[3.4.0] Manifest Commit Lock with action MATCH_BUILD_MANIFEST

[opensearch-ci-bot]

Manifest Commit Lock for Release 3.4.0

Summary by CodeRabbit

• Chores
  • Updated all component references in the 3.4.0 manifests from the branch label "main" to the specific revision "3.4" for OpenSearch and OpenSearch Dashboards components.
  • No structural, API, or behavior changes detected — only the component ref values were altered across the manifests.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

All component refs in two OpenSearch 3.4.0 manifest files were changed from main to the 3.4 revision string. No other structural or logic changes were made.

Changes

Cohort / File(s)	Change Summary
Pin components to 3.4 manifests/3.4.0/opensearch-3.4.0.yml, manifests/3.4.0/opensearch-dashboards-3.4.0.yml	Replaced all components[][].ref values that previously referenced main with the explicit 3.4 ref for every listed OpenSearch and OpenSearch Dashboards component. No additions, removals, or other structural edits.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify that the 3.4 ref is intentional and available in each component repository.
• Check for any remaining accidental main references.
• Confirm CI/manifest tooling accepts the 3.4 ref format (no parsing regressions).

Suggested reviewers

• gaiksaya
• rishabh6788
• zelinh
• prudhvigodithi
• Divyaasm
• tianleh
• peterzhuamazon

Poem

🐰
I hopped through manifests, tidy and spry,
Swapped wandering "main" for a bright 3.4 sky.
Now each ref is steady, neat, and true—
A rabbit-nudge to ship safe and blue. 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating manifest files to lock component references to version 3.4 for the 3.4.0 release.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch manifest-lock

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b225f66 and 53e3c1e.

📒 Files selected for processing (2)

• manifests/3.4.0/opensearch-3.4.0.yml (12 hunks)
• manifests/3.4.0/opensearch-dashboards-3.4.0.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: manifest-checks (manifests/3.4.0/opensearch-3.4.0.yml)
• GitHub Check: python-tests-linux (ubuntu-24.04)
• GitHub Check: python-tests-linux (ubuntu-24.04-arm)
• GitHub Check: groovy-tests
• GitHub Check: python-tests-macos (macos-15)
• GitHub Check: python-tests-macos (macos-15-intel)
• GitHub Check: python-tests-windows (windows-2022)
• GitHub Check: groovy-tests
• GitHub Check: python-tests-macos (macos-15-intel)
• GitHub Check: python-tests-windows (windows-2022)
• GitHub Check: python-tests-macos (macos-15)

🔇 Additional comments (1)

manifests/3.4.0/opensearch-3.4.0.yml (1)

1-250: Manifest refs consistently pinned to commit hashes.

All 27 component references in opensearch-3.4.0.yml have been updated from main to specific commit hashes. The changes follow a consistent pattern, preserve the manifest structure, dependency graph, and platform configurations.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.56%. Comparing base (b225f66) to head (d2dda6b).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5862   +/-   ##
=======================================
  Coverage   96.56%   96.56%           
=======================================
  Files         405      405           
  Lines       18554    18554           
=======================================
  Hits        17917    17917           
  Misses        637      637           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 53e3c1e and d2dda6b.

📒 Files selected for processing (2)

• manifests/3.4.0/opensearch-3.4.0.yml (12 hunks)
• manifests/3.4.0/opensearch-dashboards-3.4.0.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)

• GitHub Check: python-tests-linux (ubuntu-24.04-arm)
• GitHub Check: python-tests-linux (ubuntu-24.04)
• GitHub Check: python-tests-linux (ubuntu-24.04-arm)
• GitHub Check: python-tests-linux (ubuntu-24.04)
• GitHub Check: groovy-tests
• GitHub Check: python-tests-windows (windows-2022)
• GitHub Check: python-tests-macos (macos-15-intel)
• GitHub Check: python-tests-macos (macos-15)
• GitHub Check: python-tests-windows (windows-2022)
• GitHub Check: groovy-tests
• GitHub Check: python-tests-macos (macos-15)
• GitHub Check: python-tests-macos (macos-15-intel)

🔇 Additional comments (1)

manifests/3.4.0/opensearch-dashboards-3.4.0.yml (1)

21-21: ✓ Previous critical issue resolved: all dashboards pinned to 3.4.

The past review flagged that functionalTestDashboards remained on main while others were pinned. This has been corrected—all 16 dashboard components are now consistently pinned to the 3.4 revision, matching the OpenSearch manifest structure. Verification confirms the 3.4 branch/tag exists across all referenced repositories.

Note: These are branch/tag refs rather than immutable commit SHAs. Ensure this aligns with your release strategy.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find other manifest files to understand the pattern
fd -e yml -e yaml manifests | head -20

Repository: opensearch-project/opensearch-build

Length of output: 61

---

🏁 Script executed:

# Look for prior version manifests to compare pinning strategy
fd -e yml manifests | sort

Repository: opensearch-project/opensearch-build

Length of output: 61

---

🏁 Script executed:

# Check for documentation about manifest pinning strategy
fd -i readme -o -i manifest -o -i release | head -20

Repository: opensearch-project/opensearch-build

Length of output: 195

---

🏁 Script executed:

# Examine a previous version manifest to see if branch refs or commit SHAs were used
git ls-files manifests/ | grep -E '\.yml|\.yaml' | head -10

Repository: opensearch-project/opensearch-build

Length of output: 537

---

🏁 Script executed:

# Read a prior version manifest to compare the pinning strategy
cat manifests/2.19.0/opensearch-2.19.0.yml | head -50

Repository: opensearch-project/opensearch-build

Length of output: 1447

---

🏁 Script executed:

# Read the 3.4.0 manifest to show full context
cat manifests/3.4.0/opensearch-3.4.0.yml | head -50

Repository: opensearch-project/opensearch-build

Length of output: 1576

---

🏁 Script executed:

# Search for any documentation about manifest strategy
find . -name "README*" -o -name "MANIFEST*" | xargs cat 2>/dev/null | grep -i "ref\|branch\|commit\|lock" | head -20

Repository: opensearch-project/opensearch-build

Length of output: 4778

---

Manifest refs use branch 3.4 instead of immutable version tags—inconsistent with prior releases.

The 2.19.0 manifest pins components to specific version tags (e.g., ref: tags/2.19.0.0), but 3.4.0 pins to the branch ref: '3.4'. Branch references can receive updates after release, whereas tags are immutable. This deviates from the project's established release strategy. The repository's documented approach uses .lock manifests with commit IDs for stable references—verify whether this input manifest is intended to be locked later, or if the pinning strategy should be aligned with prior releases.

🤖 Prompt for AI Agents

In manifests/3.4.0/opensearch-3.4.0.yml at line 25, the manifest currently pins
the component to the branch ref '3.4' which is mutable; replace this with an
immutable reference (a release tag like tags/3.4.0.0 or the exact commit SHA
used for the release) so the manifest is stable and consistent with prior
releases, or alternatively ensure the corresponding .lock manifest contains the
commit ID and document that this file will be locked later — update the ref to
the chosen tag or commit SHA accordingly.