feat(kernel-config-checker): import AZL4 kernel config checker#17809
feat(kernel-config-checker): import AZL4 kernel config checker#17809rlmenge wants to merge 2 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR imports and adapts the AZL 3.0 kernel config checker for Azure Linux 4.0. It adds a Pydantic-v2-based tool that validates kernel .config files against a policy JSON of "required" kernel configs (default settings plus per-kernel overrides with per-architecture values), a CI workflow that runs the checker on PRs/pushes that touch kernel config files, and supporting docs/dependencies. The PR description notes CI does not yet pass because the checker surfaces real config mismatches that will be remediated separately; this change lands the tooling only.
Changes:
- New
kernel_config_checkerPython package: schema models,.configchecker with corrected non-zero exit codes, interactiveadd_config, and a 2971-line AZL4 policy JSON trackingkernelandkernel-hwe. - New hardened GitHub Actions workflow (
check-kernel-configs.yml) with robust push/PR base-commit resolution (handles first-push and force-push via merge-base fallback). - New
requirements.txt(pydantic>=2.9) and a README documenting usage.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
toolkit/scripts/requirements.txt |
Declares pydantic>=2.9 for the checker. |
toolkit/scripts/kernel_config_checker/schema/schema.py |
Pydantic models for the policy (required name, extra: forbid). |
toolkit/scripts/kernel_config_checker/schema/print_schema.py |
Utility to dump the JSON schema. |
toolkit/scripts/kernel_config_checker/schema/__init__.py |
Package init / license header. |
toolkit/scripts/kernel_config_checker/README.md |
Usage docs; has 3 doc inaccuracies (schema example missing required name, structure tree omits add_config.py, stale "Legacy conversion" feature). |
toolkit/scripts/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json |
AZL4 required-config policy data (default + kernel/kernel-hwe overrides). |
toolkit/scripts/kernel_config_checker/check_config.py |
Main checker; arch normalization and consistent non-zero exit codes. |
toolkit/scripts/kernel_config_checker/add_config.py |
Interactive config-add flow with validation and abort handling. |
toolkit/scripts/kernel_config_checker/__init__.py |
Package init / license header. |
.github/workflows/check-kernel-configs.yml |
Hardened CI workflow that runs the checker on kernel config changes. |
There was a problem hiding this comment.
If there are requirements around the package, is there a way for them to live closer to the package definition itself instead of in the tools?
There was a problem hiding this comment.
Happy to move this script to a preferred location. Currently using scripts/ci/kernel for now to match other ci and based on other feedback below. Moving closer to the spec would be ideal to make it obvious for folks attempting kernel changes.
| @@ -0,0 +1,271 @@ | |||
| #!/usr/bin/env python3 | |||
There was a problem hiding this comment.
Is there a way for this to get integrated to our new-and-growing set of pytest-oriented validation steps? The goal with this approach is that we can keep adding new checks as pytest test cases (either static or dynamic) without needing a new custom way to run them or a new custom pipeline for each individual package or image specific check.
There was a problem hiding this comment.
Ok I (and copilot) have updated the PR with c751a39. Hoping this is along the lines of what you were thinking. The workflow invokes pytest directly, and the fixtures handle git-diff scoping.
| @@ -0,0 +1,2971 @@ | |||
| { | |||
There was a problem hiding this comment.
Is there a reason we picked JSON for this instead of something that's more human-friendly for reading/editing?
There was a problem hiding this comment.
We debated this for a while. Other distros typically keep this record-keeping with the source itself — Fedora uses a file/directory method, while Ubuntu uses a bespoke file type for recording config choices which is much more human-friendly. That said, we decided the computer being able to parse quickly was more valuable, then built tooling to enable interacting with the file.
The tooling uses Pydantic v2 schemas for strict validation, which gives us:
- Schema enforcement — required fields, value constraints, and extra: "forbid" catch malformed entries at load time rather than runtime
- Programmatic manipulation — the --add-config command generates valid entries and rewrites the file; JSON round-trips cleanly without losing structure or comment-position ambiguity
- IDE/tooling support — JSON Schema enables autocomplete and inline validation in VS Code
Agreed there are some shortcomings (i.e., staring at a giant JSON file is not really reasonable), but the surrounding tools are there to help parse quickly ( --check-all , --add-config , jq for ad-hoc queries)
d89ac2c to
bc13cd7
Compare
f3297b2 to
fdb5163
Compare
da94807 to
a4494c1
Compare
a4494c1 to
5b5bc38
Compare
5b5bc38 to
ba2f01d
Compare
eaca4d9 to
ba2f01d
Compare
Import the AZL4 kernel config checker and align CI/workflow integration: - add checker tooling and policy schema/data - harden and update the workflow path/runtime (Python 3.14) - move checker assets under scripts/ci/kernel/kernel-config-checker - refresh README examples/structure and remove stale feature claims
12b3a9b to
a834206
Compare
| # For consistency, we use the same major/minor version of Python that Azure Linux ships. | ||
| - name: Setup Python 3.14 | ||
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | ||
| with: | ||
| python-version: '3.14' |
Replace bespoke shell/Python validation in check-kernel-configs.yml with a pytest-driven harness under scripts/ci/kernel/kernel-config-checker/tests. New checks can be added as normal pytest cases (static or dynamically parametrized) without adding per-package pipelines.
a834206 to
c751a39
Compare
Summary
Import and adapt the kernel config checker workflow/tooling for AZL 4.0, and polish CI behavior and error handling.
What Changed
azl4-os-required-kernel-configs.json)contents: readonly)persist-credentials: falseBEFORE_SHAon initial push and force-push cases (falls back to merge-base)--check-allreturns 1 when config not found--add-configreturns 1 on abort or validation failurerequirements.txt— declarespydantic==2.13.4Tracked Kernels
kernelkernel-hweValidation
--check-allreturns non-zero on not-found--add-configreturns non-zero on abort/validation failureRelated