feat(kernel-config-checker): import AZL4 kernel config checker#17809
feat(kernel-config-checker): import AZL4 kernel config checker#17809rlmenge wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR imports and adapts the AZL 3.0 kernel config checker for Azure Linux 4.0. It adds a Pydantic-v2-based tool that validates kernel .config files against a policy JSON of "required" kernel configs (default settings plus per-kernel overrides with per-architecture values), a CI workflow that runs the checker on PRs/pushes that touch kernel config files, and supporting docs/dependencies. The PR description notes CI does not yet pass because the checker surfaces real config mismatches that will be remediated separately; this change lands the tooling only.
Changes:
- New
kernel_config_checkerPython package: schema models,.configchecker with corrected non-zero exit codes, interactiveadd_config, and a 2971-line AZL4 policy JSON trackingkernelandkernel-hwe. - New hardened GitHub Actions workflow (
check-kernel-configs.yml) with robust push/PR base-commit resolution (handles first-push and force-push via merge-base fallback). - New
requirements.txt(pydantic>=2.9) and a README documenting usage.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
toolkit/scripts/requirements.txt |
Declares pydantic>=2.9 for the checker. |
toolkit/scripts/kernel_config_checker/schema/schema.py |
Pydantic models for the policy (required name, extra: forbid). |
toolkit/scripts/kernel_config_checker/schema/print_schema.py |
Utility to dump the JSON schema. |
toolkit/scripts/kernel_config_checker/schema/__init__.py |
Package init / license header. |
toolkit/scripts/kernel_config_checker/README.md |
Usage docs; has 3 doc inaccuracies (schema example missing required name, structure tree omits add_config.py, stale "Legacy conversion" feature). |
toolkit/scripts/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json |
AZL4 required-config policy data (default + kernel/kernel-hwe overrides). |
toolkit/scripts/kernel_config_checker/check_config.py |
Main checker; arch normalization and consistent non-zero exit codes. |
toolkit/scripts/kernel_config_checker/add_config.py |
Interactive config-add flow with validation and abort handling. |
toolkit/scripts/kernel_config_checker/__init__.py |
Package init / license header. |
.github/workflows/check-kernel-configs.yml |
Hardened CI workflow that runs the checker on kernel config changes. |
| "default": { | ||
| "kernel_configs": [ |
| ├── kernel_configs_json/ | ||
| │ └── azl4-os-required-kernel-configs.json # Main config file | ||
| ├── __init__.py # Package init | ||
| ├── check_config.py # Main checker and utilities |
| - **Flexible overrides** - Default configs with per-kernel overrides | ||
| - **Interactive config management** - Add new configs with guided prompts | ||
| - **Config querying** - Check config values across all kernels/architectures | ||
| - **Legacy conversion** - Tools to migrate existing configurations |
| echo "Merging $HEAD_SHA into $base_sha" | ||
|
|
||
| # For consistency, we use the same major/minor version of Python that Azure Linux ships. | ||
| - name: Setup Python 3.12 |
There was a problem hiding this comment.
The workflow currently uses Python 3.12, which conflicts with current AZL 4.0 shipped version (3.14). Please update setup-python to 3.14 or adjust the comment if 3.12 is intentionally required for compatibility.
There was a problem hiding this comment.
If there are requirements around the package, is there a way for them to live closer to the package definition itself instead of in the tools?
| @@ -0,0 +1,271 @@ | |||
| #!/usr/bin/env python3 | |||
There was a problem hiding this comment.
Is there a way for this to get integrated to our new-and-growing set of pytest-oriented validation steps? The goal with this approach is that we can keep adding new checks as pytest test cases (either static or dynamic) without needing a new custom way to run them or a new custom pipeline for each individual package or image specific check.
There was a problem hiding this comment.
We don't have a toplevel toolkit dir today; if we don't have anywhere better to put it, what about in a dir under scripts?
| @@ -0,0 +1,2971 @@ | |||
| { | |||
There was a problem hiding this comment.
Is there a reason we picked JSON for this instead of something that's more human-friendly for reading/editing?
Import the AZL4 kernel config checker and align CI/workflow integration: - add checker tooling and policy schema/data - harden and update the workflow path/runtime (Python 3.14) - move checker assets under scripts/ci/kernel/kernel-config-checker - refresh README examples/structure and remove stale feature claims
d89ac2c to
bc13cd7
Compare
📄❌ Rendered specs are out of dateFIX: — run this and commit the result: azldev component render -a --clean-staleOr download the fix patch and apply it: gh run download 28474974721 -R microsoft/azurelinux -n rendered-specs-patch
git apply rendered-specs.patch
Files to addThese files are produced by
Files to removeThese files are in your branch but are not produced by render. Remove them.
… and 22 more file(s). |
Summary
Import and adapt the kernel config checker workflow/tooling for AZL 4.0, and polish CI behavior and error handling.
What Changed
azl4-os-required-kernel-configs.json)contents: readonly)persist-credentials: falseBEFORE_SHAon initial push and force-push cases (falls back to merge-base)--check-allreturns 1 when config not found--add-configreturns 1 on abort or validation failurerequirements.txt— declarespydantic>=2.9dependencyTracked Kernels
kernelkernel-hweValidation
--check-allreturns non-zero on not-found--add-configreturns non-zero on abort/validation failureRelated