Skip to content

fix: track ai-gateway-operator from stable branch#3735

Open
chaitanya1731 wants to merge 1 commit into
opendatahub-io:mainfrom
chaitanya1731:update-aig-branch
Open

fix: track ai-gateway-operator from stable branch#3735
chaitanya1731 wants to merge 1 commit into
opendatahub-io:mainfrom
chaitanya1731:update-aig-branch

Conversation

@chaitanya1731

@chaitanya1731 chaitanya1731 commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Update the aigateway manifest entry to track the stable branch instead of main.

Description

The ai-gateway-operator manifests were previously tracking the main branch. This change updates the tracking branch to stable, aligning with the release workflow for the ai-gateway-operator component.

  • Change branch reference from main to stable in get_all_manifests.sh
  • Commit SHA remains unchanged (f0383d5d517c23249b6d7b73c6cb7c754036c1c3)

How it was tested

  • Ran get_all_manifests.sh successfully and verified manifests were fetched from the stable branch at the pinned commit.
  • Confirmed the fetched opt/manifests/aigateway/ directory contains the expected structure (crd, default, manager, rbac, webhook, etc.).

Made with Cursor

Summary by CodeRabbit

  • Chores
    • Updated a component source to follow the stable release track instead of the main branch, helping align fetched content with the intended release version.

update the aigateway manifest entry to track the stable branch
instead of main, aligning with the release workflow for the
ai-gateway-operator component.

Signed-off-by: Chandrashekhar Kulkarni <chkulkar@redhat.com>
Signed-off-by: Chaitanya Kulkarni <chkulkar@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 504d3181-3c6a-4666-90f0-df96cdc7f35b

📥 Commits

Reviewing files that changed from the base of the PR and between ee9e049 and 5dd1066.

📒 Files selected for processing (1)
  • get_all_manifests.sh

📝 Walkthrough

Walkthrough

This change modifies a single line in get_all_manifests.sh, switching the git ref used for the aigateway component manifest from "main" to "stable" while retaining the same pinned commit SHA. No exported/public entity declarations are affected.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Changes

File Summary
get_all_manifests.sh aigateway manifest source ref changed from main@<sha> to stable@<sha>

Security Notes

  • CWE-829 (Inclusion of Functionality from Untrusted Control Sphere): ref is switching to a mutable branch name (stable) rather than an immutable tag/commit-only reference. Verify the SHA pin is still enforced downstream at clone/checkout time, not just recorded in the map — if the fetch logic resolves by ref name without validating SHA, this is a supply-chain injection vector (CWE-494: Download of Code Without Integrity Check).
  • No dependency lockfile, CI/CD workflow, or .gitattributes changes present in this diff — scope confirmed limited to the manifest ref string.
  • Confirm "stable" branch protections/ownership on the upstream aigateway repo mirror those of "main"; branch takeover or force-push on a less-protected "stable" branch is a known supply-chain risk (CWE-345: Insufficient Verification of Data Authenticity).

Sequence Diagram(s)

Not applicable — flat single-line ref string change with no new control flow.

Related Issues: None referenced.
Related PRs: None referenced.
Suggested labels: dependencies, supply-chain-review
Suggested reviewers: None specified.

🚥 Pre-merge checks | ✅ 10
✅ Passed checks (10 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: switching ai-gateway-operator manifest tracking from main to stable.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Contribution Quality And Spam Detection ✅ Passed Only a one-line manifest ref change in get_all_manifests.sh; no security-theater or code-quality signals, and the body is a normal change note, not spam.
No Hardcoded Secrets ✅ Passed No hardcoded secrets found; the file change is only a repo ref switch plus commit SHAs, with no creds, tokens, passwords, or embedded credentials. CWE-798/CWE-321 not triggered.
No Weak Cryptography ✅ Passed Changed script only updates a manifest branch ref; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret compares (CWE-327/CWE-208).
No Injection Vectors ✅ Passed PASS: Only change is hardcoded ref 'main'→'stable' in get_all_manifests.sh; no SQL/shell/eval/yaml/HTML injection sink or user-controlled input (CWE-78/79/89/94/502).
No Privileged Containers ✅ Passed Only get_all_manifests.sh changed; no privileged-container flags or root settings were introduced. CWE-250/CWE-269 not implicated.
No Sensitive Data In Logs ✅ Passed PASS: the diff only changes the ai-gateway ref from main to stable; no new logging or sensitive-field output was added (CWE-532).

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown

@chaitanya1731: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/opendatahub-operator-e2e 5dd1066 link true /test opendatahub-operator-e2e
ci/prow/opendatahub-operator-rhoai-e2e 5dd1066 link true /test opendatahub-operator-rhoai-e2e

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@davidebianchi

Copy link
Copy Markdown
Member

There are some conflicts, can you rebase it? Thanks!

@somya-bhatnagar somya-bhatnagar left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rebase needed.
lgtm

@jland-redhat jland-redhat left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jland-redhat, somya-bhatnagar
Once this PR has been reviewed and has the lgtm label, please assign chambridge for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Status: Todo

Development

Successfully merging this pull request may close these issues.

4 participants