KT: changes needed for cve_remediation automation in github action#59
Merged
roxanan1996 merged 5 commits intomainlinefrom Mar 5, 2026
Merged
Conversation
This has been consolidated into lts9.2. Signed-off-by: Roxana Nicolescu <rnicolescu@ciq.com>
Useful for kernels that have kernelCI supported. They are still "alive" but with limited support, that is why they are not deleted from this list. Signed-off-by: Roxana Nicolescu <rnicolescu@ciq.com>
It will show only the kernels that are automated in kernelCI. Signed-off-by: Roxana Nicolescu <rnicolescu@ciq.com>
There was a problem hiding this comment.
Pull request overview
Adds support for filtering kernel listings to “automated” targets and ensures YAML data files are packaged so kt works reliably in GitHub Actions.
Changes:
- Package
kt/data/*.yamlinto the wheel/sdist via setuptools configuration. - Introduce an
automatedattribute in kernel metadata and expose--automated/-ainkt list-kernels. - Replace direct
$USERlookups withconfig.userin VM/cloud-init and workspace paths.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| pyproject.toml | Includes YAML package data so runtime loading works in CI/GitHub Actions. |
| kt/ktlib/vm.py | Uses configured user instead of $USER when generating cloud-init. |
| kt/ktlib/kernels.py | Adds automated flag to kernel metadata model. |
| kt/ktlib/kernel_workspace.py | Uses configured user instead of $USER during workspace setup. |
| kt/ktlib/config.py | Adds user to config and adjusts path coercion logic accordingly. |
| kt/data/kernels.yaml | Adds automated markers per kernel; removes an older fips entry. |
| kt/commands/list_kernels/impl.py | Adds filtering and stable sorting by kernel name. |
| kt/commands/list_kernels/command.py | Adds --automated/-a CLI option and updates epilog examples. |
Comments suppressed due to low confidence (1)
kt/ktlib/config.py:1
Config.DEFAULTstill usesos.environ["USER"], which will raiseKeyErrorin environments whereUSERisn’t set (common in GitHub Actions), undermining the goal of making the tool CI-friendly. Use a safer default (e.g.,os.environ.get("USER"),getpass.getuser(), or a documented fallback) and keepconfig.useras the single source of truth.
import json
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
By default it will be the env var $USER if no config is included. Signed-off-by: Roxana Nicolescu <rnicolescu@ciq.com>
Signed-off-by: Roxana Nicolescu <rnicolescu@ciq.com>
roxanan1996
force-pushed
the
{rnicolescu}_cve_remediation_automation
branch
from
4bb9390 to
5a32116
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
It started from needing a way to list the kernels we support.
but cbr7.9 and fipslegacy are not fully automated.
This is how I came up with an extra flag automated.
For cve remediation automation, the
userwill beciq_kernel_automation.And not the system one. To make it possible, user is now configurable. By default it will be taken from env var USER.
Last thing required to use kt in a github action was to make sure the files under ktlib/data are accessible when kt is installed as a package.