USHIFT-6499: Switch RHEL 9.8 and 10.2 bootc images to GA repos by agullon · Pull Request #6704 · openshift/microshift

agullon · 2026-05-20T10:52:54Z

Summary

RHEL 9.8 and 10.2 are now GA. This PR removes all pre-GA workarounds across the bootc and ostree CI pipelines, and upgrades the development environment to RHEL 9.8.

Bootc pipeline

Switch base images from registry.stage.redhat.io to registry.redhat.io for RHEL 9.8 and 10.2
Remove --disable-all repo workaround and mirror repo injection from test-agent containerfiles
Switch BIB ISO specs from localhost/test-agent workaround to direct registry references
Delete rhel98-mirror.repo and rhel102-mirror.repo (no longer needed)

OStree pipeline

Re-enable GPG checks in rhocp-y, rhocp-y1, rhocp-y2, and fast-datapath package sources (resolves existing TODO comments)
Fix rhel98-installer.image-installer from rhel-9.7 workaround to rhel-9.8
Remove enable_copr_repositories, disable_gpg_check, and enable_ocp_mirror_repositories from configure-composer.sh — all pre-GA RHEL workarounds resolved by the 9.8 host upgrade

DevEnv

Update default RHEL version from 9.4 to 9.8 for development VMs and AWS stacks
Fix stale 9.2 references in cloud and quay mirror documentation

Test plan

Bootc CI builds pull RHEL 9.8/10.2 from registry.redhat.io
BIB ISO generation uses GA images directly from registry
OStree image builds succeed with GPG checks re-enabled
DevEnv VM creation uses RHEL 9.8 ISO by default

🤖 Generated with Claude Code

openshift-ci-robot · 2026-05-20T10:52:59Z

@agullon: This pull request references USHIFT-6499 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

Switch bootc base images from registry.stage.redhat.io (staging) to registry.redhat.io (GA) for RHEL 9.8 and 10.2

Remove pre-GA workarounds: disabled repos, mirror repo injection, BIB localhost workaround

Delete no-longer-needed mirror repo templates (rhel98-mirror.repo, rhel102-mirror.repo)

Test plan

CI bootc builds pull RHEL 9.8/10.2 from registry.redhat.io

dnf install in containerfiles uses native GA repos

BIB ISO generation pulls GA images directly from registry

Downstream layers (presubmit, periodic, release) inherit correct repos

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-05-20T10:53:15Z

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

▶️ Resume reviews
🔍 Trigger review

Walkthrough

Removes staging-specific test-agent bootc steps, switches bootc blueprints to upstream RHEL images, enables GPG checks in package-source TOMLs, updates RHEL version references to 9.8 in docs/scripts, and removes OCP-mirror/COPR composer configuration.

Changes

RHEL Bootc and Configuration Updates

Layer / File(s)	Summary
Bootc Containerfile & blueprint edits `test/image-blueprints-bootc/el10/layer1-base/group1/rhel102-test-agent.containerfile`, `test/image-blueprints-bootc/el10/layer1-base/group2/rhel102-bootc.image-bootc`, `test/image-blueprints-bootc/el9/layer1-base/group1/rhel98-test-agent.containerfile`, `test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-bootc.image-bootc`, `test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-installer.image-installer`	Executes `rpm-repo-config.sh` without `--disable-all`, removes staging-only mirror `.repo` handling/build args, and points bootc blueprints to upstream `registry.redhat.io` images.
Enable GPG verification in package sources `test/package-sources/fast-datapath-rhel9.toml`, `test/package-sources/rhocp-y.toml`, `test/package-sources/rhocp-y1.toml`, `test/package-sources/rhocp-y2.toml`	Set `check_gpg = true` in multiple TOML package-source configurations and remove prior explanatory comments.
Docs and automation RHEL 9.8 bump `docs/contributor/devenv_cloud.md`, `docs/contributor/devenv_setup.md`, `docs/contributor/howto_quay_mirror.md`, `scripts/aws/manage_aws_stack.sh`, `scripts/devenv-builder/manage-vm.sh`, `test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-installer.image-installer`	Update ISO filenames, installer blueprint release, and default OS/version references from older RHEL 9.x values to RHEL 9.8.
Composer configuration simplification `scripts/devenv-builder/configure-composer.sh`	Remove OCP-mirror and COPR enablement helpers, stop disabling GPG checks in composer JSON, drop `--nobest` from osbuild install, and simplify composer setup flow.

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main objective: switching RHEL 9.8 and 10.2 bootc images to GA repositories instead of staging.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR contains no Ginkgo test files. Changes are limited to Containerfiles, image blueprints, repo configs, docs, scripts, and TOML files—no Go test definitions to evaluate.
Test Structure And Quality	✅ Passed	PR contains no Ginkgo test code to review; changes are limited to Containerfiles, image blueprints, configs, scripts, and docs.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. All changes (27 modifications, 3 deletions) are configuration, documentation, and script updates for RHEL 9.8/10.2 migration.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests (It(), Describe(), Context(), When()) found. PR changes are configuration, scripts, and documentation only.
Topology-Aware Scheduling Compatibility	✅ Passed	PR contains only container build config, repository configs, and scripts—no Kubernetes manifests, operators, or controllers introducing scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	PR modifies only Containerfiles, configs, docs, and shell scripts—no Go test binaries or process-level code changed. OTE Binary Stdout Contract check is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. Changes are limited to containerfiles, image blueprints, configuration files, documentation, and shell scripts—no Go test code is present.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-05-20T10:53:47Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: agullon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [agullon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

agullon · 2026-05-20T10:57:51Z

/hold until RHEL9.8 and RHEL10.2 are GAed

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/aws/manage_aws_stack.sh`:
- Around line 180-182: The help text shows a stale example 'rhel-9.3' that
contradicts the new default rhel-9.8; update the help string that contains
"[--os <os>]:            (create/ami only) specific version of RHEL" so the
example OS value matches the default (use 'rhel-9.8' instead of 'rhel-9.3') and
ensure any nearby documentation lines referencing the default are consistent
with the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 9fd254aa-b4c3-41fa-8e65-cfbe769e0c92

📥 Commits

Reviewing files that changed from the base of the PR and between c8520cb and bdb616d.

📒 Files selected for processing (11)

docs/contributor/devenv_cloud.md
docs/contributor/devenv_setup.md
docs/contributor/howto_quay_mirror.md
scripts/aws/manage_aws_stack.sh
scripts/devenv-builder/configure-composer.sh
scripts/devenv-builder/manage-vm.sh
test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-installer.image-installer
test/package-sources/fast-datapath-rhel9.toml
test/package-sources/rhocp-y.toml
test/package-sources/rhocp-y1.toml
test/package-sources/rhocp-y2.toml

💤 Files with no reviewable changes (1)

scripts/devenv-builder/configure-composer.sh

✅ Files skipped from review due to trivial changes (3)

test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-installer.image-installer
docs/contributor/howto_quay_mirror.md
docs/contributor/devenv_setup.md

agullon · 2026-05-21T06:35:30Z

/hold cancel

ggiguash · 2026-05-21T06:46:06Z

+# Configure RHEL 9.8 repositories for building ostree images when the host
+# OS is not yet running RHEL 9.8. Create the config from the host OS template
+# with URLs rewritten to point to RHEL 9.8 production repos.
+if [[ "${VERSION_ID}" != "9.8" ]]; then


Please, create a story in the epic to undo this change when devenv is switched to RHEL 9.8

agullon · 2026-05-21T08:11:49Z

/test e2e-aws-tests-cache
/test e2e-aws-tests-cache-arm

agullon · 2026-05-21T11:21:55Z

/test e2e-aws-tests-cache
/test e2e-aws-tests-cache-arm

RHEL 9.8 and 10.2 are now GA. Replace staging registry references with official registry.redhat.io images and remove pre-GA workarounds (disabled repos, mirror repo injection, BIB localhost workaround). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED

Now that the build host runs RHEL 9.8: - Re-enable GPG checks in ostree package sources (rhocp-y, rhocp-y1, rhocp-y2, fast-datapath) as indicated by existing TODO comments - Fix rhel98-installer to use rhel-9.8 instead of rhel-9.7 workaround - Remove all pre-GA workarounds from configure-composer.sh: enable_copr_repositories, disable_gpg_check, and enable_ocp_mirror_repositories with their function definitions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED

Update default RHEL version for development VMs and AWS stacks from 9.4 to 9.8 now that RHEL 9.8 is GA. Fix stale 9.2 references in cloud and quay mirror documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> pre-commit.check-secrets: ENABLED

agullon · 2026-05-21T14:00:04Z

/hold

agullon · 2026-05-21T14:11:06Z

/test e2e-aws-tests-cache
/test e2e-aws-tests-cache-arm

agullon · 2026-05-21T14:48:26Z

/test e2e-aws-tests-cache
/test e2e-aws-tests-cache-arm

agullon · 2026-05-21T15:01:52Z

/test e2e-aws-tests-cache
/test e2e-aws-tests-cache-arm

agullon · 2026-05-21T16:09:53Z

/test e2e-aws-tests-cache
/test e2e-aws-tests-cache-arm

agullon · 2026-05-22T06:38:17Z

/test e2e-aws-tests-cache
/test e2e-aws-tests-cache-arm

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 20, 2026

openshift-ci Bot requested review from copejon and pacevedom May 20, 2026 10:53

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 20, 2026

coderabbitai Bot approved these changes May 20, 2026

View reviewed changes

agullon marked this pull request as draft May 20, 2026 10:57

openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 20, 2026

openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 20, 2026

agullon closed this May 20, 2026

agullon reopened this May 20, 2026

coderabbitai Bot requested changes May 20, 2026

View reviewed changes

Comment thread scripts/aws/manage_aws_stack.sh

agullon force-pushed the USHIFT-6499-main branch 3 times, most recently from b987458 to fd7bb9d Compare May 20, 2026 13:31

ggiguash reviewed May 20, 2026

View reviewed changes

Comment thread scripts/devenv-builder/configure-composer.sh

agullon force-pushed the USHIFT-6499-main branch 3 times, most recently from 7633cd7 to a87f79c Compare May 21, 2026 06:34

openshift-ci Bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 21, 2026

coderabbitai Bot approved these changes May 21, 2026

View reviewed changes

agullon marked this pull request as ready for review May 21, 2026 06:38

openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 21, 2026

agullon self-assigned this May 21, 2026

openshift-ci Bot requested a review from jogeo May 21, 2026 06:39

ggiguash requested changes May 21, 2026

View reviewed changes

agullon added 3 commits May 21, 2026 15:55

agullon force-pushed the USHIFT-6499-main branch from 5feda4d to 347e7fe Compare May 21, 2026 13:56

agullon marked this pull request as draft May 21, 2026 13:59

openshift-ci Bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels May 21, 2026

Conversation

agullon commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Bootc pipeline

OStree pipeline

DevEnv

Test plan

Uh oh!

openshift-ci-robot commented May 20, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Test plan

Uh oh!

coderabbitai Bot commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviews paused

Walkthrough

Changes

❌ Failed checks (1 warning)

Uh oh!

openshift-ci Bot commented May 20, 2026

Uh oh!

agullon commented May 20, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

agullon commented May 21, 2026

Uh oh!

Uh oh!

ggiguash May 21, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

agullon commented May 21, 2026

Uh oh!

agullon commented May 21, 2026

Uh oh!

agullon commented May 21, 2026

Uh oh!

agullon commented May 21, 2026

Uh oh!

agullon commented May 21, 2026

Uh oh!

agullon commented May 21, 2026

Uh oh!

agullon commented May 21, 2026

Uh oh!

agullon commented May 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

agullon commented May 20, 2026 •

edited

Loading

openshift-ci-robot commented May 20, 2026 •

edited by openshift-ci Bot

Loading

coderabbitai Bot commented May 20, 2026 •

edited

Loading