src/konflux-rpm-lockfile: pull $releasever from manifest #4344
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates konflux-rpm-lockfile to use the $releasever from the manifest file, which is a good improvement for reproducibility. I've added a review comment to make this more robust. Currently, if releasever is missing from the manifest, the script silently falls back to using the host's version. My suggestion is to add a check to ensure releasever is present and fail if it's not, to avoid this unintended behavior.
jbtrystram
force-pushed
the
konflux-lockfile-releasever-fix
branch
from
8cf746b to
69e6776
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly modifies konflux-rpm-lockfile to use the releasever from the manifest, preventing potential desynchronization with the host system. The logic is sound. I've identified a minor issue with a print statement, including a typo, an indentation error, and a suggestion to use stderr for warning messages. Please see the detailed comment.
Make sure to not rely on manifest-provided $releasever to resolves packages to avoid a desync. For RHEL we don't use releasever so using the host's value have no incidence, so no need to throw an error if it's missing.
jbtrystram
force-pushed
the
konflux-lockfile-releasever-fix
branch
from
69e6776 to
a595a5e
Compare
|
Updated and tested locally for next-devel (where the local install is F42 and we are resolving f43) |
2 participants
Make sure to not rely on the host $releasever to resolves the packages to avoid a desync