Skip to content

[verify] LXD guest Pro attachment fixes latest/edge builds#60

Closed
ktsakalozos-canonical wants to merge 4 commits into
mainfrom
verify-lxd-guest-pro-attach
Closed

[verify] LXD guest Pro attachment fixes latest/edge builds#60
ktsakalozos-canonical wants to merge 4 commits into
mainfrom
verify-lxd-guest-pro-attach

Conversation

@ktsakalozos-canonical

Copy link
Copy Markdown
Contributor

Summary

Verification PR — do not merge as-is. Confirms that canonical/k8s-workflows#60 (enable LXD guest Pro attachment) fixes the latest/edge rockcraft Pro-attach failures.

This branch is built on top of #59 (switch all rocks to latest/edge + relocate .rockcraft-version.yaml into each rock dir) and additionally repoints the build_rocks.yaml reference from @main to @fix-lxd-guest-pro-attach.

What to look for

  • The Enable LXD guest Pro attachment step runs on each build runner.
  • Build containers no longer fail with Failed to attach '<container>' to a Pro subscription. (previously failed all 3 retries on every edge build, e.g. 1.15.2/cilium arm64).
  • FIPS Pro builds proceed.

Note: 1.16.3 may still fail on a separate libgcrypt20 FIPS downgrade issue — tracked independently.

Follow-up

Once green, k8s-workflows#60 merges, then #59 reverts its ref back to @main and lands. This verification branch/PR is then closed.

Replace the repo-wide rockcraft revision pin (3494/3547) with a
per-version .rockcraft-version.yaml selecting the latest/edge channel.

The build workflow's rockcraft resolution only walks the rock dir and
its immediate parent, so the repo-root .rockcraft-version.yaml was never
consulted for nested rocks; those fell through to the rockcraft-revisions
workflow input. Placing the file at each X.Y.Z/ dir makes the channel
selection effective. The latest/edge rockcraft is expected to resolve the
FIPS libgcrypt20 apt-downgrade failure in the 1.16.3 build.

The 1.17.12 static variants keep their latest/stable + pro-features:
disabled overrides.
The build workflow's PR change-detection keys off hashFiles(rockPath/**)
and the **/rockcraft.yaml path filter. The parent-level X.Y.Z/
.rockcraft-version.yaml files were outside each rock dir, so they changed
neither signal and every rock was treated as unchanged -- build-rocks,
run-tests and the multiarch manifest were all skipped.

Move the latest/edge selection into each rock directory (next to
rockcraft.yaml -- the workflow's documented priority-1 location). This
changes each rock's content hash so the rocks are rebuilt and validated,
and keeps channel resolution correct.

The 1.17.12 static variants keep their own latest/stable +
pro-features: disabled overrides.
Temporary: verifies canonical/k8s-workflows#60 (LXD guest Pro attachment)
fixes the latest/edge rockcraft Pro-attach failures. Revert to @main
before merging.
Picks up the updated k8s-workflows fix branch (rockcraft override) to
verify the FIPS libgcrypt20 downgrade fix on the 1.16.x noble agent rocks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants