Skip to content

ci: update Spectrum-X Operator STIG components (Ubuntu: 87b43f6-ubuntu, RHEL: 87b43f6-rhel) #2097

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nvidia-ci-cd wants to merge 1 commit into from
Closed

ci: update Spectrum-X Operator STIG components (Ubuntu: 87b43f6-ubuntu, RHEL: 87b43f6-rhel) #2097

nvidia-ci-cd wants to merge 1 commit into from

Conversation

@nvidia-ci-cd
Copy link
Collaborator

@nvidia-ci-cd nvidia-ci-cd commented Feb 1, 2026

Automated CI update for components 'spectrumXOperatorStigFipsUbuntu' and 'spectrumXOperatorStigFipsRhel', created by internal GitLab CI for release branch network-operator-26.1.x.

@nvidia-ci-cd
ci: update Spectrum-X Operator STIG components to 87b43f6-ubuntu and …
a40f8c1 
…87b43f6-rhel

Signed-off-by: nvidia-ci-cd <svc-cloud-orch-gh@nvidia.com>
@greptile-apps
Copy link

greptile-apps bot commented Feb 1, 2026

Greptile Overview

Greptile Summary

This PR updates the version strings for Spectrum-X Operator STIG FIPS components from semantic versioning format to short commit hash format.

Key Changes:

  • spectrumXOperatorStigFipsRhel: network-operator-v26.1.0-beta.5-stig-fips-rhel87b43f6-rhel
  • spectrumXOperatorStigFipsUbuntu: network-operator-v26.1.0-beta.5-stig-fips-ubuntu87b43f6-ubuntu

Critical Issues:

  • The new version format is inconsistent with all other components in hack/release.yaml, which use semantic versioning (e.g., network-operator-v26.1.0-beta.5-stig-fips)
  • The automated release workflow in .github/workflows/release.yaml (lines 172-179, 259-266) expects STIG FIPS component versions to follow the pattern ${COMPONENT_TAG}-stig-fips-${component_flavor} (e.g., network-operator-v26.1.0-beta.5-stig-fips-rhel)
  • This version format change may cause the CI/CD pipeline to construct incorrect image tags when pulling from the container registry
  • The wait-for-images job checks for image availability using the expected pattern, which will likely fail with these short hash versions

Confidence Score: 2/5

  • This PR introduces a breaking versioning format change that is highly likely to disrupt automated release workflows
  • The version format change from semantic versioning to short commit hashes is fundamentally incompatible with the existing CI/CD infrastructure. The release workflow hardcodes expectations for STIG FIPS component version patterns, and this deviation will likely cause image pull failures and pipeline breakage
  • hack/release.yaml requires immediate attention - the version format must match the pattern expected by .github/workflows/release.yaml

Important Files Changed

Filename Overview
hack/release.yaml Changed spectrumXOperatorStigFips version format from semantic versioning (network-operator-v26.1.0-beta.5-stig-fips-{rhel

Sequence Diagram

sequenceDiagram
    participant CI as CI System (nvidia-ci-cd)
    participant PR as Pull Request
    participant ReleaseYAML as hack/release.yaml
    participant Workflow as .github/workflows/release.yaml
    participant Registry as nvcr.io/nvstaging/mellanox
    
    Note over CI,Registry: Automated Component Version Update
    CI->>ReleaseYAML: Update spectrumXOperatorStigFipsRhel version
    CI->>ReleaseYAML: network-operator-v26.1.0-beta.5-stig-fips-rhel → 87b43f6-rhel
    CI->>ReleaseYAML: Update spectrumXOperatorStigFipsUbuntu version
    CI->>ReleaseYAML: network-operator-v26.1.0-beta.5-stig-fips-ubuntu → 87b43f6-ubuntu
    CI->>PR: Create PR #2097 with changes
    
    Note over Workflow,Registry: Expected Release Process Flow
    Workflow->>ReleaseYAML: Read component definitions
    Workflow->>Workflow: Parse STIG FIPS components
    Workflow->>Workflow: Apply version pattern: ${COMPONENT_TAG}-stig-fips-${flavor}
    Note over Workflow: ⚠️ Expects format like:<br/>network-operator-v26.1.0-beta.5-stig-fips-rhel
    Workflow->>Registry: Pull image with constructed tag
    Registry-->>Workflow: ❌ May fail if 87b43f6-rhel doesn't match expected pattern
Loading

greptile-apps[bot]
greptile-apps bot reviewed Feb 1, 2026
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, 2 comments

Edit Code Review Agent Settings | Greptile

hack/release.yaml
repository: nvcr.io/nvstaging/mellanox
sourceRepository: spectrum-x-operator
version: network-operator-v26.1.0-beta.5-stig-fips-rhel
version: 87b43f6-rhel
Copy link

@greptile-apps greptile-apps bot Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Version format 87b43f6-rhel is inconsistent with all other STIG FIPS components in this file, which use the pattern network-operator-v{VERSION}-stig-fips-{os} (e.g., line 36: network-operator-v26.1.0-beta.5-stig-fips). The release workflow at .github/workflows/release.yaml:172-179 expects STIG FIPS components to follow the ${COMPONENT_TAG}-stig-fips-${component_flavor} format. This short hash format may cause the automated release process to fail.

hack/release.yaml
repository: nvcr.io/nvstaging/mellanox
sourceRepository: spectrum-x-operator
version: network-operator-v26.1.0-beta.5-stig-fips-ubuntu
version: 87b43f6-ubuntu
Copy link

@greptile-apps greptile-apps bot Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Version format 87b43f6-ubuntu is inconsistent with all other STIG FIPS components in this file, which use the pattern network-operator-v{VERSION}-stig-fips-{os}. The release workflow at .github/workflows/release.yaml:172-179 expects STIG FIPS components to follow the ${COMPONENT_TAG}-stig-fips-${component_flavor} format. This short hash format may cause the automated release process to fail.

@rollandf rollandf closed this Feb 1, 2026
@maze88 maze88 deleted the ci/update-spectrum-x-operator-stig-fips-versions-to-b1be792f branch February 1, 2026 09:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@e0ne e0ne Awaiting requested review from e0ne

@almaslennikov almaslennikov Awaiting requested review from almaslennikov

@rollandf rollandf Awaiting requested review from rollandf

@heyvister1 heyvister1 Awaiting requested review from heyvister1

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nvidia-ci-cd @rollandf