Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prometheus-alertmanager/0.28.0 package update #39641

Merged
merged 2 commits into from
Jan 16, 2025
Merged

prometheus-alertmanager/0.28.0 package update #39641

merged 2 commits into from
Jan 16, 2025

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Jan 15, 2025

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. labels Jan 15, 2025
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Jan 15, 2025

⚠️ EXPERIMENTAL

Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation.

To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify:

e.g. /ai-verify partially helpful but I also added bash to the build environment

Gen AI suggestions to solve the build error:

Based on the build output and error context, I'll analyze and provide specific fixes:

• Detected Error: Error during npm install/build step in ui/react-app directory
• Error Category: Build/Dependency
• Failure Point: cd ui/react-app && npm install && npm run build command
• Root Cause Analysis: The version of alertmanager (0.28.0) being built requires Node.js 23, but based on the changelog showing frontend updates and new UI features, there may be incompatibility with the Node.js version or missing build dependencies.

• Suggested Fix:

  1. Update the environment section in the melange YAML to include yarn:
environment:
  contents:
    packages:
      - bash
      - build-base
      - busybox
      - ca-certificates-bundle
      - curl
      - go
      - nodejs
      - npm
      - yarn    # Add yarn package
  1. Modify the build step to use yarn instead:
  - runs: |
      cd ui/react-app
      yarn install --network-timeout 100000
      yarn build
      cd ../..
      make build

• Explanation:

  • Alertmanager's UI build system often works better with yarn
  • The network timeout helps prevent connection issues during dependency installation
  • Based on the changelog showing UI enhancements, using yarn provides more reliable dependency resolution
  • Recent versions of Alertmanager prefer yarn for frontend builds

• Additional Notes:

  • If the issue persists, you may need to add node-gyp to the environment packages
  • Consider adding --frozen-lockfile to yarn install for reproducible builds
  • The Node.js version (23) is recent enough for current Alertmanager UI requirements

• References:

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Jan 15, 2025
@OddBloke OddBloke self-assigned this Jan 16, 2025
wolfi-bot and others added 2 commits January 16, 2025 14:06
@wolfi-bot @OddBloke
prometheus-alertmanager/0.28.0 package update
915c21a 
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
@OddBloke
prometheus-alertmanager: depend on nodejs<21
5579be2 
Builds with later versions of nodejs fail.  Major thanks to @kbsteere
for helping me figure this out.
@OddBloke OddBloke force-pushed the wolfictl-9ba50afc-5533-479c-b33c-4ad0b15ae615 branch from f531844 to 5579be2 Compare January 16, 2025 19:06
@OddBloke OddBloke enabled auto-merge January 16, 2025 19:08
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Jan 16, 2025
@OddBloke OddBloke requested a review from a team January 16, 2025 19:11
@OddBloke OddBloke merged commit f7c3fa3 into main Jan 16, 2025
14 checks passed
@OddBloke OddBloke deleted the wolfictl-9ba50afc-5533-479c-b33c-4ad0b15ae615 branch January 16, 2025 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kbsteere kbsteere kbsteere approved these changes

Assignees

@OddBloke OddBloke

Labels
ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kbsteere @OddBloke @wolfi-bot