feat(kernel-config-checker): import AZL4 kernel config checker#17809
feat(kernel-config-checker): import AZL4 kernel config checker#17809rlmenge wants to merge 2 commits into
Conversation
Import the kernel config checker tool from 3.0-dev and adapt it for AZL 4.0: - Remove kernel-64k overrides (no ARM 64K pages variant in AZL 4.0) - Remove configs deleted from the kernel 6.18 source - Sync kernel-hwe override from upstream 3.0-dev (PLDMFW->CRYPTO_DH) - Update JSON filename from azl3-os-required-kernel-configs.json to azl4-
CI workflow: - SHA-pinned actions, env-indirection for untrusted values, permissions, concurrency, and persist-credentials: false to meet AZL 4.0 conventions. - Push trigger now handles first push (zero before-SHA) and force-pushes (unreachable before-SHA) by falling back to merge-base against base branch. Docs and correctness: - Refresh README to azl4 filenames and update example block. - Add toolkit/scripts/requirements.txt so CI installs deps via -r. - Fix --check-all and --add-config to exit 1 on not-found / abort / validation error (previously both silently returned 0).
There was a problem hiding this comment.
Pull request overview
This PR imports and adapts the AZL 3.0 kernel config checker for Azure Linux 4.0. It adds a Pydantic-v2-based tool that validates kernel .config files against a policy JSON of "required" kernel configs (default settings plus per-kernel overrides with per-architecture values), a CI workflow that runs the checker on PRs/pushes that touch kernel config files, and supporting docs/dependencies. The PR description notes CI does not yet pass because the checker surfaces real config mismatches that will be remediated separately; this change lands the tooling only.
Changes:
- New
kernel_config_checkerPython package: schema models,.configchecker with corrected non-zero exit codes, interactiveadd_config, and a 2971-line AZL4 policy JSON trackingkernelandkernel-hwe. - New hardened GitHub Actions workflow (
check-kernel-configs.yml) with robust push/PR base-commit resolution (handles first-push and force-push via merge-base fallback). - New
requirements.txt(pydantic>=2.9) and a README documenting usage.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
toolkit/scripts/requirements.txt |
Declares pydantic>=2.9 for the checker. |
toolkit/scripts/kernel_config_checker/schema/schema.py |
Pydantic models for the policy (required name, extra: forbid). |
toolkit/scripts/kernel_config_checker/schema/print_schema.py |
Utility to dump the JSON schema. |
toolkit/scripts/kernel_config_checker/schema/__init__.py |
Package init / license header. |
toolkit/scripts/kernel_config_checker/README.md |
Usage docs; has 3 doc inaccuracies (schema example missing required name, structure tree omits add_config.py, stale "Legacy conversion" feature). |
toolkit/scripts/kernel_config_checker/kernel_configs_json/azl4-os-required-kernel-configs.json |
AZL4 required-config policy data (default + kernel/kernel-hwe overrides). |
toolkit/scripts/kernel_config_checker/check_config.py |
Main checker; arch normalization and consistent non-zero exit codes. |
toolkit/scripts/kernel_config_checker/add_config.py |
Interactive config-add flow with validation and abort handling. |
toolkit/scripts/kernel_config_checker/__init__.py |
Package init / license header. |
.github/workflows/check-kernel-configs.yml |
Hardened CI workflow that runs the checker on kernel config changes. |
| "default": { | ||
| "kernel_configs": [ |
| ├── kernel_configs_json/ | ||
| │ └── azl4-os-required-kernel-configs.json # Main config file | ||
| ├── __init__.py # Package init | ||
| ├── check_config.py # Main checker and utilities |
| - **Flexible overrides** - Default configs with per-kernel overrides | ||
| - **Interactive config management** - Add new configs with guided prompts | ||
| - **Config querying** - Check config values across all kernels/architectures | ||
| - **Legacy conversion** - Tools to migrate existing configurations |
| echo "Merging $HEAD_SHA into $base_sha" | ||
|
|
||
| # For consistency, we use the same major/minor version of Python that Azure Linux ships. | ||
| - name: Setup Python 3.12 |
There was a problem hiding this comment.
The workflow currently uses Python 3.12, which conflicts with current AZL 4.0 shipped version (3.14). Please update setup-python to 3.14 or adjust the comment if 3.12 is intentionally required for compatibility.
There was a problem hiding this comment.
If there are requirements around the package, is there a way for them to live closer to the package definition itself instead of in the tools?
| @@ -0,0 +1,271 @@ | |||
| #!/usr/bin/env python3 | |||
There was a problem hiding this comment.
Is there a way for this to get integrated to our new-and-growing set of pytest-oriented validation steps? The goal with this approach is that we can keep adding new checks as pytest test cases (either static or dynamic) without needing a new custom way to run them or a new custom pipeline for each individual package or image specific check.
There was a problem hiding this comment.
We don't have a toplevel toolkit dir today; if we don't have anywhere better to put it, what about in a dir under scripts?
| @@ -0,0 +1,2971 @@ | |||
| { | |||
There was a problem hiding this comment.
Is there a reason we picked JSON for this instead of something that's more human-friendly for reading/editing?
Summary
Import and adapt the kernel config checker workflow/tooling for AZL 4.0, and polish CI behavior and error handling.
What Changed
azl4-os-required-kernel-configs.json)contents: readonly)persist-credentials: falseBEFORE_SHAon initial push and force-push cases (falls back to merge-base)--check-allreturns 1 when config not found--add-configreturns 1 on abort or validation failurerequirements.txt— declarespydantic>=2.9dependencyTracked Kernels
kernelkernel-hweValidation
--check-allreturns non-zero on not-found--add-configreturns non-zero on abort/validation failureRelated