to the 0.7.0 image.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/cluster-autoscaler:0.26.3@sha256:e4fbb7d2043f25b90cc8840468d0880e9d3d72ae8b1c8801bf8c35f944cc485d | |||
| ghcr.io/cozystack/cozystack/cluster-autoscaler:0.27.0@sha256:e4fbb7d2043f25b90cc8840468d0880e9d3d72ae8b1c8801bf8c35f944cc485d | |||
There was a problem hiding this comment.
The image tag for cluster-autoscaler was updated to 0.27.0, but the SHA256 digest is unchanged from the previous version (0.26.3). This suggests the image content might not have been updated correctly. Please verify and update the digest.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.26.3@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2 | |||
| ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.27.0@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2 | |||
There was a problem hiding this comment.
The image tag has been updated to 0.27.0, but the SHA256 digest is identical to the one for version 0.26.3. This could lead to deploying an outdated component. Please ensure the digest is correct for the new version.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/mariadb-backup:0.9.1@sha256:a3789db9e9e065ff60cbac70771b4a8aa1460db3194307cf5ca5d4fe1b412b6b | |||
| ghcr.io/cozystack/cozystack/mariadb-backup:0.10.0@sha256:a3789db9e9e065ff60cbac70771b4a8aa1460db3194307cf5ca5d4fe1b412b6b | |||
There was a problem hiding this comment.
The image tag was updated from 0.9.1 to 0.10.0, but the SHA256 digest has not changed. This is a potential error in the release process. Please update the digest to match the 0.10.0 image.
| tag: v0.35.0 | ||
| digest: "sha256:54906b3d2492c8603a347a5938b6db36e5ed5c4149111cae1804ac9110361947" |
There was a problem hiding this comment.
The dashboard image tag has been updated to v0.35.0, but the digest has not changed. This is likely an error and could lead to deploying an older version of the dashboard. Please update the digest to match the new image tag.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/grafana:1.12.1@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399 | |||
| ghcr.io/cozystack/cozystack/grafana:1.13.0@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399 | |||
There was a problem hiding this comment.
The Grafana image tag has been updated to 1.13.0, but the SHA256 digest is the same as for version 1.12.1. This could result in deploying the wrong version. Please update the digest.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:8615db0155341488ccba16882046b254c932195a7538709349da9cb0a620b94a | |||
| ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:77373e05379663f75080e5a23f123cfda3b98a4d9521d5d716b71baceabc2acd | |||
There was a problem hiding this comment.
The image digest for s3manager:v0.5.0 has changed, but the tag remains the same. This breaks image immutability and can lead to unpredictable behavior. If this is a new build, the tag should be versioned to reflect the change.
| kubeovn: | ||
| repository: kubeovn | ||
| tag: v1.13.14@sha256:b535bb5b29419027c85cb0cab9e5990de28b7150c33cbdf15afed99fb0b584e1 | ||
| tag: v1.13.14@sha256:ef3d6e2fff854b9f1c7ce8ea50b184ddd6d47e4754fbe9473fc2eb5ae411679e |
There was a problem hiding this comment.
The image digest for kubeovn:v1.13.14 has been updated, but the tag remains the same. This violates the principle of image immutability for a given tag and can cause inconsistencies. If this is an updated image, it should have a new version tag.
![coderabbitai[bot]](proxy.php?url=https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (1)
packages/apps/mysql/images/mariadb-backup.tag (1)
1-1: Confirm the pinned digest corresponds to 0.10.0.Same rationale as for cluster-autoscaler; the digest is authoritative. Covered by the verification script shared in that comment.
🧹 Nitpick comments (3)
packages/system/cozystack-api/values.yaml (1)
2-2: Optional CI hardening: add a digest validation check in the release pipelineConsider adding a lightweight CI job that asserts all image references in tag/values files are digest-pinned and that tag→digest resolves correctly (script provided can be adapted). This prevents accidental drift or retags from sneaking into releases.
packages/system/kamaji/values.yaml (1)
15-16: Avoid drift between image.tag and migrate-image argumentYou’ve duplicated the full image reference (repo + tag@digest) in both image.tag and the --migrate-image extra arg. This is correct but easy to let drift in future bumps. Prefer rendering migrate-image from the same values the main image uses in the Helm template (e.g., "--migrate-image={{ .Values.kamaji.image.repository }}:{{ .Values.kamaji.image.tag }}") so a single version change updates both.
Also, confirm the Kamaji chart indeed wires extraArgs through to the Deployment/StatefulSet and that migrate-image is a supported flag in your Kamaji entrypoint.
Do you want me to propose a template change to derive migrate-image from image.repository and image.tag?
packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml (1)
79-79: Derive appVersion from image/chart to avoid future driftApply this inline change in
packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml(line 79):- "appVersion": "v0.35.0", + "appVersion": {{ include "common.images.version" (dict "imageRoot" .Values.dashboard.image "chart" .Chart) | quote }},Scanning the repo also revealed hard-coded
appVersionstrings in your migration scripts (e.g.scripts/migrations/…), but those are intentional patches to specific historical versions and should remain as-is.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (22)
packages/apps/clickhouse/images/clickhouse-backup.tag(1 hunks)packages/apps/http-cache/images/nginx-cache.tag(1 hunks)packages/apps/kubernetes/images/cluster-autoscaler.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-cloud-provider.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-csi-driver.tag(1 hunks)packages/apps/mysql/images/mariadb-backup.tag(1 hunks)packages/core/installer/values.yaml(1 hunks)packages/core/testing/values.yaml(1 hunks)packages/extra/bootbox/images/matchbox.tag(1 hunks)packages/extra/monitoring/images/grafana.tag(1 hunks)packages/extra/seaweedfs/images/objectstorage-sidecar.tag(1 hunks)packages/system/bucket/images/s3manager.tag(1 hunks)packages/system/cozystack-api/values.yaml(1 hunks)packages/system/cozystack-controller/values.yaml(1 hunks)packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml(1 hunks)packages/system/dashboard/values.yaml(2 hunks)packages/system/kamaji/values.yaml(2 hunks)packages/system/kubeovn-webhook/values.yaml(1 hunks)packages/system/kubeovn/values.yaml(1 hunks)packages/system/kubevirt-csi-node/values.yaml(1 hunks)packages/system/objectstorage-controller/values.yaml(1 hunks)packages/system/seaweedfs/values.yaml(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Prepare environment
🔇 Additional comments (26)
packages/apps/kubernetes/images/kubevirt-cloud-provider.tag (2)
1-1: LGTM: bumped kubevirt-cloud-provider to 0.27.0 with pinned digestTag promotion looks good and remains digest-pinned for reproducibility.
1-1: Tag→Digest consistency verified for all updated images
All declared digests match the remote GHCR manifest digests for the new tags:
- packages/apps/kubernetes/images/kubevirt-cloud-provider.tag (0.27.0): sha256:5335c044…6dd2
- packages/apps/clickhouse/images/clickhouse-backup.tag (0.13.0): sha256:3faf7a4c…3a205
- packages/apps/http-cache/images/nginx-cache.tag (0.7.0): sha256:c1944c60…0ee6
- packages/system/cozystack-api/values.yaml (v0.35.0): sha256:57a59d00…7dc
- packages/system/bucket/images/s3manager.tag (v0.5.0): sha256:77373e05…2acd
packages/apps/clickhouse/images/clickhouse-backup.tag (2)
1-1: LGTM: clickhouse-backup tag bumped to 0.13.0 with digest pinningLooks consistent with the release bump.
1-1: Confirm tag→digest mapping (digest unchanged vs previous tag).If you haven’t already, run the digest verification script posted under kubevirt-cloud-provider.tag to ensure the pinned sha matches what GHCR serves for 0.13.0.
packages/apps/http-cache/images/nginx-cache.tag (2)
1-1: LGTM: nginx-cache updated to 0.7.0 with pinned digestChange is straightforward and remains reproducible.
1-1: Sanity-check digest for the new tag.Since the digest didn’t change with the tag bump, please validate with the registry to avoid drift. Covered by the verification script shared in kubevirt-cloud-provider.tag.
packages/system/cozystack-api/values.yaml (2)
2-2: LGTM: cozystack-api promoted to v0.35.0 with new digestVersion promotion aligns with the release; digest pinning is good practice.
2-2: Verify the image digest resolves for v0.35.0 and matches the pin.Please run the registry digest verification script (see kubevirt-cloud-provider.tag comment) to confirm the pinned sha exists and matches the tag.
packages/system/bucket/images/s3manager.tag (2)
1-1: LGTM: s3manager digest updated for v0.5.0Pinned digest updated; no other changes.
1-1: Validate the new digest exists for v0.5.0Ensure the newly pinned sha is present in GHCR for this tag. You can reuse the verification script referenced in kubevirt-cloud-provider.tag.
packages/system/kubeovn/values.yaml (1)
65-67: Digest pin LGTMImage remains at v1.13.14 with an updated sha256. Good practice to pin by digest. No other concerns here.
packages/extra/monitoring/images/grafana.tag (1)
1-1: Confirm Grafana image digest for tag 1.13.0We attempted to verify the digest in CI but neither
cranenorskopeowas available. Please run one of the following locally to ensure the digest matches the new tag (otherwise you’ll keep pulling the old image):– With crane:
crane digest ghcr.io/cozystack/cozystack/grafana:1.13.0 # should output: # sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399– Or with Docker CLI:
docker pull ghcr.io/cozystack/cozystack/grafana:1.13.0 docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/cozystack/cozystack/grafana:1.13.0 # should include the same sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399If the returned digest differs, please update the SHA in
packages/extra/monitoring/images/grafana.tag.packages/core/testing/values.yaml (1)
2-2: Action Required: Manual verification of the e2e-sandbox image digestThe automated check didn’t run—neither
cranenorskopeowas available—so the SHA256 couldn’t be confirmed. Please double-check that the digest for v0.35.0 matches the pushed image to avoid pull failures. For example:docker pull ghcr.io/cozystack/cozystack/e2e-sandbox:v0.35.0 docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/cozystack/cozystack/e2e-sandbox:v0.35.0Ensure the output SHA256 equals:
sha256:7b8fd572f3f380a8046951429f637b743216cb18d7474170191d3cfaf31bd9bpackages/extra/seaweedfs/images/objectstorage-sidecar.tag (1)
1-1: Pinned upgrade from beta to stable looks goodImage promoted to v0.35.0 with a pinned digest. No issues spotted.
packages/system/kamaji/values.yaml (1)
6-6: Kamaji image promotion LGTMUpdated to v0.35.0 with digest pinning. This aligns with the release and is good practice.
packages/system/cozystack-controller/values.yaml (1)
2-2: Controller image and version bump look correct and consistent.Tag and cozystackVersion both moved to v0.35.0 and the image is digest-pinned. Looks good.
Also applies to: 5-5
packages/system/objectstorage-controller/values.yaml (1)
3-3: Objectstorage-controller promoted to v0.35.0 and digest-pinned — LGTM.Nothing else changed in this chart; the pin ensures reproducibility.
packages/system/seaweedfs/values.yaml (1)
119-119: SeaweedFS COSI sidecar aligned to v0.35.0 and digest-pinned — looks good.This keeps the objectstorage sidecar version consistent with the controller.
packages/apps/kubernetes/images/cluster-autoscaler.tag (1)
1-1: All pinned image digests are correctI’ve verified the GHCR manifests for every image updated in this PR and confirmed that each tag’s actual Docker-Content-Digest matches the pinned value. No digest changes are required.
packages/extra/bootbox/images/matchbox.tag (1)
1-1: Stable tag promotion with pinned digest looks good.Image moved from beta to v0.35.0 and digest is pinned. No issues spotted.
packages/system/kubeovn-webhook/values.yaml (1)
3-3: Webhook image updated to stable with digest pinning — OK.No other value changes; this aligns with the release bump pattern.
packages/core/installer/values.yaml (1)
2-2: Installer image updated to v0.35.0 with new digest — no beta references remain. Ready to merge.packages/apps/kubernetes/images/kubevirt-csi-driver.tag (1)
1-1: CSI driver version and digest alignment verifiedBoth
packages/apps/kubernetes/images/kubevirt-csi-driver.tagand
packages/system/kubevirt-csi-node/values.yamlreference
kubevirt-csi-driver:0.27.0@sha256:df3a2f503b4a035567b20b81a0f105c15971274fd675101c3b3eb2413d966d2e. No drift detected—changes are good to merge.packages/system/kubevirt-csi-node/values.yaml (1)
3-3: kubevirt-csi-node is aligned to 0.27.0 with matching digest — looks consistent.This matches the tag file update; good consistency.
packages/system/dashboard/values.yaml (2)
40-41: No remaining kubeapps-apis beta references; bump to v0.35.0 is complete
Ran the provided ripgrep scan and didn’t find anyv0.35.0-beta.1references.
packages/system/dashboard/values.yamlis correctly set totag: v0.35.0with the new digest.charts/kubeapps/Chart.yamlstill points to the Bitnami image (2.12.0-debian-12-r0), which is separate and does not require updating.- Makefile targets for
image-kubeapps-apisremain valid.All looks aligned across the repo. Great job!
22-22: Verify dashboard image tag↔digest alignmentThe automated check couldn’t fetch a public digest from GHCR (manifest endpoint returned no
Docker-Content-Digestheader without authentication), and yourvalues.yamlactually contains two digest entries:• packages/system/dashboard/values.yaml line 23:
digest: "sha256:54906b3d2492c8603a347a5938b6db36e5ed5c4149111cae1804ac9110361947"• packages/system/dashboard/values.yaml line 41:
digest: "sha256:f6bdc9edf8d5e6117f143bc9512f037f01297434ec9975347e2bc5ce7c7cabe3"Please manually confirm which digest corresponds to the
v0.35.0tag (for example, viadocker manifest inspect ghcr.io/cozystack/cozystack/dashboard:v0.35.0or GHCR API with auth) and ensure that the tag and chosen digest stay in sync.
2 participants
This PR prepares the release
v0.35.0.Summary by CodeRabbit