NO-ISSUE: Merge upstream

[honza]

Summary by CodeRabbit

• New Features

  • Added OCI image authentication support via secret reference
  • Added force flag for host detachment operations

• Chores

  • Updated Go toolchain to 1.25.9
  • Upgraded Kubernetes dependencies to v0.35.4 and controller-runtime to v0.23.3

• Bug Fixes

  • Improved OCI image URL detection with case-insensitive matching

• Refactor

  • Consolidated reference type structure in host claim status

[coderabbitai]

Walkthrough

The changes upgrade Go toolchain from 1.25.8 to 1.25.9, update Kubernetes dependencies (k8s.io/api/apimachinery v0.34.6 to v0.35.4, controller-runtime v0.22.5 to v0.23.3), add OCI authentication support to image configuration, introduce an ObjectReference type for resource references, and update Makefile rules and build tooling.

Changes

Cohort / File(s)	Summary
Build Configuration & Tooling Dockerfile, Makefile, .gitignore	Updates Go toolchain from 1.25.8 to 1.25.9 with digest pinning; extends Makefile with Ginkgo config overrides, help command formatting improvements, fuzz test quoting, new verify-e2e-prerequisites phony target, and clean target expansion; removes legacy build-legacy-vbmctl target; adds e2e test fixture to gitignore.
Dependency Management apis/go.mod	Upgrades Kubernetes dependencies (k8s.io/api and k8s.io/apimachinery from v0.34.6 to v0.35.4) and sigs.k8s.io/controller-runtime (v0.22.5 to v0.23.3); updates indirect dependencies including logr, yaml, klog, and structured-merge-diff.
API Type Extensions apis/metal3.io/v1alpha1/baremetalhost_types.go, apis/metal3.io/v1alpha1/hostclaim_types.go	Adds OCIAuthSecretName field to Image type for Docker config authentication; updates IsOCI() method with nil/empty URL handling and case-insensitive prefix matching; adds Force flag to DetachedAnnotationArguments; introduces generalized ObjectReference type replacing HardwareReference and adds bareMetalHost reference field to HostClaimStatus.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'NO-ISSUE: Merge upstream' is vague and non-descriptive, using generic terms that don't convey meaningful information about the specific changes in this changeset.	Provide a more descriptive title that summarizes the main changes, such as 'Upgrade Go toolchain to 1.25.9 and update Kubernetes dependencies' or 'Update Go version, add OCI auth support, and refactor hardware reference types'.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The pull request does not introduce or modify any Ginkgo test definitions. All changes are to non-test files, so no test names violate stability requirements.
Test Structure And Quality	✅ Passed	Pull request contains no Ginkgo test code changes; only configuration and API type modifications are present.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are present in this PR. Changes are limited to infrastructure updates, dependency upgrades, API type extensions, and .gitignore modifications.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests with multi-node assumptions were added in this PR.
Topology-Aware Scheduling Compatibility	✅ Passed	PR changes are limited to build configuration, dependency updates, and API type definitions with no scheduling constraints or topology assumptions.
Ote Binary Stdout Contract	✅ Passed	This pull request contains no OTE Binary Stdout Contract violations. The zap logger is properly initialized before logging occurs, and all logging is channeled through stderr by default.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR is a vendor/upstream merge with no new Ginkgo e2e tests added to test/e2e/ directory.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: honza

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [honza]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mabulgu]

/lgtm

[mabulgu]

/retest

[hroyrh]

/retest-required

[dtantsur]

/retitle NO-ISSUE: Merge upstream

@honza please don't forget ^^^

[openshift-ci-robot]

@honza: This pull request explicitly references no jira issue.

Details

In response to this:

Summary by CodeRabbit

• New Features

• Added OCI image authentication support via secret reference

• Added force flag for host detachment operations

• Chores

• Updated Go toolchain to 1.25.9

• Upgraded Kubernetes dependencies to v0.35.4 and controller-runtime to v0.23.3

• Bug Fixes

• Improved OCI image URL detection with case-insensitive matching

• Refactor

• Consolidated reference type structure in host claim status

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jadhaj]

/verified later @jadhaj

[openshift-ci-robot]

@jadhaj: This PR has been marked to be verified later by @jadhaj.

Details

In response to this:

/verified later @jadhaj

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[honza]

@dtantsur I thought we had a bunch of things that people were eager to get in and I hoped they'd add their favourite issue.

[dtantsur]

I thought we had a bunch of things that people were eager to get in and I hoped they'd add their favourite issue.

I'm still trying to make up my mind how we can track these syncs...

[openshift-ci]

@honza: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.