Epic: Fix auto-fix version upgrade of images

[princerachit]

Bug description

The auto-fix bot doesn't work post migration to dazzlev2 images.

Steps to reproduce

Check the PRs in the PR tab of the repo. The PRs point to legacy images. No new PRs are being created.

Expected behavior

No response

Example repository

No response

Anything else?

• [x] Make autofix not send updates to .gitignored files: https://github.com/autofix-dev/autofix/issues/13
• [x] Allow repository-local auto-fixers: https://github.com/autofix-dev/autofix/pull/16
• [x] Implement a repository-local auto-fixer for Python variants: https://github.com/gitpod-io/workspace-images/pull/791
  • [ ] https://github.com/gitpod-io/workspace-images/issues/802
• [ ] Implement similar repository-local auto-fixers for all other Dazzle variants
  • [x] Node https://github.com/gitpod-io/workspace-images/pull/793
  • [ ] Go
  • [ ] Java
  • [ ] Ruby
  • [ ] Elixir
  • [ ] Clojure

[princerachit]

As per the documentation the versions can be only fixed in the dockerfile. Since we are moving to variants based images, which uses chunk.yaml, the bot would not work in its current state. I would vote to remove the bot integration.

[princerachit]

I have closed all the open PRs trying to fix old dockerfiles

[princerachit]

@kylos101 I am going to close this issue by tomorrow and remove the bot integration. Let me know if you have any concerns. cc: @jankeromnes

[jankeromnes]

Hi @princerachit!

Check the PRs in the PR tab of the repo. The PRs point to legacy images.

That's because these PRs were created before the dazzlev2 rewrite was merged. Closing them unmerged was the right action. 👍

No new PRs are being created.

That's because we've temporarily disabled the automated PRs to reduce noise during the rewrite (see discussion on Slack (internal)).

I can re-enable the Pull Requests now to see what the bot finds. EDIT: Re-enabled -- new PRs expected on Wednesday.

As a reminder, it only sends Pull Requests that are considered absolutely safe to merge (e.g. bump patch or minor versions of tools where it's considered safe, e.g. in order to get critical security updates quickly, but never bump major versions as this carries risk of unexpected breakages -- the rule of thumb for Autofix is "any fix that you'd merge without looking" will open a PR).

As per the documentation the versions can be only fixed in the dockerfile. Since we are moving to variants based images, which uses chunk.yaml, the bot would not work in its current state.

That's true, but I think it would be quite easy to make it support chunk.yaml as well.

I think disabling the bot entirely would condemn us to having all images bit-rot continuously, and start accumulating public security vulnerabilities until Gitpod becomes extremely unsafe / deprecated / broken over time.

I much prefer the alternative of teaching Autofix how to fix Dazzle's chunk.yaml, and I'm happy to do it as it'll probably be a quick fix. 🙂

and remove the bot integration

FYI, there is no bot integration per se -- the automated Pull Requests are controlled by this recurring CI job.

[princerachit]

Thanks for volunteering @jankeromnes . I am assigning this issue to you. Let me know if you need any help in reviewing the changes :)

[Furisto]

Hey @jankeromnes, any idea when you will be able to adapt the autofix bot?

[jankeromnes]

Hi @Furisto! Thanks for the reminder. Would you be interested in pairing on this?

I think it could be relatively easy to make the autofix bot pick up custom fixers checked into a repository (e.g. under a .autofix/ directory), and then implement Dazzle-specific fixers to update all the manifests.

[Furisto]

@jankeromnes Absolutely! I setup a meeting.

[jankeromnes]

edit: @jankeromnes I moved this to the issue description so we can have sweeeeeeeet tracking. Thank you very much for the thoughtful breakdown and pairing with @Furisto .

[kylos101]

@jankeromnes I moved the details from your comment to this issue's description, and turned the issue into an epic.

[kylos101]

@Furisto can you break-down this task (above) Implement similar repository-local auto-fixers for all other Dazzle variants into a set of smaller tasks? For example, aside from Python, and Node, what other fixers are you thinking?

[Furisto]

@kylos101 Done

[kylos101]

@Furisto :pray: you rock!

For Elixir and Clojure, is your thought that we'd also add a related chunk.yaml (so we have a variant to fix)?

[Furisto]

@kylos101 Yes, both. The elixir image actually does not specify a version at the moment, so we could get a new version without us realizing. This should be fixed with that task as well.