OCPBUGS-81452: Synchronize From Upstream Repositories#696
Open
openshift-bot wants to merge 102 commits intoopenshift:mainfrom
Open
OCPBUGS-81452: Synchronize From Upstream Repositories#696openshift-bot wants to merge 102 commits intoopenshift:mainfrom
openshift-bot wants to merge 102 commits intoopenshift:mainfrom
Conversation
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.40.0 to 1.43.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.43.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.43.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.2 to 6.0.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v5.5.2...v6.0.0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…d (#2637) Boxcutter v0.13.1 includes the fix from package-operator/boxcutter#501 which ensures collision detection runs before revision linearity checks. This allows us to remove the foreignRevisionController workaround that was manually detecting ActionProgressed objects owned by foreign ClusterExtensions. Assisted-by: Claude
openshift-bot
added
the
tide/merge-method-merge
Contributor
|
@openshift-bot: GitHub didn't allow me to request PR reviews from the following users: openshift/openshift-team-operator-framework. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
openshift-ci-robot
added
jira/severity-low
|
@openshift-bot: This pull request references Jira Issue OCPBUGS-81452, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-bot
added
approved
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdded status-observed phase tracking to ClusterObjectSet (API, CRD, applyconfigs); controller now computes per-phase digests, verifies referenced Secrets are immutable, and blocks reconciliation when digests change; removed sibling-revision discovery/“Conflicting Owner” labeling; bumped multiple Go module deps; replaced jq-based TLS profile generation with embedded Mozilla JSON and runtime parsing; added tests and e2e steps/features; removed gojq tooling bits. Changes
Sequence Diagram(s)mermaid Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes 🚥 Pre-merge checks | ✅ 8 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (8 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Contributor
|
/re-title OCPBUGS-77972, OCPBUGS-81452: Synchronize From Upstream Repositories |
Contributor
|
/test openshift-e2e-aws |
Contributor
|
/retitle OCPBUGS-77972, OCPBUGS-81452: Synchronize From Upstream Repositories |
openshift-ci
bot
changed the title
openshift-ci-robot
added
jira/severity-important
|
@openshift-bot: This pull request references Jira Issue OCPBUGS-77972, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. This pull request references Jira Issue OCPBUGS-81452, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Contributor
|
/jira refresh |
|
@camilamacedo86: This pull request references Jira Issue OCPBUGS-77972, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references Jira Issue OCPBUGS-81452, which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Contributor
|
@openshift-ci-robot: GitHub didn't allow me to request PR reviews from the following users: kuiwang02. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Contributor
|
/jira refresh |
openshift-ci-robot
added
jira/valid-bug
|
@camilamacedo86: This pull request references Jira Issue OCPBUGS-77972, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references Jira Issue OCPBUGS-81452, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (bandrade@redhat.com), skipping review request. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Contributor
|
@openshift-ci-robot: GitHub didn't allow me to request PR reviews from the following users: kuiwang02. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Signed-off-by: Todd Short <tshort@redhat.com>
…t in OTE tests Update all remaining references to ClusterExtensionRevision in openshift/tests-extension to use ClusterObjectSet, matching the upstream rename in operator-framework/operator-controller#2589. Files updated: - test/qe/specs/olmv1_ce.go: RBAC resource names and comments - test/olmv1-preflight.go: scenario constants, test names, RBAC rules - .openshift-tests-extension/openshift_payload_olmv1.json: test name - pkg/bindata/qe/bindata.go: embedded RBAC templates - test/qe/testdata/olm/sa-nginx-limited-boxcutter.yaml: RBAC resources - test/qe/testdata/olm/sa-nginx-insufficient-operand-rbac-boxcutter.yaml: RBAC resources Signed-off-by: Camila Macedo <cmacedo@redhat.com> Made-with: Cursor
…s ClusterObjectSet The upstream rename of ClusterExtensionRevision to ClusterObjectSet (operator-framework/operator-controller#2589) breaks the incompatible operator detection in cluster-olm-operator. The cluster-olm-operator binary still reads ClusterExtensionRevision resources to find operators with olm.maxOpenShiftVersion, so after the rename it never detects incompatible operators and InstalledOLMOperatorsUpgradeable stays True. Skip this test when NewOLMBoxCutterRuntime feature gate is enabled until cluster-olm-operator is updated to read ClusterObjectSet. Signed-off-by: Camila Macedo <cmacedo@redhat.com> Made-with: Cursor
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
openshift-bot
force-pushed
the
synchronize-upstream
branch
from
8188669 to
7125acb
Compare
openshift-ci-robot
removed
the
verified
openshift-ci-robot
added
jira/invalid-bug
|
@openshift-bot: This pull request references Jira Issue OCPBUGS-81452, which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: openshift-bot The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
hack/tools/update-tls-profiles.sh (1)
5-10:⚠️ Potential issue | 🟠 MajorWrite
mozilla_data.jsonatomically.
curl -o "${OUTPUT}"truncates the checked-in file before the download completes. If the transfer fails mid-stream,internal/shared/util/tlsprofiles/mozilla_data.jsoncan be left corrupted and break the next build/test that parses it.Suggested fix
OUTPUT=internal/shared/util/tlsprofiles/mozilla_data.json INPUT=https://ssl-config.mozilla.org/guidelines/latest.json +tmp="$(mktemp "${OUTPUT}.tmp.XXXXXX")" +trap 'rm -f "${tmp}"' EXIT -if ! curl -L -s -f "${INPUT}" -o "${OUTPUT}"; then +if ! curl -L -s -f "${INPUT}" -o "${tmp}"; then echo "ERROR: Failed to download ${INPUT} (HTTP error or connection failure)" >&2 exit 1 fi + +mv "${tmp}" "${OUTPUT}" +trap - EXIT🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@hack/tools/update-tls-profiles.sh` around lines 5 - 10, The script currently writes directly to OUTPUT which can leave the checked-in mozilla_data.json corrupted on transfer failure; change the curl invocation to download to a safely created temporary file in the same directory (use mktemp in the OUTPUT directory), e.g. download to TMP with curl -L -s -f -o "$TMP" "${INPUT}", verify curl succeeded, then atomically move TMP to OUTPUT with mv -f "$TMP" "$OUTPUT"; ensure you set a trap to remove the TMP on exit/failure so no leftover temp files remain and preserve the existing error message/exit behavior if the download fails.
🧹 Nitpick comments (4)
test/e2e/features/revision.feature (1)
493-496: Consider switching this check to message-fragment matching for test resilience.This assertion currently depends on exact full message text. Using
Message includeswith a stable fragment would reduce flakiness from non-semantic wording changes.♻️ Suggested tweak
- Then ClusterObjectSet "${COS_NAME}" reports Progressing as False with Reason Blocked and Message: + Then ClusterObjectSet "${COS_NAME}" reports Progressing as False with Reason Blocked and Message includes: """ - the following secrets are not immutable (referenced secrets must have immutable set to true): ${TEST_NAMESPACE}/${COS_NAME}-mutable-secret + referenced secrets must have immutable set to true """🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/e2e/features/revision.feature` around lines 493 - 496, The test currently asserts the exact full message string for ClusterObjectSet "${COS_NAME}" which is brittle; update the step to use a fragment-based assertion (e.g., change the check to "Message includes" or similar) and match a stable substring such as "secrets are not immutable" or the specific secret identifier "${TEST_NAMESPACE}/${COS_NAME}-mutable-secret" instead of the full multi-line message, keeping the existing step name ClusterObjectSet and variables COS_NAME/TEST_NAMESPACE so the test becomes resilient to non-semantic wording changes.internal/operator-controller/controllers/clusterobjectset_controller_internal_test.go (1)
258-263: Consider using format validation instead of exact hash.The hardcoded expected hash (
sha256:e159e3f2...) makes this test brittle to any changes in JSON serialization behavior across Go versions. While it does serve as a regression test, consider validating only the format (sha256:prefix + 64 hex characters) here, and rely on the "deterministic for same content" property tested elsewhere.♻️ Optional: Validate format instead of exact value
t.Run("deterministic for same content", func(t *testing.T) { objs := []client.Object{makeObj("v1", "ConfigMap", "cm1")} hash, err := computePhaseDigest("deploy", objs) require.NoError(t, err) - assert.Equal(t, "sha256:e159e3f2c46b65df156d02407c44936c0fd7349149a89dadf190d27c67019edc", hash) + assert.Regexp(t, `^sha256:[a-f0-9]{64}$`, hash) + // Verify determinism by computing again + hash2, err := computePhaseDigest("deploy", objs) + require.NoError(t, err) + assert.Equal(t, hash, hash2) })🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/operator-controller/controllers/clusterobjectset_controller_internal_test.go` around lines 258 - 263, The test currently asserts an exact hash string which is brittle; update the "deterministic for same content" test that calls computePhaseDigest to validate only the hash format instead of the exact value: after require.NoError(t, err) assert that the returned hash starts with "sha256:" and the suffix is exactly 64 hex characters (e.g. via a regex or hex.DecodeString on the substring), or alternatively check prefix + length and that all characters are valid hex; keep the deterministic property tested elsewhere rather than hardcoding the full hash.test/e2e/steps/steps.go (2)
606-613: Extract shared normalized-fragment matcher to avoid behavior drift.This logic is now duplicated across ClusterExtension and ClusterObjectSet condition checks; a shared helper keeps semantics in sync.
♻️ Suggested refactor
+func normalizedMessageContains(ctx context.Context, doc *godog.DocString) msgMatchFn { + if doc == nil { + return alwaysMatch + } + expected := substituteScenarioVars(strings.Join(strings.Fields(doc.Content), " "), scenarioCtx(ctx)) + return func(actual string) bool { + normalizedActual := strings.Join(strings.Fields(actual), " ") + return strings.Contains(normalizedActual, expected) + } +}func ClusterExtensionReportsConditionWithMessageFragment(ctx context.Context, conditionType, conditionStatus, conditionReason string, msgFragment *godog.DocString) error { - msgCmp := alwaysMatch - if msgFragment != nil { - expectedMsgFragment := substituteScenarioVars(strings.Join(strings.Fields(msgFragment.Content), " "), scenarioCtx(ctx)) - msgCmp = func(actualMsg string) bool { - normalizedActual := strings.Join(strings.Fields(actualMsg), " ") - return strings.Contains(normalizedActual, expectedMsgFragment) - } - } + msgCmp := normalizedMessageContains(ctx, msgFragment) return waitForExtensionCondition(ctx, conditionType, conditionStatus, &conditionReason, msgCmp) }func ClusterObjectSetReportsConditionWithMessageFragment(ctx context.Context, revisionName, conditionType, conditionStatus, conditionReason string, msgFragment *godog.DocString) error { - msgCmp := alwaysMatch - if msgFragment != nil { - expectedMsgFragment := substituteScenarioVars(strings.Join(strings.Fields(msgFragment.Content), " "), scenarioCtx(ctx)) - msgCmp = func(actualMsg string) bool { - normalizedActual := strings.Join(strings.Fields(actualMsg), " ") - return strings.Contains(normalizedActual, expectedMsgFragment) - } - } + msgCmp := normalizedMessageContains(ctx, msgFragment) return waitForCondition(ctx, "clusterobjectset", substituteScenarioVars(revisionName, scenarioCtx(ctx)), conditionType, conditionStatus, &conditionReason, msgCmp) }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/e2e/steps/steps.go` around lines 606 - 613, The duplicated message-fragment matching logic in ClusterObjectSetReportsConditionWithMessageFragment and the ClusterExtension condition check should be extracted into a single helper: add a function (e.g., normalizedFragmentMatcher or matchNormalizedFragment) that takes the expected fragment string and returns a func(actual string) bool which normalizes whitespace on both strings (e.g., strings.Fields + strings.Join) and checks strings.Contains; in ClusterObjectSetReportsConditionWithMessageFragment call substituteScenarioVars to build the expected fragment and pass it to this helper instead of inlining the normalization logic, and update the ClusterExtension check to use the same helper so both use identical semantics.
623-625: Wrap trigger failures with resource context and stderr.Returning the bare error makes E2E triage harder than needed.
🛠️ Suggested improvement
- _, err := k8sClient("annotate", "clusterobjectset", cosName, "--overwrite", - fmt.Sprintf("e2e-trigger=%d", time.Now().UnixNano())) - return err + if _, err := k8sClient("annotate", "clusterobjectset", cosName, "--overwrite", + fmt.Sprintf("e2e-trigger=%d", time.Now().UnixNano())); err != nil { + return fmt.Errorf("triggering reconciliation for ClusterObjectSet %q: %w; stderr: %s", cosName, err, stderrOutput(err)) + } + return nil🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/e2e/steps/steps.go` around lines 623 - 625, The call to k8sClient("annotate", "clusterobjectset", cosName, ...) returns a bare error which loses useful context; modify the invocation in steps.go so you capture the command output (stdout/stderr) and, if err != nil, return a wrapped error that includes the resource name (cosName), the attempted annotation value (e.g., fmt.Sprintf("e2e-trigger=%d", time.Now().UnixNano())), and the captured stderr/stdout; reference the k8sClient call and cosName so the new error message is of the form "annotate clusterobjectset <cosName> failed: <err> - output: <stderr>" to aid E2E triage.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@api/v1/clusterobjectset_types.go`:
- Line 535: The kubebuilder XValidation message for the DNS1123 rule is
incorrect about starting with an alphabetic character; update the validation
message in the annotation (the line with
+kubebuilder:validation:XValidation:rule=`!format.dns1123Label().validate(self).hasValue()`,message=...)
so it accurately reflects DNS1123 semantics (labels may start with digits).
Replace "must start with an alphabetic character and end with an alphanumeric
character" with wording such as "must consist only of lowercase alphanumeric
characters and hyphens, and must start and end with an alphanumeric character"
so the message matches the enforced rule.
---
Duplicate comments:
In `@hack/tools/update-tls-profiles.sh`:
- Around line 5-10: The script currently writes directly to OUTPUT which can
leave the checked-in mozilla_data.json corrupted on transfer failure; change the
curl invocation to download to a safely created temporary file in the same
directory (use mktemp in the OUTPUT directory), e.g. download to TMP with curl
-L -s -f -o "$TMP" "${INPUT}", verify curl succeeded, then atomically move TMP
to OUTPUT with mv -f "$TMP" "$OUTPUT"; ensure you set a trap to remove the TMP
on exit/failure so no leftover temp files remain and preserve the existing error
message/exit behavior if the download fails.
---
Nitpick comments:
In
`@internal/operator-controller/controllers/clusterobjectset_controller_internal_test.go`:
- Around line 258-263: The test currently asserts an exact hash string which is
brittle; update the "deterministic for same content" test that calls
computePhaseDigest to validate only the hash format instead of the exact value:
after require.NoError(t, err) assert that the returned hash starts with
"sha256:" and the suffix is exactly 64 hex characters (e.g. via a regex or
hex.DecodeString on the substring), or alternatively check prefix + length and
that all characters are valid hex; keep the deterministic property tested
elsewhere rather than hardcoding the full hash.
In `@test/e2e/features/revision.feature`:
- Around line 493-496: The test currently asserts the exact full message string
for ClusterObjectSet "${COS_NAME}" which is brittle; update the step to use a
fragment-based assertion (e.g., change the check to "Message includes" or
similar) and match a stable substring such as "secrets are not immutable" or the
specific secret identifier "${TEST_NAMESPACE}/${COS_NAME}-mutable-secret"
instead of the full multi-line message, keeping the existing step name
ClusterObjectSet and variables COS_NAME/TEST_NAMESPACE so the test becomes
resilient to non-semantic wording changes.
In `@test/e2e/steps/steps.go`:
- Around line 606-613: The duplicated message-fragment matching logic in
ClusterObjectSetReportsConditionWithMessageFragment and the ClusterExtension
condition check should be extracted into a single helper: add a function (e.g.,
normalizedFragmentMatcher or matchNormalizedFragment) that takes the expected
fragment string and returns a func(actual string) bool which normalizes
whitespace on both strings (e.g., strings.Fields + strings.Join) and checks
strings.Contains; in ClusterObjectSetReportsConditionWithMessageFragment call
substituteScenarioVars to build the expected fragment and pass it to this helper
instead of inlining the normalization logic, and update the ClusterExtension
check to use the same helper so both use identical semantics.
- Around line 623-625: The call to k8sClient("annotate", "clusterobjectset",
cosName, ...) returns a bare error which loses useful context; modify the
invocation in steps.go so you capture the command output (stdout/stderr) and, if
err != nil, return a wrapped error that includes the resource name (cosName),
the attempted annotation value (e.g., fmt.Sprintf("e2e-trigger=%d",
time.Now().UnixNano())), and the captured stderr/stdout; reference the k8sClient
call and cosName so the new error message is of the form "annotate
clusterobjectset <cosName> failed: <err> - output: <stderr>" to aid E2E triage.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: 968eadd5-9408-47f6-af9a-769a538c6c85
⛔ Files ignored due to path filters (109)
.bingo/gojq.sumis excluded by!**/*.sumapi/v1/zz_generated.deepcopy.gois excluded by!**/zz_generated*go.sumis excluded by!**/*.sumopenshift/tests-extension/go.sumis excluded by!**/*.sumopenshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/.golangci.ymlis excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/README.mdis excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/cache.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/decode.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/decode_map_utils.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/diagnose.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/encode.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/simplevalue.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/stream.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/structfields.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/fxamacker/cbor/v2/valid.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/clusterobjectset_types.gois excluded by!**/vendor/**openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/zz_generated.deepcopy.gois excluded by!**/vendor/**,!**/zz_generated*openshift/tests-extension/vendor/go.opentelemetry.io/otel/.golangci.ymlis excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/CHANGELOG.mdis excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/Makefileis excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/RELEASING.mdis excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/encoder.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/hash.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/internal/attribute.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/kv.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/type_string.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/value.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/dependencies.Dockerfileis excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/internal/x/features.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/config.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/container.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/env.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_readfile.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/os.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/process.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/resource.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/provider.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/span.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/version.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.40.0/otelconv/metric.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/trace.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/version.gois excluded by!**/vendor/**openshift/tests-extension/vendor/go.opentelemetry.io/otel/versions.yamlis excluded by!**/vendor/**openshift/tests-extension/vendor/modules.txtis excluded by!**/vendor/**vendor/github.com/fxamacker/cbor/v2/.golangci.ymlis excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/README.mdis excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/cache.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/decode.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/decode_map_utils.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/diagnose.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/encode.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/simplevalue.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/stream.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/structfields.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/fxamacker/cbor/v2/valid.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/mattn/go-sqlite3/sqlite3-binding.cis excluded by!**/vendor/**,!vendor/**vendor/github.com/mattn/go-sqlite3/sqlite3-binding.his excluded by!**/vendor/**,!vendor/**vendor/github.com/mattn/go-sqlite3/sqlite3.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/mattn/go-sqlite3/sqlite3_opt_serialize.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/operator-framework/operator-registry/alpha/declcfg/model_to_declcfg.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/operator-framework/operator-registry/alpha/model/model.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/validate.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/operator-framework/operator-registry/pkg/registry/conversion.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/.golangci.ymlis excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/CHANGELOG.mdis excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/Makefileis excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/RELEASING.mdis excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/attribute/encoder.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/attribute/hash.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/attribute/internal/attribute.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/attribute/kv.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/attribute/type_string.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/attribute/value.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/dependencies.Dockerfileis excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/internal/x/features.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/resource/builtin.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/resource/config.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/resource/container.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/resource/env.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/resource/host_id.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/resource/host_id_readfile.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/resource/os.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/resource/process.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/resource/resource.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/trace/provider.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/trace/sampling.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/trace/span.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/sdk/version.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/semconv/v1.40.0/otelconv/metric.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/trace/trace.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/version.gois excluded by!**/vendor/**,!vendor/**vendor/go.opentelemetry.io/otel/versions.yamlis excluded by!**/vendor/**,!vendor/**vendor/helm.sh/helm/v3/pkg/chart/metadata.gois excluded by!**/vendor/**,!vendor/**vendor/helm.sh/helm/v3/pkg/chartutil/expand.gois excluded by!**/vendor/**,!vendor/**vendor/modules.txtis excluded by!**/vendor/**,!vendor/**vendor/pkg.package-operator.run/boxcutter/boxcutter.gois excluded by!**/vendor/**,!vendor/**vendor/pkg.package-operator.run/boxcutter/machinery/objects.gois excluded by!**/vendor/**,!vendor/**vendor/pkg.package-operator.run/boxcutter/managedcache/objectboundaccess.gois excluded by!**/vendor/**,!vendor/**
📒 Files selected for processing (31)
.bingo/Variables.mk.bingo/gojq.mod.bingo/variables.envMakefileOWNERS_ALIASESapi/v1/clusterobjectset_types.goapplyconfigurations/api/v1/clusterobjectsetstatus.goapplyconfigurations/api/v1/observedphase.goapplyconfigurations/utils.godocs/api-reference/crd-ref-docs-gen-config.yamldocs/draft/concepts/large-bundle-support.mdgo.modhack/test/e2e-coverage.shhack/tools/update-tls-profiles.shhelm/olmv1/base/operator-controller/crd/experimental/olm.operatorframework.io_clusterobjectsets.yamlinternal/operator-controller/applier/phase.gointernal/operator-controller/applier/phase_test.gointernal/operator-controller/controllers/clusterobjectset_controller.gointernal/operator-controller/controllers/clusterobjectset_controller_internal_test.gointernal/operator-controller/controllers/clusterobjectset_controller_test.gointernal/operator-controller/controllers/resolve_ref_test.gointernal/operator-controller/controllers/revision_engine_factory.gointernal/shared/util/tlsprofiles/mozilla_data.gointernal/shared/util/tlsprofiles/mozilla_data.jsoninternal/shared/util/tlsprofiles/tlsprofiles_test.gomanifests/experimental-e2e.yamlmanifests/experimental.yamlopenshift/tests-extension/go.modrequirements.txttest/e2e/features/revision.featuretest/e2e/steps/steps.go
💤 Files with no reviewable changes (4)
- .bingo/gojq.mod
- .bingo/variables.env
- OWNERS_ALIASES
- .bingo/Variables.mk
✅ Files skipped from review due to trivial changes (7)
- requirements.txt
- docs/api-reference/crd-ref-docs-gen-config.yaml
- internal/operator-controller/controllers/resolve_ref_test.go
- internal/operator-controller/applier/phase_test.go
- applyconfigurations/api/v1/observedphase.go
- internal/shared/util/tlsprofiles/mozilla_data.go
- internal/shared/util/tlsprofiles/mozilla_data.json
🚧 Files skipped from review as they are similar to previous changes (5)
- hack/test/e2e-coverage.sh
- Makefile
- internal/operator-controller/controllers/clusterobjectset_controller_test.go
- openshift/tests-extension/go.mod
- go.mod
| // +required | ||
| // +kubebuilder:validation:MinLength=1 | ||
| // +kubebuilder:validation:MaxLength=63 | ||
| // +kubebuilder:validation:XValidation:rule=`!format.dns1123Label().validate(self).hasValue()`,message="the value must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character." |
There was a problem hiding this comment.
Validation message should match the DNS1123 rule semantics.
The rule allows labels starting with digits, but the message says the name must start with an alphabetic character. Please align the message text with the enforced rule.
✏️ Suggested fix
- // +kubebuilder:validation:XValidation:rule=`!format.dns1123Label().validate(self).hasValue()`,message="the value must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character."
+ // +kubebuilder:validation:XValidation:rule=`!format.dns1123Label().validate(self).hasValue()`,message="the value must consist of only lowercase alphanumeric characters and hyphens, and must start and end with an alphanumeric character."📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // +kubebuilder:validation:XValidation:rule=`!format.dns1123Label().validate(self).hasValue()`,message="the value must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character." | |
| // +kubebuilder:validation:XValidation:rule=`!format.dns1123Label().validate(self).hasValue()`,message="the value must consist of only lowercase alphanumeric characters and hyphens, and must start and end with an alphanumeric character." |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@api/v1/clusterobjectset_types.go` at line 535, The kubebuilder XValidation
message for the DNS1123 rule is incorrect about starting with an alphabetic
character; update the validation message in the annotation (the line with
+kubebuilder:validation:XValidation:rule=`!format.dns1123Label().validate(self).hasValue()`,message=...)
so it accurately reflects DNS1123 semantics (labels may start with digits).
Replace "must start with an alphabetic character and end with an alphanumeric
character" with wording such as "must consist only of lowercase alphanumeric
characters and hyphens, and must start and end with an alphanumeric character"
so the message matches the enforced rule.
There was a problem hiding this comment.
Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!
Contributor
There was a problem hiding this comment.
Contributor
|
/retest-required |
Contributor
|
/retest |
Contributor
|
/lgtm |
Contributor
|
/retest |
Contributor
|
The failures seem unrelated to us (either cluster doesn't start, or it's other tests that are failing). |
Contributor
|
@openshift-bot: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
18 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
JIRA Tickets:
The downstream repository has been updated with the following following upstream commits:
The
vendor/directory has been updated and the following commits were carried:@catalogd-updateThis pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.
/cc @openshift/openshift-team-operator-framework
Summary by CodeRabbit
New Features
observedPhasesstatus field to prevent unintended object content changes during reconciliation.Enforcements
Changes
Chores