ACM-34234: build(cli): rename hcp archives to include OS and arch in filename

[yiraeChristineKim]

What this PR does / why we need it

Each platform archive was previously named hcp.tar.gz regardless of OS/arch, causing filename collisions when Konflux derives the release artifact name from the component and archive name (the filename field is no longer used).

Archives are now named hcp-<os>-<arch>.tar.gz and written flat into ./bin/, producing:

• hcp-linux-amd64.tar.gz
• hcp-linux-arm64.tar.gz
• hcp-linux-ppc64le.tar.gz
• hcp-linux-s390x.tar.gz
• hcp-darwin-amd64.tar.gz
• hcp-darwin-arm64.tar.gz
• hcp-windows-amd64.tar.gz
• hcp-windows-arm64.tar.gz

References:

• Konflux release data MR: https://gitlab.cee.redhat.com/releng/konflux-release-data/-/merge_requests/18358#note_21658264
• Jira: https://redhat.atlassian.net/browse/ACM-34234

Which issue(s) this PR fixes

Fixes ACM-34234

Special notes for your reviewer

N/A

Checklist

• The code I'm writing is tested
• Testing instructions provided below OR it's sufficiently covered by existing tests
• Documentation added/updated if necessary

How to test

Build the Containerfile.cli image and verify the resulting /opt/app-root/src/ directory contains flat hcp-<os>-<arch>.tar.gz files with no OS/arch subdirectories.

Made with Cursor

Summary by CodeRabbit

• Chores
  • Improved artifact packaging and cleanup in the build process for more efficient distribution.

[openshift-ci-robot]

@yiraeChristineKim: This pull request references ACM-34234 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

What this PR does / why we need it

Each platform archive was previously named hcp.tar.gz regardless of OS/arch, causing filename collisions when Konflux derives the release artifact name from the component and archive name (the filename field is no longer used).

Archives are now named hcp-<os>-<arch>.tar.gz and written flat into ./bin/, producing:

• hcp-linux-amd64.tar.gz
• hcp-linux-arm64.tar.gz
• hcp-linux-ppc64le.tar.gz
• hcp-linux-s390x.tar.gz
• hcp-darwin-amd64.tar.gz
• hcp-darwin-arm64.tar.gz
• hcp-windows-amd64.tar.gz
• hcp-windows-arm64.tar.gz

References:

• Konflux release data MR: https://gitlab.cee.redhat.com/releng/konflux-release-data/-/merge_requests/18358#note_21658264
• Jira: https://redhat.atlassian.net/browse/ACM-34234

Which issue(s) this PR fixes

Fixes ACM-34234

Special notes for your reviewer

N/A

Checklist

• The code I'm writing is tested
• Testing instructions provided below OR it's sufficiently covered by existing tests
• Documentation added/updated if necessary

How to test

Build the Containerfile.cli image and verify the resulting /opt/app-root/src/ directory contains flat hcp-<os>-<arch>.tar.gz files with no OS/arch subdirectories.

Made with Cursor

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 8d0aa1ff-97d1-4a66-9388-88d996a2a64f

📥 Commits

Reviewing files that changed from the base of the PR and between 8e05ad6 and 54af174.

📒 Files selected for processing (1)

• Containerfile.cli

---

📝 Walkthrough

Walkthrough

The change refactors the builder stage in Containerfile.cli to restructure how release binaries are packaged into tarballs. The Linux packaging loop now outputs tarballs directly to ./bin/ instead of creating nested directory structures. The Darwin and Windows packaging loop is similarly adjusted to tar from a flat directory structure and output directly to ./bin/ with naming pattern hcp-${OS}-${ARCH}.tar.gz. The cleanup step is updated to remove intermediate OS/arch subdirectories using find with depth constraints, instead of deleting files by pattern, ensuring only the final .tar.gz artifacts remain.

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: renaming archives to include OS and arch in the filename, which directly matches the primary objective of the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Sampled Ginkgo test files show stable, descriptive test names without dynamic values like fmt.Sprintf, UUIDs, timestamps, or pod names.
Test Structure And Quality	✅ Passed	Custom check not applicable: PR modifies only Containerfile.cli; all test files are newly added, not modified.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only Containerfile.cli, a container build configuration file. No deployment manifests, operator code, or controllers are added/modified. No scheduling constraints introduced.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR modifies only Containerfile.cli (a Docker build configuration), not Ginkgo e2e tests. The check for IPv6/disconnected network compatibility is not applicable to non-test files.
No-Weak-Crypto	✅ Passed	PR contains only Containerfile.cli changes for archive naming/packaging—no weak crypto algorithms, custom crypto, or secret comparisons are present.
Container-Privileges	✅ Passed	Containerfile.cli contains no privileged directives (privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation). Changes only affect archive packaging logic.
No-Sensitive-Data-In-Logs	✅ Passed	No sensitive data exposed in logs. Tar verbose output lists the ./hcp binary filename only; COMMIT_HASH ARG is never logged; no passwords, tokens, keys, or PII found.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 40.68%. Comparing base (8e05ad6) to head (54af174).
⚠️ Report is 9 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8649   +/-   ##
=======================================
  Coverage   40.68%   40.68%           
=======================================
  Files         755      755           
  Lines       93368    93368           
=======================================
  Hits        37985    37985           
  Misses      52649    52649           
  Partials     2734     2734           

Flag	Coverage Δ
cmd-support	34.70% <ø> (ø)
cpo-hostedcontrolplane	41.80% <ø> (ø)
cpo-other	41.39% <ø> (ø)
hypershift-operator	50.81% <ø> (ø)
other	31.61% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[yiraeChristineKim]

/ok-to-test

[openshift-ci]

@yiraeChristineKim: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[hypershift-jira-solve-ci]

I now have all the evidence needed. Here is the analysis:

Test Failure Analysis Complete

Job Information

• Prow Job: Red Hat Konflux / hypershift-cli-mce-50-on-pull-request
• Build ID: hypershift-cli-mce-50-on-pull-request-kf9vb
• Pipeline: Konflux (Tekton) — stolostron/konflux-build-catalog common pipeline
• PR: #8649 — ACM-34234: build(cli): rename hcp archives to include OS and arch in filename
• Commit: 54af17473557c7a7e91fd07fc3b954a7e44f963a
• Failed Task: clone-repository (Tekton task git-clone-oci-ta:0.1)
• Duration: 17 minutes (15:44:13 → 16:02:00 UTC, June 1 2026)

Test Failure Analysis

Error

error: Command failed after 10 tries with status 1
Command exited with non-zero status 1

Summary

The Konflux pipeline failed at the clone-repository step before any build or test work began. The Tekton git-clone-oci-ta task's /ko-app/git-init binary attempted to clone the repository 10 times over 17 minutes and failed every attempt with exit code 1. This failure is not caused by the PR's code changes (which only rename tar.gz archive paths in Containerfile.cli). It is caused by an active GitHub infrastructure incident (stspg.io/ct11xsjs29k7) that began at 15:17 UTC — 27 minutes before the pipeline started — and was affecting GitHub's job processing architecture, causing delays and failures for git operations and other services.

Root Cause

The root cause is an active GitHub infrastructure incident that began on 2026-06-01 at 15:17 UTC, titled "Delays with Code Scanning and Billing." By 15:43 UTC — one minute before the clone task started — GitHub confirmed they were "investigating delays in our job processing architecture," with the scope expanding to include code scanning, billing updates, email notifications, and mobile push notifications.

The clone-repository Tekton task uses Tekton Pipelines' /ko-app/git-init binary configured with -retryMaxAttempts=10. This binary performs the actual git clone operation against GitHub. Each of the 10 attempts failed with exit code 1, indicating that GitHub's git server was either refusing connections, timing out, or returning errors during the infrastructure incident.

This is an infrastructure failure, not a code defect. The PR only modifies Containerfile.cli to rename archive output paths from ./bin/linux/${ARCH}/hcp.tar.gz to ./bin/hcp-linux-${ARCH}.tar.gz — these changes cannot affect git clone behavior since the clone step runs before any build commands execute.

Corroborating evidence:

• PR fix: OCPBUGS-86799: Add SpotTerminationHandlerConfigured condition for spot NodePools #8646 (May 31, 20:53 UTC — before incident): ✅ succeeded
• PR CNTRLPLANE-3535: Add codecov carryforward flags to stabilize project coverage checks #8642 (June 1, 13:29 UTC — before incident): ✅ succeeded
• PR NO-jira: api: use omitzero for structs and omitempty for scalars #8648 (June 1, 10:52 UTC — different infra issue): ❌ failed with Quay.io 502 Bad Gateway (separate Konflux infrastructure problem)
• PR ACM-34234: build(cli): rename hcp archives to include OS and arch in filename #8649 (June 1, 15:44 UTC — during GitHub incident): ❌ failed with clone retry exhaustion

Recommendations

1. Re-trigger the pipeline — The failure is transient. Once the GitHub incident is resolved, re-run the Konflux pipeline by pushing an empty commit or using the Konflux UI re-run button. Check GitHub Status to confirm the incident is resolved before retrying.

2. No code changes needed — The PR's changes to Containerfile.cli are correct and unrelated to this failure. The archive renaming logic (hcp-linux-${ARCH}.tar.gz) and the cleanup command (find ./bin -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} +) are sound.

3. Monitor GitHub Status — The incident at https://stspg.io/ct11xsjs29k7 was still in "investigating" status at last check. Wait for it to be resolved before retrying.

Evidence

Evidence	Detail
Failed task	clone-repository — first task after init, before any build steps
Error message	Command failed after 10 tries with status 1 from /ko-app/git-init
Task duration	17 minutes (10 retries with backoff, ~1.7 min avg per attempt)
Task binary	/ko-app/git-init -url=... -revision=54af1747... -depth=1 -retryMaxAttempts=10
GitHub incident	stspg.io/ct11xsjs29k7 — "Delays with Code Scanning and Billing"
Incident start	2026-06-01T15:17:09 UTC (27 min before clone task started)
Incident scope	"delays in our job processing architecture" (confirmed 15:43 UTC)
Clone task start	2026-06-01T15:44:13 UTC (during active incident)
Clone task fail	2026-06-01T16:02:00 UTC
PR code changes	Only Containerfile.cli — renames archive paths, cannot affect git clone
PR #8646 (pre-incident)	✅ Succeeded at 2026-05-31T20:53 UTC
PR #8642 (pre-incident)	✅ Succeeded at 2026-06-01T13:29 UTC
PR #8648 (different issue)	❌ Failed at 10:52 UTC — Quay.io 502 (unrelated Konflux infra)
Commit SHA verified	54af17473557 exists in both origin and fork repos

---

[bryan-cox]

/area ci-tooling

[bryan-cox]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox, yiraeChristineKim

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [bryan-cox]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[celebdor]

/retest-required