RHAIENG-2846 Prefetch: COMPONENT_DIR from Makefile, local build default, Tekton discovery by ysok · Pull Request #3043 · opendatahub-io/notebooks

ysok · 2026-03-01T19:34:36Z

RHAIENG-2846 Post-hermetic cleanup

GHA: Derive COMPONENT_DIR from Makefile; fail clearly if missing.
Makefile: Always pass LOCAL_BUILD=true for hermetic targets; require cachi2/output when prefetch-input exists; fix empty-variable warning.
prefetch-all.sh: Add find_tekton_yaml (ODH/RHDS by dockerfile param); remove --tekton-file and package-lock fallback; allow running without variant dir.
download-npm.sh: Exit 0 when Tekton file has no npm entries.
Regenerate artifacts.lock.yaml and pylock.cpu.toml; update README.

Summary by CodeRabbit

Chores
- Updated build infrastructure with improved component directory derivation and error handling.
- Updated ripgrep dependencies across multiple architectures with corrected checksums.
- Enhanced lockfile generation with variant-aware inputs and improved documentation.
- Improved npm discovery process to gracefully handle missing entries.

…lt, Tekton discovery - GHA: Derive COMPONENT_DIR from Makefile; fail clearly if missing. - Makefile: Always pass LOCAL_BUILD=true for hermetic targets; require cachi2/output when prefetch-input exists; fix empty-variable warning. - prefetch-all.sh: Add find_tekton_yaml (ODH/RHDS by dockerfile param); remove --tekton-file and package-lock fallback; allow running without variant dir. - download-npm.sh: Exit 0 when Tekton file has no npm entries. - Regenerate artifacts.lock.yaml and pylock.cpu.toml; update README.

openshift-ci · 2026-03-01T19:34:46Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ysok for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai · 2026-03-01T19:34:54Z

📝 Walkthrough

Walkthrough

This PR refactors component directory derivation and prefetch logic to use Makefile-based extraction instead of simple path conversion. It introduces variant-aware npm discovery with a new helper function, updates lock file headers and artifact checksums, and revises the prefetch workflow documentation to reflect these changes.

Changes

Cohort / File(s)	Summary
Build Orchestration `.github/workflows/build-notebooks-TEMPLATE.yaml`, `Makefile`	Refactored COMPONENT_DIR derivation to extract from Makefile output with guard checks. Updated hermetic build logic with LOCAL_BUILD_ARG and conservative mount handling based on prefetch-input presence.
Lock File Updates `codeserver/ubi9-python-3.12/prefetch-input/odh/artifacts.lock.yaml`, `codeserver/ubi9-python-3.12/uv.lock.d/pylock.cpu.toml`	Updated ripgrep artifact URLs and checksums for aarch64, powerpc64le, and s390x architectures. Revised uv lock file header with versioned metadata.
Script and Documentation Refactoring `scripts/lockfile-generators/README.md`, `scripts/lockfile-generators/download-npm.sh`, `scripts/lockfile-generators/prefetch-all.sh`	Updated documentation for variant-aware lockfile generation with component-dir inputs. Introduced `find_tekton_yaml` helper function for npm discovery. Changed npm error handling to gracefully exit when no entries exist rather than fail.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~35 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the main changes: COMPONENT_DIR derivation from Makefile, local build default, and Tekton discovery improvements.
Description check	✅ Passed	The PR description includes a clear reference to the issue, concise bullet points covering all major changes, and sufficient detail about modifications to GHA workflows, Makefile, shell scripts, and supporting files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Makefile`:
- Around line 90-96: The $(error ...) guard (triggered via the conditional that
checks $(wildcard $(BUILD_DIR)prefetch-input) and cachi2/output) is being
evaluated at parse/expansion time (even during make -n) and must be deferred;
replace the top-level $(if ... $(error ...)) with a runtime check inside the
recipe (or skip it when MAKEFLAGS includes -n). Concretely, remove the $(error
...) usage from the global expansion and instead perform the prefetch guard in
shell code within the relevant target's recipe (use the same tests on
$(BUILD_DIR)prefetch-input and cachi2/output), or wrap the existing check with a
guard that detects dry-run via $(filter -n,$(MAKEFLAGS))/$(MAKEFLAGS) so the
error is suppressed during make -n; keep references to LOCAL_BUILD_ARG,
CACHI2_VOLUME and the same messages but ensure the check runs at execution time
not parse time.

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 3c7287e and f771fe7.

📒 Files selected for processing (7)

.github/workflows/build-notebooks-TEMPLATE.yaml
Makefile
codeserver/ubi9-python-3.12/prefetch-input/odh/artifacts.lock.yaml
codeserver/ubi9-python-3.12/uv.lock.d/pylock.cpu.toml
scripts/lockfile-generators/README.md
scripts/lockfile-generators/download-npm.sh
scripts/lockfile-generators/prefetch-all.sh

coderabbitai · 2026-03-01T19:38:31Z

Makefile

+	# Make is only used for local and GHA builds (Konflux does not run make).
+	# Default to local build for hermetic-capable targets: always set LOCAL_BUILD=true
+	# when prefetch-input/ exists; mount cachi2/output only when it exists (after prefetch).
+	$(eval LOCAL_BUILD_ARG := $(if $(wildcard $(BUILD_DIR)prefetch-input),--build-arg LOCAL_BUILD=true,))
+	$(eval CACHI2_VOLUME := $(if $(and $(wildcard cachi2/output),$(wildcard $(BUILD_DIR)prefetch-input)),--volume $(ROOT_DIR)cachi2/output:/cachi2/output:Z,))
+	# Fail fast with a clear message if team runs make without prefetching first.
+	$(if $(wildcard $(BUILD_DIR)prefetch-input),$(if $(wildcard cachi2/output),,$(error Prefetch required for hermetic build. Run: scripts/lockfile-generators/prefetch-all.sh --component-dir $(patsubst %/,%,$(BUILD_DIR)) — see scripts/lockfile-generators/README.md)),)


⚠️ Potential issue | 🔴 Critical

$(error) triggers during make -n dry-run, breaking COMPONENT_DIR derivation.

The pipeline failures show this error occurring at line 96. The issue is that the GHA workflow (line 285) runs make -n "${{ inputs.target }}" to derive COMPONENT_DIR before running prefetch-all.sh. However, the $(error ...) on line 96 is evaluated during Makefile parsing/expansion—even during a dry-run—causing the workflow to fail before it can determine whether to run prefetch.

The $(if ...) with $(error ...) is evaluated when the recipe is expanded, which happens during make -n to show what commands would run.

Consider either:

Move the guard to shell code within the recipe so it only runs during actual execution, not dry-run

Skip the guard during dry-run by checking a variable or using a different pattern

🐛 Proposed fix: Move guard to shell code in the recipe

# Fail fast with a clear message if team runs make without prefetching first. - $(if $(wildcard $(BUILD_DIR)prefetch-input),$(if $(wildcard cachi2/output),,$(error Prefetch required for hermetic build. Run: scripts/lockfile-generators/prefetch-all.sh --component-dir $(patsubst %/,%,$(BUILD_DIR)) — see scripts/lockfile-generators/README.md)),) + $(eval PREFETCH_GUARD := $(if $(wildcard $(BUILD_DIR)prefetch-input),$(if $(wildcard cachi2/output),,FAIL),)) $(info # Building $(IMAGE_NAME) using $(DOCKERFILE_NAME) with $(CONF_FILE) and $(BUILD_ARGS)...) + $(if $(PREFETCH_GUARD),`@echo` "Error: Prefetch required for hermetic build. Run: scripts/lockfile-generators/prefetch-all.sh --component-dir $(patsubst %/,%,$(BUILD_DIR)) — see scripts/lockfile-generators/README.md" >&2 && exit 1) $(ROOT_DIR)/scripts/sandbox.py --dockerfile '$(2)' --platform '$(BUILD_ARCH)' -- \

Alternatively, use a shell check inside the recipe:

- $(if $(wildcard $(BUILD_DIR)prefetch-input),$(if $(wildcard cachi2/output),,$(error Prefetch required for hermetic build. Run: scripts/lockfile-generators/prefetch-all.sh --component-dir $(patsubst %/,%,$(BUILD_DIR)) — see scripts/lockfile-generators/README.md)),) $(info # Building $(IMAGE_NAME) using $(DOCKERFILE_NAME) with $(CONF_FILE) and $(BUILD_ARGS)...) $(ROOT_DIR)/scripts/sandbox.py --dockerfile '$(2)' --platform '$(BUILD_ARCH)' -- \ - $(CONTAINER_ENGINE) build $(CONTAINER_BUILD_CACHE_ARGS) $(LOCAL_BUILD_ARG) $(CACHI2_VOLUME) --platform=$(BUILD_ARCH) --label release=$(RELEASE) --tag $(IMAGE_NAME) --file '$(2)' $(BUILD_ARGS) {}\; + sh -c 'if [ -d "$(BUILD_DIR)prefetch-input" ] && [ ! -d "cachi2/output" ]; then echo "Error: Prefetch required for hermetic build. Run: scripts/lockfile-generators/prefetch-all.sh --component-dir $(patsubst %/,%,$(BUILD_DIR)) — see scripts/lockfile-generators/README.md" >&2; exit 1; fi' && \ + $(CONTAINER_ENGINE) build $(CONTAINER_BUILD_CACHE_ARGS) $(LOCAL_BUILD_ARG) $(CACHI2_VOLUME) --platform=$(BUILD_ARCH) --label release=$(RELEASE) --tag $(IMAGE_NAME) --file '$(2)' $(BUILD_ARGS) {}\;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@Makefile` around lines 90 - 96, The $(error ...) guard (triggered via the conditional that checks $(wildcard $(BUILD_DIR)prefetch-input) and cachi2/output) is being evaluated at parse/expansion time (even during make -n) and must be deferred; replace the top-level $(if ... $(error ...)) with a runtime check inside the recipe (or skip it when MAKEFLAGS includes -n). Concretely, remove the $(error ...) usage from the global expansion and instead perform the prefetch guard in shell code within the relevant target's recipe (use the same tests on $(BUILD_DIR)prefetch-input and cachi2/output), or wrap the existing check with a guard that detects dry-run via $(filter -n,$(MAKEFLAGS))/$(MAKEFLAGS) so the error is suppressed during make -n; keep references to LOCAL_BUILD_ARG, CACHI2_VOLUME and the same messages but ensure the check runs at execution time not parse time.

openshift-ci · 2026-03-01T19:41:14Z

@ysok: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/codeserver-ubi9-python-3-12-pr-image-mirror	`f771fe7`	link	true	`/test codeserver-ubi9-python-3-12-pr-image-mirror`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

github-actions bot added the review-requested GitHub Bot creates notification on #pr-review-ai-ide-team slack channel label Mar 1, 2026

openshift-ci bot requested review from atheo89 and jiridanek March 1, 2026 19:34

openshift-ci bot added size/l and removed size/l labels Mar 1, 2026

coderabbitai bot reviewed Mar 1, 2026

View reviewed changes

ysok closed this Mar 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RHAIENG-2846 Prefetch: COMPONENT_DIR from Makefile, local build default, Tekton discovery#3043

RHAIENG-2846 Prefetch: COMPONENT_DIR from Makefile, local build default, Tekton discovery#3043
ysok wants to merge 1 commit intoopendatahub-io:mainfrom
ysok-red-hat-data-services:RHAIENG-2846-post-hermetic-cleanup

ysok commented Mar 1, 2026 •

edited by coderabbitai bot

Loading

Uh oh!

openshift-ci bot commented Mar 1, 2026

Uh oh!

coderabbitai bot commented Mar 1, 2026 •

edited

Loading

Walkthrough

Changes

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

coderabbitai bot left a comment

Uh oh!

coderabbitai bot Mar 1, 2026

Uh oh!

openshift-ci bot commented Mar 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

ysok commented Mar 1, 2026 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

openshift-ci bot commented Mar 1, 2026

Uh oh!

coderabbitai bot commented Mar 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 1, 2026

Choose a reason for hiding this comment

Uh oh!

openshift-ci bot commented Mar 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

ysok commented Mar 1, 2026 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Mar 1, 2026 •

edited

Loading