NO-JIRA: Update manifests generator

[damdo]

Summary

• Updates manifests-gen to openshift/cluster-capi-operator#524 which:
  • Adds the openshift.io/required-scc: restricted-v2 annotation to provider Deployment pod templates
  • Moves the workload management annotation (target.workload.openshift.io/management) from Go code to a kustomize patch

Test plan

• Verify generated manifests contain the new openshift.io/required-scc: restricted-v2 annotation
• Verify the workload management annotation is still present
• CI passes

Summary by CodeRabbit

• Chores
  • Applied stricter OpenShift security constraints to workload pod templates for enhanced security compliance.
  • Updated infrastructure dependencies.

[coderabbitai]

Walkthrough

Adds a security constraint annotation (restricted-v2) to the workload pod template manifest and updates a Go module dependency to a newer commit version.

Changes

Cohort / File(s)	Summary
Security Constraint Annotation openshift/capi-operator-manifests/default/manifests.yaml	Adds openshift.io/required-scc: restricted-v2 annotation to enforce OpenShift Security Context Constraint for the workload pod template.
Dependency Update openshift/tools/go.mod	Bumps github.com/openshift/cluster-capi-operator/manifests-gen dependency from commit 6f5ed04abddb to 40757eb5602c.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Test Structure And Quality	❓ Inconclusive	PR modifies manifest files and go.mod dependency only; no Ginkgo test files are being added or modified.	Clarify whether this PR includes Ginkgo test code modifications. If test code is present, provide details on affected test files for quality assessment.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	No test files were modified in this pull request; the custom check for Ginkgo test naming is not applicable.
Microshift Test Compatibility	✅ Passed	PR does not add any new Ginkgo e2e test files; changes are limited to manifest YAML and Go module dependency updates.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests; changes are limited to manifest annotations and Go module updates.
Topology-Aware Scheduling Compatibility	✅ Passed	The PR adds only an SCC annotation and updates a manifests generator dependency, neither of which introduces scheduling constraints that would affect non-standard OpenShift topologies like SNO, Two-Node, or HyperShift clusters.
Ote Binary Stdout Contract	✅ Passed	This PR contains only YAML annotation additions and a go.mod dependency version bump for the manifests-gen build tool. No new stdout writes are introduced in process-level code and the OTE Binary Stdout Contract is not violated.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests; only a YAML annotation and Go module dependency version bump were modified.
Title check	✅ Passed	The title 'Update manifests generator' accurately describes the main change - bumping the manifests generator dependency and regenerating manifests with the new SCC annotation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

@damdo: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[mdbooth]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: damdo, mdbooth

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [damdo,mdbooth]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@damdo: This pull request explicitly references no jira issue.

Details

In response to this:

Summary

• Updates manifests-gen to openshift/cluster-capi-operator#524 which:
• Adds the openshift.io/required-scc: restricted-v2 annotation to provider Deployment pod templates
• Moves the workload management annotation (target.workload.openshift.io/management) from Go code to a kustomize patch

Test plan

• Verify generated manifests contain the new openshift.io/required-scc: restricted-v2 annotation
• Verify the workload management annotation is still present
• CI passes

Summary by CodeRabbit

• Chores
• Applied stricter OpenShift security constraints to workload pod templates for enhanced security compliance.
• Updated infrastructure dependencies.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[racheljpg]

/verified by ci

[openshift-ci-robot]

@racheljpg: This PR has been marked as verified by ci.

Details

In response to this:

/verified by ci

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.