NO-ISSUE: Synchronize From Upstream Repositories#708
Closed
tmshort wants to merge 92 commits intoopenshift:mainfrom
Closed
NO-ISSUE: Synchronize From Upstream Repositories#708tmshort wants to merge 92 commits intoopenshift:mainfrom
tmshort wants to merge 92 commits intoopenshift:mainfrom
Conversation
* e2e: add design spec for test isolation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * e2e: move bundle test builders to internal/testing/bundle/ Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * e2e: add catalog builder library and registry deployment Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * e2e: convert all tests to per-scenario dynamic catalogs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * e2e: update extension-developer-e2e to use registry library Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * e2e: remove old static test infrastructure and clean up * e2e: use port-forward instead of hostPort for registry access Replace the localhost:30000 hostPort-based registry access with Kubernetes port-forwarding. This makes the test runner work regardless of the cluster network topology (not just kind with extraPortMappings). - Remove port 30000 extraPortMappings from kind configs - Add PortForward() to the registry package using SPDY - Use port-forward in e2e steps and extension-developer-e2e - Remove LOCAL_REGISTRY_HOST env var (no longer needed) - Keep NodePort service for containerd on kind nodes (hosts.toml) * e2e: bump experimental e2e timeout to 20m --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/moby/spdystream/releases) - [Commits](moby/spdystream@v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/moby/spdystream dependency-version: 0.5.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dtfranz <dfranz@redhat.com> UPSTREAM: <carry>: Update generate-manifests to handle new directory The `default` directory was renamed `base`. Signed-off-by: Todd Short <todd.short@me.com> The `base` directory was moved to `base\operator-controller`. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Drop commitchecker Signed-off-by: Alexander Greene <greene.al1991@gmail.com> UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/4022cd290f00a44d667dda03f2d78d84a488c7ed/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: update owners * Remove alumni from owners * Add m1kola to approvers Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com> UPSTREAM: <carry>: Add pointer to tooling README UPSTREAM: <carry>: Disable Validating Admission Policy APIs downstream Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com> UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.16 Reconciling with https://github.com/openshift/ocp-build-data/tree/6250d54c4686a708ca5985afb73080e8ca9a1f7f/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: Enable Validating Admission Policy APIs downstream * This reverts commit 3f079c4. * Includes Validating Admission Policy manifests Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com> UPSTREAM: <carry>: manifests: set required-scc for openshift workloads UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.17 Reconciling with https://github.com/openshift/ocp-build-data/tree/4c1326094222f9209876f06833179a1b9178faf7/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: add everettraven to approvers+reviewers Signed-off-by: everettraven <everettraven@gmail.com> UPSTREAM: <carry>: add openshift kustomize overlay to enable TLS communication with catalogd. Configure the CA certs using the configmap injection method via service-ca-operator Signed-off-by: everettraven <everettraven@gmail.com> UPSTREAM: <carry>: Add tmshort to approvers Also `s/runtime/framework/g` in the DOWNSTREAM_OWNERS Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.18 Reconciling with https://github.com/openshift/ocp-build-data/tree/dd68246f3237db5db458127566fc7b05b55e1660/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: Properly copy and call kustomize Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: manifests: add hostPath mount for /etc/containers Signed-off-by: Joe Lanford <joe.lanford@gmail.com> UPSTREAM: <carry>: Add test-e2e target for downstream Makefile to be run by openshift/release. Signed-off-by: dtfranz <dfranz@redhat.com> UPSTREAM: <carry>: Add downstream verify makefile target Signed-off-by: dtfranz <dfranz@redhat.com> UPSTREAM: <carry>: openshift: template log verbosity to be managed by cluster-olm-operator Signed-off-by: Joe Lanford <joe.lanford@gmail.com> UPSTREAM: <carry>: Add global-pull-secret flag Pass global-pull-secret to the manager container. Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com> UPSTREAM: <carry>: Update openshift CAs to operator-controller The /run/secrets/kubernetes.io/serviceaccount/ directory is projected into the pod and contains the following CA certificates: * configmap/kube-root-ca.crt as ca.crt * configmap/openshift-service-ca.crt as service-ca.crt Update the --ca-certs-dir argument to reference the directory. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Add HowTo for origin tests Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Add e2e registry Dockerfile Signed-off-by: dtfranz <dfranz@redhat.com> UPSTREAM: <carry>: add nodeSelector and tolerations to operator-controller deployment via kustomize patch Signed-off-by: everettraven <everettraven@gmail.com> UPSTREAM: <carry>: namespace: use privileged PSA for audit and warn levels Signed-off-by: Joe Lanford <joe.lanford@gmail.com> UPSTREAM: <carry>: Enable downstream e2e Signed-off-by: dtfranz <dfranz@redhat.com> UPSTREAM: <carry>: Remove m1kola from owners Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com> UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.19 Reconciling with https://github.com/openshift/ocp-build-data/tree/a39508c86497b4e5e463d7b2c78e51e577be9e7d/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: generate and mount service-ca server cert Signed-off-by: Joe Lanford <joe.lanford@gmail.com> UPSTREAM: <carry>: Add support for proxy trustedCAs Just map the list of trusted ca certs into the deployment Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Fix error to build the image Copy correct (new) executable name for operator-controller Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Fix make verify for mac os envs Joe Lanford <joe.lanford@gmail.com> UPSTREAM: <carry>: Move operator-controller openshift files to its own dir UPSTREAM: <carry>: Upgrade OCP images from 4.18 to 4.19 UPSTREAM: <carry>: Add Openshift's catalogd manifests - Move to openshift/catalogd the specific manifest under: https://github.com/openshift/operator-framework-catalogd/tree/main/openshift - Add call to generate catalogd manifest to 'make manifest'. Make verify test is now done for catalogd and operator-controller Openshift's manifests UPSTREAM: <carry>: resolve issue with pre-mature mounting of trusted CA configmap Signed-off-by: Joe Lanford <joe.lanford@gmail.com> UPSTREAM: <carry>: Add /etc/docker to the operator-controller and catalogd deployments This allows for use of the any image.config.openshift.io trusted CAs Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: fixup catalogd.Dockerfile paths Signed-off-by: Joe Lanford <joe.lanford@gmail.com> UPSTREAM: <carry>: Resolve issue with pre-mature mounting of service CA configmap Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: use projected volume for CAs to avoid subPath limitations Signed-off-by: Joe Lanford <joe.lanford@gmail.com> UPSTREAM: <carry>: Revert "UPSTREAM: <carry>: use projected volume for CAs to avoid subPath limitations" This reverts commit 548caa4. UPSTREAM: <carry>: use projected volume for CAs to avoid subPath limitations Signed-off-by: Joe Lanford <joe.lanford@gmail.com> UPSTREAM: <carry>: Remove vet from openshift verify The `vet` target was removed upstream. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Skip another upstream test Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Cleanup openshift/Makefile by removing no longer required comments regards catalogd e2e tests UPSTREAM: <carry>: Enable OCP metrics collection by default Enables OCP to collect Prometheus metrics for both catalogd and operator-controller by default. This is accomplished via ServiceMonitor CRs which are now created for both projects. UPSTREAM: <carry>: Fix catalogd.Dockerfile to use new paths The root catalogd directory has been removed Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Update DOWNSTREAM_OWNERS_ALIASES Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Add openshift node selector annotation Signed-off-by: Catherine Chan-Tse <cchantse@redhat.com> (cherry picked from commit 9b4a113) UPSTREAM: <carry>: Add caalogd-cas-dir option to op-con Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: set the SElinux type Signed-off-by: Jian Zhang <jiazha@redhat.com> UPSTREAM: <carry>: Add initial stack to run tests to validate the catalogs UPSTREAM: <carry>: Add vendor files for the catalog-sync tests UPSTREAM: <carry>: Bump catalog versions to 4.19 Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: revert "Bump catalog versions to 4.19" This reverts commit a98980b. UPSTREAM: <carry>: Update HOWTO-origin-tests techpreview is no longer a required option. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: [DefaultCatalogTests]: Allow to pass auth path for docker credentials" UPSTREAM: <carry>: fix: set NoLchown=true to allow image unpack on OCPci UPSTREAM: <carry>: [DefaultCatalogTests]: Moving parse of ENVVAR to the caller (follow-up 345) UPSTREAM: <carry>: [Default Catalog]: Create tmp dir to extract layers with right permissions to avoid issues scenarios UPSTREAM: <carry>: [Default Catalog](cleanp) Remove hack directory which is not used UPSTREAM: <carry>: Change code implementation to extract layers in OCP env UPSTREAM: <carry>: Add vendor files for change in the extract code implementation UPSTREAM: <carry>: [Default Catalog Tests]: Final cleanups and enhancements of initial implementation UPSTREAM: <carry>: SELinux type for operator-controller Signed-off-by: Jian Zhang <jiazha@redhat.com> UPSTREAM: <carry>: Bump catalog versions to 4.19 Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: [Default Catalog Consistency Test] (feat) add check for executable files in filesystem Checks if given paths exist and point to executable files or valid symlinks. UPSTREAM: <carry>: [Default Catalog Consistency Test]: fix junit output format to allow generate xml UPSTREAM: <carry>: [Default Catalog Consistency Test] (feat) add check to validate multi-arch support UPSTREAM: <carry>: [Default Catalog Consistency Test]: Enable CatalogChecks UPSTREAM: <carry>: [Default Catalog Consistency Test]: Rename Tests suite and small cleanups UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/dfb5c7d531490cfdc61a3b88bc533702b9624997/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: Updating ose-olm-catalogd-container image to be consistent with ART for 4.20 Reconciling with https://github.com/openshift/ocp-build-data/tree/dfb5c7d531490cfdc61a3b88bc533702b9624997/images/ose-olm-catalogd.yml UPSTREAM: <carry>: Update e2e registry to use 1.24/4.20 Update the e2e registry Dockerfile to use golang 1.24/OCP 4.20 Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: [Catalog Default Tests]: Upgrade go version to 1.24.3, dependencies and fix new lint issue UPSTREAM: <carry>: Add structure to allow move the orgin tests using OTE This commit introduces a binary and supporting structure to enable the execution of OpenShift origin (olmv1) tests using the Open Test Environment (OTE). It lays the groundwork for moving origin test in openshift/origin to be executed from this repository using OTE. UPSTREAM: <carry>: Add support for experimental manifests Update the openshift kustomize configuration for both operator-controller and catalogd. Update the manifest generation scripts to put the core generation code into a function (ignore-whitespace will help with the review), so that it can be called twice; once for standard, and once for experimental. Move around some of the kustomization directives to * Create a patch kustomization (Component) file and move the patch directives from olmv1-ns there. This allows it to be referenced from a different directory. * Add a kustomization file for tusted-ca. This allows it to be referenced from a different directory. * Move the setting of the namePrefix for operator-controller; this makes the generation compatible with upstream feature components. * Define experimental kustomization files that reference existing components. * Reference the correct CRDs (standard or experimental). * Add references to upstream feature components into the experimental manifests. This *will* add `--feature-gates` options from the upstream feature components to the experimental manifests. The cluster-olm-operator will strip those arguments from the deployments before adding the enabled feature gates. Update the Dockerfiles to include the experimental manifests and a copy script (`cp-manifests`) into the image containers. The complexity of having multiple sets of manifests mean that the simple initContainer copy mechanism found in cluster-olm-operator is no longer sufficient. This attempts to keep backwards compatibility with older versions of cluster-olm-operator, specifically by keeping the original (standard) manifests in the original location, and adding the experimental manifests in a new directory. The new `cp-manifests` script is used by newer versions of cluster-olm-operator. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: [OTE] - chore: follow up openshift#383 – remove unreachable target call UPSTREAM: <carry>: Remove build of test image registry Upstream now uses a different image Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Add test-experimental-e2e target to openshift Makefile This adds a test-experimental-e2e target to allow the CI to run the experimental e2e test. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: [OTE]: Add binary in the operator controller image to allow proper integration with OCP tests UPSTREAM: <carry>: Fix experimental manifest copying The standard manifest was being copied rather than the experimental manifest. This meant that the expected feature-flags are not present. This is failing now that we are doing a check for those feature-flags. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Update manifest generation for upstream rbac/webhooks Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: [OTE] - Add tracking mechanism UPSTREAM: <carry>: Update OTE dep to get fix UPSTREAM: <carry>: [OTE] Add Readme UPSTREAM: <carry>: set GIT_COMMIT env from SOURCE_GIT_COMMIT in Dockerfiles for operator-controller and catalogd Signed-off-by: Rashmi Gottipati <chowdary.grashmi@gmail.com> UPSTREAM: <carry>: add openshift specific build target to pass commit info downstream Signed-off-by: Ankita Thomas <ankithom@redhat.com> UPSTREAM: <carry>: add source commit into binaries when linking - Removes extra GIT_COMMIT set - fixup Dockerfiles after rebase - consider "" unset so build-info can fill commit/date - double quote go flags & honor GIT_COMMIT if set - improve robustness of build-info parsing - Trim whitespace on all version fields - isUnset and valueOrUnknown now call strings.TrimSpace - Avoid clobbering values injected via ldflags - set repoState from build-info only when repoState is still unset - set version from build-info only when unset and build-info value is non-empty UPSTREAM: <carry>: OTE add first test from openshift/origin olmv1.go UPSTREAM: <carry>: Migrate tasks from openshift/origin olm v1.go file which are remaining This commit moves the final OLMv1 tests from openshift/origin/test/extended/olm/olmv1.go to their proper location in this repository. This migration is part of a larger effort to streamline development by co-locating tests with the component they validate. This will reduce CI overhead and allow for faster, more atomic changes. Assisted-by: Gemini UPSTREAM: <carry>: OTE - How to test locally with OCP instances UPSTREAM: <carry>: [OTE] Refac: refac helper and olmv1 test to create namespace instead to use pre-existent UPSTREAM: <carry>: [OTE] add webhook tests Migrates OLMv1 webhook operator tests from using external YAML files to defining resources in Go structs. This change removes file dependencies, improving test reliability and simplifying test setup. The migration is a refactoring of code from openshift/origin#30059. The new code uses better naming conventions and adapts the tests to work with a controller-runtime client, enhancing test consistency and maintainability. The migration covers all core test scenarios: - Validating, mutating, and conversion webhooks. - Certificate and secret rotation tolerance. Assisted-by: Gemini UPSTREAM: <carry>: OTE: rewrite the upgrade incompatible operator test This test replaces the existing upgrade incompatible test. The main change is that operator and catalog bundles are created on-the-fly to support OCP 4.20. This means we are no longer dependent on public operators for this test. This creates new bundles in the OCP ImageRegistry, this requires using a number of OCP APIs, including using a raw API URL to invoke the build. This is done by invoking an external k8s client (either `oc` or `kubectl`), and passing it a tarball of the bundle to be created. So, it can't be done by the golang k8sClient normally available (i.e. the create input is a tarball not a YAML file). This introduces the use of go-bindata to store the bundle contents. It also pulls in openshift mage, buld and operator APIs. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Handle service-ca cert availability/rotation There is problem when the service-ca certificate is not available at pod start. This is an issue because the SystemCertPool is created from SSL_CERT_DIR, which may include the empty service-ca. The SystemCertPool is never regenerated during the lifetime of the program execution, so it will never get updated when the service-ca is filled. Thus, we need to use --pull-cas-dir to reference the CAs that we want to use. This will also allow OLMv1 to reload the service-ca when it is reloaded (after 2 years, mind you). Removing the SSL_CERT_DIR setting, and adding the --pull-cas-dir flag ought to be equivalent to what we have now (i.e. SSL_CERT_DIR and no --pull-cas-dir), except that rotation will be handled better. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: [OTE] add webhook tests Revert "UPSTREAM: <carry>: [OTE] add webhook tests" This reverts commit 9963614. UPSTREAM: <carry>: Upgrade OCP Catalog images from 4.19 to 4.20 UPSTREAM: <carry>: Remove bindata generation from build Using go-bindata is causing problems with ART builds. This removes the use of go-bindata from the builds. This will subsequently require that users MANUALLY run the `bindata` target to refresh the bindata, or use the `build-update` target. This is a quickfix to put out the fire. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: [OTE] Add webhook tests - Add dumping of container logs and `kubectl describe pods` output for better diagnostics. - Include targeted certificate details dump (`tls.crt` parse) when failures occur. - Add additional check to verify webhook responsiveness after certificate rotation. This change is a refactor of code from openshift/origin#30059. Assisted-by: Gemini UPSTREAM: <carry>: OTE add logs and dumps for olmv1 test and fix helper for clusterextensions UPSTREAM: <carry>: [OTE] Migrate preflight checks from openshift/origin Migrated OLMv1 operator preflight checks from using external YAML files to defining ClusterRole permissions directly in Go structs. This improves test reliability and simplifies test setup by removing file dependencies. The changes ensure precise replication of original test scenarios, including specific permission omissions for services, create verbs, ClusterRoleBindings, ConfigMap resourceNames, and escalate/bind verbs. Assisted-by: Gemini UPSTREAM: <carry>: [OTE] Add webhook to validate openshift-service-ca certificate rotation This change is a refactor of code from openshift/origin#30059. Assisted-by: Gemini UPSTREAM: <carry>: Adds ResourceVersion checks to the tls secret deletion test, mirroring the logic used in the certificate rotation test. This makes the test more robust by ensuring a new secret is created, not just that an existing one is still present. UPSTREAM: <carry>: [OTE] - Readme:Add info to help use payload-aggregate with new tests UPSTREAM: <carry>: remove obsolete owners Signed-off-by: grokspawn <jordan@nimblewidget.com> UPSTREAM: <carry>: [OTE] add catalog tests from openshift/origin This commit migrates the olmv1_catalog set of tests from openshift/origin to OTE as part the broad effort to migrate all tests. Assisted-by: Gemini UPSTREAM: <carry>: Migrate single/own namespace tests This commit migrates the OLMv1 single and own namespace watch mode tests from openshift/origin/test/extended/olm/olmv1-singleownnamespace.go to this repository. This is part of the effort to move component-specific tests into their respective downstream locations. Assisted-by: Gemini UPSTREAM: <carry>: Adds ResourceVersion checks to the tls secret deletion test, mirroring the logic used in the certificate rotation test. This makes the test more robust by ensuring a new secret is created, not just that an existing one is still present. This reverts commit 0bb1953. UPSTREAM: <carry>: [OTE] Add webhook to validate openshift-service-ca certificate rotation This reverts commit e9e3220. UPSTREAM: <carry>: Ensure unique name for bad-catalog tests UPSTREAM: <carry>: Revert "Handle service-ca cert availability/rotation" This reverts commit 9cc13d8. UPSTREAM: <carry>: grant QE approver permission for OTE UPSTREAM: <carry>: Update webhook ote tests to use latest webhook-operator Signed-off-by: Per Goncalves da Silva <pegoncal@redhat.com> UPSTREAM: <carry>: update operator-controller to v1.5.1 UPSTREAM: <carry>: configure watchnamespace using spec.config for OTE tests UPSTREAM: <carry>: add jiazha to approvers UPSTREAM: <carry>: Create combined manifests for comparison Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Use Helm charts for openshift manifests Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: add support for tests-private cases and add the case UPSTREAM: <carry>: Fix cp-manifests copying of helm charts The method used to copy the helm charts is including an extra `helm` directory in the destination path, that is making the cluster-olm-operator code just a bit more complicated than it needs to be. This fixes the copy location. Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Remove kustomize manifests from images and repo Now that helm manifests are being used to dynamically generate the manifests, the pre-generated manifests are no longer needed. So, we can remove them from the repo and the images. However, because we still want to verify the manifests are "good", we are still creating a "single-file" version of the manifests for verification purposes, and to allow us to see what changes are happening to the manifests (from upstream and/or downstream sources). Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Add pedjak and trgeiger as reviewers UPSTREAM: <carry>: migrate more cases from tests-private and enhance suites with filters UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/4fbe3fab45239dc4be6f5d9d98a0bf36e0274ec9/images/ose-olm-operator-controller.yml UPSTREAM: <carry>: Updating ose-olm-catalogd-container image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/4fbe3fab45239dc4be6f5d9d98a0bf36e0274ec9/images/ose-olm-catalogd.yml UPSTREAM: <carry>: OTE: Enable disconnected environment and build test operator controller image Signed-off-by: Per Goncalves da Silva <pegoncal@redhat.com> UPSTREAM: <carry>: for incompatible test add func to wait builder and deployer SA creation by OCP controller UPSTREAM: <carry>: Fix VERSION replacement in catalog bindata Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: check kubeconfig only run-test and run-suite UPSTREAM: <carry>: Clean up cp-manifests There is no longer a need to copy conditionally Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: Update does-not-exist and simple install to work in a disconnected environment Signed-off-by: Todd Short <todd.short@me.com> UPSTREAM: <carry>: support webhook case in disconnected UPSTREAM: <carry>: Consolidate build API This consolidates the in-cluster building of a bundle and catalog. The catalog and bundle bindata are inputs, along with a set of replacements so that catalog and bundle templates can be used to create the images. This can be done in the BeforeEach() for a set of tests that use the same data. Signed-off-by: Todd Short <todd.short@me.com>
…images from openshift/catalogd/manifests.yaml
Signed-off-by: Todd Short <todd.short@me.com>
…oss to avoid flakes
Signed-off-by: Todd Short <todd.short@me.com>
…uess and waiting for k8s cleanups Co-Author: kuiwang@redhat.com
…nts ( Follow-Up of: 714977c )
… uninstall Assisted-by: Cursor
… format Fix k8s.io/kubernetes replace version from v1.30.1-0... to v0.0.0-... format to resolve bumper tool verification failures. Add hack/ocp-replace.sh script to manage OCP fork replaces properly. Assisted-by: Cursor
…row job for migrated qe cases
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
The current pod simply does a `sleep 1000`, which means that the startup, liveness and readiness probes all fail. Use a busybox containter to run a simple script and httpd server to emulate the probes.
Signed-off-by: Todd Short <todd.short@me.com>
Signed-off-by: Rashmi Gottipati <rgottipa@redhat.com>
Signed-off-by: Rashmi Gottipati <rgottipa@redhat.com>
Signed-off-by: Todd Short <tshort@redhat.com>
…64 support Signed-off-by: Daniel Franz <dfranz@redhat.com>
Signed-off-by: Todd Short <tshort@redhat.com>
…t in OTE tests Update all remaining references to ClusterExtensionRevision in openshift/tests-extension to use ClusterObjectSet, matching the upstream rename in operator-framework/operator-controller#2589. Files updated: - test/qe/specs/olmv1_ce.go: RBAC resource names and comments - test/olmv1-preflight.go: scenario constants, test names, RBAC rules - .openshift-tests-extension/openshift_payload_olmv1.json: test name - pkg/bindata/qe/bindata.go: embedded RBAC templates - test/qe/testdata/olm/sa-nginx-limited-boxcutter.yaml: RBAC resources - test/qe/testdata/olm/sa-nginx-insufficient-operand-rbac-boxcutter.yaml: RBAC resources Signed-off-by: Camila Macedo <cmacedo@redhat.com> Made-with: Cursor
…s ClusterObjectSet The upstream rename of ClusterExtensionRevision to ClusterObjectSet (operator-framework/operator-controller#2589) breaks the incompatible operator detection in cluster-olm-operator. The cluster-olm-operator binary still reads ClusterExtensionRevision resources to find operators with olm.maxOpenShiftVersion, so after the rename it never detects incompatible operators and InstalledOLMOperatorsUpgradeable stays True. Skip this test when NewOLMBoxCutterRuntime feature gate is enabled until cluster-olm-operator is updated to read ClusterObjectSet. Signed-off-by: Camila Macedo <cmacedo@redhat.com> Made-with: Cursor
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Signed-off-by: Todd Short <todd.short@me.com>
…to run outside of OCP
openshift-ci-robot
added
the
jira/valid-reference
|
@tmshort: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Contributor
|
@tmshort: GitHub didn't allow me to request PR reviews from the following users: openshift/openshift-team-operator-framework. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
WalkthroughE2E test infrastructure refactored from static, pre-built catalog/registry setup to dynamic, scenario-scoped OCI bundle and catalog image building with in-cluster registry access via port-forward. Test utilities reorganized to consolidate bundle/CSV builders in Changes
Sequence Diagram(s)sequenceDiagram
participant GH as Gherkin Feature
participant Step as E2E Steps
participant Reg as Test Registry
participant Build as Catalog Builder
participant K8s as Kubernetes
participant Test as Test Process
GH->>Step: Scenario: "..."
Step->>Reg: Deploy(namespace, name)
Reg->>K8s: Create Namespace, Certificate, Deployment, Service
Reg->>K8s: Poll Deployment Available condition
Reg-->>Step: Ready
Step->>Reg: PortForward(port 5000)
Reg->>K8s: Find pod, create port-forward tunnel
Reg-->>Step: localhost:forwardedPort
GH->>Step: catalog "test" with packages: ...
Step->>Build: NewCatalog(name, scenarioID, packages)
Build->>Build: buildBundle per package version
Build->>Build: Apply OCI bundle labels
Build->>Test: Push bundle image via crane → localhost:port
Test-->>Build: ✓
Build->>Build: Generate FBC (olm.package/channel/bundle)
Build->>Build: Create catalog OCI image
Build->>Test: Push catalog image via crane → localhost:port
Test-->>Build: ✓
Build-->>Step: BuildResult{imageRef, catalogName, pkgMapping}
Step->>K8s: Patch ClusterCatalog image ref (scenario-scoped)
K8s-->>Step: ✓
GH->>Step: ClusterExtension with ${PACKAGE:test}, ${CATALOG:test}
Step->>Step: substituteScenarioVars(input)
Step-->>K8s: Apply parameterized ClusterExtension
Step->>K8s: Poll for bundle installation, readiness
K8s-->>GH: ✓ Operator deployed
Estimated code review effort🎯 4 (Complex) | ⏱️ ~75 minutes Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 error, 3 warnings)
✅ Passed checks (8 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tmshort The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (3)
test/extension-developer-e2e/extension_developer_test.go (1)
69-69: CONTAINER_RUNTIME validation is handled indirectly.
CONTAINER_RUNTIMEis used here without explicit validation, but setup.sh (which runs beforesaveAndPush) validates it and will fail with a clear error if unset. This is acceptable, though adding explicit validation here would provide a clearer error message if the flow changes in the future.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/extension-developer-e2e/extension_developer_test.go` at line 69, The code reads containerRuntime := os.Getenv("CONTAINER_RUNTIME") without explicit validation; add a guard immediately after that line to fail fast if it's empty (e.g., if containerRuntime == "" { t.Fatalf("CONTAINER_RUNTIME must be set") } or log.Fatalf in TestMain) so tests produce a clear error instead of relying on setup.sh or saveAndPush; reference the containerRuntime variable and place the check in the same test (e.g., in Test... in extension_developer_test.go) right after the os.Getenv call.docs/designs/testing/2026-04-13-e2e-isolation/design.md (1)
15-24: Add language identifier to fenced code block.The fenced code block describing the scenario flow should have a language identifier for proper syntax highlighting and to satisfy markdown linting rules.
Proposed fix
-``` +```text Scenario starts -> Generate parameterized bundle manifests (CRD names, deployments, etc. include scenario ID) -> Build + push bundle OCI images to e2e registry via go-containerregistry -> Generate FBC catalog config referencing those bundle image refs -> Build + push catalog OCI image to e2e registry -> Create ClusterCatalog pointing at the catalog image -> Run scenario steps -> Cleanup all resources (including catalog)</details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@docs/designs/testing/2026-04-13-e2e-isolation/design.mdaround lines 15 -
24, The fenced code block describing the scenario flow currently has no language
identifier; update the block that begins withto include a language token (e.g., changeto ```text) so the scenario steps are properly highlighted and
satisfy markdown linting rules.</details> </blockquote></details> <details> <summary>test/extension-developer-e2e/setup.sh (1)</summary><blockquote> `91-95`: **Consider removing redundant blank line.** Minor: There's an extra blank line at line 95. <details> <summary>Proposed fix</summary> ```diff # Push is handled by the Go test via crane + port-forward, # because docker push goes through the Docker daemon which # may be in a different network context (e.g. colima VM). - - + ############################### ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary> ``` Verify each finding against the current code and only fix it if needed. In `@test/extension-developer-e2e/setup.sh` around lines 91 - 95, Remove the redundant blank line immediately after the comment block starting with "# Push is handled by the Go test via crane + port-forward," so the comment lines are contiguous without an extra empty line; edit the setup.sh snippet containing that comment block to delete the extra newline following it. ``` </details> </blockquote></details> </blockquote></details> <details> <summary>🤖 Prompt for all review comments with AI agents</summary>Verify each finding against the current code and only fix it if needed.
Inline comments:
In@test/e2e/steps/steps.go:
- Around line 62-90: The registry setup currently returns nil on non-kind
clusters which lets the step "Given an image registry is available" succeed even
though no local push target exists; update deployImageRegistry so that instead
of returning nil when providerID doesn't start with "kind://", it returns a
clear non-nil error (e.g., "no local registry available on non-kind cluster") so
callers like startRegistryPortForward and registryHosts will fail fast; locate
and change deployImageRegistry (and adjust any callers if they expect nil) to
propagate this error so port-forward attempts are not attempted on clusters
without a local registry.- Around line 1549-1554: The loop over table.Rows assumes every row has at least
five cells and will panic on malformed tables; before indexing row.Cells in the
loop (where pkg, version, channel, replaces, contents are assigned) add a length
check (e.g., if len(row.Cells) < 5) and return/raise a clear parse error
including the offending row (or call the test failure helper used in this file)
instead of indexing; this validation should live right at the top of the for _,
row := range table.Rows[1:] loop to prevent panics when accessing
row.Cells[0]..row.Cells[4].- Around line 1663-1698: parseContents currently swallows unrecognized or
malformed tokens (e.g., typo "Configmap", bad "Property(...)" without "=", bad
"InstallMode(...)", or failed Atoi in "LargeCRD(...)"), which hides user errors;
change parseContents to return (opts []catalog.Option, err error), add explicit
validation in the switch: on the default case return an error for unknown
tokens, return errors when Property(...) lacks "=", when InstallMode(...) yields
an invalid/empty mode, and when Atoi for LargeCRD fails (instead of ignoring),
and likewise validate StaticBundleDir input; then update parseCatalogTable to
check and propagate the error returned from parseContents.In
@test/internal/catalog/bundle.go:
- Around line 244-255: The NetworkPolicy's PodSelector is currently empty which
targets all pods; update the PodSelector in the
WithBundleResource("networkpolicy.yaml", &networkingv1.NetworkPolicy{...}) block
to scope the policy to the operator's pods by matching the deployment label (use
metav1.LabelSelector{MatchLabels: map[string]string{"app": deploymentName}} or
equivalent) so the policy only applies to pods labeled app: deploymentName
rather than all namespace pods.
Nitpick comments:
In@docs/designs/testing/2026-04-13-e2e-isolation/design.md:
- Around line 15-24: The fenced code block describing the scenario flow
currently has no language identifier; update the block that begins withto include a language token (e.g., changeto ```text) so the scenario steps are
properly highlighted and satisfy markdown linting rules.In
@test/extension-developer-e2e/extension_developer_test.go:
- Line 69: The code reads containerRuntime := os.Getenv("CONTAINER_RUNTIME")
without explicit validation; add a guard immediately after that line to fail
fast if it's empty (e.g., if containerRuntime == "" {
t.Fatalf("CONTAINER_RUNTIME must be set") } or log.Fatalf in TestMain) so tests
produce a clear error instead of relying on setup.sh or saveAndPush; reference
the containerRuntime variable and place the check in the same test (e.g., in
Test... in extension_developer_test.go) right after the os.Getenv call.In
@test/extension-developer-e2e/setup.sh:
- Around line 91-95: Remove the redundant blank line immediately after the
comment block starting with "# Push is handled by the Go test via crane +
port-forward," so the comment lines are contiguous without an extra empty line;
edit the setup.sh snippet containing that comment block to delete the extra
newline following it.</details> <details> <summary>🪄 Autofix (Beta)</summary> Fix all unresolved CodeRabbit comments on this PR: - [ ] <!-- {"checkboxId": "4b0d0e0a-96d7-4f10-b296-3a18ea78f0b9"} --> Push a commit to this branch (recommended) - [ ] <!-- {"checkboxId": "ff5b1114-7d8c-49e6-8ac1-43f82af23a33"} --> Create a new PR with the fixes </details> --- <details> <summary>ℹ️ Review info</summary> <details> <summary>⚙️ Run configuration</summary> **Configuration used**: Repository: openshift/coderabbit/.coderabbit.yaml **Review profile**: CHILL **Plan**: Pro Plus **Run ID**: `53e13ed1-efb1-44d5-bd1a-183967181777` </details> <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 9b9eb03268722fe2c05e05f9c96a11ac8079bb87 and 4576815c1c85c5e7e9af2772c702cc014db4e39f. </details> <details> <summary>⛔ Files ignored due to path filters (217)</summary> * `go.sum` is excluded by `!**/*.sum` * `openshift/tests-extension/go.sum` is excluded by `!**/*.sum` * `openshift/tests-extension/vendor/github.com/moby/spdystream/NOTICE` is excluded by `!**/vendor/**` * `openshift/tests-extension/vendor/github.com/moby/spdystream/connection.go` is excluded by `!**/vendor/**` * `openshift/tests-extension/vendor/github.com/moby/spdystream/spdy/LICENSE` is excluded by `!**/vendor/**` * `openshift/tests-extension/vendor/github.com/moby/spdystream/spdy/PATENTS` is excluded by `!**/vendor/**` * `openshift/tests-extension/vendor/github.com/moby/spdystream/spdy/dictionary.go` is excluded by `!**/vendor/**` * `openshift/tests-extension/vendor/github.com/moby/spdystream/spdy/options.go` is excluded by `!**/vendor/**` * `openshift/tests-extension/vendor/github.com/moby/spdystream/spdy/read.go` is excluded by `!**/vendor/**` * `openshift/tests-extension/vendor/github.com/moby/spdystream/spdy/types.go` is excluded by `!**/vendor/**` * `openshift/tests-extension/vendor/github.com/moby/spdystream/spdy/write.go` is excluded by `!**/vendor/**` * `openshift/tests-extension/vendor/modules.txt` is excluded by `!**/vendor/**` * `testdata/push/go.sum` is excluded by `!**/*.sum` * `testdata/push/vendor/github.com/containerd/stargz-snapshotter/estargz/build.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/containerd/stargz-snapshotter/estargz/types.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/AUTHORS` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/LICENSE` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/NOTICE` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/config.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/configfile/file.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/configfile/file_windows.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/credentials/credentials.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/credentials/default_store.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/credentials/default_store_darwin.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/credentials/default_store_linux.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/credentials/default_store_windows.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/credentials/file_store.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/credentials/native_store.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/cli/cli/config/types/authconfig.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/distribution/LICENSE` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/docker-credential-helpers/LICENSE` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/docker-credential-helpers/client/client.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/docker-credential-helpers/client/command.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/docker-credential-helpers/credentials/error.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/docker-credential-helpers/credentials/helper.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/docker/docker-credential-helpers/credentials/version.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/LICENSE` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/and/and_closer.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/compression/compression.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/estargz/estargz.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/gzip/zip.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/redact/redact.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/retry/retry.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/retry/wait/kubernetes_apimachinery_wait.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/verify/verify.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/windows/windows.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/internal/zstd/zstd.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/authn/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/authn/anon.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/authn/auth.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/authn/authn.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/authn/basic.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/authn/bearer.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/authn/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/compression/compression.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/append.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/catalog.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/config.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/copy.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/delete.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/digest.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/export.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/filemap.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/get.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/list.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/manifest.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/options.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/pull.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/push.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/crane/tag.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/legacy/config.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/legacy/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/write.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/logs/logs.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/check.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/digest.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/errors.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/options.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/ref.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/registry.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/repository.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/name/tag.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/config.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/empty/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/empty/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/empty/image.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/empty/index.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/hash.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/image.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/index.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layer.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/gc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/image.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/index.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/layoutpath.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/options.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/read.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/match/match.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/index.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/rebase.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/partial/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/partial/compressed.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/partial/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/partial/image.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/partial/index.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/partial/uncompressed.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/platform.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/progress.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/check.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/delete.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/layer.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/mount.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/multi_write.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/progress.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/puller.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/pusher.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/referrers.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/schema1.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/logger.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/retry.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/useragent.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/stream/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/stream/layer.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/doc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/types/types.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/google/go-containerregistry/pkg/v1/zz_deepcopy_generated.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/.gitattributes` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/.gitignore` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/.goreleaser.yml` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/LICENSE` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/SECURITY.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/compressible.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/fse/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/fse/bitreader.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/fse/bitwriter.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/fse/bytereader.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/fse/compress.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/fse/decompress.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/fse/fse.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/gen.sh` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/.gitignore` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/bitreader.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/bitwriter.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/compress.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/decompress.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/decompress_amd64.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/decompress_amd64.s` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/decompress_generic.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/huff0/huff0.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.s` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/internal/snapref/decode.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/internal/snapref/decode_other.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/internal/snapref/encode.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/internal/snapref/encode_other.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/internal/snapref/snappy.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/s2sx.mod` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/s2sx.sum` is excluded by `!**/*.sum`, `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/zstd/README.md` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/zstd/bitreader.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/zstd/bitwriter.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/zstd/blockdec.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/zstd/blockenc.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/zstd/blocktype_string.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/zstd/bytebuf.go` is excluded by `!**/vendor/**` * `testdata/push/vendor/github.com/klauspost/compress/zstd/bytereader.go` is excluded by `!**/vendor/**` </details> <details> <summary>📒 Files selected for processing (83)</summary> * `Makefile` * `docs/designs/testing/2026-04-13-e2e-isolation/design.md` * `go.mod` * `hack/kind-config/containerd/certs.d/docker-registry.operator-controller-e2e.svc.cluster.local:5000/hosts.toml` * `hack/kind-config/containerd/certs.d/go.mod` * `internal/operator-controller/applier/boxcutter_test.go` * `internal/operator-controller/applier/provider_test.go` * `internal/operator-controller/config/config_test.go` * `internal/operator-controller/config/error_formatting_test.go` * `internal/operator-controller/rukpak/bundle/source/source_test.go` * `internal/operator-controller/rukpak/render/registryv1/generators/generators_test.go` * `internal/operator-controller/rukpak/render/registryv1/registryv1_test.go` * `internal/operator-controller/rukpak/render/registryv1/validators/validator_test.go` * `internal/operator-controller/rukpak/render/render_test.go` * `internal/testing/bundle/csv/builder.go` * `internal/testing/bundle/csv/builder_test.go` * `internal/testing/bundle/fs/bundlefs.go` * `internal/testing/bundle/fs/bundlefs_test.go` * `kind-config/kind-config-2node.yaml` * `kind-config/kind-config.yaml` * `openshift/tests-extension/go.mod` * `test/e2e/README.md` * `test/e2e/features/install.feature` * `test/e2e/features/recover.feature` * `test/e2e/features/status.feature` * `test/e2e/features/uninstall.feature` * `test/e2e/features/update.feature` * `test/e2e/features/user-managed-fields.feature` * `test/e2e/steps/hooks.go` * `test/e2e/steps/steps.go` * `test/e2e/steps/testdata/extra-catalog-template.yaml` * `test/e2e/steps/testdata/test-catalog-template.yaml` * `test/e2e/steps/upgrade_steps.go` * `test/extension-developer-e2e/extension_developer_test.go` * `test/extension-developer-e2e/setup.sh` * `test/helpers/feature_gates.go` * `test/helpers/helpers.go` * `test/internal/catalog/bundle.go` * `test/internal/catalog/catalog.go` * `test/internal/catalog/catalog_test.go` * `test/internal/registry/registry.go` * `test/upgrade-e2e/features/operator-upgrade.feature` * `testdata/Dockerfile` * `testdata/build-test-registry.sh` * `testdata/images/bundles/large-crd-operator/v1.0.0/manifests/largecrd.operatorframework.io_largecrdtests.yaml` * `testdata/images/bundles/large-crd-operator/v1.0.0/manifests/largecrdoperator.clusterserviceversion.yaml` * `testdata/images/bundles/large-crd-operator/v1.0.0/manifests/script.configmap.yaml` * `testdata/images/bundles/large-crd-operator/v1.0.0/metadata/annotations.yaml` * `testdata/images/bundles/own-namespace-operator/v1.0.0/manifests/olm.operatorframework.com_ownnamespaces.yaml` * `testdata/images/bundles/own-namespace-operator/v1.0.0/manifests/ownnamespaceoperator.clusterserviceversion.yaml` * `testdata/images/bundles/own-namespace-operator/v1.0.0/metadata/annotations.yaml` * `testdata/images/bundles/single-namespace-operator/v1.0.0/manifests/olm.operatorframework.com_singlenamespaces.yaml` * `testdata/images/bundles/single-namespace-operator/v1.0.0/manifests/singlenamespaceoperator.clusterserviceversion.yaml` * `testdata/images/bundles/single-namespace-operator/v1.0.0/metadata/annotations.yaml` * `testdata/images/bundles/test-operator/v1.0.0/manifests/bundle.configmap.yaml` * `testdata/images/bundles/test-operator/v1.0.0/manifests/dummy.configmap.yaml` * `testdata/images/bundles/test-operator/v1.0.0/manifests/olm.operatorframework.com_olme2etest.yaml` * `testdata/images/bundles/test-operator/v1.0.0/manifests/script.configmap.yaml` * `testdata/images/bundles/test-operator/v1.0.0/manifests/testoperator.clusterserviceversion.yaml` * `testdata/images/bundles/test-operator/v1.0.0/manifests/testoperator.networkpolicy.yaml` * `testdata/images/bundles/test-operator/v1.0.0/metadata/annotations.yaml` * `testdata/images/bundles/test-operator/v1.0.2/manifests/bundle.configmap.yaml` * `testdata/images/bundles/test-operator/v1.0.2/manifests/olm.operatorframework.com_olme2etest.yaml` * `testdata/images/bundles/test-operator/v1.0.2/manifests/testoperator.clusterserviceversion.yaml` * `testdata/images/bundles/test-operator/v1.0.2/manifests/testoperator.networkpolicy.yaml` * `testdata/images/bundles/test-operator/v1.0.2/metadata/annotations.yaml` * `testdata/images/bundles/test-operator/v1.0.3/manifests/bundle.configmap.yaml` * `testdata/images/bundles/test-operator/v1.0.3/manifests/testoperator.clusterserviceversion.yaml` * `testdata/images/bundles/test-operator/v1.0.3/metadata/annotations.yaml` * `testdata/images/bundles/test-operator/v1.2.0/manifests/bundle.configmap.yaml` * `testdata/images/bundles/test-operator/v1.2.0/manifests/olm.operatorframework.com_olme2etest.yaml` * `testdata/images/bundles/test-operator/v1.2.0/manifests/script.configmap.yaml` * `testdata/images/bundles/test-operator/v1.2.0/manifests/testoperator.clusterserviceversion.yaml` * `testdata/images/bundles/test-operator/v1.2.0/manifests/testoperator.networkpolicy.yaml` * `testdata/images/bundles/test-operator/v1.2.0/metadata/annotations.yaml` * `testdata/images/bundles/test-operator/v1.2.0/metadata/properties.yaml` * `testdata/images/catalogs/test-catalog/v1/configs/.indexignore` * `testdata/images/catalogs/test-catalog/v1/configs/catalog.yaml` * `testdata/images/catalogs/test-catalog/v2/configs/.indexignore` * `testdata/images/catalogs/test-catalog/v2/configs/catalog.yaml` * `testdata/push/README.md` * `testdata/push/go.mod` * `testdata/push/push.go` </details> <details> <summary>💤 Files with no reviewable changes (46)</summary> * testdata/images/catalogs/test-catalog/v2/configs/.indexignore * testdata/images/bundles/test-operator/v1.2.0/manifests/testoperator.networkpolicy.yaml * testdata/images/catalogs/test-catalog/v1/configs/.indexignore * testdata/images/bundles/test-operator/v1.0.0/metadata/annotations.yaml * testdata/push/go.mod * testdata/images/bundles/large-crd-operator/v1.0.0/metadata/annotations.yaml * testdata/images/bundles/test-operator/v1.0.3/metadata/annotations.yaml * testdata/images/bundles/test-operator/v1.2.0/metadata/annotations.yaml * testdata/images/bundles/test-operator/v1.0.0/manifests/dummy.configmap.yaml * testdata/Dockerfile * hack/kind-config/containerd/certs.d/docker-registry.operator-controller-e2e.svc.cluster.local:5000/hosts.toml * testdata/images/bundles/test-operator/v1.0.2/manifests/bundle.configmap.yaml * testdata/images/bundles/test-operator/v1.2.0/metadata/properties.yaml * testdata/images/bundles/single-namespace-operator/v1.0.0/metadata/annotations.yaml * testdata/images/bundles/test-operator/v1.0.2/metadata/annotations.yaml * testdata/images/bundles/test-operator/v1.0.2/manifests/testoperator.networkpolicy.yaml * testdata/push/README.md * testdata/images/bundles/test-operator/v1.2.0/manifests/testoperator.clusterserviceversion.yaml * test/e2e/steps/testdata/test-catalog-template.yaml * testdata/images/catalogs/test-catalog/v1/configs/catalog.yaml * testdata/images/bundles/test-operator/v1.0.2/manifests/olm.operatorframework.com_olme2etest.yaml * testdata/images/bundles/single-namespace-operator/v1.0.0/manifests/singlenamespaceoperator.clusterserviceversion.yaml * testdata/images/bundles/test-operator/v1.2.0/manifests/script.configmap.yaml * testdata/images/bundles/test-operator/v1.0.0/manifests/testoperator.networkpolicy.yaml * testdata/images/bundles/large-crd-operator/v1.0.0/manifests/script.configmap.yaml * testdata/images/bundles/test-operator/v1.0.0/manifests/bundle.configmap.yaml * testdata/images/bundles/test-operator/v1.2.0/manifests/bundle.configmap.yaml * kind-config/kind-config.yaml * testdata/images/catalogs/test-catalog/v2/configs/catalog.yaml * testdata/images/bundles/test-operator/v1.0.0/manifests/testoperator.clusterserviceversion.yaml * testdata/images/bundles/test-operator/v1.0.3/manifests/testoperator.clusterserviceversion.yaml * test/e2e/steps/testdata/extra-catalog-template.yaml * testdata/images/bundles/test-operator/v1.2.0/manifests/olm.operatorframework.com_olme2etest.yaml * testdata/images/bundles/own-namespace-operator/v1.0.0/manifests/olm.operatorframework.com_ownnamespaces.yaml * testdata/images/bundles/own-namespace-operator/v1.0.0/metadata/annotations.yaml * kind-config/kind-config-2node.yaml * testdata/images/bundles/test-operator/v1.0.0/manifests/olm.operatorframework.com_olme2etest.yaml * testdata/images/bundles/own-namespace-operator/v1.0.0/manifests/ownnamespaceoperator.clusterserviceversion.yaml * hack/kind-config/containerd/certs.d/go.mod * testdata/images/bundles/test-operator/v1.0.2/manifests/testoperator.clusterserviceversion.yaml * test/helpers/feature_gates.go * testdata/images/bundles/single-namespace-operator/v1.0.0/manifests/olm.operatorframework.com_singlenamespaces.yaml * testdata/images/bundles/large-crd-operator/v1.0.0/manifests/largecrdoperator.clusterserviceversion.yaml * test/helpers/helpers.go * testdata/images/bundles/test-operator/v1.0.0/manifests/script.configmap.yaml * testdata/images/bundles/test-operator/v1.0.3/manifests/bundle.configmap.yaml </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
Comment on lines
62
to
+90
| deployImageRegistry = sync.OnceValue(func() error { | ||
| if os.Getenv("KIND_CLUSTER_NAME") == "" { | ||
| // Only deploy the registry on kind clusters | ||
| providerID, err := k8sClient("get", "nodes", "-o", "jsonpath={.items[0].spec.providerID}") | ||
| if err != nil || !strings.HasPrefix(providerID, "kind://") { | ||
| return nil | ||
| } | ||
| cmd := exec.Command("bash", "-c", "make image-registry") | ||
| dir, _ := os.LookupEnv("ROOT_DIR") | ||
| if dir == "" { | ||
| return fmt.Errorf("ROOT_DIR environment variable not set") | ||
|
|
||
| cfg, err := ctrl.GetConfig() | ||
| if err != nil { | ||
| return fmt.Errorf("failed to get kubeconfig: %w", err) | ||
| } | ||
| cmd.Dir = dir | ||
| cmd.Env = append(os.Environ(), fmt.Sprintf("KUBECONFIG=%s", kubeconfigPath)) | ||
| cmd.Stdout = os.Stdout | ||
| cmd.Stderr = os.Stderr | ||
| return cmd.Run() | ||
| return testregistry.Deploy(context.Background(), cfg, testregistry.DefaultNamespace, testregistry.DefaultName) | ||
| }) | ||
| startRegistryPortForward = sync.OnceValues(func() (string, error) { | ||
| if err := deployImageRegistry(); err != nil { | ||
| return "", err | ||
| } | ||
| cfg, err := ctrl.GetConfig() | ||
| if err != nil { | ||
| return "", fmt.Errorf("failed to get kubeconfig: %w", err) | ||
| } | ||
| // Port-forward lives for the duration of the test process; | ||
| // the stop function is not needed because the goroutine is | ||
| // cleaned up on process exit. | ||
| localAddr, _, err := testregistry.PortForward(context.Background(), cfg, testregistry.DefaultNamespace, testregistry.DefaultName) | ||
| if err != nil { | ||
| return "", fmt.Errorf("failed to start port-forward to registry: %w", err) | ||
| } | ||
| return localAddr, nil |
There was a problem hiding this comment.
Don’t let the registry step succeed when there is no local push target.
registryHosts() always goes through startRegistryPortForward(), but deployImageRegistry() returns nil on non-kind clusters. That makes Given an image registry is available pass even though the first catalog build will still try to port-forward to operator-controller-e2e/docker-registry and fail.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test/e2e/steps/steps.go` around lines 62 - 90, The registry setup currently
returns nil on non-kind clusters which lets the step "Given an image registry is
available" succeed even though no local push target exists; update
deployImageRegistry so that instead of returning nil when providerID doesn't
start with "kind://", it returns a clear non-nil error (e.g., "no local registry
available on non-kind cluster") so callers like startRegistryPortForward and
registryHosts will fail fast; locate and change deployImageRegistry (and adjust
any callers if they expect nil) to propagate this error so port-forward attempts
are not attempted on clusters without a local registry.
Comment on lines
+1549
to
+1554
| for _, row := range table.Rows[1:] { // skip header | ||
| pkg := row.Cells[0].Value | ||
| version := row.Cells[1].Value | ||
| channel := row.Cells[2].Value | ||
| replaces := row.Cells[3].Value | ||
| contents := row.Cells[4].Value |
There was a problem hiding this comment.
Validate row width before indexing row.Cells.
These five indexed reads assume every row is well-formed. A malformed Gherkin table will panic the step instead of returning a useful parse error.
🔧 Suggested fix
for _, row := range table.Rows[1:] { // skip header
+ if len(row.Cells) < 5 {
+ return nil, fmt.Errorf("catalog table row must have 5 cells, got %d", len(row.Cells))
+ }
pkg := row.Cells[0].Value
version := row.Cells[1].Value
channel := row.Cells[2].Value
replaces := row.Cells[3].Value
contents := row.Cells[4].Value🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test/e2e/steps/steps.go` around lines 1549 - 1554, The loop over table.Rows
assumes every row has at least five cells and will panic on malformed tables;
before indexing row.Cells in the loop (where pkg, version, channel, replaces,
contents are assigned) add a length check (e.g., if len(row.Cells) < 5) and
return/raise a clear parse error including the offending row (or call the test
failure helper used in this file) instead of indexing; this validation should
live right at the top of the for _, row := range table.Rows[1:] loop to prevent
panics when accessing row.Cells[0]..row.Cells[4].
Comment on lines
+1663
to
+1698
| for _, part := range strings.Split(contents, ",") { | ||
| part = strings.TrimSpace(part) | ||
| switch { | ||
| case part == "CRD": | ||
| opts = append(opts, catalog.WithCRD()) | ||
| case part == "Deployment": | ||
| opts = append(opts, catalog.WithDeployment()) | ||
| case part == "ConfigMap": | ||
| opts = append(opts, catalog.WithConfigMap()) | ||
| case strings.HasPrefix(part, "Property(") && strings.HasSuffix(part, ")"): | ||
| // Property(type=value) | ||
| inner := part[len("Property(") : len(part)-1] | ||
| if k, v, ok := strings.Cut(inner, "="); ok { | ||
| opts = append(opts, catalog.WithBundleProperty(k, v)) | ||
| } | ||
| case strings.HasPrefix(part, "InstallMode(") && strings.HasSuffix(part, ")"): | ||
| // InstallMode(SingleNamespace) or InstallMode(OwnNamespace) | ||
| mode := part[len("InstallMode(") : len(part)-1] | ||
| opts = append(opts, catalog.WithInstallMode(v1alpha1.InstallModeType(mode))) | ||
| case strings.HasPrefix(part, "LargeCRD(") && strings.HasSuffix(part, ")"): | ||
| // LargeCRD(250) | ||
| countStr := part[len("LargeCRD(") : len(part)-1] | ||
| count, err := strconv.Atoi(countStr) | ||
| if err == nil { | ||
| opts = append(opts, catalog.WithLargeCRD(count)) | ||
| } | ||
| case strings.HasPrefix(part, "ClusterRegistry(") && strings.HasSuffix(part, ")"): | ||
| // ClusterRegistry(mirrored-registry.operator-controller-e2e.svc.cluster.local:5000) | ||
| host := part[len("ClusterRegistry(") : len(part)-1] | ||
| opts = append(opts, catalog.WithClusterRegistry(host)) | ||
| case strings.HasPrefix(part, "StaticBundleDir(") && strings.HasSuffix(part, ")"): | ||
| // StaticBundleDir(testdata/images/bundles/webhook-operator/v0.0.1) | ||
| dir := part[len("StaticBundleDir(") : len(part)-1] | ||
| absDir := filepath.Join(projectRootDir(), dir) | ||
| opts = append(opts, catalog.StaticBundleDir(absDir)) | ||
| } |
There was a problem hiding this comment.
Fail fast on unknown bundle content directives.
Any unrecognized token is silently dropped here. A typo like Configmap, a malformed Property(...), or a misspelled InstallMode(...) quietly builds the wrong bundle and turns feature failures into guesswork. parseContents should return an error and let parseCatalogTable propagate it.
🔧 Suggested direction
-func parseContents(contents string) []catalog.BundleOption {
+func parseContents(contents string) ([]catalog.BundleOption, error) {
contents = strings.TrimSpace(contents)
if contents == "" {
- return nil
+ return nil, nil
}
if strings.EqualFold(contents, "BadImage") {
- return []catalog.BundleOption{catalog.BadImage()}
+ return []catalog.BundleOption{catalog.BadImage()}, nil
}
var opts []catalog.BundleOption
for _, part := range strings.Split(contents, ",") {
part = strings.TrimSpace(part)
switch {
case part == "CRD":
opts = append(opts, catalog.WithCRD())
@@
case strings.HasPrefix(part, "StaticBundleDir(") && strings.HasSuffix(part, ")"):
dir := part[len("StaticBundleDir(") : len(part)-1]
absDir := filepath.Join(projectRootDir(), dir)
opts = append(opts, catalog.StaticBundleDir(absDir))
+ default:
+ return nil, fmt.Errorf("unknown bundle content directive %q", part)
}
}
- return opts
+ return opts, nil
}You’d then want parseCatalogTable to handle the returned error from parseContents.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test/e2e/steps/steps.go` around lines 1663 - 1698, parseContents currently
swallows unrecognized or malformed tokens (e.g., typo "Configmap", bad
"Property(...)" without "=", bad "InstallMode(...)", or failed Atoi in
"LargeCRD(...)"), which hides user errors; change parseContents to return (opts
[]catalog.Option, err error), add explicit validation in the switch: on the
default case return an error for unknown tokens, return errors when
Property(...) lacks "=", when InstallMode(...) yields an invalid/empty mode, and
when Atoi for LargeCRD fails (instead of ignoring), and likewise validate
StaticBundleDir input; then update parseCatalogTable to check and propagate the
error returned from parseContents.
Comment on lines
+244
to
+255
| WithBundleResource("networkpolicy.yaml", &networkingv1.NetworkPolicy{ | ||
| TypeMeta: metav1.TypeMeta{ | ||
| APIVersion: "networking.k8s.io/v1", | ||
| Kind: "NetworkPolicy", | ||
| }, | ||
| ObjectMeta: metav1.ObjectMeta{ | ||
| Name: fmt.Sprintf("%s-network-policy", deploymentName), | ||
| }, | ||
| Spec: networkingv1.NetworkPolicySpec{ | ||
| PodSelector: metav1.LabelSelector{}, | ||
| PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress}, | ||
| }, |
There was a problem hiding this comment.
Scope the generated NetworkPolicy to the operator pods.
PodSelector: {} makes this ingress policy apply to every pod in the scenario namespace. Since the deployment already labels its pods with app: scenarioID, one bundle install can accidentally cut off unrelated pods and introduce cross-scenario flakiness.
🔧 Suggested fix
WithBundleResource("networkpolicy.yaml", &networkingv1.NetworkPolicy{
TypeMeta: metav1.TypeMeta{
APIVersion: "networking.k8s.io/v1",
Kind: "NetworkPolicy",
},
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("%s-network-policy", deploymentName),
},
Spec: networkingv1.NetworkPolicySpec{
- PodSelector: metav1.LabelSelector{},
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{
+ "app": scenarioID,
+ },
+ },
PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress},
},
})📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| WithBundleResource("networkpolicy.yaml", &networkingv1.NetworkPolicy{ | |
| TypeMeta: metav1.TypeMeta{ | |
| APIVersion: "networking.k8s.io/v1", | |
| Kind: "NetworkPolicy", | |
| }, | |
| ObjectMeta: metav1.ObjectMeta{ | |
| Name: fmt.Sprintf("%s-network-policy", deploymentName), | |
| }, | |
| Spec: networkingv1.NetworkPolicySpec{ | |
| PodSelector: metav1.LabelSelector{}, | |
| PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress}, | |
| }, | |
| WithBundleResource("networkpolicy.yaml", &networkingv1.NetworkPolicy{ | |
| TypeMeta: metav1.TypeMeta{ | |
| APIVersion: "networking.k8s.io/v1", | |
| Kind: "NetworkPolicy", | |
| }, | |
| ObjectMeta: metav1.ObjectMeta{ | |
| Name: fmt.Sprintf("%s-network-policy", deploymentName), | |
| }, | |
| Spec: networkingv1.NetworkPolicySpec{ | |
| PodSelector: metav1.LabelSelector{ | |
| MatchLabels: map[string]string{ | |
| "app": scenarioID, | |
| }, | |
| }, | |
| PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress}, | |
| }, |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test/internal/catalog/bundle.go` around lines 244 - 255, The NetworkPolicy's
PodSelector is currently empty which targets all pods; update the PodSelector in
the WithBundleResource("networkpolicy.yaml", &networkingv1.NetworkPolicy{...})
block to scope the policy to the operator's pods by matching the deployment
label (use metav1.LabelSelector{MatchLabels: map[string]string{"app":
deploymentName}} or equivalent) so the policy only applies to pods labeled app:
deploymentName rather than all namespace pods.
Contributor
|
@tmshort: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The downstream repository has been updated with the following following upstream commits:
The
vendor/directory has been updated and the following commits were carried:@catalogd-updateThis pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.
/cc @