Skip to content

chore: Backport v20260428#1299

Merged
michaelawyu merged 12 commits intoAzure:mainfrom
britaniar:backport-v20260428
Apr 30, 2026
Merged

chore: Backport v20260428#1299
michaelawyu merged 12 commits intoAzure:mainfrom
britaniar:backport-v20260428

Conversation

@britaniar
Copy link
Copy Markdown
Contributor

@britaniar britaniar commented Apr 28, 2026
edited by jwtty
Loading

Description of your changes

Fixes #

I have:

  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

Special notes for your reviewer

kubefleet-dev/kubefleet@6d67e7e (cncf/main) chore: clean up resource watcher tests and rename detector file (kubefleet-dev/kubefleet#666)
kubefleet-dev/kubefleet@b548d9b fix: disable rolling out fleet namespace staged rollout custom resources (kubefleet-dev/kubefleet#631)
kubefleet-dev/kubefleet@2086d2e chore: bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 (kubefleet-dev/kubefleet#624)
kubefleet-dev/kubefleet@90929d5 chore: bump step-security/harden-runner from 2.18.0 to 2.19.0 (kubefleet-dev/kubefleet#623)
kubefleet-dev/kubefleet@1c82b51 feat: determine failure type when possible for update run (kubefleet-dev/kubefleet#621)
kubefleet-dev/kubefleet@daf3165 feat: add kubebuilder RBAC markers and replace cluster-admin with least-privilege ClusterRoles (kubefleet-dev/kubefleet#574)
kubefleet-dev/kubefleet@aa840c6 feat: have update run skip a stage with no clusters (kubefleet-dev/kubefleet#609)
kubefleet-dev/kubefleet@5c572cf fix: add pod/rs guardrail check consistently (kubefleet-dev/kubefleet#682)

britaniar and others added 8 commits April 20, 2026 13:22
@britaniar
feat: have update run skip a stage with no clusters (Azure#609)
aa840c6
@ytimocin
feat: add kubebuilder RBAC markers and replace cluster-admin with lea…
daf3165 
…st-privilege ClusterRoles (Azure#574)

Signed-off-by: Yetkin Timocin <ytimocin@microsoft.com>
@britaniar
feat: determine failure type when possible for update run (Azure#621)
1c82b51
@dependabot
chore: bump step-security/harden-runner from 2.18.0 to 2.19.0 (Azure#623
90929d5 
)
@dependabot
chore: bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 (Azure#624)
2086d2e
@britaniar
fix: disable rolling out fleet namespace staged rollout custom resour…
b548d9b 
…ces (Azure#631)
@ytimocin @claude
chore: clean up resource watcher tests and rename detector file (Azur…
6d67e7e 
…e#666)

* chore: clean up resource watcher tests and rename detector file

- Implement fakeController.Run as a no-op; the stub previously panicked
  with "implement me", but the fake is never started in tests and only
  exists to satisfy the controller.Controller interface and record
  Enqueue calls.
- Add table-driven TestChangeDetector_dynamicResourceFilter covering
  reserved/skipped namespaces, kube-root-ca.crt filtering by
  ShouldPropagateObj, tombstones from informer cache deletion,
  cluster-scoped unstructured input, and the typed-object bypass.
- Rename change_dector.go to change_detector.go to fix the long-standing
  typo in the filename.

Partially addresses Azure#642. The remaining TODO at change_detector.go:107
(pre-built built-in resources map) is left as a follow-up because the
optimization is open-ended in scope and conflates two ideas
(skipping cache-sync wait and detecting built-in GVRs).

Co-Authored-By: Claude Code <noreply@anthropic.com>
Signed-off-by: Yetkin Timocin <ytimocin@microsoft.com>

* chore: address review feedback

Signed-off-by: Yetkin Timocin <ytimocin@microsoft.com>

* test: add coverage for newFilteringHandlerOnAllEvents

Address codecov/patch shortfall on PR Azure#666: the handler-builder helper
had no direct unit test, so the signature-only change to it dropped
patch coverage. Add a table-driven test that exercises each of the
six (event x filter-result) combinations and asserts callback firing
matches the filter outcome. Also Boy-Scout the two remaining
`interface{}` declarations in this file to `any`.

Signed-off-by: Yetkin Timocin <ytimocin@microsoft.com>

---------

Signed-off-by: Yetkin Timocin <ytimocin@microsoft.com>
Co-authored-by: Claude Code <noreply@anthropic.com>
@britaniar
Merge remote-tracking branch 'cncf/main' into backport-v20260428
227a5f2
ytimocin
ytimocin previously approved these changes Apr 28, 2026
View reviewed changes
@ytimocin ytimocin force-pushed the backport-v20260428 branch from 7375b51 to 574587a Compare April 29, 2026 00:47
@ytimocin
fix: grant hub-agent-sa CRD create/update for crd-installer
04559e6 
Signed-off-by: Yetkin Timocin <ytimocin@microsoft.com>
@ytimocin ytimocin force-pushed the backport-v20260428 branch from 574587a to 04559e6 Compare April 29, 2026 16:27
michaelawyu
michaelawyu approved these changes Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@michaelawyu michaelawyu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ;)

@michaelawyu michaelawyu merged commit d555e30 into Azure:main Apr 30, 2026
38 of 44 checks passed
@britaniar britaniar deleted the backport-v20260428 branch April 30, 2026 19:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaelawyu michaelawyu michaelawyu approved these changes

@jwtty jwtty jwtty approved these changes

@ytimocin ytimocin ytimocin left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@britaniar @ytimocin @michaelawyu @jwtty