From 66fc685bc8ab70113ed486b766e1bd20923caf7b Mon Sep 17 00:00:00 2001 From: Konstantinos Tsakalozos Date: Wed, 24 Jun 2026 16:24:40 +0300 Subject: [PATCH 1/4] ci: pin rockcraft to latest/edge channel for all versions Replace the repo-wide rockcraft revision pin (3494/3547) with a per-version .rockcraft-version.yaml selecting the latest/edge channel. The build workflow's rockcraft resolution only walks the rock dir and its immediate parent, so the repo-root .rockcraft-version.yaml was never consulted for nested rocks; those fell through to the rockcraft-revisions workflow input. Placing the file at each X.Y.Z/ dir makes the channel selection effective. The latest/edge rockcraft is expected to resolve the FIPS libgcrypt20 apt-downgrade failure in the 1.16.3 build. The 1.17.12 static variants keep their latest/stable + pro-features: disabled overrides. --- .github/workflows/pull_request.yaml | 1 - .rockcraft-version.yaml => 1.15.2/.rockcraft-version.yaml | 4 ++-- 1.16.3/.rockcraft-version.yaml | 5 +++++ 1.16.5/.rockcraft-version.yaml | 5 +++++ 1.16.7/.rockcraft-version.yaml | 5 +++++ 1.17.1/.rockcraft-version.yaml | 5 +++++ 1.17.12/.rockcraft-version.yaml | 5 +++++ 1.17.9/.rockcraft-version.yaml | 5 +++++ 1.18.4/.rockcraft-version.yaml | 5 +++++ 1.19.4/.rockcraft-version.yaml | 5 +++++ 10 files changed, 42 insertions(+), 3 deletions(-) rename .rockcraft-version.yaml => 1.15.2/.rockcraft-version.yaml (53%) create mode 100644 1.16.3/.rockcraft-version.yaml create mode 100644 1.16.5/.rockcraft-version.yaml create mode 100644 1.16.7/.rockcraft-version.yaml create mode 100644 1.17.1/.rockcraft-version.yaml create mode 100644 1.17.12/.rockcraft-version.yaml create mode 100644 1.17.9/.rockcraft-version.yaml create mode 100644 1.18.4/.rockcraft-version.yaml create mode 100644 1.19.4/.rockcraft-version.yaml diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 8f64dd1..6c9f1c4 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -24,7 +24,6 @@ jobs: arch-skipping-maximize-build-space: '["arm64", "amd64"]' platform-labels: '{"arm64": ["self-hosted", "linux", "arm64", "jammy", "xlarge"], "amd64": ["self-hosted", "linux", "amd64", "jammy", "xlarge"]}' enabled-ubuntu-pro-features: "fips-updates" - rockcraft-revisions: '{"amd64": "3494", "arm64": "3547"}' secrets: UBUNTU_PRO_TOKEN: ${{ secrets.UBUNTU_PRO_TOKEN }} run-tests: diff --git a/.rockcraft-version.yaml b/1.15.2/.rockcraft-version.yaml similarity index 53% rename from .rockcraft-version.yaml rename to 1.15.2/.rockcraft-version.yaml index 646d125..2290d75 100644 --- a/.rockcraft-version.yaml +++ b/1.15.2/.rockcraft-version.yaml @@ -1,5 +1,5 @@ versions: - architecture: amd64 - revision: 3494 + channel: latest/edge - architecture: arm64 - revision: 3547 + channel: latest/edge diff --git a/1.16.3/.rockcraft-version.yaml b/1.16.3/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.16.3/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.16.5/.rockcraft-version.yaml b/1.16.5/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.16.5/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.16.7/.rockcraft-version.yaml b/1.16.7/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.16.7/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.17.1/.rockcraft-version.yaml b/1.17.1/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.17.1/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.17.12/.rockcraft-version.yaml b/1.17.12/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.17.12/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.17.9/.rockcraft-version.yaml b/1.17.9/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.17.9/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.18.4/.rockcraft-version.yaml b/1.18.4/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.18.4/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.19.4/.rockcraft-version.yaml b/1.19.4/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.19.4/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge From 27a53bb5bb0410ddb044a8b3ae76ec37f06f5248 Mon Sep 17 00:00:00 2001 From: Konstantinos Tsakalozos Date: Wed, 24 Jun 2026 17:25:19 +0300 Subject: [PATCH 2/4] ci: place .rockcraft-version.yaml inside each rock dir to trigger builds The build workflow's PR change-detection keys off hashFiles(rockPath/**) and the **/rockcraft.yaml path filter. The parent-level X.Y.Z/ .rockcraft-version.yaml files were outside each rock dir, so they changed neither signal and every rock was treated as unchanged -- build-rocks, run-tests and the multiarch manifest were all skipped. Move the latest/edge selection into each rock directory (next to rockcraft.yaml -- the workflow's documented priority-1 location). This changes each rock's content hash so the rocks are rebuilt and validated, and keeps channel resolution correct. The 1.17.12 static variants keep their own latest/stable + pro-features: disabled overrides. --- 1.15.2/{ => cilium-operator-generic}/.rockcraft-version.yaml | 0 {1.16.3 => 1.15.2/cilium}/.rockcraft-version.yaml | 0 .../cilium-operator-generic}/.rockcraft-version.yaml | 0 {1.16.7 => 1.16.3/cilium}/.rockcraft-version.yaml | 0 .../cilium-operator-generic}/.rockcraft-version.yaml | 0 {1.17.12 => 1.16.5/cilium}/.rockcraft-version.yaml | 0 .../cilium-operator-generic}/.rockcraft-version.yaml | 0 {1.18.4 => 1.16.7/cilium}/.rockcraft-version.yaml | 0 .../cilium-operator-generic}/.rockcraft-version.yaml | 0 1.17.1/cilium/.rockcraft-version.yaml | 5 +++++ 1.17.12/cilium-operator-generic/.rockcraft-version.yaml | 5 +++++ 1.17.12/cilium/.rockcraft-version.yaml | 5 +++++ 1.17.9/cilium-operator-generic/.rockcraft-version.yaml | 5 +++++ 1.17.9/cilium/.rockcraft-version.yaml | 5 +++++ 1.18.4/cilium-operator-generic/.rockcraft-version.yaml | 5 +++++ 1.18.4/cilium/.rockcraft-version.yaml | 5 +++++ 1.19.4/cilium-operator-generic/.rockcraft-version.yaml | 5 +++++ 1.19.4/cilium/.rockcraft-version.yaml | 5 +++++ 18 files changed, 45 insertions(+) rename 1.15.2/{ => cilium-operator-generic}/.rockcraft-version.yaml (100%) rename {1.16.3 => 1.15.2/cilium}/.rockcraft-version.yaml (100%) rename {1.16.5 => 1.16.3/cilium-operator-generic}/.rockcraft-version.yaml (100%) rename {1.16.7 => 1.16.3/cilium}/.rockcraft-version.yaml (100%) rename {1.17.1 => 1.16.5/cilium-operator-generic}/.rockcraft-version.yaml (100%) rename {1.17.12 => 1.16.5/cilium}/.rockcraft-version.yaml (100%) rename {1.17.9 => 1.16.7/cilium-operator-generic}/.rockcraft-version.yaml (100%) rename {1.18.4 => 1.16.7/cilium}/.rockcraft-version.yaml (100%) rename {1.19.4 => 1.17.1/cilium-operator-generic}/.rockcraft-version.yaml (100%) create mode 100644 1.17.1/cilium/.rockcraft-version.yaml create mode 100644 1.17.12/cilium-operator-generic/.rockcraft-version.yaml create mode 100644 1.17.12/cilium/.rockcraft-version.yaml create mode 100644 1.17.9/cilium-operator-generic/.rockcraft-version.yaml create mode 100644 1.17.9/cilium/.rockcraft-version.yaml create mode 100644 1.18.4/cilium-operator-generic/.rockcraft-version.yaml create mode 100644 1.18.4/cilium/.rockcraft-version.yaml create mode 100644 1.19.4/cilium-operator-generic/.rockcraft-version.yaml create mode 100644 1.19.4/cilium/.rockcraft-version.yaml diff --git a/1.15.2/.rockcraft-version.yaml b/1.15.2/cilium-operator-generic/.rockcraft-version.yaml similarity index 100% rename from 1.15.2/.rockcraft-version.yaml rename to 1.15.2/cilium-operator-generic/.rockcraft-version.yaml diff --git a/1.16.3/.rockcraft-version.yaml b/1.15.2/cilium/.rockcraft-version.yaml similarity index 100% rename from 1.16.3/.rockcraft-version.yaml rename to 1.15.2/cilium/.rockcraft-version.yaml diff --git a/1.16.5/.rockcraft-version.yaml b/1.16.3/cilium-operator-generic/.rockcraft-version.yaml similarity index 100% rename from 1.16.5/.rockcraft-version.yaml rename to 1.16.3/cilium-operator-generic/.rockcraft-version.yaml diff --git a/1.16.7/.rockcraft-version.yaml b/1.16.3/cilium/.rockcraft-version.yaml similarity index 100% rename from 1.16.7/.rockcraft-version.yaml rename to 1.16.3/cilium/.rockcraft-version.yaml diff --git a/1.17.1/.rockcraft-version.yaml b/1.16.5/cilium-operator-generic/.rockcraft-version.yaml similarity index 100% rename from 1.17.1/.rockcraft-version.yaml rename to 1.16.5/cilium-operator-generic/.rockcraft-version.yaml diff --git a/1.17.12/.rockcraft-version.yaml b/1.16.5/cilium/.rockcraft-version.yaml similarity index 100% rename from 1.17.12/.rockcraft-version.yaml rename to 1.16.5/cilium/.rockcraft-version.yaml diff --git a/1.17.9/.rockcraft-version.yaml b/1.16.7/cilium-operator-generic/.rockcraft-version.yaml similarity index 100% rename from 1.17.9/.rockcraft-version.yaml rename to 1.16.7/cilium-operator-generic/.rockcraft-version.yaml diff --git a/1.18.4/.rockcraft-version.yaml b/1.16.7/cilium/.rockcraft-version.yaml similarity index 100% rename from 1.18.4/.rockcraft-version.yaml rename to 1.16.7/cilium/.rockcraft-version.yaml diff --git a/1.19.4/.rockcraft-version.yaml b/1.17.1/cilium-operator-generic/.rockcraft-version.yaml similarity index 100% rename from 1.19.4/.rockcraft-version.yaml rename to 1.17.1/cilium-operator-generic/.rockcraft-version.yaml diff --git a/1.17.1/cilium/.rockcraft-version.yaml b/1.17.1/cilium/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.17.1/cilium/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.17.12/cilium-operator-generic/.rockcraft-version.yaml b/1.17.12/cilium-operator-generic/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.17.12/cilium-operator-generic/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.17.12/cilium/.rockcraft-version.yaml b/1.17.12/cilium/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.17.12/cilium/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.17.9/cilium-operator-generic/.rockcraft-version.yaml b/1.17.9/cilium-operator-generic/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.17.9/cilium-operator-generic/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.17.9/cilium/.rockcraft-version.yaml b/1.17.9/cilium/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.17.9/cilium/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.18.4/cilium-operator-generic/.rockcraft-version.yaml b/1.18.4/cilium-operator-generic/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.18.4/cilium-operator-generic/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.18.4/cilium/.rockcraft-version.yaml b/1.18.4/cilium/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.18.4/cilium/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.19.4/cilium-operator-generic/.rockcraft-version.yaml b/1.19.4/cilium-operator-generic/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.19.4/cilium-operator-generic/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge diff --git a/1.19.4/cilium/.rockcraft-version.yaml b/1.19.4/cilium/.rockcraft-version.yaml new file mode 100644 index 0000000..2290d75 --- /dev/null +++ b/1.19.4/cilium/.rockcraft-version.yaml @@ -0,0 +1,5 @@ +versions: + - architecture: amd64 + channel: latest/edge + - architecture: arm64 + channel: latest/edge From b5c11825c6b95179e10654db971c3ac096967d3e Mon Sep 17 00:00:00 2001 From: Konstantinos Tsakalozos Date: Wed, 24 Jun 2026 18:19:17 +0300 Subject: [PATCH 3/4] ci: point build_rocks at fix-lxd-guest-pro-attach for verification Temporary: verifies canonical/k8s-workflows#60 (LXD guest Pro attachment) fixes the latest/edge rockcraft Pro-attach failures. Revert to @main before merging. --- .github/workflows/pull_request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 6c9f1c4..6f89370 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -15,7 +15,7 @@ jobs: permissions: contents: read packages: write - uses: canonical/k8s-workflows/.github/workflows/build_rocks.yaml@main + uses: canonical/k8s-workflows/.github/workflows/build_rocks.yaml@fix-lxd-guest-pro-attach with: owner: ${{ github.repository_owner }} trivy-image-config: "trivy.yaml" From 9b400ab852397ec2be044d7b85813f9fc05fa8ff Mon Sep 17 00:00:00 2001 From: Konstantinos Tsakalozos Date: Thu, 25 Jun 2026 14:45:35 +0300 Subject: [PATCH 4/4] ci: retrigger build with rockcraft latest/edge/checkdowngrade Picks up the updated k8s-workflows fix branch (rockcraft override) to verify the FIPS libgcrypt20 downgrade fix on the 1.16.x noble agent rocks.