oscerd opened a new pull request, #21491:
URL: https://github.com/apache/camel/pull/21491
…o prevent bad proposals
The actions wasn't really working well because
The container version upgrade workflow was producing 22 out of 24 rejected
PRs because:
1. **Non-version tags proposed as upgrades**:
`very-long-classification-timeouts` (weaviate), `latest-gpu` (torchserve),
`master` (minio), `alpine3.23` (postgres), `ubi10` (neo4j), `management`
(rabbitmq), `v0.2.14-pravega`
(zookeeper-ppc64le)
2. **Downgrades proposed as upgrades**: `v1.15.1-unprivileged` to
`v1.9.7-unprivileged` (qdrant), `7.0.12-jammy` to `7.0.4-jammy` (mongodb) —
caused by string comparison fallback where `"9" > "1"`
3. **Uncontrolled major version jumps**: `kafka 3.9.1` to `4.1.1`,
`confluent 7.9.2` to `8.1.1`, `postgres 17.5` to `18.2`
The container version upgrade workflow was producing 22 out of 24 rejected
PRs because:
The summary of the fix is:
- Add structural version pattern matching to prevent non-version tags
(branch names, base image tags) from being proposed as upgrades
- Fix version comparison to use numeric segment extraction instead of broken
string fallback that caused downgrades
- Add `version.freeze.major` property support to prevent major version jumps
- Apply major version freeze to kafka, confluent, strimzi, postgres, redis,
mongodb-ppc64le, microprofile-lra, and milvus containers
The script now infers a regex pattern from the current version tag and only
considers candidate versions that match the same structure. For example:
- `17.5-alpine` generates pattern `^\d+\.\d+-alpine$` — rejects `alpine3.23`
but accepts `17.8-alpine`
- `v1.15.1-unprivileged` generates `^v\d+\.\d+\.\d+-unprivileged$` — rejects
bare tags
- `RELEASE.2025-09-07T16-13-09Z-cpuv1` generates a date-based pattern —
rejects `master`
- `0.12.0-cpu` generates `^\d+\.\d+\.\d+-cpu$` — rejects `latest-gpu`
Numeric version comparison
Replaced `packaging.version.parse()` (which fails for non-PEP-440 tags and
falls back to broken string comparison) with numeric segment extraction.
Versions are compared by extracting all numeric segments and comparing them as
integer tuples.
Major version freeze
New `<property>.version.freeze.major=true` property prevents upgrades that
change the first numeric segment of the version. Applied to containers where
major version jumps are known to cause breaking changes.
This is the proposal on the next run
Proposed upgrades with the new filters
| Container | Current | Proposed | Type |
|---|---|---|---|
| `cassandra.container` | `5.0.2` | `5.0.6` | patch |
| `confluent.container.image` | `7.9.2` | `7.9.5` | patch (major-frozen) |
| `couchbase.container` | `7.6.2` | `7.6.3` | patch |
| `couchdb.container.ppc64le` | `3.3.2` | `3.3.3` | patch |
| `docling.container` | `v1.9.0` | `v1.12.0` | minor |
| `hivemq.container` | `2024.6` | `2025.5` | CalVer |
| `ibm.mq.container` | `9.3.2.0-r2` | `9.4.5.0-r1` | minor |
| `keycloak.container` | `26.5.2` | `26.5.3` | patch |
| `milvus.container` | `v2.5.11` | `v2.6.11` | minor (major-frozen) |
| `milvus.container.ppc64le` | `v2.4.11` | `v2.6.5` | minor (major-frozen)
|
| `mongodb.container` | `7.0.12-jammy` | `7.0.30-jammy` | patch |
| `ollama.container` | `0.12.5` | `0.16.1` | minor |
| `ollama.container.ppc64le` | `v0.13.1` | `v0.13.5` | patch |
| `postgres.container` | `17.5-alpine` | `17.8-alpine` | patch
(major-frozen) |
| `qdrant.container` | `v1.15.1-unprivileged` | `v1.16.3-unprivileged` |
minor |
| `rabbitmq.container` | `4.1.2-management` | `4.2.3-management` | minor |
| `redis.container` | `7.4.0-alpine` | `7.4.7-alpine` | patch
(major-frozen) |
| `redpanda.container.image` | `v24.1.16` | `v25.3.6` | CalVer |
| `tensorflow.serving.container` | `2.18.0` | `2.19.0` | minor |
| `tensorflow.serving.container.ppc64le` | `1.6.2-...-21.036` |
`1.7.0-...-21.035` | minor |
| `weaviate.container` | `1.32.0` | `1.35.7` | minor |
<!--
- Write a pull request description that is detailed enough to understand
what the pull request does, how, and why.
-->
# Target
- [x] I checked that the commit is targeting the correct branch (Camel 4
uses the `main` branch)
# Tracking
- [x] If this is a large change, bug fix, or code improvement, I checked
there is a [JIRA issue](https://issues.apache.org/jira/browse/CAMEL) filed for
the change (usually before you start working on it).
<!--
# *Note*: trivial changes like, typos, minor documentation fixes and other
small items do not require a JIRA issue. In this case your pull request should
address just this issue, without pulling in other changes.
-->
# Apache Camel coding standards and style
- [x] I checked that each commit in the pull request has a meaningful
subject line and body.
<!--
If you're unsure, you can format the pull request title like `[CAMEL-XXX]
Fixes bug in camel-file component`, where you replace `CAMEL-XXX` with the
appropriate JIRA issue.
-->
- [x] I have run `mvn clean install -DskipTests` locally from root folder
and I have committed all auto-generated changes.
<!--
You can run the aforementioned command in your module so that the build
auto-formats your code. This will also be verified as part of the checks and
your PR may be rejected if if there are uncommited changes after running `mvn
clean install -DskipTests`.
You can learn more about the contribution guidelines at
https://github.com/apache/camel/blob/main/CONTRIBUTING.md
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
