refactor: resolve platform contract digest dynamically#11
Conversation
Remove the hardcoded OURBOX_PLATFORM_CONTRACT_DIGEST from profile.env and resolve it at build time via oras resolve of the :edge channel tag. The render and row-renderer scripts now require the digest from the environment exclusively.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 177b60fd58
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| revision=str(args.revision).strip(), | ||
| arch=str(args.arch).strip(), | ||
| platform_contract_digest=str(profile.get("OURBOX_PLATFORM_CONTRACT_DIGEST", "")).strip(), | ||
| platform_contract_digest=os.environ.get("OURBOX_PLATFORM_CONTRACT_DIGEST", "").strip(), |
There was a problem hiding this comment.
This line switches render-catalog-rows.py to read platform_contract_digest from OURBOX_PLATFORM_CONTRACT_DIGEST, and the smoke script now exports a fixture digest (0000...), but its final assertion still expects the old hard-coded digest value. In CI, this makes scripts/check-catalog-bundle-smoke.sh fail deterministically once it validates the rendered row, because the row now correctly contains the fixture digest rather than sha256:bbdb....
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Fixed in a581c8a — the catalog row validation at line 217 now uses os.environ["OURBOX_PLATFORM_CONTRACT_DIGEST"] instead of the old hardcoded digest. The manifest comparison at line 168 also compares against the env fixture. CI passes.
Remove the hardcoded OURBOX_PLATFORM_CONTRACT_DIGEST from profile.env and resolve it at build time via oras resolve of the :edge channel tag. The render and row-renderer scripts now require the digest from the environment exclusively.
1 participant
Summary
OURBOX_PLATFORM_CONTRACT_DIGESTfromcatalog/profile.envoras resolve ghcr.io/.../platform-contract:edgeSame change as sw-ourbox-catalog-demo PRs #10 and #11 (both merged).
Test plan
manifest carries the dynamically-resolved digest