Skip to content

feat(kernel-config-checker): import AZL4 kernel config checker#17809

Open
rlmenge wants to merge 1 commit into
microsoft:4.0from
rlmenge:rlmenge/4.0/kernel/config-checker
Open

feat(kernel-config-checker): import AZL4 kernel config checker#17809
rlmenge wants to merge 1 commit into
microsoft:4.0from
rlmenge:rlmenge/4.0/kernel/config-checker

Conversation

@rlmenge

@rlmenge rlmenge commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Summary

Import and adapt the kernel config checker workflow/tooling for AZL 4.0, and polish CI behavior and error handling.

Status: CI does not currently pass — the checker is surfacing kernel config mismatches that need to be addressed separately. This PR imports the tooling; config remediation will follow.

What Changed

  • Kernel config checker for AZL 4.0 — updated paths and policy file naming (azl4-os-required-kernel-configs.json)
  • CI hardening — follows current conventions:
    • SHA-pinned actions
    • Explicit permissions (contents: read only)
    • Concurrency groups with cancel-in-progress
    • Checkout with persist-credentials: false
    • Safe env indirection in shell steps
  • Robust push event handling — gracefully handles missing/invalid BEFORE_SHA on initial push and force-push cases (falls back to merge-base)
  • Fixed CLI exit codes — failures now return non-zero consistently:
    • --check-all returns 1 when config not found
    • --add-config returns 1 on abort or validation failure
  • Updated docs — README reflects AZL 4.0 policy filename and current usage
  • Added requirements.txt — declares pydantic>=2.9 dependency

Tracked Kernels

Kernel Description
kernel Default AZL 4.0 kernel
kernel-hwe Hardware enablement variant

Validation

  • Verified --check-all returns non-zero on not-found
  • Verified --add-config returns non-zero on abort/validation failure
  • Policy JSON edits limited to justification text cleanup

Related

Copilot AI review requested due to automatic review settings June 25, 2026 21:20

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR imports and adapts the AZL 3.0 kernel config checker for Azure Linux 4.0. It adds a Pydantic-v2-based tool that validates kernel .config files against a policy JSON of "required" kernel configs (default settings plus per-kernel overrides with per-architecture values), a CI workflow that runs the checker on PRs/pushes that touch kernel config files, and supporting docs/dependencies. The PR description notes CI does not yet pass because the checker surfaces real config mismatches that will be remediated separately; this change lands the tooling only.

Changes:

  • New kernel_config_checker Python package: schema models, .config checker with corrected non-zero exit codes, interactive add_config, and a 2971-line AZL4 policy JSON tracking kernel and kernel-hwe.
  • New hardened GitHub Actions workflow (check-kernel-configs.yml) with robust push/PR base-commit resolution (handles first-push and force-push via merge-base fallback).
  • New requirements.txt (pydantic>=2.9) and a README documenting usage.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
toolkit/scripts/requirements.txt Declares pydantic>=2.9 for the checker.
toolkit/scripts/kernel_config_checker/schema/schema.py Pydantic models for the policy (required name, extra: forbid).
toolkit/scripts/kernel_config_checker/schema/print_schema.py Utility to dump the JSON schema.
toolkit/scripts/kernel_config_checker/schema/__init__.py Package init / license header.
toolkit/scripts/kernel_config_checker/README.md Usage docs; has 3 doc inaccuracies (schema example missing required name, structure tree omits add_config.py, stale "Legacy conversion" feature).
toolkit/scripts/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json AZL4 required-config policy data (default + kernel/kernel-hwe overrides).
toolkit/scripts/kernel_config_checker/check_config.py Main checker; arch normalization and consistent non-zero exit codes.
toolkit/scripts/kernel_config_checker/add_config.py Interactive config-add flow with validation and abort handling.
toolkit/scripts/kernel_config_checker/__init__.py Package init / license header.
.github/workflows/check-kernel-configs.yml Hardened CI workflow that runs the checker on kernel config changes.

Comment on lines +79 to +80
"default": {
"kernel_configs": [
├── kernel_configs_json/
│ └── azl4-os-required-kernel-configs.json # Main config file
├── __init__.py # Package init
├── check_config.py # Main checker and utilities
- **Flexible overrides** - Default configs with per-kernel overrides
- **Interactive config management** - Add new configs with guided prompts
- **Config querying** - Check config values across all kernels/architectures
- **Legacy conversion** - Tools to migrate existing configurations
@rlmenge rlmenge marked this pull request as ready for review June 25, 2026 22:48
@rlmenge rlmenge requested a review from a team as a code owner June 25, 2026 22:48
echo "Merging $HEAD_SHA into $base_sha"

# For consistency, we use the same major/minor version of Python that Azure Linux ships.
- name: Setup Python 3.12

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow currently uses Python 3.12, which conflicts with current AZL 4.0 shipped version (3.14). Please update setup-python to 3.14 or adjust the comment if 3.12 is intentionally required for compatibility.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If there are requirements around the package, is there a way for them to live closer to the package definition itself instead of in the tools?

@@ -0,0 +1,271 @@
#!/usr/bin/env python3

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way for this to get integrated to our new-and-growing set of pytest-oriented validation steps? The goal with this approach is that we can keep adding new checks as pytest test cases (either static or dynamic) without needing a new custom way to run them or a new custom pipeline for each individual package or image specific check.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't have a toplevel toolkit dir today; if we don't have anywhere better to put it, what about in a dir under scripts?

@@ -0,0 +1,2971 @@
{

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason we picked JSON for this instead of something that's more human-friendly for reading/editing?

Import the AZL4 kernel config checker and align CI/workflow integration:
- add checker tooling and policy schema/data
- harden and update the workflow path/runtime (Python 3.14)
- move checker assets under scripts/ci/kernel/kernel-config-checker
- refresh README examples/structure and remove stale feature claims
@rlmenge rlmenge force-pushed the rlmenge/4.0/kernel/config-checker branch from d89ac2c to bc13cd7 Compare June 30, 2026 20:50
@github-actions

Copy link
Copy Markdown

📄❌ Rendered specs are out of date

FIX: — run this and commit the result:

azldev component render -a --clean-stale

Or download the fix patch and apply it:

gh run download 28474974721 -R microsoft/azurelinux -n rendered-specs-patch
git apply rendered-specs.patch
Category Count
Content diffs 0
Extra files (untracked) 23
Missing files (deleted) 72

Files to add

These files are produced by azldev component render but are missing from your branch. Add them.

  • specs/a/ant-contrib/RENDER_FAILED
  • specs/a/antlr/RENDER_FAILED
  • specs/a/apache-commons-cli/RENDER_FAILED
  • specs/a/apache-commons-codec/RENDER_FAILED
  • specs/a/apache-commons-exec/RENDER_FAILED
  • specs/a/apache-commons-io/RENDER_FAILED
  • specs/a/apache-commons-parent/RENDER_FAILED
  • specs/b/beust-jcommander/RENDER_FAILED
  • specs/b/bsf/RENDER_FAILED
  • specs/i/icu4j/RENDER_FAILED
  • specs/j/jaxen/RENDER_FAILED
  • specs/j/jboss-parent/RENDER_FAILED
  • specs/j/jdom/RENDER_FAILED
  • specs/j/jline/RENDER_FAILED
  • specs/j/jsch/RENDER_FAILED
  • specs/l/log4j/RENDER_FAILED
  • specs/m/maven-antrun-plugin/RENDER_FAILED
  • specs/m/maven-archiver/RENDER_FAILED
  • specs/m/maven-assembly-plugin/RENDER_FAILED
  • specs/m/maven-shade-plugin/RENDER_FAILED
  • specs/m/mojo-parent/RENDER_FAILED
  • specs/m/msv/RENDER_FAILED
  • specs/p/plexus-interactivity/RENDER_FAILED

Files to remove

These files are in your branch but are not produced by render. Remove them.

  • specs/a/ant-contrib/ant-contrib-antservertest.patch
  • specs/a/ant-contrib/ant-contrib-java-8.patch
  • specs/a/ant-contrib/ant-contrib.spec
  • specs/a/ant-contrib/sources
  • specs/a/antlr/antlr-2.7.7-configure-c99.patch
  • specs/a/antlr/antlr-2.7.7-newgcc.patch
  • specs/a/antlr/antlr-build.xml
  • specs/a/antlr/antlr.spec
  • specs/a/antlr/generate-tarball.sh
  • specs/a/antlr/sources
  • specs/a/apache-commons-cli/apache-commons-cli.spec
  • specs/a/apache-commons-cli/sources
  • specs/a/apache-commons-codec/apache-commons-codec.spec
  • specs/a/apache-commons-codec/aspell-mail.txt
  • specs/a/apache-commons-codec/sources
  • specs/a/apache-commons-exec/apache-commons-exec.spec
  • specs/a/apache-commons-exec/sources
  • specs/a/apache-commons-io/apache-commons-io.spec
  • specs/a/apache-commons-io/sources
  • specs/a/apache-commons-parent/apache-commons-parent.spec
  • specs/a/apache-commons-parent/sources
  • specs/b/beust-jcommander/0001-ParseValues-NullPointerException-patch.patch
  • specs/b/beust-jcommander/beust-jcommander.spec
  • specs/b/beust-jcommander/generate-tarball.sh
  • specs/b/beust-jcommander/sources
  • specs/b/bsf/bsf-pom.xml
  • specs/b/bsf/bsf.spec
  • specs/b/bsf/build-file.patch
  • specs/b/bsf/build.properties.patch
  • specs/b/bsf/sources
  • specs/i/icu4j/icu4j.spec
  • specs/i/icu4j/sources
  • specs/j/jaxen/jaxen.spec
  • specs/j/jaxen/sources
  • specs/j/jboss-parent/cc0-1.0.txt
  • specs/j/jboss-parent/jboss-parent.spec
  • specs/j/jboss-parent/sources
  • specs/j/jdom/CVE-2021-33813.patch
  • specs/j/jdom/jdom-1.1-OSGiManifest.patch
  • specs/j/jdom/jdom-1.1.3.pom
  • specs/j/jdom/jdom-crosslink.patch
  • specs/j/jdom/jdom.spec
  • specs/j/jdom/sources
  • specs/j/jline/0001-Load-native-library-form-usr-lib-jline.patch
  • specs/j/jline/0002-Remove-optional-dependency-on-universalchardet.patch
  • specs/j/jline/jline.spec
  • specs/j/jline/sources
  • specs/j/jsch/MANIFEST.MF
  • specs/j/jsch/jsch.spec
  • specs/j/jsch/plugin.properties

… and 22 more file(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants