Skip to content

feat: add GitHub Action for ANC hotfix template injection#8405

Open
Devinwong wants to merge 4 commits intomainfrom
devinwon/anc_hotfix_ghaction
Open

feat: add GitHub Action for ANC hotfix template injection#8405
Devinwong wants to merge 4 commits intomainfrom
devinwon/anc_hotfix_ghaction

Conversation

@Devinwong
Copy link
Copy Markdown
Collaborator

@Devinwong Devinwong commented Apr 24, 2026
edited
Loading

Summary

Adds a GitHub Action workflow that automatically injects the ANC hotfix version into nodecustomdata.yml. Companion to #8355 (ANC hotfix patch-only matching logic).

Triggers

  1. Auto: When hotfix/anc-hotfix-version.json is changed in a PR targeting official/**
  2. Manual: Adding the "anc-hotfix" label to any PR

Files

File Purpose
.github/workflows/anc-hotfix-generate.yml Workflow with dual triggers (path change + label)
hotfix/anc_hotfix_generate.py Python script for idempotent injection/removal of hotfix entry in nodecustomdata.yml
hotfix/anc-hotfix-version.json Version config — empty {} by default, operator sets {"version":"YYYYMM.DD.PATCH"}
AGENTS.md Added PR review rule: confirm VHD republish before allowing hotfix entry removal

Operational Flow

  1. Dalec builds hotfix ANC binary (e.g. 202604.01.1), publishes to PMC
  2. Developer merges fix to main (with hotfix entry in nodecustomdata.yml)
  3. Cherry-picks to official/* and sets hotfix/anc-hotfix-version.json
  4. GH Action auto-injects aks-node-controller-hotfix.json write_files entry into the scriptless CSE section of nodecustomdata.yml
  5. Reviewer approves → merge → tag → EV2 deploy

Hotfix Entry Lifecycle

  • Hotfix entry must persist on both main and official/* until affected VHDs are republished or out of the 6-month support window
  • Scale-up uses the same VHD version (not a newer one), so premature removal leaves old-VHD nodes without the hotfix
  • Cleanup is a deliberate operator action, not automatic

Tested Scenarios

  • ✅ Injection (empty → version set)
  • ✅ Update (idempotent re-injection with different version)
  • ✅ Removal (version reset to {} removes stale entry)
  • ✅ Validation (rejects invalid version formats)

Devinwong and others added 2 commits April 24, 2026 15:54
@Devinwong
feat: add GH Action for ANC hotfix template injection
aa520a0 
Add a GitHub Action workflow that auto-injects the ANC hotfix version
into nodecustomdata.yml when hack/anc-hotfix-version.json is updated
in a PR targeting an official/* release branch.

Files added:
- .github/workflows/anc-hotfix-generate.yml: workflow with same infra
  pattern as hotfix-generate.yml (Azure login, App token, commit via API)
- hack/anc_hotfix_generate.py: reads version file, validates YYYYMM.DD.PATCH
  format, idempotently injects write_files entry in scriptless section
- hack/anc-hotfix-version.json: empty by default, operator sets version

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Devinwong
feat: add GH Action for ANC hotfix template injection
7eaf56e 
Add a GitHub Action workflow that auto-injects the ANC hotfix version
into nodecustomdata.yml when hotfix/anc-hotfix-version.json is updated
in a PR targeting an official/* release branch.

Files added:
- .github/workflows/anc-hotfix-generate.yml: workflow with same infra
  pattern as hotfix-generate.yml (Azure login, App token, commit via API)
- hotfix/anc_hotfix_generate.py: reads version file, validates YYYYMM.DD.PATCH
  format, idempotently injects write_files entry in scriptless section
- hotfix/anc-hotfix-version.json: empty by default, operator sets version

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings April 24, 2026 23:11
@Devinwong
feat: add anc-hotfix label trigger for manual workflow invocation
6936818 
Adds pull_request_target trigger so adding the 'anc-hotfix' label
to any PR will run the ANC hotfix template injection workflow.
Uses same pattern as scripts hotfix workflow with 'hotfix' label.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds automation to keep nodecustomdata.yml in sync with an ANC hotfix version file for official/* release PRs by injecting/removing a marked write_files entry, plus documentation for reviewer expectations.

Changes:

  • Adds a GitHub Actions workflow to run on hotfix/anc-hotfix-version.json updates (and optional label trigger) and commit template updates back to the PR branch.
  • Introduces a Python generator that injects/updates/removes a marked ANC hotfix block in parts/linux/cloud-init/nodecustomdata.yml.
  • Adds an empty default hotfix version config file and updates reviewer guidance in AGENTS.md.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
.github/workflows/anc-hotfix-generate.yml New workflow to run generator and write template updates back to the PR branch.
hotfix/anc_hotfix_generate.py New script to validate version and inject/remove an idempotent marked block in the template.
hotfix/anc-hotfix-version.json Adds default empty version file used as the workflow trigger/config.
AGENTS.md Adds reviewer checklist guidance about safe hotfix entry removal.

Comment thread hotfix/anc_hotfix_generate.py Outdated
Comment thread hotfix/anc_hotfix_generate.py
Comment thread hotfix/anc_hotfix_generate.py Outdated
Comment thread hotfix/anc_hotfix_generate.py Outdated
@Devinwong
fix: address PR review comments on anc_hotfix_generate.py
ca3a9ab 
- Fix usage string path (hack/ -> hotfix/)
- Add json.JSONDecodeError handling for invalid JSON
- Tighten day regex to require exactly 2 digits (DD)
- Remove debug prints that add CI log noise

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@awesomenix awesomenix awesomenix approved these changes

@cameronmeissner cameronmeissner Awaiting requested review from cameronmeissner cameronmeissner is a code owner

@ganeshkumarashok ganeshkumarashok Awaiting requested review from ganeshkumarashok ganeshkumarashok is a code owner

@lilypan26 lilypan26 Awaiting requested review from lilypan26 lilypan26 is a code owner

@AbelHu AbelHu Awaiting requested review from AbelHu AbelHu is a code owner

@junjiezhang1997 junjiezhang1997 Awaiting requested review from junjiezhang1997 junjiezhang1997 is a code owner

@djsly djsly Awaiting requested review from djsly djsly is a code owner

@phealy phealy Awaiting requested review from phealy phealy is a code owner

@r2k1 r2k1 Awaiting requested review from r2k1 r2k1 is a code owner

@timmy-wright timmy-wright Awaiting requested review from timmy-wright timmy-wright is a code owner

@zachary-bailey zachary-bailey Awaiting requested review from zachary-bailey zachary-bailey is a code owner

@mxj220 mxj220 Awaiting requested review from mxj220 mxj220 is a code owner

@pdamianov-dev pdamianov-dev Awaiting requested review from pdamianov-dev pdamianov-dev is a code owner

@calvin197 calvin197 Awaiting requested review from calvin197 calvin197 is a code owner

@sulixu sulixu Awaiting requested review from sulixu sulixu is a code owner

@surajssd surajssd Awaiting requested review from surajssd surajssd is a code owner

@SriHarsha001 SriHarsha001 Awaiting requested review from SriHarsha001 SriHarsha001 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Devinwong @awesomenix