Conversation
Signed-off-by: cozystack-bot <[email protected]>
cozystack-bot
requested review from
klinch0,
kvaps and
lllamnyp
as code owners
WalkthroughThe PR updates container image tags and/or digests across multiple components, primarily bumping versions from v0.36.0-beta.2 to v0.36.0-beta.3 and Kubernetes-related images from 0.28.0 to 0.29.0. It also refreshes several image digests, adjusts dashboard appVersion, and updates Kamaji’s migrate-image argument. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested reviewers
Pre-merge checks (2 passed, 1 inconclusive)❌ Failed Checks (1 inconclusive)
✅ Passed Checks (2 passed)
Poem
Tip 👮 Agentic pre-merge checks are now available in preview!Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs. ✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](proxy.php?url=https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @cozystack-bot, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request systematically updates all relevant image references and version strings within the Cozystack project to align with the upcoming v0.36.0-beta.3 release. The changes ensure that all deployed components will utilize the correct, newly released container images and associated versioning, facilitating a smooth and consistent release rollout.
Highlights
- Release Preparation: This pull request is dedicated to preparing the
v0.36.0-beta.3release of the Cozystack project. - Image Tag Updates: Numerous component image tags have been updated from
v0.36.0-beta.2tov0.36.0-beta.3across variousvalues.yamland.tagfiles. This includes core components likeinstaller,e2e-sandbox,matchbox,objectstorage-sidecar,cozystack-api,cozystack-controller,dashboard,kubeapps-apis,kamaji, andkubeovn-webhook. - Kubernetes Component Version Bumps: Specific Kubernetes-related components, namely
cluster-autoscaler,kubevirt-cloud-provider, andkubevirt-csi-driver, have had their image versions updated from0.28.0to0.29.0. - Image SHA Updates: All updated image tags also include corresponding updates to their SHA256 digests, ensuring integrity and specific image versions are referenced.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request prepares for the v0.36.0-beta.3 release by updating various image tags and version numbers across the repository. The review has identified several inconsistencies where image digests have not been updated along with their tags. One of these is critical as it would lead to deploying an older version of a component. Other issues point to potentially incorrect image builds or references. It is recommended to address these inconsistencies to ensure the release is correct.
| registry: ghcr.io/cozystack/cozystack | ||
| repository: dashboard | ||
| tag: v0.36.0-beta.2 | ||
| tag: v0.36.0-beta.3 |
There was a problem hiding this comment.
The image tag for the dashboard has been updated to v0.36.0-beta.3, but the digest on line 23 has not been updated. When a digest is specified, it overrides the tag, which will cause the old image to be deployed. Please update the digest to match the new v0.36.0-beta.3 image.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.28.0@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2 | |||
| ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.29.0@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2 | |||
There was a problem hiding this comment.
The image version was bumped from 0.28.0 to 0.29.0, but the SHA256 digest has not changed. This is unusual and could indicate that the new image version was not built or pushed correctly, or that there were no changes between versions. Please verify that this is intended. If the image content has changed, the digest should be updated.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.28.0@sha256:8eb9803aa1b38e1b2db98237bf0d1046f0ba90be0157c22da1efc3811bb25ecf | |||
| ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.29.0@sha256:8eb9803aa1b38e1b2db98237bf0d1046f0ba90be0157c22da1efc3811bb25ecf | |||
There was a problem hiding this comment.
The image version was bumped from 0.28.0 to 0.29.0, but the SHA256 digest has not changed. This is unusual and could indicate that the new image version was not built or pushed correctly, or that there were no changes between versions. Please verify that this is intended. If the image content has changed, the digest should be updated. This same issue is present in packages/system/kubevirt-csi-node/values.yaml.
| storageClass: replicated | ||
| csiDriver: | ||
| image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.28.0@sha256:8eb9803aa1b38e1b2db98237bf0d1046f0ba90be0157c22da1efc3811bb25ecf | ||
| image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.29.0@sha256:8eb9803aa1b38e1b2db98237bf0d1046f0ba90be0157c22da1efc3811bb25ecf |
There was a problem hiding this comment.
The image version for kubevirt-csi-driver was bumped from 0.28.0 to 0.29.0, but the SHA256 digest has not changed. This is inconsistent with the version bump and likely an error, which could lead to using an old or incorrect image. Please verify the image digest is correct for version 0.29.0. This is related to the change in packages/apps/kubernetes/images/kubevirt-csi-driver.tag.
![coderabbitai[bot]](proxy.php?url=https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (3)
packages/system/cozystack-controller/values.yaml (1)
2-5: Integrate CI check for cozystackVersion and image tag
cozystackVersion matches the image tag; add the provided shell script into CI to prevent future drift.packages/system/kamaji/values.yaml (1)
6-6: Digests lockstep verified; optional refactor suggested
- Tag and migrate-image digests match (sha256:0d74d0a680f4baabf1612c3fb42f0df3b02e2c02d5d913116b6c0d460297fbd3); maintain this lockstep on future bumps.
- Optional: refactor values.yaml to expose repository, tag, and digest as separate fields to avoid duplicating the same digest in multiple entries.
packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml (1)
79-79: Avoid hardcoding appVersion in config.jsonTemplate the value to keep it in lockstep with the chart/image version and prevent future drift.
Apply:
- "appVersion": "v0.36.0-beta.3", + "appVersion": {{ include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) | quote }},
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (19)
packages/apps/http-cache/images/nginx-cache.tag(1 hunks)packages/apps/kubernetes/images/cluster-autoscaler.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-cloud-provider.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-csi-driver.tag(1 hunks)packages/core/installer/values.yaml(1 hunks)packages/core/testing/values.yaml(1 hunks)packages/extra/bootbox/images/matchbox.tag(1 hunks)packages/extra/seaweedfs/images/objectstorage-sidecar.tag(1 hunks)packages/system/bucket/images/s3manager.tag(1 hunks)packages/system/cozystack-api/values.yaml(1 hunks)packages/system/cozystack-controller/values.yaml(1 hunks)packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml(1 hunks)packages/system/dashboard/values.yaml(2 hunks)packages/system/kamaji/values.yaml(2 hunks)packages/system/kubeovn-webhook/values.yaml(1 hunks)packages/system/kubeovn/values.yaml(1 hunks)packages/system/kubevirt-csi-node/values.yaml(1 hunks)packages/system/objectstorage-controller/values.yaml(1 hunks)packages/system/seaweedfs/values.yaml(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Prepare environment
🔇 Additional comments (15)
packages/system/kubevirt-csi-node/values.yaml (1)
3-3: Re-run digest pin check with updated script
The beta.2 reference check passed, but the previous PCRE2 regex for finding unpinned image tags failed. Please run the following to ensure everykubevirt-csi-drivertag is pinned with a digest and then confirm the digest matches v0.29.0 and compatibility with your Kubernetes/KubeVirt versions:#!/bin/bash set -euo pipefail # 1) No leftover references to v0.36.0-beta.2 rg -n "v0\.36\.0-beta\.2" -S || echo "OK: no beta.2 references found" # 2) Ensure all kubevirt-csi-driver refs are pinned with @sha256 digest unpinned=$(rg -n "kubevirt-csi-driver:[0-9]+\.[0-9]+\.[0-9]+" -S | grep -v "@sha256:") || true if [[ -n $unpinned ]]; then echo "Found unpinned kubevirt-csi-driver refs:" echo "$unpinned" exit 1 fi echo "OK: all kubevirt-csi-driver refs pinned"packages/system/kubeovn-webhook/values.yaml (1)
3-3: Image pin verified; confirm CLI defaults unchanged
CLI flags or default certificate paths may have changed in v0.36.0-beta.3—review the upstream changelog or run the new image with--helpto ensure cert/flag defaults remain correct.packages/system/kubeovn/values.yaml (1)
67-67: Manual digest and changelog verification required
Unable to fetch the new image digest automatically—please confirm that sha256:26865e4020b84ec33fd8947cd9a7b46443b3195ccc7a4ca2953145320ec838b7 is published for ghcr.io/cozystack/cozystack/kubeovn:v1.14.5 and review the upstream kube-ovn v1.14.5 release notes for any runtime-impacting changes.packages/core/testing/values.yaml (1)
2-2: Approve E2E image bump
No references tov0.36.0-beta.2remain in testing configs. Please trigger the full E2E suite againstv0.36.0-beta.3.packages/apps/http-cache/images/nginx-cache.tag (1)
1-1: Digest-only update retained version — LGTM.Pin is correct. If this was a rebuild, confirm no behavioral changes (modules, default configs).
packages/system/bucket/images/s3manager.tag (1)
1-1: Digest rotated for v0.5.0 — confirm dependent charts and rollout strategy
- No hard-coded s3manager image references detected.
- Ensure all Helm charts (and other consumers) pull via this tag file.
- Verify your deployment’s rolling-update (or equivalent) tolerates the new digest without disruption.
packages/extra/bootbox/images/matchbox.tag (1)
1-1: LGTM: digest-pinned image bump to beta.3.
No issues found.packages/system/cozystack-api/values.yaml (1)
2-2: LGTM: cozystack-api image updated to beta.3 with digest.
Looks consistent with the release bump.packages/system/seaweedfs/values.yaml (1)
127-127: LGTM: COSI sidecar moved to beta.3 with digest.
Matches the sidecar tag file in extra/seaweedfs.packages/apps/kubernetes/images/kubevirt-csi-driver.tag (1)
1-1: Tag 0.29.0 digest verified upstream—both0.28.0and0.29.0resolve tosha256:8eb9803aa1b38e1b2db98237bf0d1046f0ba90be0157c22da1efc3811bb25ecf, and the pinned digest matches.packages/apps/kubernetes/images/cluster-autoscaler.tag (1)
1-1: LGTM: cluster-autoscaler bumped to 0.29.0 with new digest.
All good.packages/system/objectstorage-controller/values.yaml (1)
3-3: LGTM: objectstorage-controller moved to beta.3 with digest.
No concerns.packages/apps/kubernetes/images/kubevirt-cloud-provider.tag (1)
1-1: Confirm digest for v0.29.0
No 0.28.x references remain and the new v0.29.0 tag appears only inpackages/apps/kubernetes/images/kubevirt-cloud-provider.tag. Please verify that retaining the same digest for this new tag is intentional.packages/system/dashboard/values.yaml (2)
51-52: LGTM: kubeapps-apis tag/digest bumpTag and digest updated consistently with the release. No issues spotted.
22-23: Single-source version to avoid drift
Sweep confirms no stale dashboard versions or image pins. To reduce manual bumps across values and templates, consider deriving the UI-visible version from.Chart.AppVersion(or using the same include as templates) and adding a CI check to fail on mismatches betweenappVersionand image tags.
| @@ -1,2 +1,2 @@ | |||
| cozystack: | |||
| image: ghcr.io/cozystack/cozystack/installer:v0.36.0-beta.2@sha256:c9b197736d4e0bcf5ed74ed771d6408a6ea09b0451a3871469a1977eb849bef1 | |||
| image: ghcr.io/cozystack/cozystack/installer:v0.36.0-beta.3@sha256:275a20255a04c4cc5850fada5b7b15fbe95cd75c5eef518679ca192800a9f916 | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
LGTM: installer image bumped to beta.3 with digest.
Looks consistent with the release.
Repo-wide sanity checks:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 1) Ensure no old versions remain referenced
echo "Searching for leftover v0.36.0-beta.2 and 0.28.0 references..."
rg -n --hidden -S 'v0\.36\.0-beta\.2|[^0-9]0\.28\.0([^0-9]|$)' || true
# 2) Verify all GHCR images with pinned digests actually resolve and match the tag's digest
accept='application/vnd.oci.image.index.v1+json, application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json'
tmp="$(mktemp)"
rg -noP 'ghcr\.io/cozystack/cozystack/[^\s"'\''@]+:[^\s"'\''@]+@sha256:[0-9a-f]{64}' | sort -u > "$tmp"
check_one() {
local ref="$1"
local path tag digest repo token d_hdr tag_digest code
path="${ref#ghcr.io/}"
repo="${path%@*}"; repo="${repo%:*}"
tag="${path#*:}"; tag="${tag%@*}"
digest="${ref#*@}"
token="$(curl -fsSL "https://ghcr.io/token?service=ghcr.io&scope=repository:${repo}:pull" | jq -r .token)"
d_hdr="$(curl -fsSLI -H "Authorization: Bearer ${token}" -H "Accept: ${accept}" "https://ghcr.io/v2/${repo}/manifests/${tag}" | tr -d '\r')"
tag_digest="$(awk -F': ' '/[Dd]ocker-[Cc]ontent-[Dd]igest/ {print $2}' <<<"$d_hdr")"
code="$(curl -o /dev/null -s -w '%{http_code}' -H "Authorization: Bearer ${token}" -H "Accept: ${accept}" "https://ghcr.io/v2/${repo}/manifests/${digest}")"
echo "REF: ${ref}"
echo " tag_digest: ${tag_digest}"
echo " pinned : ${digest}"
echo " digest_exists_http: ${code}"
[[ "${code}" == "200" ]] || { echo " ERROR: digest not found"; return 1; }
[[ "${tag_digest}" == "${digest}" ]] && echo " OK: tag -> digest matches" || echo " WARN: tag digest differs (acceptable if intentionally pinned)"
}
echo "Verifying $(wc -l < "$tmp") images..."
rc=0; while read -r img; do check_one "$img" || rc=1; done < "$tmp"; exit $rcLength of output: 12825
CRITICAL: GHCR pinned digest for installer:v0.36.0-beta.3 returned 404
Manifest lookup for ghcr.io/cozystack/cozystack/installer:v0.36.0-beta.3@sha256:275a20255a04c4cc5850fada5b7b15fbe95cd75c5eef518679ca192800a9f916 failed with HTTP 404—ensure the image is published before merging and update this digest to the correct value.
🤖 Prompt for AI Agents
In packages/core/installer/values.yaml around line 2, the GHCR image reference
is pinned to a digest that returns 404; verify that the installer:v0.36.0-beta.3
image has been published to ghcr.io and obtain the correct digest (e.g., pull
the tag and inspect RepoDigests or query the registry API), then replace the
broken sha256 value with the correct digest; if the image is not yet published,
either wait for publication or temporarily reference the tag without a digest
until the canonical digest is available.
| @@ -1 +1 @@ | |||
| ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.36.0-beta.2@sha256:e550053503a8aaef2b3611e660d2686b2746adc3114853d73dd1753450dee3ce | |||
| ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.36.0-beta.3@sha256:c8db3d458f65c6a3ccd25651a670e549a6a5601b7832f25bb873fdaf3113008c | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Sidecar bump aligned with release; ensure consumers updated.
Looks consistent with seaweedfs values updates mentioned. Verify no stale sidecar refs remain.
🏁 Script executed:
#!/bin/bash
set -euo pipefail
line="$(cat packages/extra/seaweedfs/images/objectstorage-sidecar.tag)"
# Expect seaweedfs values to contain identical image ref
rg -nF "$line" packages/system/seaweedfs/values.yaml || { echo "Missing updated sidecar image in seaweedfs values"; exit 1; }
echo "OK: seaweedfs values reference matches tag file"Length of output: 203
🏁 Script executed:
#!/usr/bin/env bash
set -euo pipefail
echo "Searching for all references to objectstorage-sidecar in repository"
rg -n "objectstorage-sidecar" -H -n .Length of output: 947
Update stale objectstorage-sidecar reference in chart values
packages/system/seaweedfs/charts/seaweedfs/values.yaml:1233 still points to
gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:v20250711-controllerv0.2.0-rc1-80-gc2f6e65—bump to the new cozystack image (ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.36.0-beta.3@sha256:c8db3d458f65c6a5601b7832f25bb873fdaf3113008c) or reference the tag file.
🤖 Prompt for AI Agents
In packages/system/seaweedfs/charts/seaweedfs/values.yaml around line 1233, the
objectstorage-sidecar image is stale (gcr.io/k8s-staging-sig-storage/...) —
update that value to use the new Cozystack image reference
ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.36.0-beta.3@sha256:c8db3d458f65c6a3ccd25651a670e549a6a5601b7832f25bb873fdaf3113008c
(or replace it with a reference to the provided tag file path
packages/extra/seaweedfs/images/objectstorage-sidecar.tag), ensuring the full
image+digest is used and adjusting any related imagePullSecrets or comments if
present.
2 participants
This PR prepares the release
v0.36.0-beta.3.Summary by CodeRabbit