Skip to content

🌱 Fix PR verifier by replacing deprecated Docker action#4972

Merged
justaugustus merged 3 commits into
ossf:mainfrom
justaugustus:fix/pr-verifier-action
Mar 23, 2026
Merged

🌱 Fix PR verifier by replacing deprecated Docker action#4972
justaugustus merged 3 commits into
ossf:mainfrom
justaugustus:fix/pr-verifier-action

Conversation

@justaugustus

@justaugustus justaugustus commented Mar 21, 2026

Copy link
Copy Markdown
Member

What kind of change does this PR introduce?

Bug fix - Replaces deprecated Docker action that was causing all PR verifier checks to fail.

What is the current behavior?

The PR verifier check is failing for all pull requests with error: "Pull gcr.io/kubebuilder/pr-verifier:v0.4.3: failure"

The kubebuilder-release-tools Docker image became unavailable on March 18, 2025, as announced in kubernetes-sigs/kubebuilder-release-tools#60.

What is the new behavior (if this is a feature change)?

  • Tests for the changes have been added (for bug fixes/features)

The PR verifier now uses a shell script (scripts/verify-pr-title.sh) instead of the deprecated Docker action. The script:

  • Performs PR title verification for required emoji prefixes
  • Supports both emoji (🌱) and :emoji: (:seedling:) formats
  • Validates input safely (length limits, safe output handling)
  • Matches the exact emoji list from CONTRIBUTING.md

Supported emoji prefixes:

  • ⚠ Breaking change (:warning:)
  • ✨ Non-breaking feature (:sparkles:)
  • 🐛 Patch fix (:bug:)
  • 📖 Documentation changes (user or developer) (:book:)
  • 🌱 Infra/Tests/Other (:seedling:)
  • 👻 No release note (:ghost:)

Tested locally with:

  • ✅ All supported emoji prefixes (emoji and :emoji: format)
  • ❌ Missing emoji prefix (fails with helpful error message)
  • ❌ Invalid emoji prefix (fails with correct guidance)
  • ✅ Input validation (500 char length limit, safe output handling)

Which issue(s) this PR fixes

NONE

Special notes for your reviewer

The workflow checks out the base branch (via ref: ${{ github.base_ref }}) to run the verification script, ensuring only trusted code executes.

Does this PR introduce a user-facing change?

The PR verifier workflow now uses a local shell script instead of the deprecated kubebuilder-release-tools Docker action. PR title requirements are unchanged - contributors must still use emoji prefixes as documented in CONTRIBUTING.md.
@justaugustus justaugustus requested a review from a team as a code owner March 21, 2026 20:26
@justaugustus justaugustus requested review from jeffmendoza and raghavkaul and removed request for a team March 21, 2026 20:26
@dosubot dosubot Bot added the size:XXL This PR changes 1000+ lines, ignoring generated files. label Mar 21, 2026
@codecov

codecov Bot commented Mar 21, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.67%. Comparing base (353ed60) to head (01f9cf8).
⚠️ Report is 324 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #4972      +/-   ##
==========================================
+ Coverage   66.80%   69.67%   +2.87%     
==========================================
  Files         230      251      +21     
  Lines       16602    15654     -948     
==========================================
- Hits        11091    10907     -184     
+ Misses       4808     3873     -935     
- Partials      703      874     +171     
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
@justaugustus justaugustus force-pushed the fix/pr-verifier-action branch from ee151da to 6ae2bec Compare March 21, 2026 20:38
@dosubot dosubot Bot removed the size:XXL This PR changes 1000+ lines, ignoring generated files. label Mar 21, 2026
@dosubot dosubot Bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Mar 21, 2026
@justaugustus justaugustus changed the title 🐛 Fix PR verifier and harden against pull_request_target attacks Mar 21, 2026
@justaugustus justaugustus force-pushed the fix/pr-verifier-action branch from 6ae2bec to 04cdd2d Compare March 21, 2026 20:49
@justaugustus justaugustus changed the title 🌱 Fix PR title verifier Mar 21, 2026
@justaugustus justaugustus requested review from AdamKorcz and spencerschrock and removed request for raghavkaul March 21, 2026 20:54
The kubebuilder-release-tools Docker image (gcr.io/kubebuilder/pr-verifier)
became unavailable on March 18, 2025, causing all PR verifier checks to fail.

This commit replaces the Docker action with a shell script that:
- Performs the same PR title verification for emoji prefixes
- Checks out base branch to run the verification script
- Validates title length (500 char max)
- Uses printf for safer output handling
- Maintains compatibility with both emoji and :emoji: formats

Supported emoji prefixes:
- ⚠ Breaking change
- ✨ Non-breaking feature
- 🐛 Patch fix
- 📖 Documentation
- 🚀 Release
- 🌱 Infra/Tests/Other

Signed-off-by: Stephen Augustus <foo@auggie.dev>
Co-Authored-By: Claude <noreply@anthropic.com>

@justaugustus justaugustus left a comment

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@spencerschrock @AdamKorcz — need a review, as this failure currently blocks all PRs.

@justaugustus justaugustus changed the title 🐛 Fix PR verifier by replacing deprecated Docker action Mar 22, 2026
Comment thread scripts/verify-pr-title.sh Outdated
Comment thread .github/workflows/verify.yml Outdated
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Stephen Augustus <justaugustus@users.noreply.github.com>
@justaugustus justaugustus force-pushed the fix/pr-verifier-action branch from e290213 to 01f9cf8 Compare March 23, 2026 14:56
@justaugustus justaugustus merged commit 6eaa30a into ossf:main Mar 23, 2026
37 of 39 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:M This PR changes 30-99 lines, ignoring generated files.

2 participants