Skip to content

verticadb-operator/25.3.0.0 package update #58763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
powersj merged 3 commits into from
Jul 11, 2025
Merged

verticadb-operator/25.3.0.0 package update #58763

powersj merged 3 commits into from
Jul 11, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Jul 10, 2025

@wolfi-bot
verticadb-operator/25.3.0.0 package update
b47ef52 
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr verticadb-operator labels Jul 10, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Jul 10, 2025

🔄 Build Failed: Git Checkout Error

FAIL Expected commit 03f70bb4a8fc86bc5b8f37493fc693f724e87955 for v25.3.0-0, found 8e43cce4d8c9388b1305ebed20ffa07af35cb2b7

Build Details

Category Details
Build System git
Failure Point git checkout v25.3.0-0

Root Cause Analysis 🔍

The git checkout step failed because the actual commit hash (8e43cce4d8c9388b1305ebed20ffa07af35cb2b7) for tag v25.3.0-0 does not match the expected commit hash (03f70bb4a8fc86bc5b8f37493fc693f724e87955) specified in the build configuration. This indicates either the repository has been updated since the build configuration was created, or there's a mismatch in the expected commit hash in the build configuration.

🔍 Build failure fix suggestions

Found similar build failures that have been fixed in the past and analyzed them to suggest a fix:

Similar PRs with fixes

Suggested Changes

File: verticadb-operator.yaml

  • replacement at line pipeline section, git-checkout step (pipeline.git-checkout.with.expected-commit)
    Original:
expected-commit: 03f70bb4a8fc86bc5b8f37493fc693f724e87955

Replacement:

expected-commit: 8e43cce4d8c9388b1305ebed20ffa07af35cb2b7

Content:

Update the expected-commit hash to match the actual commit hash of the tag
Click to expand fix analysis

Analysis

Looking at the similar fixed build failures, there's a consistent pattern when dealing with git commit hash mismatches in the git-checkout step. In all three examples, the fix involved updating the expected-commit value in the YAML file to match the actual commit hash that the tag points to in the repository.

The error message "Expected commit 03f70bb4a8fc86bc5b8f37493fc693f724e87955 for v25.3.0-0, found 8e43cce4d8c9388b1305ebed20ffa07af35cb2b7" clearly indicates that the git tag v25.3.0-0 is pointing to a different commit (8e43cce4d8c9388b1305ebed20ffa07af35cb2b7) than what was expected in the build configuration (03f70bb4a8fc86bc5b8f37493fc693f724e87955).

In all the example fixes, the maintainers updated the expected-commit hash in the git-checkout step to match the actual commit hash that the tag points to in the repository. This is the simplest and most direct way to fix this type of issue.

Click to expand fix explanation

Explanation

The build is failing because the git tag v25.3.0-0 is pointing to commit hash 8e43cce4d8c9388b1305ebed20ffa07af35cb2b7, but the build configuration in the Melange YAML file is expecting it to point to commit hash 03f70bb4a8fc86bc5b8f37493fc693f724e87955.

This mismatch can occur for several reasons:

  1. The upstream repository might have force-pushed the tag to point to a different commit
  2. The tag might be a lightweight tag that points to a specific commit, but the build system expected an annotated tag
  3. The tag might have been recreated or moved since the package definition was first created

The suggested fix updates the expected-commit field in the git-checkout step to match the actual commit hash that the tag points to now. This tells the build system to expect the current state of the repository rather than an outdated state.

This is a safe change because:

  1. It maintains the versioning specified in the package definition
  2. It resolves the checkout error without changing the package functionality
  3. It follows the same pattern used in similar fixes
  4. It aligns with Wolfi's guideline of keeping packages up to date with upstream releases

The error message provides the exact commit hash we should use (8e43cce4d8c9388b1305ebed20ffa07af35cb2b7), making this a straightforward fix.

Click to expand alternative approaches

Alternative Approaches

  • Another approach would be to check out the repository by specific commit hash instead of tag, by removing the 'tag' parameter and only using the 'expected-commit'. However, this is less maintainable as it doesn't follow the semantic versioning that tags provide and makes automated updates more difficult.
  • A third approach would be to update both the package version and the expected commit hash if the tag has been moved to a newer version of the software. However, there's no indication in the error message that this is the case - it appears to be just a mismatch in the expected commit hash for the same tag.
  • If the upstream project frequently moves tags or has inconsistent tagging practices, we could consider implementing a more robust checkout strategy in the future that verifies the content matches expected checksums, rather than relying solely on git commit hashes.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Jul 10, 2025
@vishal-chdhry vishal-chdhry self-assigned this Jul 11, 2025
@vishal-chdhry
fix: update commit hash
6e783b4 
Signed-off-by: Vishal Choudhary <vishal.choudhary@chainguard.dev>
@vishal-chdhry
fix: remove go bumps
ccda3d8 
Signed-off-by: Vishal Choudhary <vishal.choudhary@chainguard.dev>
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Jul 11, 2025
@vishal-chdhry vishal-chdhry requested a review from a team July 11, 2025 09:36
@powersj powersj merged commit f9c30f3 into main Jul 11, 2025
25 checks passed
@powersj powersj deleted the wolfictl-7bb71740-669a-401c-9d89-ee8bdd9c8bf9 branch July 11, 2025 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@powersj powersj powersj approved these changes

Assignees

@vishal-chdhry vishal-chdhry

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed request-version-update request for a newer version of a package verticadb-operator

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@powersj @vishal-chdhry @wolfi-bot