Skip to content

feat(kernel-config-checker): import AZL4 kernel config checker#17809

Open
rlmenge wants to merge 2 commits into
microsoft:4.0from
rlmenge:rlmenge/4.0/kernel/config-checker
Open

feat(kernel-config-checker): import AZL4 kernel config checker#17809
rlmenge wants to merge 2 commits into
microsoft:4.0from
rlmenge:rlmenge/4.0/kernel/config-checker

Conversation

@rlmenge

@rlmenge rlmenge commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Summary

Import and adapt the kernel config checker workflow/tooling for AZL 4.0, and polish CI behavior and error handling.

Status: CI does not currently pass — the checker is surfacing kernel config mismatches that need to be addressed separately. This PR imports the tooling; config remediation will follow.

What Changed

  • Kernel config checker for AZL 4.0 — updated paths and policy file naming (azl4-os-required-kernel-configs.json)
  • CI hardening — follows current conventions:
    • SHA-pinned actions
    • Explicit permissions (contents: read only)
    • Concurrency groups with cancel-in-progress
    • Checkout with persist-credentials: false
    • Safe env indirection in shell steps
  • Robust push event handling — gracefully handles missing/invalid BEFORE_SHA on initial push and force-push cases (falls back to merge-base)
  • Fixed CLI exit codes — failures now return non-zero consistently:
    • --check-all returns 1 when config not found
    • --add-config returns 1 on abort or validation failure
  • Updated docs — README reflects AZL 4.0 policy filename and current usage
  • Added requirements.txt — declares pydantic==2.13.4

Tracked Kernels

Kernel Description
kernel Default AZL 4.0 kernel
kernel-hwe Hardware enablement variant

Validation

  • Verified --check-all returns non-zero on not-found
  • Verified --add-config returns non-zero on abort/validation failure
  • Policy JSON edits limited to justification text cleanup

Related

Copilot AI review requested due to automatic review settings June 25, 2026 21:20

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR imports and adapts the AZL 3.0 kernel config checker for Azure Linux 4.0. It adds a Pydantic-v2-based tool that validates kernel .config files against a policy JSON of "required" kernel configs (default settings plus per-kernel overrides with per-architecture values), a CI workflow that runs the checker on PRs/pushes that touch kernel config files, and supporting docs/dependencies. The PR description notes CI does not yet pass because the checker surfaces real config mismatches that will be remediated separately; this change lands the tooling only.

Changes:

  • New kernel_config_checker Python package: schema models, .config checker with corrected non-zero exit codes, interactive add_config, and a 2971-line AZL4 policy JSON tracking kernel and kernel-hwe.
  • New hardened GitHub Actions workflow (check-kernel-configs.yml) with robust push/PR base-commit resolution (handles first-push and force-push via merge-base fallback).
  • New requirements.txt (pydantic>=2.9) and a README documenting usage.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
toolkit/scripts/requirements.txt Declares pydantic>=2.9 for the checker.
toolkit/scripts/kernel_config_checker/schema/schema.py Pydantic models for the policy (required name, extra: forbid).
toolkit/scripts/kernel_config_checker/schema/print_schema.py Utility to dump the JSON schema.
toolkit/scripts/kernel_config_checker/schema/__init__.py Package init / license header.
toolkit/scripts/kernel_config_checker/README.md Usage docs; has 3 doc inaccuracies (schema example missing required name, structure tree omits add_config.py, stale "Legacy conversion" feature).
toolkit/scripts/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json AZL4 required-config policy data (default + kernel/kernel-hwe overrides).
toolkit/scripts/kernel_config_checker/check_config.py Main checker; arch normalization and consistent non-zero exit codes.
toolkit/scripts/kernel_config_checker/add_config.py Interactive config-add flow with validation and abort handling.
toolkit/scripts/kernel_config_checker/__init__.py Package init / license header.
.github/workflows/check-kernel-configs.yml Hardened CI workflow that runs the checker on kernel config changes.

Comment thread scripts/ci/kernel/kernel-config-checker/README.md
Comment thread toolkit/scripts/kernel_config_checker/README.md Outdated
Comment thread toolkit/scripts/kernel_config_checker/README.md Outdated
@rlmenge rlmenge marked this pull request as ready for review June 25, 2026 22:48
@rlmenge rlmenge requested a review from a team as a code owner June 25, 2026 22:48
Comment thread .github/workflows/check-kernel-configs.yml Outdated

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If there are requirements around the package, is there a way for them to live closer to the package definition itself instead of in the tools?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to move this script to a preferred location. Currently using scripts/ci/kernel for now to match other ci and based on other feedback below. Moving closer to the spec would be ideal to make it obvious for folks attempting kernel changes.

@@ -0,0 +1,271 @@
#!/usr/bin/env python3

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way for this to get integrated to our new-and-growing set of pytest-oriented validation steps? The goal with this approach is that we can keep adding new checks as pytest test cases (either static or dynamic) without needing a new custom way to run them or a new custom pipeline for each individual package or image specific check.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok I (and copilot) have updated the PR with c751a39. Hoping this is along the lines of what you were thinking. The workflow invokes pytest directly, and the fixtures handle git-diff scoping.

Comment thread scripts/ci/kernel/kernel-config-checker/requirements.txt
@@ -0,0 +1,2971 @@
{

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason we picked JSON for this instead of something that's more human-friendly for reading/editing?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We debated this for a while. Other distros typically keep this record-keeping with the source itself — Fedora uses a file/directory method, while Ubuntu uses a bespoke file type for recording config choices which is much more human-friendly. That said, we decided the computer being able to parse quickly was more valuable, then built tooling to enable interacting with the file.

The tooling uses Pydantic v2 schemas for strict validation, which gives us:

  1. Schema enforcement — required fields, value constraints, and  extra: "forbid"  catch malformed entries at load time rather than runtime
  2. Programmatic manipulation — the  --add-config  command generates valid entries and rewrites the file; JSON round-trips cleanly without losing structure or comment-position ambiguity
  3. IDE/tooling support — JSON Schema enables autocomplete and inline validation in VS Code

Agreed there are some shortcomings (i.e., staring at a giant JSON file is not really reasonable), but the surrounding tools are there to help parse quickly ( --check-all ,  --add-config ,  jq  for ad-hoc queries)

@rlmenge rlmenge force-pushed the rlmenge/4.0/kernel/config-checker branch from d89ac2c to bc13cd7 Compare June 30, 2026 20:50
Copilot AI review requested due to automatic review settings July 1, 2026 17:39
@rlmenge rlmenge marked this pull request as draft July 1, 2026 17:41
@rlmenge rlmenge force-pushed the rlmenge/4.0/kernel/config-checker branch from f3297b2 to fdb5163 Compare July 1, 2026 17:42

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.

Comment thread .github/workflows/check-kernel-configs.yml Outdated
Copilot AI review requested due to automatic review settings July 1, 2026 17:47

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.

@rlmenge rlmenge force-pushed the rlmenge/4.0/kernel/config-checker branch 2 times, most recently from da94807 to a4494c1 Compare July 1, 2026 18:08
Copilot AI review requested due to automatic review settings July 1, 2026 18:08

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 5 comments.

Comment thread scripts/ci/kernel/kernel-config-checker/requirements.txt Outdated
@rlmenge rlmenge force-pushed the rlmenge/4.0/kernel/config-checker branch from a4494c1 to 5b5bc38 Compare July 1, 2026 18:22
Copilot AI review requested due to automatic review settings July 1, 2026 18:24
@rlmenge rlmenge force-pushed the rlmenge/4.0/kernel/config-checker branch from 5b5bc38 to ba2f01d Compare July 1, 2026 18:24

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 6 comments.

Comment thread .github/workflows/check-kernel-configs.yml Outdated
Comment thread scripts/ci/kernel/kernel-config-checker/kernel_config_checker/check_config.py Outdated
Comment thread scripts/ci/kernel/kernel-config-checker/kernel_config_checker/add_config.py Outdated
Comment thread scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/schema.py Outdated
Comment thread scripts/ci/kernel/kernel-config-checker/kernel_config_checker/schema/schema.py Outdated
Comment thread scripts/ci/kernel/kernel-config-checker/requirements.txt
Copilot AI review requested due to automatic review settings July 1, 2026 18:55
@rlmenge rlmenge force-pushed the rlmenge/4.0/kernel/config-checker branch from eaca4d9 to ba2f01d Compare July 1, 2026 18:55

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Comment thread scripts/ci/kernel/kernel-config-checker/kernel_config_checker/check_config.py Outdated
Comment thread scripts/ci/kernel/kernel-config-checker/kernel_config_checker/add_config.py Outdated
Import the AZL4 kernel config checker and align CI/workflow integration:
- add checker tooling and policy schema/data
- harden and update the workflow path/runtime (Python 3.14)
- move checker assets under scripts/ci/kernel/kernel-config-checker
- refresh README examples/structure and remove stale feature claims
Copilot AI review requested due to automatic review settings July 1, 2026 19:42
@rlmenge rlmenge force-pushed the rlmenge/4.0/kernel/config-checker branch from 12b3a9b to a834206 Compare July 1, 2026 19:42

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Comment on lines +83 to +87
# For consistency, we use the same major/minor version of Python that Azure Linux ships.
- name: Setup Python 3.14
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.14'

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@reubeno @ellie-di thoughts on matching AzureLinux vs the other CI checks?

Replace bespoke shell/Python validation in check-kernel-configs.yml with a pytest-driven harness under scripts/ci/kernel/kernel-config-checker/tests. New checks can be added as normal pytest cases (static or dynamically parametrized) without adding per-package pipelines.
@rlmenge rlmenge force-pushed the rlmenge/4.0/kernel/config-checker branch from a834206 to c751a39 Compare July 1, 2026 20:20
@rlmenge rlmenge marked this pull request as ready for review July 1, 2026 20:35
Copilot AI review requested due to automatic review settings July 1, 2026 20:35

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated no new comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants