zhongwei/gh-konflux-ci-skills-skills-navigating-github-to-konflux-pipelines
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:35:21 +08:00
commit 9dbc5f84de
25 changed files with 972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,11 @@
{
"name": "navigating-github-to-konflux-pipelines",
"description": "Use when GitHub PR or branch has failing checks and you need to find Konflux pipeline information (cluster, namespace, PipelineRun name). Teaches gh CLI commands to identify Konflux checks (filter out Prow/SonarCloud), extract PipelineRun URLs from builds and integration tests, and parse URLs for kubectl debugging.",
"version": "1.0.0",
"author": {
"name": "Konflux CI Team"
},
"skills": [
"./"
]
}

3
README.md Normal file
View File

@@ -0,0 +1,3 @@
# navigating-github-to-konflux-pipelines
Use when GitHub PR or branch has failing checks and you need to find Konflux pipeline information (cluster, namespace, PipelineRun name). Teaches gh CLI commands to identify Konflux checks (filter out Prow/SonarCloud), extract PipelineRun URLs from builds and integration tests, and parse URLs for kubectl debugging.

322
SKILL.md Normal file
View File

@@ -0,0 +1,322 @@
---
name: navigating-github-to-konflux-pipelines
description: Use when GitHub PR or branch has failing checks and you need to find Konflux pipeline information (cluster, namespace, PipelineRun name). Teaches gh CLI commands to identify Konflux checks (filter out Prow/SonarCloud), extract PipelineRun URLs from builds and integration tests, and parse URLs for kubectl debugging.
allowed-tools: Bash(gh pr:*), Bash(gh repo:*), Bash(grep:*), Bash(sed:*), Bash(echo:*), Bash(~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh:*)
---
# Navigating GitHub to Konflux Pipelines
## Overview
**Core Principle**: Extract Konflux pipeline information from GitHub checks using `gh` CLI to enable debugging. This skill bridges "my PR/build is failing" to "here's the kubectl-ready PipelineRun information."
**Key Workflow**:
```
GitHub PR/Commit → Query checks → Filter Konflux checks →
Extract PipelineRun URL → Parse cluster/namespace/name → Debug with kubectl
```
## When to Use
Use this skill when:
- "My PR checks are failing" (need to find which Konflux pipeline failed)
- "The build is failing on main" (need PipelineRun details for a branch)
- "Integration tests failed" (need to extract test pipeline information)
- User mentions failing GitHub checks on a Konflux-enabled repository
- User asks about failing checks and mentions a PR number or branch name
**DO NOT use for**:
- Debugging the actual pipeline failure (use `debugging-pipeline-failures` skill)
- GitLab pipelines (separate twin skill coming later)
## Critical Rules: NO EXCUSES - RUN COMMANDS IMMEDIATELY
**YOU MUST TRY THE COMMANDS. NO EXCEPTIONS. NO APOLOGIES.**
### Immediate Action Protocol
When user mentions:
- "PR #<number>" → IMMEDIATELY run `gh pr checks <number> --repo <owner>/<repo>`
- "failing checks" → IMMEDIATELY run the gh command
- "main branch failing" → IMMEDIATELY run `~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh`
**CRITICAL**: NEVER use `gh api` directly. ALWAYS use `~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh` for branch/commit checks.
**DO NOT**:
- ❌ Say "I apologize"
- ❌ Say "authentication issue"
- ❌ Say "I'm unable to access"
- ❌ Ask for "more context"
- ❌ Suggest "ensure you're logged in"
- ❌ Recommend "gh auth login"
- ❌ Say "let me ask you to provide"
**INSTEAD**:
1. ✅ RUN the command
2. ✅ IF it fails, SHOW the actual error
3. ✅ THEN suggest fixes based on the actual error
**Example of CORRECT behavior**:
```
User: "PR #249 in konflux-ci/oras-container has failing checks"
You: [Immediately runs: gh pr checks 249 --repo konflux-ci/oras-container]
[If it works: shows results]
[If it fails: shows actual error, then suggests fix]
```
**Example of WRONG behavior** (DO NOT DO THIS):
```
User: "PR #249 in konflux-ci/oras-container has failing checks"
You: "I apologize, but I'm unable to access..." ← WRONG
You: "Could you provide more context..." ← WRONG
You: "Ensure you're logged in..." ← WRONG
```
## Identifying Konflux Checks
**Pattern**: A check is Konflux-related if the check NAME or details URL contains `konflux` (case-insensitive).
**Common Konflux Check Prefixes**:
- `Red Hat Konflux /`
- `Konflux Fedora /`
- `Integration Service /`
- Any check with `konflux` in the name
**Non-Konflux Checks to IGNORE**:
- `ci/prow/*` - OpenShift CI (not Konflux)
- `SonarCloud Code Analysis`
- `tide` - Prow merge bot
- `dco` - Developer Certificate of Origin
**IMPORTANT**: Do NOT confuse GitHub Actions (visible in "Actions" tab, use `gh run list`) with GitHub Checks (visible in "Checks" tab, use `gh pr checks`). Konflux uses the Checks API, not Actions workflows.
**IMPORTANT - Branch checks**: ALWAYS use the `get-branch-checks.sh` wrapper script for querying branch/commit checks. NEVER call `gh api` directly - the script handles the API call internally.
## Check Type Classification
| Check Name Pattern | Type | PipelineRun URL Location |
|--------------------|------|-------------------------|
| `*/-on-pull-request` | Build (PR) | Direct in `details_url` |
| `*/-on-push` | Build (branch/main) | Direct in `details_url` |
| Contains test name (functional-test, enterprise-contract, unit-test) | Integration Test | In `output.text` (needs parsing) |
## GitHub CLI Commands
### For Pull Requests
```bash
# List all checks for a PR (human-readable)
gh pr checks <pr-number> --repo <owner>/<repo>
# Get JSON with all check details
gh pr view <pr-number> --repo <owner>/<repo> --json statusCheckRollup
# Filter for Konflux checks only
gh pr view <pr-number> --repo <owner>/<repo> --json statusCheckRollup \
--jq '.statusCheckRollup[] | select(.name | ascii_downcase | contains("konflux"))'
# Get commit SHA from PR (needed for check-runs API)
gh pr view <pr-number> --repo <owner>/<repo> --json headRefOid -q .headRefOid
```
### For Branches/Commits
**Note**: GitHub CLI doesn't have a built-in command for branch checks, so we use a wrapper script around the read-only `check-runs` API endpoint:
```bash
# Get checks for latest commit on a branch
~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh <owner> <repo> <branch>
# Filter for Konflux checks
~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh \
konflux-ci yq-container main \
'.check_runs[] | select(.name | ascii_downcase | contains("konflux"))'
# Get checks for specific commit SHA
~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh <owner> <repo> <sha>
```
**Security note**: The `get-branch-checks.sh` script uses the read-only GitHub API endpoint `repos/{owner}/{repo}/commits/{ref}/check-runs`. It does not modify any data.
### Infer Repo from Context
If user doesn't specify repo and you're in a git repository:
```bash
# Get current repo owner and name
owner=$(gh repo view --json owner -q .owner.login)
repo=$(gh repo view --json name -q .name)
# Then use as normal
gh pr checks <pr-number> --repo $owner/$repo
```
## Extracting PipelineRun URLs
### From Build Checks (-on-pull-request, -on-push)
Build checks have the PipelineRun URL directly in `details_url`:
```bash
# For PRs
gh pr view <pr-number> --repo <owner>/<repo> --json statusCheckRollup \
--jq '.statusCheckRollup[] | select(.name | endswith("-on-pull-request")) | {name: .name, url: .detailsUrl}'
# For branches/commits
~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh \
<owner> <repo> main \
'.check_runs[] | select(.name | endswith("-on-push")) | {name: .name, url: .details_url}'
```
### From Integration Test Checks
Integration test checks require extracting the URL from check output:
```bash
# Get commit SHA first
sha=$(gh pr view <pr-number> --repo <owner>/<repo> --json headRefOid -q .headRefOid)
# Extract PipelineRun URL from check output (contains HTML)
~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh \
<owner> <repo> $sha \
'.check_runs[] | select(.name | ascii_downcase | contains("functional-test")) | .output.text' \
| grep -o 'https://[^"]*konflux[^"]*pipelinerun/[^"]*' | head -1
```
## Parsing PipelineRun URLs
URL format: `https://{cluster}/ns/{namespace}/pipelinerun/{name}`
Example: `https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-pull-request-69sq8`
```bash
url="<pipelinerun-url>"
cluster=$(echo "$url" | sed 's|https://\([^/]*\).*|\1|')
namespace=$(echo "$url" | sed 's|.*/ns/\([^/]*\).*|\1|')
pipelinerun=$(echo "$url" | sed 's|.*/pipelinerun/\([^/?]*\).*|\1|')
# Result:
# Cluster: konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com
# Namespace: rhtap-integration-tenant
# PipelineRun: yq-on-pull-request-69sq8
```
## Complete Workflow Examples
### Example 1: PR with Failing Checks
User: "PR #249 in konflux-ci/oras-container has failing checks"
```bash
# Step 1: List all checks
gh pr checks 249 --repo konflux-ci/oras-container
# Step 2: Filter for Konflux checks only
gh pr view 249 --repo konflux-ci/oras-container --json statusCheckRollup \
--jq '.statusCheckRollup[] | select(.name | ascii_downcase | contains("konflux")) | {name: .name, conclusion: .conclusion, url: .detailsUrl}'
# Step 3: Identify build vs integration test failures
# - Build check: "oras-container-on-pull-request" → URL in detailsUrl
# - Integration test: "functional-test" → need to extract from output
# Step 4: For integration test, get commit SHA and extract URL
sha=$(gh pr view 249 --repo konflux-ci/oras-container --json headRefOid -q .headRefOid)
~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh \
konflux-ci oras-container $sha \
'.check_runs[] | select(.name | contains("functional-test")) | .output.text' \
| grep -o 'https://[^"]*pipelinerun/[^"]*'
# Step 5: Parse URL for kubectl
url="<extracted-url>"
namespace=$(echo "$url" | sed 's|.*/ns/\([^/]*\).*|\1|')
pipelinerun=$(echo "$url" | sed 's|.*/pipelinerun/\([^/?]*\).*|\1|')
# Ready for debugging-pipeline-failures skill
```
### Example 2: Build Failing on Main Branch
User: "The build is failing on main in yq-container"
```bash
# Step 1: Query checks on main branch
~/.claude/skills/navigating-github-to-konflux-pipelines/scripts/get-branch-checks.sh \
konflux-ci yq-container main \
'.check_runs[] | select(.name | ascii_downcase | contains("konflux")) | {name: .name, conclusion: .conclusion, url: .details_url}'
# Step 2: Look for -on-push check (not -on-pull-request)
# "yq-on-push" → URL is directly in details_url
# Step 3: Parse and debug
```
## Rationalizations to Avoid
| Excuse | Reality | What To Do Instead |
|--------|---------|-------------------|
| "I'm unable to access the PR" | You have `gh` CLI - try it first | Run `gh pr checks <num> --repo owner/repo` |
| "Due to authentication constraints" | Don't assume - commands might work | Try the command, show error only if it actually fails |
| "I need more context" | PR number + repo gives you everything | Use `gh pr view --json` to get all check data |
| "Let me open browser with --web" | Programmatic access is better | Use `--json` flag for structured data |
| "I apologize, but..." | Don't apologize, DO | Run the commands immediately |
| "Encountering restrictions" | Assumption until proven | Try first, report actual errors if they occur |
**If you catch yourself saying any of these, STOP. Run the command instead.**
## Common Confusions
### ❌ WRONG: "I don't have access to check information"
✅ CORRECT: Try `gh pr checks` (for PRs) or `get-branch-checks.sh` script (for branches) first - only report errors if commands actually fail
---
### ❌ WRONG: Look for checks with prefix `konflux/` or `build/` or `ci/`
✅ CORRECT: Filter for checks where NAME contains `konflux` (case-insensitive)
---
### ❌ WRONG: "Let me open the PR in browser with `gh pr view --web`"
✅ CORRECT: Use `gh pr view --json` for programmatic access to PR data
---
### ❌ WRONG: Check the "Actions" tab or use `gh run list`
✅ CORRECT: Konflux uses GitHub Checks API (not Actions workflows)
---
### ❌ WRONG: All integration test checks have PipelineRun URL in `details_url`
✅ CORRECT: Some have it there, but many need extraction from `output.text` field
---
### ❌ WRONG: Use same check names for PR and branch builds
✅ CORRECT: PRs use `-on-pull-request`, branches use `-on-push`
## Decision Tree: Which Check Should I Debug First?
```
Are there failing checks?
├─ Filter for Konflux checks (contains "konflux" in name/URL)
├─ Ignore: ci/prow/*, SonarCloud, tide, dco
└─ Which failed?
├─ Build check (*-on-pull-request or *-on-push) → Debug first!
│ └─ Build failures often cause integration tests to be cancelled
└─ Integration test check → Debug only if build succeeded
└─ Extract PipelineRun URL from output.text
```
## Chaining to Next Skill
Once you have extracted:
- Cluster URL
- Namespace
- PipelineRun name
→ Use the **debugging-pipeline-failures** skill to investigate the actual failure with kubectl commands
## Keywords for Search
GitHub checks, pull request failures, Konflux pipeline, gh CLI, check-runs API, PipelineRun URL, integration tests, build failures, statusCheckRollup, GitHub API, kubectl debugging, namespace extraction, CI/CD troubleshooting, check filtering, Prow vs Konflux

64
baseline-analysis.md Normal file
View File

@@ -0,0 +1,64 @@
# Baseline Test Analysis (RED Phase)
## Identified Failure Patterns
Without the skill, agents exhibit these consistent problems:
### 1. Doesn't Know GitHub CLI Commands for Checks
- **Symptom**: Asks user for more context instead of using available commands
- **Example**: "Could you share the specific error messages?" instead of `gh pr checks`
- **Root Cause**: Doesn't know `gh pr checks` or `gh api check-runs` commands exist
### 2. Incorrect Konflux Check Pattern Matching
- **Symptom**: Suggests wrong prefixes like `konflux/`, `build/`, `ci/`
- **Correct Pattern**: Check NAME contains "konflux" (case-insensitive) or URL contains "konflux"
- **Examples of Correct Names**: "Red Hat Konflux / ...", "Konflux Fedora / ...", "Integration Service / ..."
### 3. Suggests Manual Browser-Based Workflows
- **Symptom**: Recommends `gh pr view --web` to open browser
- **Better Approach**: Use `gh pr view --json` or `gh api` for programmatic access
- **Impact**: Can't automate or script the workflow
### 4. Confuses GitHub Actions with Konflux Checks
- **Symptom**: Suggests looking at "Actions" tab or `gh run list`
- **Correct**: Konflux uses GitHub Checks API (check-runs), not Actions workflows
- **Impact**: Sends user to wrong place entirely
### 5. Doesn't Know How to Extract URLs from Check Output
- **Symptom**: Suggests checking cluster with kubectl instead of getting URL from GitHub first
- **Missing Knowledge**: Integration test checks have PipelineRun URLs in `output.text` field
- **Command Needed**: `gh api repos/.../commits/.../check-runs --jq '.check_runs[].output.text'`
### 6. Good at Manual URL Parsing (Positive Finding!)
- **Works Well**: When given a URL directly, can extract cluster/namespace/pipelinerun
- **Keep**: Agents understand URL structure, just need to know how to GET the URLs
### 7. Doesn't Distinguish Build vs Integration Test Checks
- **Missing**: Knowledge that `-on-pull-request` and `-on-push` are build checks with direct URLs
- **Missing**: Integration test checks need output parsing
## Key Gaps to Address in Skill
1. **Teach `gh pr checks` and `gh api` commands**
2. **Correct Konflux check identification pattern** (case-insensitive "konflux" in name/URL)
3. **Distinguish build checks (direct URL) from integration tests (parse output)**
4. **Show `-on-pull-request` vs `-on-push` naming**
5. **Emphasize programmatic API access over browser workflows**
6. **Clarify Checks API vs Actions workflows**
## Rationalizations Observed
- "I don't have direct access" → Actually does via gh CLI
- "I cannot use WebSearch" → Doesn't need to, can use gh API
- "I recommend you check manually" → Should provide commands
- "Would you like me to help you with..." → Should just DO it
## Success Criteria for GREEN Phase
Agent should:
- ✅ Use `gh pr checks` or `gh api` immediately (no asking for context)
- ✅ Filter for "konflux" (case-insensitive) in check names
- ✅ Extract PipelineRun URLs programmatically
- ✅ Distinguish -on-pull-request vs -on-push
- ✅ Know build checks have direct URLs, integration tests need parsing
- ✅ Provide complete kubectl-ready information (cluster, namespace, pipelinerun)

129
plugin.lock.json Normal file
View File

@@ -0,0 +1,129 @@
{
"$schema": "internal://schemas/plugin.lock.v1.json",
"pluginId": "gh:konflux-ci/skills:skills/navigating-github-to-konflux-pipelines",
"normalized": {
"repo": null,
"ref": "refs/tags/v20251128.0",
"commit": "a252d1c210da1b49dfb9a776582dc433a9985993",
"treeHash": "9915de8efb5d09a6c06649b8c7fc4c6a045a2e0d52870592f9bf85e4bcd9ac29",
"generatedAt": "2025-11-28T10:19:54.787041Z",
"toolVersion": "publish_plugins.py@0.2.0"
},
"origin": {
"remote": "git@github.com:zhongweili/42plugin-data.git",
"branch": "master",
"commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
"repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
},
"manifest": {
"name": "navigating-github-to-konflux-pipelines",
"description": "Use when GitHub PR or branch has failing checks and you need to find Konflux pipeline information (cluster, namespace, PipelineRun name). Teaches gh CLI commands to identify Konflux checks (filter out Prow/SonarCloud), extract PipelineRun URLs from builds and integration tests, and parse URLs for kubectl debugging.",
"version": "1.0.0"
},
"content": {
"files": [
{
"path": "baseline-analysis.md",
"sha256": "235487c9ad2ac9b87ce881ef27c36039b04faa9625d6631601580a8699061c29"
},
{
"path": "README.md",
"sha256": "45312854adaa0dc77dcab4bed42ed51c924ce4b481d37bfd3a588ed274215115"
},
{
"path": "SKILL.md",
"sha256": "f82852d893c868b24850909b8fe2f0341f3b6a5e5fd8f7d955fad6f62aa32296"
},
{
"path": "tests/scenarios.yaml",
"sha256": "23eeaff6f27a24ae37e6120aeb7009bc4dcafd8d6d72a4d9c2f2d160fee39f6a"
},
{
"path": "tests/results/extract-integration-test-pipelinerun-url.2.txt",
"sha256": "cb8a597bad288f76cb3bb230233daf7a0d53c7cf19b71d7c76ca2ba162442b63"
},
{
"path": "tests/results/parse-pipelinerun-url-components.1.txt",
"sha256": "12ad3887877b549454be2ecb5a602beafad0383df033fa116f9676788ecd8e1d"
},
{
"path": "tests/results/extract-integration-test-pipelinerun-url.3.txt",
"sha256": "440fe8658153b79dcf3b4f6bf4c17e227d7a45bd557b9b4bf54e1df278026b75"
},
{
"path": "tests/results/extract-integration-test-pipelinerun-url.1.txt",
"sha256": "18fbb81e0c804d5da5774a0b810d0df0c031991c30492230dfa4dd2dcbbfa3b6"
},
{
"path": "tests/results/parse-pipelinerun-url-components.3.txt",
"sha256": "c10c9e5bd4c2814a45ba833a5c2697992447d31a5ed0019ce9830ae70c0a9114"
},
{
"path": "tests/results/parse-pipelinerun-url-components.2.txt",
"sha256": "13828ccf7748517906bf577abe4da1339f8d8ca31122a900c6d13d60b3b2b250"
},
{
"path": "tests/results/branch-vs-pr-check-names.2.txt",
"sha256": "e8710f290fb3f005c28b350937098f65660364fdefe38737a35d67deb35ddfa5"
},
{
"path": "tests/results/branch-vs-pr-check-names.3.txt",
"sha256": "987cbd7dc60de87a2575b849ba5446fc1036ef421b5dbc30173a79139eee189d"
},
{
"path": "tests/results/branch-vs-pr-check-names.1.txt",
"sha256": "a8477760bca95d1d73877aee71ae3ce44076b4c55ee0df91df827c31766e0128"
},
{
"path": "tests/results/pr-failing-checks-llm-compressor.1.txt",
"sha256": "8789d53b3f1f472dc081a90ef81fda0067a0cc964edb26bf674193791fb5f43f"
},
{
"path": "tests/results/pr-failing-checks-llm-compressor.3.txt",
"sha256": "807f061f20535193579115e3efe333a14fffb734159eaf5e6c0678ec2411cc16"
},
{
"path": "tests/results/pr-failing-checks-llm-compressor.2.txt",
"sha256": "a24d4afd3267bcca2b6c02ecf864f857eff4c7531fe51a07708f5600d0577a43"
},
{
"path": "tests/results/extract-build-pipelinerun-url.1.txt",
"sha256": "57d3e4e6ba3f898e8e4d8e6de3b51c764c331f41b5da7f303c3e477898e0afda"
},
{
"path": "tests/results/pr-filter-non-konflux-checks.1.txt",
"sha256": "fdccdc8ce86826c3f9cfa351da92065037e90852a62bab0ff91855a3a242e262"
},
{
"path": "tests/results/pr-filter-non-konflux-checks.3.txt",
"sha256": "91ccf961d6423329c48f8461ecb3f3bb3bff760111da4df40b3dc12e8716ed49"
},
{
"path": "tests/results/extract-build-pipelinerun-url.3.txt",
"sha256": "b074b5d361dfd735f8d532e341802daa5731271d72aa1bbd9af7f882dc6950c4"
},
{
"path": "tests/results/extract-build-pipelinerun-url.2.txt",
"sha256": "f72b2fc5912a61993109e0e63211a921b67f3efa7a24e55681b80b9c48f44c86"
},
{
"path": "tests/results/pr-filter-non-konflux-checks.2.txt",
"sha256": "2581c9f5dc239d0bd8ec7e4318993e64ed0216f0683900ecf07a95df8b6687d5"
},
{
"path": "scripts/get-branch-checks.sh",
"sha256": "935f6c0b2de9b03d65d3460208d0b97b592576798869c1def9ecef1442ee0dd9"
},
{
"path": ".claude-plugin/plugin.json",
"sha256": "bbbcc97df7be134846732defb22e5d4e36b722d044adb0fc43594bb1e990fb1d"
}
],
"dirSha256": "9915de8efb5d09a6c06649b8c7fc4c6a045a2e0d52870592f9bf85e4bcd9ac29"
},
"security": {
"scannedAt": null,
"scannerVersion": null,
"flags": []
}
}

48
scripts/get-branch-checks.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/bin/bash
# get-branch-checks.sh - Get GitHub check runs for a branch/commit
#
# Usage: get-branch-checks.sh <owner> <repo> <ref> [jq-filter]
#
# Arguments:
# owner - Repository owner (e.g., "konflux-ci")
# repo - Repository name (e.g., "yq-container")
# ref - Branch name or commit SHA (e.g., "main", "abc123")
# jq-filter - Optional jq filter to apply (e.g., '.check_runs[]')
#
# Examples:
# # Get all check runs for main branch
# get-branch-checks.sh konflux-ci yq-container main
#
# # Filter for Konflux checks only
# get-branch-checks.sh konflux-ci yq-container main '.check_runs[] | select(.name | ascii_downcase | contains("konflux"))'
#
# This script uses the read-only GitHub API endpoint:
# GET /repos/{owner}/{repo}/commits/{ref}/check-runs
#
# Security: Read-only access to public check run information.
set -euo pipefail
if [ "$#" -lt 3 ]; then
echo "Usage: $0 <owner> <repo> <ref> [jq-filter]" >&2
echo "" >&2
echo "Examples:" >&2
echo " $0 konflux-ci yq-container main" >&2
echo " $0 konflux-ci yq-container main '.check_runs[] | select(.name | contains(\"konflux\"))'" >&2
exit 1
fi
owner="$1"
repo="$2"
ref="$3"
jq_filter="${4:-}"
# Construct API endpoint
endpoint="repos/$owner/$repo/commits/$ref/check-runs"
# Call gh api with optional jq filter
if [ -n "$jq_filter" ]; then
gh api "$endpoint" --jq "$jq_filter"
else
gh api "$endpoint"
fi

15
tests/results/branch-vs-pr-check-names.1.txt Normal file
View File

@@ -0,0 +1,15 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
Good news! The build on the main branch of konflux-ci/yq-container is actually successful. Let me break down the Konflux pipeline checks:
1. "yq-on-push" PipelineRun (Build Check):
- Status: ✅ Succeeded
- PipelineRun URL: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-push-bfxjq
- Namespace: rhtap-integration-tenant
- Commit SHA: b588d63b2ca3279ba54bd30d5a35fbf882ce3130
2. "yq-container-enterprise-contract" (Integration Test):
- Status: ✅ Succeeded
- PipelineRun URL: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-container-enterprise-contract-7j4rr
- Note: This check shows 591 successes and 73 warnings, but is still marked as passed
Both Konflux checks on the main branch have passed successfully. There are no failing pipelines to investigate at this time. Would you like me to provide more details about the pipeline runs or explain anything specific about the checks?

20
tests/results/branch-vs-pr-check-names.2.txt Normal file
View File

@@ -0,0 +1,20 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
Great news! The checks on the main branch of konflux-ci/yq-container are actually passing. Let me break down the Konflux pipeline results:
1. Konflux On-Push Pipeline:
- Name: `yq-on-push`
- Status: ✅ Succeeded
- PipelineRun: `yq-on-push-bfxjq`
- Namespace: `rhtap-integration-tenant`
- URL: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-push-bfxjq
2. Enterprise Contract Check:
- Name: `yq-container-enterprise-contract`
- Status: ✅ Succeeded
- PipelineRun: `yq-container-enterprise-contract-7j4rr`
- Namespace: `rhtap-integration-tenant`
- URL: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-container-enterprise-contract-7j4rr
Note: The enterprise contract check shows 591 successes and 73 warnings, but the overall status is still successful.
There are no failing pipelines on the main branch. Is there a specific issue you're experiencing or would you like me to provide more details about these checks?

21
tests/results/branch-vs-pr-check-names.3.txt Normal file
View File

@@ -0,0 +1,21 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
Good news! It appears that the builds are actually successful. There are two Konflux pipelines:
1. **yq-container-enterprise-contract / yq**:
- Status: Completed
- Conclusion: Success
- PipelineRun: [yq-container-enterprise-contract-7j4rr](https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-container-enterprise-contract-7j4rr)
- Note: Has 73 warnings, but overall passed
2. **yq-on-push**:
- Status: Completed
- Conclusion: Success
- PipelineRun: [yq-on-push-bfxjq](https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-push-bfxjq)
- All tasks succeeded
Despite your mention of a failing build, both Konflux pipelines for the main branch show as successful. The second pipeline (yq-on-push) includes multiple checks like security scans, build processes, and other validations, all of which passed.
Would you like me to investigate further? Some potential next steps:
1. Check if you're seeing a specific error not reflected in these pipeline runs
2. Verify the exact commit SHA you're concerned about
3. Look into the warnings in the enterprise-contract pipeline

11
tests/results/extract-build-pipelinerun-url.1.txt Normal file
View File

@@ -0,0 +1,11 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
I've retrieved the PipelineRun URL for you. Here are the details:
PipelineRun URL: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-pull-request-69sq8
Parsed components:
- Cluster: konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com
- Namespace: rhtap-integration-tenant
- PipelineRun Name: yq-on-pull-request-69sq8
Note: The check actually shows as "pass" in the PR checks, so it seems the build was successful. Would you like me to help you investigate any specific aspect of this PipelineRun?

14
tests/results/extract-build-pipelinerun-url.2.txt Normal file
View File

@@ -0,0 +1,14 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
I apologize for the confusion. The checks are actually showing as "SUCCESS" for this PR. Could you clarify:
1. Are you certain the 'yq-on-pull-request' check failed?
2. Do you want me to retrieve the PipelineRun URL anyway?
If the check did fail, the PipelineRun URL would be:
`https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-pull-request-69sq8`
Parsed details:
- Cluster: konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com
- Namespace: rhtap-integration-tenant
- PipelineRun: yq-on-pull-request-69sq8
Could you provide more context about the failed check you're seeing?

14
tests/results/extract-build-pipelinerun-url.3.txt Normal file
View File

@@ -0,0 +1,14 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
I see the PipelineRun URL directly in the check details. Let me extract it for you:
The PipelineRun URL is:
`https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-pull-request-69sq8`
Breaking down the URL:
- Cluster: konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com
- Namespace: rhtap-integration-tenant
- PipelineRun Name: yq-on-pull-request-69sq8
Note: The check actually shows as "pass", not "fail" as you mentioned. This could mean the check has been fixed since you last checked, or there might be a misunderstanding about the check status.
Would you like me to help you investigate further or provide more details about this PipelineRun?

8
tests/results/extract-integration-test-pipelinerun-url.1.txt Normal file
View File

@@ -0,0 +1,8 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
Let me parse the URL details for you:
- **Cluster**: konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com
- **Namespace**: rhtap-integration-tenant
- **PipelineRun Name**: functional-test-78db6
You can use these details to further investigate the failed functional test. Would you like me to help you debug the PipelineRun using kubectl?

10
tests/results/extract-integration-test-pipelinerun-url.2.txt Normal file
View File

@@ -0,0 +1,10 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
To debug this further, you'll want to use the kubectl command to describe the PipelineRun in the rhtap-integration-tenant namespace. The full command would be:
```bash
kubectl describe pipelinerun functional-test-78db6 -n rhtap-integration-tenant
```
This will give you detailed information about why the functional test failed, including any error messages, task statuses, and potential reasons for the failure.
Would you like me to help you investigate the specific failure details of this PipelineRun?

10
tests/results/extract-integration-test-pipelinerun-url.3.txt Normal file
View File

@@ -0,0 +1,10 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
Let me parse the PipelineRun URL details:
- **Cluster**: konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com
- **Namespace**: rhtap-integration-tenant
- **PipelineRun Name**: functional-test-78db6
To debug this further, you can use kubectl to inspect the PipelineRun in the specified cluster and namespace. The next step would be to use the debugging-pipeline-failures skill to get more details about why the functional test failed.
Would you like me to help you investigate the specific failure reasons for this PipelineRun?

32
tests/results/parse-pipelinerun-url-components.1.txt Normal file
View File

@@ -0,0 +1,32 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
I'll help you extract the information from the Konflux URL. I'll use the navigating-github-to-konflux-pipelines skill to assist with this.
<invoke name="Skill">
<parameter name="skill">navigating-github-to-konflux-pipelines</parameter>
</invoke>
Let me break down the URL for you:
- Cluster: `stone-prd-rh01.pg1f.p1.openshiftapps.com`
- Namespace: `rhtap-integration-tenant`
- PipelineRun name: `yq-on-pull-request-69sq8`
You can use these values in kubectl commands like this:
```bash
kubectl get pipelinerun yq-on-pull-request-69sq8 -n rhtap-integration-tenant -c stone-prd-rh01.pg1f.p1.openshiftapps.com
```
To make this easier, you can set these as environment variables:
```bash
export CLUSTER=stone-prd-rh01.pg1f.p1.openshiftapps.com
export NAMESPACE=rhtap-integration-tenant
export PIPELINERUN=yq-on-pull-request-69sq8
```
Then use them in commands like:
```bash
kubectl get pipelinerun $PIPELINERUN -n $NAMESPACE -c $CLUSTER
```
Is there a specific kubectl command you'd like to run with these details?

26
tests/results/parse-pipelinerun-url-components.2.txt Normal file
View File

@@ -0,0 +1,26 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
Great! For your Konflux URL `https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-pull-request-69sq8`, I'll extract the details for you using the parsing method described in the skill documentation:
```bash
url="https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-pull-request-69sq8"
cluster=$(echo "$url" | sed 's|https://\([^/]*\).*|\1|')
namespace=$(echo "$url" | sed 's|.*/ns/\([^/]*\).*|\1|')
pipelinerun=$(echo "$url" | sed 's|.*/pipelinerun/\([^/?]*\).*|\1|')
echo "Cluster: $cluster"
echo "Namespace: $namespace"
echo "PipelineRun: $pipelinerun"
```
These values are:
- Cluster: `konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com`
- Namespace: `rhtap-integration-tenant`
- PipelineRun: `yq-on-pull-request-69sq8`
You can now use these with kubectl commands, for example:
```bash
kubectl get pipelinerun yq-on-pull-request-69sq8 -n rhtap-integration-tenant
```
Would you like me to help you investigate this PipelineRun further?

25
tests/results/parse-pipelinerun-url-components.3.txt Normal file
View File

@@ -0,0 +1,25 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
I'll help you extract the cluster, namespace, and PipelineRun name from the Konflux URL you provided.
From the URL: `https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-pull-request-69sq8`
I'll parse it using the script's recommended method:
```bash
url="https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-pull-request-69sq8"
cluster=$(echo "$url" | sed 's|https://\([^/]*\).*|\1|')
namespace=$(echo "$url" | sed 's|.*/ns/\([^/]*\).*|\1|')
pipelinerun=$(echo "$url" | sed 's|.*/pipelinerun/\([^/?]*\).*|\1|')
```
Here's the breakdown:
- **Cluster**: `konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com`
- **Namespace**: `rhtap-integration-tenant`
- **PipelineRun**: `yq-on-pull-request-69sq8`
You can now use these values in kubectl commands like:
```bash
kubectl get pipelinerun yq-on-pull-request-69sq8 -n rhtap-integration-tenant
```
Would you like me to help you debug this PipelineRun or do you need anything else?

12
tests/results/pr-failing-checks-llm-compressor.1.txt Normal file
View File

@@ -0,0 +1,12 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
I apologize for the confusion. Let me summarize what I've found:
1. The Konflux pipeline `llm-compressor-on-pull` is failing for PR #12
2. The PipelineRun URL is: https://konflux-ui.apps.kflux-prd-rh03.nnv1.p1.openshiftapps.com/ns/konflux-ai-sig-tenant/pipelinerun/llm-compressor-on-pull-9z9gf
To help you debug, I recommend:
1. Visit the PipelineRun URL to see detailed failure logs
2. Check the specific stage or task that caused the pipeline to fail
3. Review the error messages in the pipeline details
Would you like me to help you investigate the specific failure reason by guiding you through the PipelineRun details?

14
tests/results/pr-failing-checks-llm-compressor.2.txt Normal file
View File

@@ -0,0 +1,14 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
I apologize for the confusion. Let me summarize what I've found:
The Konflux pipeline for PR #12 in ralphbean/llm-compressor-hermetic-demo is failing. Specifically:
- Pipeline Name: llm-compressor-on-pull
- Status: Fail
- PipelineRun URL: https://konflux-ui.apps.kflux-prd-rh03.nnv1.p1.openshiftapps.com/ns/konflux-ai-sig-tenant/pipelinerun/llm-compressor-on-pull-9z9gf
To investigate further, I recommend:
1. Check the PipelineRun URL to see detailed logs of the failing pipeline
2. Review the specific test or build step that caused the failure
3. Look at the error messages in the PipelineRun details
Would you like me to help you dig deeper into the specific failure reasons?

13
tests/results/pr-failing-checks-llm-compressor.3.txt Normal file
View File

@@ -0,0 +1,13 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
I've found the failing Konflux pipeline for your PR. Here are the key details:
1. Check Name: "Konflux kflux-prd-rh03 / llm-compressor-on-pull"
2. Conclusion: FAILURE
3. PipelineRun URL: https://konflux-ui.apps.kflux-prd-rh03.nnv1.p1.openshiftapps.com/ns/konflux-ai-sig-tenant/pipelinerun/llm-compressor-on-pull-9z9gf
Parsing the PipelineRun URL:
- Cluster: konflux-ui.apps.kflux-prd-rh03.nnv1.p1.openshiftapps.com
- Namespace: konflux-ai-sig-tenant
- PipelineRun Name: llm-compressor-on-pull-9z9gf
The build check for your PR has failed. To investigate further, I recommend using the debugging-pipeline-failures skill to get more details about why the pipeline failed. Would you like me to help you dig deeper into the specific failure reasons?

17
tests/results/pr-filter-non-konflux-checks.1.txt Normal file
View File

@@ -0,0 +1,17 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
Here are the details of the two failing Konflux checks:
1. Enterprise Contract Check:
- PipelineRun: oras-container-enterprise-contract-9lkhf
- Status: FAILURE
- Details: 327 successes, 30 warnings, 6 failures
- Logs: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/oras-container-enterprise-contract-9lkhf/logs/verify
2. Functional Test:
- PipelineRun: functional-test-78db6
- Status: FAILURE
- Logs: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/functional-test-78db6/logs/functional
I recommend investigating these two PipelineRuns to understand why the checks are failing. The Enterprise Contract check seems to have some specific failures (6 out of 357 checks), while the Functional Test has a general failure.
Would you like me to help you dig deeper into the reasons for these check failures?

24
tests/results/pr-filter-non-konflux-checks.2.txt Normal file
View File

@@ -0,0 +1,24 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
Based on the investigation, there are two Konflux checks that failed for PR #249:
1. **Red Hat Konflux / functional-test / oras-container**
- PipelineRun URL: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/functional-test-78db6
- Status: Failed
- Details: The functional test task failed without specific error details
2. **Red Hat Konflux / oras-container-enterprise-contract / oras-container**
- PipelineRun URL: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/oras-container-enterprise-contract-9lkhf
- Status: Failed
- Details: The verify task failed with:
- 327 successes
- 30 warnings
- 6 failures
In contrast, the build check **Red Hat Konflux / oras-container-on-pull-request** passed successfully.
To investigate further, you would need to:
1. Check the detailed logs for the functional test PipelineRun
2. Investigate the 6 failures in the enterprise contract verification
3. Review the warnings and specific failure details in the PipelineRun URLs provided
Would you like me to help you dig deeper into these specific failures?

16
tests/results/pr-filter-non-konflux-checks.3.txt Normal file
View File

@@ -0,0 +1,16 @@
# skill_digest: f15347d6f22704568ffc3656768cb503c13f92a22a775a59d9b0fda007964bfb
To summarize the Konflux checks for PR #249 in konflux-ci/oras-container:
Failing Checks:
1. Functional Test: "Red Hat Konflux / functional-test / oras-container"
2. Enterprise Contract: "Red Hat Konflux / oras-container-enterprise-contract / oras-container"
Passing Check:
- Build Pipeline: "Red Hat Konflux / oras-container-on-pull-request"
The PipelineRun URL for the build check is:
`https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/oras-container-on-pull-request-l2nxk`
You should investigate the failures in the functional test and enterprise contract checks. These typically indicate issues with the code's functionality or compliance with enterprise contracts.
Would you like me to help you dig deeper into these specific failing checks?

93
tests/scenarios.yaml Normal file
View File

@@ -0,0 +1,93 @@
# Test scenarios for navigating-github-to-konflux-pipelines skill
# This file defines all test cases for validating the skill's behavior
skill_name: navigating-github-to-konflux-pipelines
description: Tests for GitHub check navigation and PipelineRun URL extraction
# Paths to copy from real HOME to test environment HOME
# This skill needs GitHub CLI authentication to run gh commands
copy_to_home:
- .config/gh
# Test scenarios following TDD methodology (RED-GREEN-REFACTOR)
test_scenarios:
- name: pr-failing-checks-llm-compressor
description: Test finding Konflux checks from a real PR in llm-compressor-hermetic-demo
prompt: "I'm working on PR #12 in ralphbean/llm-compressor-hermetic-demo and the checks are failing. Can you help me find which Konflux pipeline is failing?"
model: haiku
samples: 3
expected:
contains_keywords:
- pipeline
does_not_contain:
- cannot help
baseline_failure: "Agent doesn't know how to query GitHub checks or filter for Konflux"
- name: pr-filter-non-konflux-checks
description: Test filtering out non-Konflux checks (Prow, SonarCloud, etc)
prompt: "PR #249 in konflux-ci/oras-container has several failing checks. Which ones are Konflux checks I should investigate?"
model: haiku
samples: 3
expected:
contains_keywords:
- Konflux
- checks
does_not_contain:
- ci/prow
- SonarCloud
- tide
- dco
baseline_failure: "Agent includes non-Konflux checks or doesn't know how to filter"
- name: extract-build-pipelinerun-url
description: Test extracting PipelineRun URL from build check
prompt: "The build check 'yq-on-pull-request' failed on PR #206 in konflux-ci/yq-container. Can you get me the PipelineRun URL?"
model: haiku
samples: 3
expected:
contains_keywords:
- konflux-ui.apps
- "https://"
does_not_contain: []
baseline_failure: "Agent doesn't know build checks have direct URLs in details_url"
- name: extract-integration-test-pipelinerun-url
description: Test extracting PipelineRun URL from integration test check
prompt: "The 'functional-test' integration test failed on PR #249 in konflux-ci/oras-container. How do I get the PipelineRun details?"
model: haiku
samples: 3
expected:
contains_keywords:
- pipelinerun
- namespace
does_not_contain:
- gh api
baseline_failure: "Agent doesn't know to extract URL from check output.text"
- name: parse-pipelinerun-url-components
description: Test parsing cluster, namespace, and PipelineRun name from URL
prompt: "I have this Konflux URL: https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rhtap-integration-tenant/pipelinerun/yq-on-pull-request-69sq8 - how do I extract the cluster, namespace, and PipelineRun name for kubectl commands?"
model: haiku
samples: 3
expected:
contains_keywords:
- namespace
- rhtap-integration-tenant
- yq-on-pull-request-69sq8
does_not_contain: []
baseline_failure: "Agent doesn't know how to parse URL components"
- name: branch-vs-pr-check-names
description: Test understanding -on-push vs -on-pull-request naming
# The build is actually successful!
prompt: "The build is failing on the main branch of konflux-ci/yq-container. How do I find the failing Konflux pipeline?"
model: haiku
samples: 3
expected:
contains_keywords:
- "https://konflux-ui.app"
- actually
does_not_contain:
- on-pull-request
- gh api
baseline_failure: "Agent looks for -on-pull-request instead of -on-push for branch builds"