helpers: add arm64 Metal3 image builder#77
Merged
openshift-merge-bot[bot] merged 3 commits intoJun 16, 2026
Merged
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fonta-rh The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Central YAML (inherited) Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (5)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughA new Bash script adds arm64 container image build capability for Metal3 (ironic, vbmc, sushy-tools). The script accepts configurable registry, namespace, ref, tag, and image selection via command-line options, validates prerequisites, prepares build sources via clone or existing checkout, builds images with cross-platform flags, and optionally pushes results while exporting environment variables for downstream consumption. In parallel, repeated post-deployment proxy setup instructions are consolidated into a shared helper function used across three cluster deployment scripts. ChangesMetal3 arm64 Image Build Script
Proxy Instructions Consolidation
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~28 minutes 🚥 Pre-merge checks | ✅ 9 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (9 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
openshift-ci
Bot
added
the
approved
coderabbitai
Bot
added
the
ready-for-human-review
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@helpers/build-metal3-arm64.sh`:
- Around line 235-239: The EXIT trap registration is placed after prepare_source
so a failure inside prepare_source can leave temp files; move the trap setup
earlier by invoking the trap command for cleanup_source (trap cleanup_source
EXIT) immediately after check_prerequisites and before calling prepare_source so
cleanup_source will run even if prepare_source fails.
- Around line 142-150: When --source-dir is provided the script sets WORK_DIR
from SOURCE_DIR but never enforces the requested Git ref (REF), allowing the
build to run from whatever HEAD is present while logs still show "Git ref:
${REF}"; update the logic after setting WORK_DIR to validate and enforce REF by
changing into WORK_DIR, fetching updates and attempting to checkout the
requested REF (or exit with an error if checkout fails), or at minimum compare
the current HEAD to REF and fail if they differ — touch the block that
references SOURCE_DIR, WORK_DIR and REF to perform the git fetch/git checkout or
HEAD validation so the build actually uses the requested --ref.
- Around line 155-158: The current check compares the literal HEAD output to the
ref name, causing false positives; replace it by resolving the target ref to a
commit and comparing commit hashes: run current_rev=$(git -C "${WORK_DIR}"
rev-parse HEAD) and target_rev=$(git -C "${WORK_DIR}" rev-parse --verify
"${REF}" 2>/dev/null) then only run git fetch/checkout when target_rev is empty
or current_rev != target_rev; update the block that references WORK_DIR and REF
to use these variables so fetch/checkout only occurs when the commit actually
differs.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 9b922afd-5b0e-4db6-9f0b-ae78dc77a775
📒 Files selected for processing (1)
helpers/build-metal3-arm64.sh
lucaconsalvi
reviewed
Jun 5, 2026
lucaconsalvi
left a comment
lucaconsalvi
left a comment
Contributor
There was a problem hiding this comment.
Nice work, Pablo — this fills a real gap for running dev-scripts on Graviton instances. Clean script, great PR description, honest test plan.
One thing I noticed:
Ref resolution check (L155)
if [[ "$(git -C "${WORK_DIR}" rev-parse HEAD 2>/dev/null)" != *"${REF}"* ]]; thenThis compares a full SHA against the ref name via substring match — a SHA will almost never contain main or v28.0.0, so the condition is always true. The fetch + checkout runs every time, even when the --branch clone already succeeded. Doesn't produce wrong builds, but adds unnecessary network calls on every run.
Note: the always-true conditional accidentally makes the fallback path work (when --branch fails and the full clone lands on the default branch), so a fix needs to handle both cases:
if ! git -C "${WORK_DIR}" rev-parse --verify "${REF}^{commit}" >/dev/null 2>&1; then
git -C "${WORK_DIR}" fetch origin "${REF}" 2>&1
fi
git -C "${WORK_DIR}" checkout "${REF}" 2>&1Otherwise LGTM — solid script.
coderabbitai
Bot
removed
the
ready-for-human-review
openshift-ci
Bot
added
the
ready-for-human-review
fonta-rh
force-pushed
the
helpers/build-metal3-arm64
branch
from
7790e7e to
0561983
Compare
coderabbitai
Bot
removed
the
ready-for-human-review
Upstream metal3-io only publishes amd64 container images for ironic, vbmc, and sushy-tools. This blocks running dev-scripts on aarch64 hypervisors (e.g., AWS Graviton). Add a helper script that builds arm64 variants from the same ironic-image source and pushes them to a registry you control. Supports native builds on aarch64 hosts and cross-builds via QEMU from x86_64. Assisted-by: Claude (Anthropic)
- Fix broken ref check: replace SHA-vs-name substring match with rev-parse --verify to only fetch/checkout when the ref isn't already available locally - Validate --source-dir against --ref: verify the checkout is a git repo and HEAD matches the requested ref - Move EXIT trap before prepare_source so temp dirs are cleaned up on failure Assisted-by: Claude (Anthropic)
All lifecycle scripts (deploy, redeploy, startup) now call a common function for the post-operation "source proxy.env" message. Also adds the missing proxy instructions to startup-cluster.sh. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fonta-rh
force-pushed
the
helpers/build-metal3-arm64
branch
from
0561983 to
14507be
Compare
Contributor
|
/lgtm |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
helpers/build-metal3-arm64.sh— a script that builds arm64 variants of the Metal3 container images (ironic, vbmc, sushy-tools) from upstreammetal3-io/ironic-imagesourcequay.io/rh-edge-enablement/but namespace/registry are configurableUsage
Then in dev-scripts
config_<user>.sh:Context
The Metal3 team completed multi-arch bare metal support (METAL-1226/1545) for OCP 4.22, but that effort focused on provisioning arm64 nodes from x86 clusters — the container images themselves are still amd64-only. The ironic-image Dockerfile and PR CI already build for arm64, but the push/release workflows don't pass multi-platform flags to the shared build infrastructure. Until that's wired up upstream, this script provides a self-service workaround.
Test plan
quay.io/rh-edge-enablement/{ironic,vbmc,sushy-tools}:2026-06skopeo inspect🤖 Generated with Claude Code
Summary by CodeRabbit