Skip to content

NO-ISSUE: Synchronize From Upstream Repositories#752

Open
openshift-bot wants to merge 115 commits into
openshift:mainfrom
openshift-bot:synchronize-upstream
Open

NO-ISSUE: Synchronize From Upstream Repositories#752
openshift-bot wants to merge 115 commits into
openshift:mainfrom
openshift-bot:synchronize-upstream

Conversation

@openshift-bot

@openshift-bot openshift-bot commented Jun 10, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown

The downstream repository has been updated with the following following upstream commits:

Date Commit Author Message
2026-06-12 15:48:00 operator-framework/operator-controller@8807a64 Predrag Knezevic fix: allow api-lint-diff to run from a git worktree (#2765)
2026-06-12 15:45:06 operator-framework/operator-controller@90a99bf dependabot[bot] 🌱 Bump github.com/prometheus/common from 0.67.5 to 0.68.0 (#2766)
2026-06-11 20:18:59 operator-framework/operator-controller@b5f05bb Todd Short Update operator-registry and api (#2762)
2026-06-11 16:01:13 operator-framework/operator-controller@c5d627f dependabot[bot] 🌱 Bump idna from 3.16 to 3.17 (#2760)
2026-06-11 15:11:29 operator-framework/operator-controller@c4e5bf3 dependabot[bot] 🌱 Bump platformdirs from 4.9.6 to 4.10.0 (#2761)
2026-06-11 14:42:04 operator-framework/operator-controller@79f6c2a Predrag Knezevic fix: resolve crdUpgradeSafety reporting OneOf changes as unhandled (#2759)
2026-06-11 14:20:50 operator-framework/operator-controller@df4bd9a Predrag Knezevic fix: use $(HELM) instead of bare helm in lint-helm target (#2758)
2026-06-11 12:16:49 operator-framework/operator-controller@9c49467 Predrag Knezevic refactor: migrate e2e prometheus from custom chart to kube-prometheus-stack (#2757)
2026-06-10 14:16:24 operator-framework/operator-controller@23b7e52 Daniel Franz E2E Summary Output Fix (#2751)
2026-06-10 14:10:44 operator-framework/operator-controller@b63979e dependabot[bot] Bump k8s dependencies to v1.36.0 and update tooling (#2717)
2026-06-10 09:53:40 operator-framework/operator-controller@f96144f Todd Short tlsprofiles: add SecP256r1MLKEM768, SecP384r1MLKEM1024, and secp256r1 alias (#2754)
2026-06-09 17:36:04 operator-framework/operator-controller@53b5ecf Predrag Knezevic 🐛 Fix support-bundle collection on e2e failure (#2755)
2026-06-09 16:31:51 operator-framework/operator-controller@b15d736 Predrag Knezevic Add network policy for prometheus-operator in e2e tests (#2756)

The vendor/ directory has been updated and the following commits were carried:

Date Commit Author Message
2026-06-08 22:07:40 openshift/operator-framework-operator-controller@14a3978 dtfranz UPSTREAM: <carry>: Add OpenShift specific files
2026-06-08 22:07:42 openshift/operator-framework-operator-controller@910369b Camila Macedo UPSTREAM: <carry>: Add new tests for single/own namespaces install modes
2026-06-08 22:07:42 openshift/operator-framework-operator-controller@02ba15f Camila Macedo UPSTREAM: <carry>: Upgrade OCP image from 4.20 to 4.21
2026-06-08 22:07:43 openshift/operator-framework-operator-controller@ec486cb Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] - Change logic to get ocp images from openshift/catalogd/manifests.yaml
2026-06-08 22:07:43 openshift/operator-framework-operator-controller@edfaa59 Todd Short UPSTREAM: <carry>: Update OCP catalogs to v4.21
2026-06-08 22:07:44 openshift/operator-framework-operator-controller@56ddaa2 Kui Wang UPSTREAM: <carry>: support singleown cases in disconnected
2026-06-08 22:07:44 openshift/operator-framework-operator-controller@3b22ba6 Kui Wang UPSTREAM: <carry>: fix cases 81696 and 74618 for product code changes
2026-06-08 22:07:45 openshift/operator-framework-operator-controller@68a8231 Camila Macedo UPSTREAM: <carry>: Define Default timeouts and apply their usage accross to avoid flakes
2026-06-08 22:07:45 openshift/operator-framework-operator-controller@1a85cb5 Todd Short UPSTREAM: <carry>: Update to new feature-gate options in helm
2026-06-08 22:07:46 openshift/operator-framework-operator-controller@0ca0b2c Camila Macedo UPSTREAM: <carry>: Fix flake for single/own ns tests by ensuring uniquess and waiting for k8s cleanups
2026-06-08 22:07:46 openshift/operator-framework-operator-controller@fe0cea5 Camila Macedo UPSTREAM: <carry>: [OTE]: Enhance single/own ns based on review comments ( Follow-Up of: 714977c )
2026-06-08 22:07:47 openshift/operator-framework-operator-controller@391b2bd Kui Wang UPSTREAM: <carry>: Update OwnSingle template to use spec.config.inline.watchNamespace
2026-06-08 22:07:47 openshift/operator-framework-operator-controller@a24383c Camila Macedo UPSTREAM: <carry>: [OTE]: Add webhook cleanup validation on extension uninstall
2026-06-08 22:07:48 openshift/operator-framework-operator-controller@2c11f1b Kui Wang UPSTREAM: <carry>: Add [OTP] to migrated cases
2026-06-08 22:07:49 openshift/operator-framework-operator-controller@380ec02 Camila Macedo UPSTREAM: <carry>: [OTE]: Upgrade dependencies used
2026-06-08 22:07:50 openshift/operator-framework-operator-controller@15bac6f Camila Macedo UPSTREAM: <carry>: fix(OTE): fix OpenShift Kubernetes replace version format
2026-06-08 22:07:51 openshift/operator-framework-operator-controller@a97e0d4 Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] Upgrade go 1.24.6 and dependencies
2026-06-08 22:07:51 openshift/operator-framework-operator-controller@a1824df Kui Wang UPSTREAM: <carry>: add disconnected environment support with custom prow job for migrated qe cases
2026-06-08 22:07:52 openshift/operator-framework-operator-controller@b267af5 Jian Zhang UPSTREAM: <carry>: migrate jiazha test cases to OTE
2026-06-08 22:07:52 openshift/operator-framework-operator-controller@569c004 Xia Zhao UPSTREAM: <carry>: migrate clustercatalog case to ote
2026-06-08 22:07:53 openshift/operator-framework-operator-controller@ddfdc8b Kui Wang UPSTREAM: <carry>: migrate olmv1 QE stress cases
2026-06-08 22:07:53 openshift/operator-framework-operator-controller@02227b4 Todd Short UPSTREAM: <carry>: Use busybox/httpd to simulate probes
2026-06-08 22:07:54 openshift/operator-framework-operator-controller@5a71fdb Xia Zhao UPSTREAM: <carry>: migrate olmv1 QE cases
2026-06-08 22:07:54 openshift/operator-framework-operator-controller@7dddb32 Kui Wang UPSTREAM: <carry>: add agent for olmv1 qe cases
2026-06-08 22:07:55 openshift/operator-framework-operator-controller@a3ca9e4 Todd Short UPSTREAM: <carry>: Disable upstream PodDisruptionBudget
2026-06-08 22:07:56 openshift/operator-framework-operator-controller@4d8fff9 Rashmi Gottipati UPSTREAM: <carry>: Add AGENTS.md for AI code contributions
2026-06-08 22:07:56 openshift/operator-framework-operator-controller@30eaf28 Rashmi Gottipati UPSTREAM: <carry>: address review comments through addl prompts
2026-06-08 22:07:57 openshift/operator-framework-operator-controller@1e5f74d Rashmi Gottipati UPSTREAM: <carry>: addressing some more review comments
2026-06-08 22:07:57 openshift/operator-framework-operator-controller@4975209 Rashmi Gottipati UPSTREAM: <carry>: remove DCO line
2026-06-08 22:07:58 openshift/operator-framework-operator-controller@363f4be Bruno Andrade UPSTREAM: <carry>: migrate bandrade test cases to OTE
2026-06-08 22:07:58 openshift/operator-framework-operator-controller@57d0c2c Bruno Andrade UPSTREAM: <carry>: update metadata
2026-06-08 22:07:59 openshift/operator-framework-operator-controller@a73371f Bruno Andrade UPSTREAM: <carry>: remove originalName
2026-06-08 22:07:59 openshift/operator-framework-operator-controller@b480d06 Jian Zhang UPSTREAM: <carry>: update 80458's timeout to 180s
2026-06-08 22:08:00 openshift/operator-framework-operator-controller@8744896 Jian Zhang UPSTREAM: <carry>: update 83026 to specify the clustercatalog
2026-06-08 22:08:00 openshift/operator-framework-operator-controller@a7d8dc4 Catherine Chan-Tse UPSTREAM: <carry>: Update to golang 1.25 and ocp 4.22
2026-06-08 22:08:01 openshift/operator-framework-operator-controller@d1280e4 Predrag Knezevic UPSTREAM: <carry>: Use oc client for running e2e tests
2026-06-08 22:08:01 openshift/operator-framework-operator-controller@8eaf98d Predrag Knezevic UPSTREAM: <carry>: Run upstream e2e tests tagged with @catalogd-update
2026-06-08 22:08:02 openshift/operator-framework-operator-controller@a504cf8 Kui Wang UPSTREAM: <carry>: enhance case to make it more stable
2026-06-08 22:08:02 openshift/operator-framework-operator-controller@a9e7ef3 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-06-08 22:08:03 openshift/operator-framework-operator-controller@822b03b Evan Hearne UPSTREAM: <carry>: move sa creation out of buildCurlJob()
2026-06-08 22:08:03 openshift/operator-framework-operator-controller@848406f Evan Hearne UPSTREAM: <carry>: comment out delete service account
2026-06-08 22:08:04 openshift/operator-framework-operator-controller@f628919 Evan Hearne UPSTREAM: <carry>: move defercleanup for sa for LIFO
2026-06-08 22:08:04 openshift/operator-framework-operator-controller@aac6420 Evan Hearne UPSTREAM: <carry>: add polling so job fully deleted before proceed
2026-06-08 22:08:05 openshift/operator-framework-operator-controller@26c54c3 Luke Meyer UPSTREAM: <carry>: Revert "Merge pull request #594 from ehearne-redhat/add-service-account-curl-job"
2026-06-08 22:08:06 openshift/operator-framework-operator-controller@d3827d1 Camila Macedo UPSTREAM: <carry>: Remove openshift-redhat-marketplace catalog tests
2026-06-08 22:08:06 openshift/operator-framework-operator-controller@1283ad8 Kui Wang UPSTREAM: <carry>: config watchnamespace cases
2026-06-08 22:08:07 openshift/operator-framework-operator-controller@275d494 Xia Zhao UPSTREAM: <carry>: enhance ocp-79770
2026-06-08 22:08:07 openshift/operator-framework-operator-controller@1b5e8a6 Kui Wang UPSTREAM: <carry>: upgrade version support case
2026-06-08 22:08:08 openshift/operator-framework-operator-controller@58e406a Per Goncalves da Silva UPSTREAM: <carry>: Remove installed condition check from auth preflight test
2026-06-08 22:08:08 openshift/operator-framework-operator-controller@38fdc45 Per Goncalves da Silva UPSTREAM: <carry>: Add openshift/api dependency
2026-06-08 22:08:09 openshift/operator-framework-operator-controller@9a9408a Per Goncalves da Silva UPSTREAM: <carry>: Add boxcutter specific preflight auth test
2026-06-08 22:08:09 openshift/operator-framework-operator-controller@7764a41 Kui Wang UPSTREAM: <carry>: adjust watchnamespace case based on change
2026-06-08 22:08:10 openshift/operator-framework-operator-controller@9ff8b93 Camila Macedo UPSTREAM: <carry>: fix(ote): Use as operator-controller dep from root dir
2026-06-08 22:08:11 openshift/operator-framework-operator-controller@1c4b846 Bruno Andrade UPSTREAM: <carry>: add 83979 automation
2026-06-08 22:08:12 openshift/operator-framework-operator-controller@510765f Bruno Andrade UPSTREAM: <carry>: add 85889 automation
2026-06-08 22:08:12 openshift/operator-framework-operator-controller@0d864ca Per Goncalves da Silva UPSTREAM: <carry>: Update test-operator startup script to fix pod probe endpoints
2026-06-08 22:08:13 openshift/operator-framework-operator-controller@9ddbb4b Per Goncalves da Silva UPSTREAM: <carry>: Fix up own-namespace invalid configuration test
2026-06-08 22:08:13 openshift/operator-framework-operator-controller@bf4f2c6 Camila Macedo UPSTREAM: <carry>: Preflight tests use in-cluster catalog and bundles instead of openshift-pipelines-operator-rh
2026-06-08 22:08:14 openshift/operator-framework-operator-controller@53a9f05 Kui Wang UPSTREAM: <carry>: adjust sa and permission test cases per new change from boxcutterruntime
2026-06-08 22:08:14 openshift/operator-framework-operator-controller@6796bc5 Camila Macedo UPSTREAM: <carry>: Update OCP catalogs to v4.22
2026-06-08 22:08:16 openshift/operator-framework-operator-controller@ada2315 Camila Macedo UPSTREAM: <carry>: chore(OTE and Default Catalog Tests) Update go and dependencies
2026-06-08 22:08:17 openshift/operator-framework-operator-controller@6539fb3 Jian Zhang UPSTREAM: <carry>: fix 83026 for TP cluster
2026-06-08 22:08:17 openshift/operator-framework-operator-controller@5507429 Kui Wang UPSTREAM: <carry>: serviceAccount validation unified across all runtimes
2026-06-08 22:08:18 openshift/operator-framework-operator-controller@98cf592 Stephen Benjamin UPSTREAM: <carry>: Fix OLMv1 test operator to listen on IPv6
2026-06-08 22:08:18 openshift/operator-framework-operator-controller@12f7266 Camila Macedo UPSTREAM: <carry>: Increase install timeout and add diagnostic logging for CE install tests
2026-06-08 22:08:19 openshift/operator-framework-operator-controller@38d5a03 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-06-08 22:08:19 openshift/operator-framework-operator-controller@fbd4dfa Jian Zhang UPSTREAM: <carry>: update OCP-75441 to support multi-arch
2026-06-08 22:08:20 openshift/operator-framework-operator-controller@8bd05cc Kui Wang UPSTREAM: <carry>: deployment config cases
2026-06-08 22:08:20 openshift/operator-framework-operator-controller@1835b29 Todd Short UPSTREAM: <carry>: Add OTE tests for OLMv1 DeploymentConfig support
2026-06-08 22:08:21 openshift/operator-framework-operator-controller@6bb078c Todd Short UPSTREAM: <carry>: Update openshift/api and client-go
2026-06-08 22:08:21 openshift/operator-framework-operator-controller@021d3f4 Camila Macedo UPSTREAM: <carry>: Add boxcutter tests
2026-06-08 22:08:22 openshift/operator-framework-operator-controller@fc8c86f Xia Zhao UPSTREAM: <carry>: enhance QE cases
2026-06-08 22:08:23 openshift/operator-framework-operator-controller@3de7d85 Daniel Franz UPSTREAM: <carry>: Update quay-operator version to one containing arm64 support
2026-06-08 22:08:23 openshift/operator-framework-operator-controller@829f8c6 Kui Wang UPSTREAM: <carry>: verify volume/volumeMount override
2026-06-08 22:08:24 openshift/operator-framework-operator-controller@b73b5b5 Jian Zhang UPSTREAM: <carry>: Add long-duration test script and documents
2026-06-08 22:08:24 openshift/operator-framework-operator-controller@572b257 Todd Short UPSTREAM: <carry>: Update grpc in default-catalog-consistency tests
2026-06-08 22:08:25 openshift/operator-framework-operator-controller@6b48d7a Camila Macedo UPSTREAM: <carry>: Rename ClusterExtensionRevision to ClusterObjectSet in OTE tests
2026-06-08 22:08:25 openshift/operator-framework-operator-controller@0269e2e Camila Macedo UPSTREAM: <carry>: Skip incompatible operator test when Boxcutter uses ClusterObjectSet
2026-06-08 22:08:26 openshift/operator-framework-operator-controller@9f5d8d7 Bruno Andrade UPSTREAM: <carry>: add ocp-87557
2026-06-08 22:08:26 openshift/operator-framework-operator-controller@0538da2 Francesco Giudici UPSTREAM: <carry>: Add fgiudici as reviewer
2026-06-08 22:08:27 openshift/operator-framework-operator-controller@c6edb1d Camila Macedo UPSTREAM: <carry>: Remove skip for incompatible operator check after rename of CER
2026-06-08 22:08:28 openshift/operator-framework-operator-controller@81df913 Kui Wang UPSTREAM: <carry>: Test empty affinity erasure and cleanup
2026-06-08 22:08:29 openshift/operator-framework-operator-controller@3bdd2c1 Camila Macedo UPSTREAM: <carry>: Fix boxcutter finalizer ResourceNames in preflight test
2026-06-08 22:08:29 openshift/operator-framework-operator-controller@567eb17 Camila Macedo UPSTREAM: <carry>: Expand OTE docs with more comprehensive details
2026-06-08 22:08:30 openshift/operator-framework-operator-controller@f83be17 Todd Short UPSTREAM: <carry>: Disable upstream TLSProfile tests
2026-06-08 22:08:30 openshift/operator-framework-operator-controller@ed45ce2 Camila Macedo UPSTREAM: <carry>: OTE: Simplify by remove option to configure tests to run outside of OCP
2026-06-08 22:08:31 openshift/operator-framework-operator-controller@559eda7 Camila Macedo UPSTREAM: <carry>: OTE - Make OTE local output easier to read
2026-06-08 22:08:31 openshift/operator-framework-operator-controller@e425ab5 Joe Lanford UPSTREAM: <carry>: remove dead e2e registry push job and related variables
2026-06-08 22:08:32 openshift/operator-framework-operator-controller@ade3b02 Todd Short UPSTREAM: <carry>: OCPBUGS-62517: Set replicas=1, PDB, and pod anti-affinity for HA topology
2026-06-08 22:08:32 openshift/operator-framework-operator-controller@c8da353 Todd Short UPSTREAM: <carry>: fix(test): drop blocking namespace-deletion wait between both-watch-modes scenarios
2026-06-08 22:08:33 openshift/operator-framework-operator-controller@7db3475 Todd Short UPSTREAM: <carry>: Fix downstream e2e test invocation
2026-06-08 22:08:34 openshift/operator-framework-operator-controller@7bf1e85 Joe Lanford UPSTREAM: <carry>: Delete openshift/registry.Dockerfile
2026-06-08 22:08:34 openshift/operator-framework-operator-controller@b0188a1 Todd Short UPSTREAM: <carry>: Remove test-experimenal-e2e
2026-06-08 22:08:35 openshift/operator-framework-operator-controller@cdd9f61 Camila Macedo UPSTREAM: <carry>: Update readme Default Catalog Tests
2026-06-08 22:08:35 openshift/operator-framework-operator-controller@8ae8616 Todd Short UPSTREAM: <carry>: add OLMv1 topology-based deployment scaling e2e test
2026-06-08 22:08:36 openshift/operator-framework-operator-controller@5e377a8 Todd Short UPSTREAM: <carry>: Update dockerfiles to use golang-1.26-release-4.23 builders
2026-06-08 22:08:36 openshift/operator-framework-operator-controller@df4c685 AOS Automation Release Team UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-olm-operator-controller.yml
2026-06-08 22:08:37 openshift/operator-framework-operator-controller@0fc4671 AOS Automation Release Team UPSTREAM: <carry>: Updating ose-olm-catalogd-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-olm-catalogd.yml

This pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.

/assign @openshift/openshift-team-operator-runtime

Summary by CodeRabbit

Release Notes

  • New Features

    • Added support for additional TLS curve variants, including post-quantum hybrid curves (SecP256r1MLKEM768, SecP384r1MLKEM1024).
    • Added secp256r1 as an alias for TLS curve configuration.

  • Tests

    • Enhanced end-to-end testing for TLS profile enforcement on metrics endpoints.

  • Chores

    • Updated dependencies including Kubernetes to v0.36.1 and controller-runtime to v0.24.1.
    • Simplified Prometheus monitoring infrastructure for testing environments.

pedjak and others added 2 commits June 9, 2026 16:31
@pedjak @claude
Add network policy for prometheus-operator in e2e tests (#2756)
b15d736 
The default-deny-all-traffic NetworkPolicy in olmv1-system blocks all
egress by default. The prometheus-operator pod (label
app.kubernetes.io/name: prometheus-operator) had no matching allow
policy, so it could not reach the Kubernetes API server. This caused
intermittent e2e failures with "dial tcp 10.96.0.1:443: i/o timeout"
when the operator was scheduled on the second control-plane node in
the 2-node kind cluster used by experimental-e2e.

Add an egress-allowing NetworkPolicy for the prometheus-operator pod,
matching the existing pattern used for the Prometheus server pod.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@pedjak @claude
🐛 Fix support-bundle collection on e2e failure (#2755)
53b5ecf 
Add test/e2e/support-bundle.yaml spec file with collectors for cluster
diagnostics and pass it to the support-bundle CLI in the e2e workflow.

Fixes the "no collectors specified to run" error introduced in #2750.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@openshift-bot openshift-bot added tide/merge-method-merge Denotes a PR that should use a standard merge by tide when it merges. kind/sync approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. labels Jun 10, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 10, 2026
@openshift-ci-robot

openshift-ci-robot commented Jun 10, 2026

Copy link
Copy Markdown

@openshift-bot: This pull request explicitly references no jira issue.

Details

In response to this:

The downstream repository has been updated with the following following upstream commits:

Date Commit Author Message
2026-06-09 17:36:04 operator-framework/operator-controller@53b5ecf Predrag Knezevic 🐛 Fix support-bundle collection on e2e failure (#2755)
2026-06-09 16:31:51 operator-framework/operator-controller@b15d736 Predrag Knezevic Add network policy for prometheus-operator in e2e tests (#2756)

The vendor/ directory has been updated and the following commits were carried:

Date Commit Author Message
2026-06-08 22:07:40 openshift/operator-framework-operator-controller@14a3978 dtfranz UPSTREAM: <carry>: Add OpenShift specific files
2026-06-08 22:07:42 openshift/operator-framework-operator-controller@910369b Camila Macedo UPSTREAM: <carry>: Add new tests for single/own namespaces install modes
2026-06-08 22:07:42 openshift/operator-framework-operator-controller@02ba15f Camila Macedo UPSTREAM: <carry>: Upgrade OCP image from 4.20 to 4.21
2026-06-08 22:07:43 openshift/operator-framework-operator-controller@ec486cb Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] - Change logic to get ocp images from openshift/catalogd/manifests.yaml
2026-06-08 22:07:43 openshift/operator-framework-operator-controller@edfaa59 Todd Short UPSTREAM: <carry>: Update OCP catalogs to v4.21
2026-06-08 22:07:44 openshift/operator-framework-operator-controller@56ddaa2 Kui Wang UPSTREAM: <carry>: support singleown cases in disconnected
2026-06-08 22:07:44 openshift/operator-framework-operator-controller@3b22ba6 Kui Wang UPSTREAM: <carry>: fix cases 81696 and 74618 for product code changes
2026-06-08 22:07:45 openshift/operator-framework-operator-controller@68a8231 Camila Macedo UPSTREAM: <carry>: Define Default timeouts and apply their usage accross to avoid flakes
2026-06-08 22:07:45 openshift/operator-framework-operator-controller@1a85cb5 Todd Short UPSTREAM: <carry>: Update to new feature-gate options in helm
2026-06-08 22:07:46 openshift/operator-framework-operator-controller@0ca0b2c Camila Macedo UPSTREAM: <carry>: Fix flake for single/own ns tests by ensuring uniquess and waiting for k8s cleanups
2026-06-08 22:07:46 openshift/operator-framework-operator-controller@fe0cea5 Camila Macedo UPSTREAM: <carry>: [OTE]: Enhance single/own ns based on review comments ( Follow-Up of: 714977c )
2026-06-08 22:07:47 openshift/operator-framework-operator-controller@391b2bd Kui Wang UPSTREAM: <carry>: Update OwnSingle template to use spec.config.inline.watchNamespace
2026-06-08 22:07:47 openshift/operator-framework-operator-controller@a24383c Camila Macedo UPSTREAM: <carry>: [OTE]: Add webhook cleanup validation on extension uninstall
2026-06-08 22:07:48 openshift/operator-framework-operator-controller@2c11f1b Kui Wang UPSTREAM: <carry>: Add [OTP] to migrated cases
2026-06-08 22:07:49 openshift/operator-framework-operator-controller@380ec02 Camila Macedo UPSTREAM: <carry>: [OTE]: Upgrade dependencies used
2026-06-08 22:07:50 openshift/operator-framework-operator-controller@15bac6f Camila Macedo UPSTREAM: <carry>: fix(OTE): fix OpenShift Kubernetes replace version format
2026-06-08 22:07:51 openshift/operator-framework-operator-controller@a97e0d4 Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] Upgrade go 1.24.6 and dependencies
2026-06-08 22:07:51 openshift/operator-framework-operator-controller@a1824df Kui Wang UPSTREAM: <carry>: add disconnected environment support with custom prow job for migrated qe cases
2026-06-08 22:07:52 openshift/operator-framework-operator-controller@b267af5 Jian Zhang UPSTREAM: <carry>: migrate jiazha test cases to OTE
2026-06-08 22:07:52 openshift/operator-framework-operator-controller@569c004 Xia Zhao UPSTREAM: <carry>: migrate clustercatalog case to ote
2026-06-08 22:07:53 openshift/operator-framework-operator-controller@ddfdc8b Kui Wang UPSTREAM: <carry>: migrate olmv1 QE stress cases
2026-06-08 22:07:53 openshift/operator-framework-operator-controller@02227b4 Todd Short UPSTREAM: <carry>: Use busybox/httpd to simulate probes
2026-06-08 22:07:54 openshift/operator-framework-operator-controller@5a71fdb Xia Zhao UPSTREAM: <carry>: migrate olmv1 QE cases
2026-06-08 22:07:54 openshift/operator-framework-operator-controller@7dddb32 Kui Wang UPSTREAM: <carry>: add agent for olmv1 qe cases
2026-06-08 22:07:55 openshift/operator-framework-operator-controller@a3ca9e4 Todd Short UPSTREAM: <carry>: Disable upstream PodDisruptionBudget
2026-06-08 22:07:56 openshift/operator-framework-operator-controller@4d8fff9 Rashmi Gottipati UPSTREAM: <carry>: Add AGENTS.md for AI code contributions
2026-06-08 22:07:56 openshift/operator-framework-operator-controller@30eaf28 Rashmi Gottipati UPSTREAM: <carry>: address review comments through addl prompts
2026-06-08 22:07:57 openshift/operator-framework-operator-controller@1e5f74d Rashmi Gottipati UPSTREAM: <carry>: addressing some more review comments
2026-06-08 22:07:57 openshift/operator-framework-operator-controller@4975209 Rashmi Gottipati UPSTREAM: <carry>: remove DCO line
2026-06-08 22:07:58 openshift/operator-framework-operator-controller@363f4be Bruno Andrade UPSTREAM: <carry>: migrate bandrade test cases to OTE
2026-06-08 22:07:58 openshift/operator-framework-operator-controller@57d0c2c Bruno Andrade UPSTREAM: <carry>: update metadata
2026-06-08 22:07:59 openshift/operator-framework-operator-controller@a73371f Bruno Andrade UPSTREAM: <carry>: remove originalName
2026-06-08 22:07:59 openshift/operator-framework-operator-controller@b480d06 Jian Zhang UPSTREAM: <carry>: update 80458's timeout to 180s
2026-06-08 22:08:00 openshift/operator-framework-operator-controller@8744896 Jian Zhang UPSTREAM: <carry>: update 83026 to specify the clustercatalog
2026-06-08 22:08:00 openshift/operator-framework-operator-controller@a7d8dc4 Catherine Chan-Tse UPSTREAM: <carry>: Update to golang 1.25 and ocp 4.22
2026-06-08 22:08:01 openshift/operator-framework-operator-controller@d1280e4 Predrag Knezevic UPSTREAM: <carry>: Use oc client for running e2e tests
2026-06-08 22:08:01 openshift/operator-framework-operator-controller@8eaf98d Predrag Knezevic UPSTREAM: <carry>: Run upstream e2e tests tagged with @catalogd-update
2026-06-08 22:08:02 openshift/operator-framework-operator-controller@a504cf8 Kui Wang UPSTREAM: <carry>: enhance case to make it more stable
2026-06-08 22:08:02 openshift/operator-framework-operator-controller@a9e7ef3 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-06-08 22:08:03 openshift/operator-framework-operator-controller@822b03b Evan Hearne UPSTREAM: <carry>: move sa creation out of buildCurlJob()
2026-06-08 22:08:03 openshift/operator-framework-operator-controller@848406f Evan Hearne UPSTREAM: <carry>: comment out delete service account
2026-06-08 22:08:04 openshift/operator-framework-operator-controller@f628919 Evan Hearne UPSTREAM: <carry>: move defercleanup for sa for LIFO
2026-06-08 22:08:04 openshift/operator-framework-operator-controller@aac6420 Evan Hearne UPSTREAM: <carry>: add polling so job fully deleted before proceed
2026-06-08 22:08:05 openshift/operator-framework-operator-controller@26c54c3 Luke Meyer UPSTREAM: <carry>: Revert "Merge pull request #594 from ehearne-redhat/add-service-account-curl-job"
2026-06-08 22:08:06 openshift/operator-framework-operator-controller@d3827d1 Camila Macedo UPSTREAM: <carry>: Remove openshift-redhat-marketplace catalog tests
2026-06-08 22:08:06 openshift/operator-framework-operator-controller@1283ad8 Kui Wang UPSTREAM: <carry>: config watchnamespace cases
2026-06-08 22:08:07 openshift/operator-framework-operator-controller@275d494 Xia Zhao UPSTREAM: <carry>: enhance ocp-79770
2026-06-08 22:08:07 openshift/operator-framework-operator-controller@1b5e8a6 Kui Wang UPSTREAM: <carry>: upgrade version support case
2026-06-08 22:08:08 openshift/operator-framework-operator-controller@58e406a Per Goncalves da Silva UPSTREAM: <carry>: Remove installed condition check from auth preflight test
2026-06-08 22:08:08 openshift/operator-framework-operator-controller@38fdc45 Per Goncalves da Silva UPSTREAM: <carry>: Add openshift/api dependency
2026-06-08 22:08:09 openshift/operator-framework-operator-controller@9a9408a Per Goncalves da Silva UPSTREAM: <carry>: Add boxcutter specific preflight auth test
2026-06-08 22:08:09 openshift/operator-framework-operator-controller@7764a41 Kui Wang UPSTREAM: <carry>: adjust watchnamespace case based on change
2026-06-08 22:08:10 openshift/operator-framework-operator-controller@9ff8b93 Camila Macedo UPSTREAM: <carry>: fix(ote): Use as operator-controller dep from root dir
2026-06-08 22:08:11 openshift/operator-framework-operator-controller@1c4b846 Bruno Andrade UPSTREAM: <carry>: add 83979 automation
2026-06-08 22:08:12 openshift/operator-framework-operator-controller@510765f Bruno Andrade UPSTREAM: <carry>: add 85889 automation
2026-06-08 22:08:12 openshift/operator-framework-operator-controller@0d864ca Per Goncalves da Silva UPSTREAM: <carry>: Update test-operator startup script to fix pod probe endpoints
2026-06-08 22:08:13 openshift/operator-framework-operator-controller@9ddbb4b Per Goncalves da Silva UPSTREAM: <carry>: Fix up own-namespace invalid configuration test
2026-06-08 22:08:13 openshift/operator-framework-operator-controller@bf4f2c6 Camila Macedo UPSTREAM: <carry>: Preflight tests use in-cluster catalog and bundles instead of openshift-pipelines-operator-rh
2026-06-08 22:08:14 openshift/operator-framework-operator-controller@53a9f05 Kui Wang UPSTREAM: <carry>: adjust sa and permission test cases per new change from boxcutterruntime
2026-06-08 22:08:14 openshift/operator-framework-operator-controller@6796bc5 Camila Macedo UPSTREAM: <carry>: Update OCP catalogs to v4.22
2026-06-08 22:08:16 openshift/operator-framework-operator-controller@ada2315 Camila Macedo UPSTREAM: <carry>: chore(OTE and Default Catalog Tests) Update go and dependencies
2026-06-08 22:08:17 openshift/operator-framework-operator-controller@6539fb3 Jian Zhang UPSTREAM: <carry>: fix 83026 for TP cluster
2026-06-08 22:08:17 openshift/operator-framework-operator-controller@5507429 Kui Wang UPSTREAM: <carry>: serviceAccount validation unified across all runtimes
2026-06-08 22:08:18 openshift/operator-framework-operator-controller@98cf592 Stephen Benjamin UPSTREAM: <carry>: Fix OLMv1 test operator to listen on IPv6
2026-06-08 22:08:18 openshift/operator-framework-operator-controller@12f7266 Camila Macedo UPSTREAM: <carry>: Increase install timeout and add diagnostic logging for CE install tests
2026-06-08 22:08:19 openshift/operator-framework-operator-controller@38d5a03 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-06-08 22:08:19 openshift/operator-framework-operator-controller@fbd4dfa Jian Zhang UPSTREAM: <carry>: update OCP-75441 to support multi-arch
2026-06-08 22:08:20 openshift/operator-framework-operator-controller@8bd05cc Kui Wang UPSTREAM: <carry>: deployment config cases
2026-06-08 22:08:20 openshift/operator-framework-operator-controller@1835b29 Todd Short UPSTREAM: <carry>: Add OTE tests for OLMv1 DeploymentConfig support
2026-06-08 22:08:21 openshift/operator-framework-operator-controller@6bb078c Todd Short UPSTREAM: <carry>: Update openshift/api and client-go
2026-06-08 22:08:21 openshift/operator-framework-operator-controller@021d3f4 Camila Macedo UPSTREAM: <carry>: Add boxcutter tests
2026-06-08 22:08:22 openshift/operator-framework-operator-controller@fc8c86f Xia Zhao UPSTREAM: <carry>: enhance QE cases
2026-06-08 22:08:23 openshift/operator-framework-operator-controller@3de7d85 Daniel Franz UPSTREAM: <carry>: Update quay-operator version to one containing arm64 support
2026-06-08 22:08:23 openshift/operator-framework-operator-controller@829f8c6 Kui Wang UPSTREAM: <carry>: verify volume/volumeMount override
2026-06-08 22:08:24 openshift/operator-framework-operator-controller@b73b5b5 Jian Zhang UPSTREAM: <carry>: Add long-duration test script and documents
2026-06-08 22:08:24 openshift/operator-framework-operator-controller@572b257 Todd Short UPSTREAM: <carry>: Update grpc in default-catalog-consistency tests
2026-06-08 22:08:25 openshift/operator-framework-operator-controller@6b48d7a Camila Macedo UPSTREAM: <carry>: Rename ClusterExtensionRevision to ClusterObjectSet in OTE tests
2026-06-08 22:08:25 openshift/operator-framework-operator-controller@0269e2e Camila Macedo UPSTREAM: <carry>: Skip incompatible operator test when Boxcutter uses ClusterObjectSet
2026-06-08 22:08:26 openshift/operator-framework-operator-controller@9f5d8d7 Bruno Andrade UPSTREAM: <carry>: add ocp-87557
2026-06-08 22:08:26 openshift/operator-framework-operator-controller@0538da2 Francesco Giudici UPSTREAM: <carry>: Add fgiudici as reviewer
2026-06-08 22:08:27 openshift/operator-framework-operator-controller@c6edb1d Camila Macedo UPSTREAM: <carry>: Remove skip for incompatible operator check after rename of CER
2026-06-08 22:08:28 openshift/operator-framework-operator-controller@81df913 Kui Wang UPSTREAM: <carry>: Test empty affinity erasure and cleanup
2026-06-08 22:08:29 openshift/operator-framework-operator-controller@3bdd2c1 Camila Macedo UPSTREAM: <carry>: Fix boxcutter finalizer ResourceNames in preflight test
2026-06-08 22:08:29 openshift/operator-framework-operator-controller@567eb17 Camila Macedo UPSTREAM: <carry>: Expand OTE docs with more comprehensive details
2026-06-08 22:08:30 openshift/operator-framework-operator-controller@f83be17 Todd Short UPSTREAM: <carry>: Disable upstream TLSProfile tests
2026-06-08 22:08:30 openshift/operator-framework-operator-controller@ed45ce2 Camila Macedo UPSTREAM: <carry>: OTE: Simplify by remove option to configure tests to run outside of OCP
2026-06-08 22:08:31 openshift/operator-framework-operator-controller@559eda7 Camila Macedo UPSTREAM: <carry>: OTE - Make OTE local output easier to read
2026-06-08 22:08:31 openshift/operator-framework-operator-controller@e425ab5 Joe Lanford UPSTREAM: <carry>: remove dead e2e registry push job and related variables
2026-06-08 22:08:32 openshift/operator-framework-operator-controller@ade3b02 Todd Short UPSTREAM: <carry>: OCPBUGS-62517: Set replicas=1, PDB, and pod anti-affinity for HA topology
2026-06-08 22:08:32 openshift/operator-framework-operator-controller@c8da353 Todd Short UPSTREAM: <carry>: fix(test): drop blocking namespace-deletion wait between both-watch-modes scenarios
2026-06-08 22:08:33 openshift/operator-framework-operator-controller@7db3475 Todd Short UPSTREAM: <carry>: Fix downstream e2e test invocation
2026-06-08 22:08:34 openshift/operator-framework-operator-controller@7bf1e85 Joe Lanford UPSTREAM: <carry>: Delete openshift/registry.Dockerfile
2026-06-08 22:08:34 openshift/operator-framework-operator-controller@b0188a1 Todd Short UPSTREAM: <carry>: Remove test-experimenal-e2e
2026-06-08 22:08:35 openshift/operator-framework-operator-controller@cdd9f61 Camila Macedo UPSTREAM: <carry>: Update readme Default Catalog Tests
2026-06-08 22:08:35 openshift/operator-framework-operator-controller@8ae8616 Todd Short UPSTREAM: <carry>: add OLMv1 topology-based deployment scaling e2e test
2026-06-08 22:08:36 openshift/operator-framework-operator-controller@5e377a8 Todd Short UPSTREAM: <carry>: Update dockerfiles to use golang-1.26-release-4.23 builders
2026-06-08 22:08:36 openshift/operator-framework-operator-controller@df4c685 AOS Automation Release Team UPSTREAM: <carry>: Updating ose-olm-operator-controller-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-olm-operator-controller.yml
2026-06-08 22:08:37 openshift/operator-framework-operator-controller@0fc4671 AOS Automation Release Team UPSTREAM: <carry>: Updating ose-olm-catalogd-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-olm-catalogd.yml

This pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.

/assign @openshift/openshift-team-operator-runtime

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown

Walkthrough

Bump Kubernetes and tooling, migrate Prometheus deployment to Helm (with e2e Helm values), add TLS curve support and e2e tests, extend generated applyconfiguration extraction helpers and parser schema, and update CRD upgrade-safety tests and test/CI helper scripts.

Changes

Kubernetes 1.36 Upgrade with Prometheus Helm Migration

Layer / File(s) Summary
Build Tools and Bingo pins
.bingo/Variables.mk, .bingo/controller-gen.mod, .bingo/crd-diff.mod, .bingo/variables.env		 Updated controller-gen → v0.21.0, crd-diff → v0.6.0, removed Kustomize pin and adjusted install targets.
Makefile: generation, lint, Prometheus target
Makefile		 Narrowed lint-helm, added generation revert logic for controller-gen annotations, updated generate, switched test-experimental-e2e to experimental values, and rewrote prometheus target to helm upgrade --install wiring TLS secrets.
API scheme registration refactor
api/v1/groupversion_info.go, api/v1/*_types.go		 Switched SchemeBuilder usage to runtime.NewSchemeBuilder and registered known types via AddKnownTypes callbacks.
Generated applyconfig extraction helpers
applyconfigurations/api/v1/*, applyconfigurations/internal/internal.go		 Added ExtractFrom/Extract /Status helpers using managedfields.ExtractInto and expanded embedded schemaYAML used by the internal parser.
go.mod and dependency pins
go.mod		 Bumped k8s.io/* modules to v0.36.1 / k8s.io/kubernetes to v1.36.1, controller-runtime/tools to newer versions, and updated many transitive/indirect modules and replace directives.
Scripts, conftest, and tests helper changes
hack/test/install-prometheus.sh, hack/conftest/policy/README.md, hack/tools/crd-generator/main_test.go, hack/api-lint-diff/run.sh		 Removed install-prometheus script, rewrote conftest README, updated compareFiles to ignore controller-gen version annotations, and improved repo-root detection for git worktrees.
Prometheus Helm chart/templates removal
helm/prometheus/*		 Removed/cleared Chart.yaml, values, and many chart templates (ServiceMonitors, ClusterRole, Service, Prometheus CRs) in this diff.
Prometheus e2e Helm values & experimental values
testdata/prometheus/values.yaml, testdata/prometheus/values-experimental.yaml		 Added comprehensive Helm values for e2e Prometheus deployment, ServiceMonitors (operator-controller, catalogd), kubelet scraping, and alerting rules.
TLS curve support & e2e steps/features
internal/shared/util/tlsprofiles/*, test/e2e/features/tls.feature, test/e2e/steps/*		 Added new ML-KEM hybrid curve constants and secp256r1 alias, extended lookup map and tests, added two e2e TLS profile scenarios and godog step registrations for curve-only connection assertions.
CRD upgrade-safety tests and testdata
internal/operator-controller/rukpak/preflights/crdupgradesafety/*		 Updated TestUpgrade expectations, added TestUpgrade_OneOfRemoved/TestUpgrade_OneOfAdded, and added CRD test manifests illustrating oneOf removal/addition scenarios.
E2E summary and test infra
test/internal/summary/*, test/e2e/features_test.go, test/e2e/support-bundle.yaml, internal/shared/util/image/helm_test.go		 Moved summary generation package, relaxed Prometheus matrix/datapoint validation, changed summary error handling to not exit, added a Troubleshoot SupportBundle manifest, and enabled plain HTTP for Helm OCI registry tests.
Misc docs and small edits
AGENTS.md, requirements.txt, .bingo/kustomize.mod, internal/operator-controller/rukpak/bundle/registryv1bundleconfig.json, internal/shared/util/test/utils.go		 Adjusted AGENTS.md tree, bumped python deps, removed auto-generated kustomize.mod, updated bundle schema descriptions, and removed FindK8sClient test helper.

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested labels: lgtm

Suggested reviewers:

  • kuiwang02

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (3 errors, 2 warnings)

Check name Status Explanation Resolution
Ote Binary Stdout Contract ❌ Error test/e2e/features_test.go TestMain prints to stdout via fmt.Println(...) and fmt.Printf("%v", err), which violates the “no non-JSON stdout” contract. Move TestMain messages/error output to stderr (e.g., fmt.Fprintln(os.Stderr, ...) / log to stderr) so stdout remains reserved for the JSON test listing.
No-Weak-Crypto ❌ Error internal/shared/util/tlsprofiles/tlsprofiles_test.go contains insecure cipher constant tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA (lines ~162-163), triggering the 3DES/DES weak-crypto rule. Remove/replace the TLS_RSA_WITH_3DES_EDE_CBC_SHA reference (or move it to non-scanned data / add a check exclusion) so the PR no longer contains the 3DES/DES string usage.
No-Sensitive-Data-In-Logs ❌ Error test/e2e/steps/steps.go logs full metrics response via logger.V(1).Info(..., "response", string(b)), which can include internal hostnames/labels. Stop logging raw response bodies; log only non-sensitive fields (e.g., status/pod name) or redact/limit response content.
Docstring Coverage ⚠️ Warning Docstring coverage is 43.33% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Ipv6 And Disconnected Network Test Compatibility ⚠️ Warning New TLS e2e helpers hardcode IPv4 loopback: tls_steps.go uses net.Listen("tcp","127.0.0.1:0") and addr := fmt.Sprintf("127.0.0.1:%d", localPort) for port-forward/TLS dial. Fix tls_steps.go to use IPv6-capable loopback (localhost/::1) and build addresses with net.JoinHostPort; ensure port-forward binds the matching family (e.g., pass --address=::1 for IPv6).
✅ Passed checks (10 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'NO-ISSUE: Synchronize From Upstream Repositories' directly describes the main purpose of this PR, which is a synchronization of changes from upstream repositories.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed Scanned 20 changed non-vendor .go files in PR (git diff main..HEAD); zero contained Ginkgo It/Describe/Context/When, so no dynamic/unstable test titles were introduced.
Test Structure And Quality ✅ Passed Checked changed test files from upstream commits: e2e uses godog, unit tests use standard testing/testify; no Ginkgo Describe/It specs or ginkgo lifecycle/timeout patterns found.
Microshift Test Compatibility ✅ Passed New e2e TLS scenarios (tls.feature/tls_steps.go) patch standard k8s Deployments and test TLS via Service port-forward; no forbidden OpenShift API groups/resources/namespaces or MicroShift-unsupport...
Single Node Openshift (Sno) Test Compatibility ✅ Passed No Ginkgo e2e tests were added in this PR; the new TLS scenarios/steps only port-forward to the metrics service and perform TLS dials, with no multi-node/HA/topology assumptions detected.
Topology-Aware Scheduling Compatibility ✅ Passed Checked PR-mentioned/added files (e2e support-bundle, e2e/prometheus values, Makefile, TLS steps) for topology-spread/required anti-affinity/maxUnavailable=0 and control-plane nodeSelectors; none f...
Container-Privileges ✅ Passed Scanned added/modified K8s/YAML/JSON/Helm-template files for privileged:true, hostPID/hostNetwork/hostIPC, allowPrivilegeEscalation:true, SYS_ADMIN, and root runAsUser/runAsNonRoot flags; none found.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from anik120 and thetechnick June 10, 2026 00:31
@openshift-ci

openshift-ci Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: openshift-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@openshift-ci

openshift-ci Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: openshift-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai[bot]
coderabbitai Bot reviewed Jun 10, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@helm/prometheus/templates/networkpolicy-prometheus-operator.yml`:
- Around line 8-9: The current NetworkPolicy egress entry is an open rule
(`egress: - {}`) allowing prometheus-operator unrestricted outbound access;
replace that wildcard with explicit egress rules that enumerate only the
required destinations and ports. Update the egress section in
networkpolicy-prometheus-operator.yml to include specific peer selectors
(namespaceSelector or podSelector) and/or ipBlock CIDRs plus required
ports/protocols for scraping and webhooks (e.g., HTTP/HTTPS ports), and add a
default-deny by ensuring policyTypes includes Egress; target the
prometheus-operator podSelector (or label) so only that controller gets the
narrowed egress permissions.
- Around line 13-14: The NetworkPolicy currently only lists "Egress" in the
policyTypes field and therefore does not enforce ingress restrictions; update
the policyTypes array in networkpolicy-prometheus-operator.yml to include both
"Ingress" and "Egress" so the NetworkPolicy will also block inbound traffic as
intended (modify the policyTypes entry that currently contains only Egress to
contain both Ingress and Egress).
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 29109d2a-811b-44c8-a1aa-97363cf20467

📥 Commits

Reviewing files that changed from the base of the PR and between 8dcfe85 and a88cedc.

📒 Files selected for processing (2)
  • helm/prometheus/templates/networkpolicy-prometheus-operator.yml
  • test/e2e/support-bundle.yaml

Comment thread helm/prometheus/templates/networkpolicy-prometheus-operator.yml Outdated
Comment on lines +8 to +9
egress:
- {}

@coderabbitai coderabbitai Bot Jun 10, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚖️ Poor tradeoff

Consider restricting egress destinations.

The egress rule - {} allows prometheus-operator to connect to any destination. While this may be necessary for operational flexibility (metrics scraping, webhooks, etc.), it weakens defense-in-depth by allowing unrestricted outbound connections if the operator is compromised.

If the operator's required egress destinations are known, consider constraining the egress rules to specific namespaces, CIDR blocks, or ports.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@helm/prometheus/templates/networkpolicy-prometheus-operator.yml` around lines
8 - 9, The current NetworkPolicy egress entry is an open rule (`egress: - {}`)
allowing prometheus-operator unrestricted outbound access; replace that wildcard
with explicit egress rules that enumerate only the required destinations and
ports. Update the egress section in networkpolicy-prometheus-operator.yml to
include specific peer selectors (namespaceSelector or podSelector) and/or
ipBlock CIDRs plus required ports/protocols for scraping and webhooks (e.g.,
HTTP/HTTPS ports), and add a default-deny by ensuring policyTypes includes
Egress; target the prometheus-operator podSelector (or label) so only that
controller gets the narrowed egress permissions.

Comment thread helm/prometheus/templates/networkpolicy-prometheus-operator.yml Outdated
Comment on lines +13 to +14
policyTypes:
- Egress

@coderabbitai coderabbitai Bot Jun 10, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

NetworkPolicy does not block ingress traffic as intended.

The policyTypes field contains only Egress, which means this policy controls egress but does not restrict ingress. According to Kubernetes NetworkPolicy semantics, when Ingress is not included in policyTypes, ingress traffic remains uncontrolled (default allow).

The PR description states this policy "restricts prometheus-operator to egress-only traffic," but the current configuration allows both egress and ingress. To actually block ingress while allowing egress, add Ingress to policyTypes:

🔒 Proposed fix to block ingress traffic 
   policyTypes:
     - Egress
+    - Ingress
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@helm/prometheus/templates/networkpolicy-prometheus-operator.yml` around lines
13 - 14, The NetworkPolicy currently only lists "Egress" in the policyTypes
field and therefore does not enforce ingress restrictions; update the
policyTypes array in networkpolicy-prometheus-operator.yml to include both
"Ingress" and "Egress" so the NetworkPolicy will also block inbound traffic as
intended (modify the policyTypes entry that currently contains only Egress to
contain both Ingress and Egress).

tmshort and others added 3 commits June 10, 2026 09:53
@tmshort @claude
tlsprofiles: add SecP256r1MLKEM768, SecP384r1MLKEM1024, and secp256r1…
f96144f 
… alias (#2754)

Add the two NIST-curve ML-KEM post-quantum hybrids introduced in Go 1.26
to the custom curve map and local constants. Also add "secp256r1" as an
alias for "prime256v1" using the IANA name for P-256.

Signed-off-by: Todd Short <tshort@redhat.com>
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@dependabot @pedjak @claude
Bump k8s dependencies to v1.36.0 and update tooling (#2717)
b63979e 
- Bump k8s.io/* staging modules to v0.36.0
- Bump controller-tools to v0.21.0 and crdify to v0.6.0
- Update SchemeBuilder to use k8s.io/apimachinery/pkg/runtime
- Suppress no-op diffs from controller-gen version bumps in generated
  files, CRDs, and manifests
- Ignore controller-gen version annotation in CRD generator test

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Predrag Knezevic <pknezevi@redhat.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@dtfranz
E2E Summary Output Fix (#2751)
23b7e52 
The serial e2e tests require pod restarts which causes the metrics to scrape two sets of results, which the summary generator did not allow. Now, the results from the new pod will be aggregated to the final set.

Signed-off-by: Daniel Franz <dfranz@redhat.com>
@openshift-bot openshift-bot force-pushed the synchronize-upstream branch from a88cedc to a41183a Compare June 11, 2026 00:13
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jun 11, 2026
@openshift-ci

openshift-ci Bot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

New changes are detected. LGTM label has been removed.

coderabbitai[bot]
coderabbitai Bot reviewed Jun 11, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
helm/prometheus/templates/networkpolicy-prometheus-operator.yml (1)

13-14: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

NetworkPolicy does not block ingress traffic as intended.

The policyTypes field contains only Egress, which means this policy controls egress but does not restrict ingress. When Ingress is not included in policyTypes, ingress traffic remains uncontrolled (default allow).

To block ingress while allowing egress, add Ingress to policyTypes:

🔒 Proposed fix to block ingress traffic 
   policyTypes:
     - Egress
+    - Ingress

Note: This NetworkPolicy was added upstream (commit b15d736). If changes are needed, they should be proposed to the upstream repository first.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@helm/prometheus/templates/networkpolicy-prometheus-operator.yml` around lines
13 - 14, The NetworkPolicy currently only lists "Egress" under the policyTypes
field so ingress remains allowed; update the policyTypes list in
networkpolicy-prometheus-operator.yml to include "Ingress" (i.e., make the list
contain both "Ingress" and "Egress") so ingress traffic is subject to the
NetworkPolicy rules and will be blocked as intended.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@helm/prometheus/templates/networkpolicy-prometheus-operator.yml`:
- Around line 13-14: The NetworkPolicy currently only lists "Egress" under the
policyTypes field so ingress remains allowed; update the policyTypes list in
networkpolicy-prometheus-operator.yml to include "Ingress" (i.e., make the list
contain both "Ingress" and "Egress") so ingress traffic is subject to the
NetworkPolicy rules and will be blocked as intended.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e1744936-73b8-478f-a12a-c4b81ef2ae29

📥 Commits

Reviewing files that changed from the base of the PR and between a88cedc and a41183a.

⛔ Files ignored due to path filters (269)
  • .bingo/controller-gen.sum is excluded by !**/*.sum
  • .bingo/crd-diff.sum is excluded by !**/*.sum
  • api/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
  • go.sum is excluded by !**/*.sum
  • openshift/tests-extension/go.sum is excluded by !**/*.sum
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/clustercatalog_types.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/clusterextension_types.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/clusterobjectset_types.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/groupversion_info.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !**/zz_generated*
  • openshift/tests-extension/vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/encoding/protojson/decode.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/encoding/prototext/decode.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/internal/version/version.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/modules.txt is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/errors.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/restmapper.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/applyconfigurations.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/options.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/typed_client.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/scheme/scheme.go is excluded by !**/vendor/**
  • vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gregjones/httpcache/.travis.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gregjones/httpcache/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/flowrate.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/io.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/util.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/atom/atom.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/atom/table.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/const.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/doctype.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/entity.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/escape.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/foreign.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/iter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/node.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/nodetype_string.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/parse.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/render.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/token.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/encoding/protojson/decode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/encoding/prototext/decode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/internal/descfmt/stringer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/internal/version/version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/admissionregistration/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/admissionregistration/v1/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/apidiscovery/v2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apidiscovery/v2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apidiscovery/v2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apidiscovery/v2beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1alpha1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1alpha1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta2/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/batch/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/certificates/v1beta1/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/coordination/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/coordination/v1alpha2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/coordination/v1alpha2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/coordination/v1alpha2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/coordination/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/coordination/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/coordination/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/core/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/core/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/core/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/core/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/core/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/discovery/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/discovery/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/discovery/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/discovery/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/discovery/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/discovery/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/events/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/events/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/extensions/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/extensions/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/extensions/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/extensions/v1beta1/zz_generated.validations.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/flowcontrol/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1beta2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1beta2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1beta2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1beta3/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1beta3/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/flowcontrol/v1beta3/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/imagepolicy/v1alpha1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/imagepolicy/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/imagepolicy/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/networking/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/networking/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/networking/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/networking/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/networking/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/networking/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/node/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/node/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/node/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/node/v1alpha1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/node/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/node/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/node/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/node/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/node/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/policy/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/policy/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/policy/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/policy/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/policy/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/policy/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/rbac/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/rbac/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/rbac/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/rbac/v1alpha1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/rbac/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/rbac/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/rbac/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/rbac/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/rbac/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/resource/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/resource/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/resource/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/resource/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/resource/v1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/resource/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/resource/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/resource/v1alpha3/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/resource/v1alpha3/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/resource/v1alpha3/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
📒 Files selected for processing (31)
  • .bingo/Variables.mk
  • .bingo/controller-gen.mod
  • .bingo/crd-diff.mod
  • .bingo/variables.env
  • Makefile
  • api/v1/clustercatalog_types.go
  • api/v1/clusterextension_types.go
  • api/v1/clusterobjectset_types.go
  • api/v1/groupversion_info.go
  • applyconfigurations/api/v1/clustercatalog.go
  • applyconfigurations/api/v1/clusterextension.go
  • applyconfigurations/api/v1/clusterobjectset.go
  • applyconfigurations/internal/internal.go
  • go.mod
  • hack/tools/crd-generator/main_test.go
  • helm/prometheus/templates/networkpolicy-prometheus-operator.yml
  • internal/operator-controller/rukpak/bundle/registryv1bundleconfig.json
  • internal/shared/util/test/utils.go
  • internal/shared/util/tlsprofiles/tlsprofiles.go
  • internal/shared/util/tlsprofiles/tlsprofiles_test.go
  • openshift/tests-extension/go.mod
  • test/e2e/features/tls.feature
  • test/e2e/features_test.go
  • test/e2e/steps/steps.go
  • test/e2e/steps/tls_steps.go
  • test/e2e/support-bundle.yaml
  • test/internal/summary/artifacts.go
  • test/internal/summary/summary.go
  • test/internal/summary/templates/alert.md.tmpl
  • test/internal/summary/templates/mermaid_chart.md.tmpl
  • test/internal/summary/templates/summary.md.tmpl
💤 Files with no reviewable changes (1)
  • internal/shared/util/test/utils.go
✅ Files skipped from review due to trivial changes (6)
  • .bingo/controller-gen.mod
  • .bingo/variables.env
  • .bingo/crd-diff.mod
  • applyconfigurations/api/v1/clusterextension.go
  • applyconfigurations/api/v1/clustercatalog.go
  • internal/operator-controller/rukpak/bundle/registryv1bundleconfig.json
🚧 Files skipped from review as they are similar to previous changes (1)
  • test/e2e/support-bundle.yaml

pedjak and others added 6 commits June 11, 2026 12:16
@pedjak @claude
refactor: migrate e2e prometheus from custom chart to kube-prometheus…
9c49467 
…-stack (#2757)

Replace the hand-rolled prometheus-operator install script and custom
Helm chart (helm/prometheus/) with the official kube-prometheus-stack
community chart (v86.2.2), installed from OCI registry.

- Disable all unused components (grafana, alertmanager, exporters,
  default rules, admission webhooks, operator TLS)
- Configure Prometheus instance, NetworkPolicies, and kubelet
  ServiceMonitor via chart values
- Add operator-controller and catalogd ServiceMonitors as
  additionalServiceMonitors using bearerTokenFile (projected SA token)
  instead of the legacy prometheus-metrics-token Secret
- Split PrometheusRules into controller-panic-alerts and
  controller-resource-alerts so the experimental override only
  replaces the resource-usage group
- Inline the install logic into the Makefile prometheus target
- Remove conftest prometheus-networkpolicies.rego policy (NetworkPolicy
  now managed by the chart)
- Remove unused kustomize bingo tooling

Co-authored-by: Claude <noreply@anthropic.com>
@pedjak @claude
fix: use $(HELM) instead of bare helm in lint-helm target (#2758)
df4bd9a 
The lint-helm target depends on $(HELM) but invoked helm directly,
which could pick up an unpinned system Helm or fail if Helm isn't
on PATH. Use $(HELM) consistently, matching other targets.

Co-authored-by: Claude <noreply@anthropic.com>
@pedjak @claude
fix: resolve crdUpgradeSafety reporting OneOf changes as unhandled (#…
79f6c2a 
…2759)

OneOf schema changes (e.g. adding required-field constraints) were
falling back to the generic "unhandled" comparator, blocking legitimate
operator upgrades like Serverless Operator 1.35.0 to 1.36.0.

Pin sigs.k8s.io/crdify to latest master (bb9957dbf465) which includes
a dedicated oneOf validator.

Co-authored-by: Claude <noreply@anthropic.com>
@dependabot
🌱 Bump platformdirs from 4.9.6 to 4.10.0 (#2761)
c4e5bf3 
Bumps [platformdirs](https://github.com/tox-dev/platformdirs) from 4.9.6 to 4.10.0.
- [Release notes](https://github.com/tox-dev/platformdirs/releases)
- [Changelog](https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst)
- [Commits](tox-dev/platformdirs@4.9.6...4.10.0)

---
updated-dependencies:
- dependency-name: platformdirs
  dependency-version: 4.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
🌱 Bump idna from 3.16 to 3.17 (#2760)
c5d627f 
Bumps [idna](https://github.com/kjd/idna) from 3.16 to 3.17.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.16...v3.17)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.17'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@tmshort
Update operator-registry and api (#2762)
b5f05bb 
Signed-off-by: Todd Short <tshort@redhat.com>
@openshift-bot openshift-bot force-pushed the synchronize-upstream branch from a41183a to 453f9a4 Compare June 12, 2026 00:19
@openshift-bot openshift-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 12, 2026
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jun 12, 2026
camilamacedo86 and others added 24 commits June 13, 2026 00:13
@camilamacedo86
UPSTREAM: <carry>: Skip incompatible operator test when Boxcutter use…
036a4d9 
…s ClusterObjectSet

The upstream rename of ClusterExtensionRevision to ClusterObjectSet
(operator-framework/operator-controller#2589) breaks the incompatible
operator detection in cluster-olm-operator. The cluster-olm-operator
binary still reads ClusterExtensionRevision resources to find operators
with olm.maxOpenShiftVersion, so after the rename it never detects
incompatible operators and InstalledOLMOperatorsUpgradeable stays True.

Skip this test when NewOLMBoxCutterRuntime feature gate is enabled
until cluster-olm-operator is updated to read ClusterObjectSet.

Signed-off-by: Camila Macedo <cmacedo@redhat.com>
Made-with: Cursor
@bandrade
UPSTREAM: <carry>: add ocp-87557
6c9d9e9
@fgiudici
UPSTREAM: <carry>: Add fgiudici as reviewer
f9fdc3d 
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
@camilamacedo86
UPSTREAM: <carry>: Remove skip for incompatible operator check after …
c671291 
…rename of CER
@kuiwang02
UPSTREAM: <carry>: Test empty affinity erasure and cleanup
93b79a6
@camilamacedo86
UPSTREAM: <carry>: Fix boxcutter finalizer ResourceNames in preflight…
94cc6be 
… test
@camilamacedo86
UPSTREAM: <carry>: Expand OTE docs with more comprehensive details
e316b3c
@tmshort
UPSTREAM: <carry>: Disable upstream TLSProfile tests
9706178 
Signed-off-by: Todd Short <todd.short@me.com>
@camilamacedo86
UPSTREAM: <carry>: OTE: Simplify by remove option to configure tests …
a1c46b1 
…to run outside of OCP
@camilamacedo86
UPSTREAM: <carry>: OTE - Make OTE local output easier to read
676be51
@joelanford
UPSTREAM: <carry>: remove dead e2e registry push job and related vari…
6ac9ace 
…ables
@tmshort @claude
UPSTREAM: <carry>: OCPBUGS-62517: Set replicas=1, PDB, and pod anti-a…
26f13f5 
…ffinity for HA topology

Rolling updates in HighlyAvailable clusters leave catalogd and
operator-controller unavailable when the only running pod is evicted
before its replacement is ready.

Fix by defaulting replicas=1 and PDB disabled in the static Helm values
(safe for SNO/External topologies, passes the SNO conformance test that
asserts exactly one replica in SingleReplica topology mode). Add pod
anti-affinity to prefer scheduling replicas on different nodes.

cluster-olm-operator detects the cluster's ControlPlaneTopology at
startup and overrides these values to replicas=2 and PDB enabled when a
HighlyAvailable topology is detected, then re-renders the manifests
before starting controllers. When a topology change is observed at
runtime (exceedingly rare), the operator exits so its deployment
controller restarts it, triggering a fresh Helm render with the correct
values for the new topology.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Todd Short <tshort@redhat.com>
@tmshort @claude
UPSTREAM: <carry>: fix(test): drop blocking namespace-deletion wait b…
f30bad5 
…etween both-watch-modes scenarios

The both-watch-modes test loops over two scenarios (singlens, ownns) inside
a single It block and was blocking on full namespace deletion between them.
This caused flaky 300s timeouts on GCP techpreview clusters where master
nodes run at 94-99% CPU, which starves the namespace controller and makes
namespace termination arbitrarily slow.

The wait was not guarding anything real:
- EnsureCleanupClusterExtension already ensures the CE and CRD are gone;
  since CE deletion uses ForegroundPropagation, the ClusterObjectSet teardown
  must complete before the CE disappears, meaning all managed resources
  (Deployments, Services, etc.) are already deleted at that point.
- The singleown bundle installs no ValidatingWebhookConfiguration or
  MutatingWebhookConfiguration, so there is no webhook admission risk.
- Each scenario generates unique namespace names and CRD group suffixes via
  rand.String(4), so a terminating namespace from scenario 1 cannot collide
  with or interfere with scenario 2's resources.

Trigger both namespace deletions and proceed without waiting. The DeferCleanup
registrations that already exist will handle any residual cleanup after the
spec exits.

Fixes: OCPBUGS-84943

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Todd Short <tshort@redhat.com>
@tmshort @claude
UPSTREAM: <carry>: Fix downstream e2e test invocation
50e02ea 
- Replace broken test-experimental-e2e target (test/experimental-e2e no
  longer exists) with /bin/true so triggered jobs always succeed
- Pass -timeout=60m to go test; the previous invocation relied on Go's
  10m default which is too short for BoxcutterRuntime clusters
- Set E2E_STEP_TIMEOUT=15m; BoxcutterRuntime applies resources through
  sequential phases (CRD must reach Established before the deploy phase
  starts), making installations slower than the upstream 5m default
- Skip ~@CatalogdHA scenarios (require multiple catalogd replicas not
  present in standard topology)
- Skip ~@ProgressDeadline scenarios (require progressDeadlineMinutes < 10
  but the OpenShift CRD enforces a minimum of 10)
- Skip ~@httpproxy scenarios (too disruptive to cluster networking)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Todd Short <tshort@redhat.com>
@joelanford
UPSTREAM: <carry>: Delete openshift/registry.Dockerfile
5a34dfb 
The e2e-test-registry image is no longer built by CI after
openshift/release#78581 removed it from the CI config. The dynamic
per-scenario catalog system replaced the pre-built registry image,
making this Dockerfile dead code.
@tmshort
UPSTREAM: <carry>: Remove test-experimenal-e2e
2bb1760 
It's no longer bring used.

Signed-off-by: Todd Short <tshort@redhat.com>
@camilamacedo86
UPSTREAM: <carry>: Update readme Default Catalog Tests
806b7d1
@tmshort
UPSTREAM: <carry>: add OLMv1 topology-based deployment scaling e2e test
1f01288 
Adds a new test that verifies cluster-olm-operator correctly configures
operator-controller and catalogd deployments based on the cluster's
control plane topology:
- HA topologies (HighlyAvailable, HighlyAvailableArbiter, DualReplica):
  replicas=2 with a PodDisruptionBudget present
- Non-HA topologies (SingleReplica/SNO, External): replicas=1, no PDB

Also registers policyv1 in the test scheme to support PDB list queries.

Assisted-by: claude
Signed-off-by: Todd Short <tshort@redhat.com>
@tmshort
UPSTREAM: <carry>: Update dockerfiles to use golang-1.26-release-4.23…
1bb9859 
… builders

Signed-off-by: Todd Short <tshort@redhat.com>
UPSTREAM: <carry>: Updating ose-olm-operator-controller-container ima…
f533e3e 
…ge to be consistent with ART for 5.0

Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-olm-operator-controller.yml
UPSTREAM: <carry>: Updating ose-olm-catalogd-container image to be co…
4f3d364 
…nsistent with ART for 5.0

Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-olm-catalogd.yml
UPSTREAM: <drop>: go mod vendor
3ecf595
UPSTREAM: <drop>: remove upstream GitHub configuration
75ab486
UPSTREAM: <drop>: configure the commit-checker
9d2c9fc
@openshift-bot openshift-bot force-pushed the synchronize-upstream branch from 453f9a4 to 9d2c9fc Compare June 13, 2026 00:23
@openshift-bot openshift-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 13, 2026
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jun 13, 2026
@openshift-ci

openshift-ci Bot commented Jun 13, 2026

Copy link
Copy Markdown
Contributor

New changes are detected. LGTM label has been removed.

coderabbitai[bot]
coderabbitai Bot reviewed Jun 13, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
Makefile (1)

124-127: 🩺 Stability & Availability | ⚡ Quick win

Restore fast validation for the Prometheus test values.

lint-helm now stops after helm/olmv1, but the new e2e flow still feeds testdata/prometheus/values.yaml and testdata/prometheus/values-experimental.yaml into the prometheus target on Lines 340 and 353-357. That moves bad values/schema changes out of the quick lint path and into the slower e2e install step. Please add a lightweight template/lint check for the chart+values pair used there.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Makefile` around lines 124 - 127, The new lint-helm target omits the fast
validation for the Prometheus values used by the prometheus target, moving
potential schema/value issues into slow e2e installs; update lint-helm to also
run a lightweight helm template + conftest (or equivalent linter) for the
Prometheus chart paired with testdata/prometheus/values.yaml and
testdata/prometheus/values-experimental.yaml so those bad values are caught
early. Locate the prometheus-related Makefile logic (the prometheus target and
the two values files referenced in the diff) and add a step similar to the
existing helm template | conftest invocation (used for helm/olmv1) but targeting
the Prometheus chart and both values files (or run it twice, once per values
file) to keep the check fast while preserving current lint behavior.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Makefile`:
- Around line 124-127: The new lint-helm target omits the fast validation for
the Prometheus values used by the prometheus target, moving potential
schema/value issues into slow e2e installs; update lint-helm to also run a
lightweight helm template + conftest (or equivalent linter) for the Prometheus
chart paired with testdata/prometheus/values.yaml and
testdata/prometheus/values-experimental.yaml so those bad values are caught
early. Locate the prometheus-related Makefile logic (the prometheus target and
the two values files referenced in the diff) and add a step similar to the
existing helm template | conftest invocation (used for helm/olmv1) but targeting
the Prometheus chart and both values files (or run it twice, once per values
file) to keep the check fast while preserving current lint behavior.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 5ce7d40b-8a20-4835-8dce-5eca37569961

📥 Commits

Reviewing files that changed from the base of the PR and between 453f9a4 and 9d2c9fc.

⛔ Files ignored due to path filters (241)
  • .bingo/controller-gen.sum is excluded by !**/*.sum
  • .bingo/crd-diff.sum is excluded by !**/*.sum
  • .bingo/kustomize.sum is excluded by !**/*.sum
  • api/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
  • go.sum is excluded by !**/*.sum
  • openshift/tests-extension/go.sum is excluded by !**/*.sum
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/clustercatalog_types.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/clusterextension_types.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/clusterobjectset_types.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/groupversion_info.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/operator-framework/operator-controller/api/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !**/zz_generated*
  • openshift/tests-extension/vendor/github.com/prometheus/common/expfmt/openmetrics_create.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/github.com/prometheus/common/model/metric.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sync/singleflight/singleflight.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_386.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/encoding/protojson/decode.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/encoding/prototext/decode.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/internal/version/version.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/modules.txt is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/errors.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/restmapper.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/applyconfigurations.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/options.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/client/typed_client.go is excluded by !**/vendor/**
  • openshift/tests-extension/vendor/sigs.k8s.io/controller-runtime/pkg/scheme/scheme.go is excluded by !**/vendor/**
  • vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gregjones/httpcache/.travis.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gregjones/httpcache/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-sqlite3/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-sqlite3/sqlite3-binding.c is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-sqlite3/sqlite3.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-sqlite3/sqlite3_context.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-sqlite3/sqlite3_opt_dbstat.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-sqlite3/sqlite3_opt_unlock_notify.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-sqlite3/sqlite3_opt_vtable.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/flowrate.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/io.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/util.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/expfmt/openmetrics_create.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/model/metric.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/mod/modfile/read.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/mod/modfile/rule.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/atom/atom.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/atom/table.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/const.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/doctype.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/entity.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/escape.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/foreign.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/iter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/node.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/nodetype_string.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/parse.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/render.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/token.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sync/semaphore/semaphore.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_386.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_arm.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_mips.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/encoding/protojson/decode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/encoding/prototext/decode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/internal/descfmt/stringer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/internal/version/version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admission/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/admissionregistration/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/admissionregistration/v1/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/apidiscovery/v2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apidiscovery/v2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apidiscovery/v2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apidiscovery/v2beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/apps/v1beta2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1alpha1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1alpha1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authentication/v1beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/authorization/v1beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta2/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/batch/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/batch/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1alpha1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/generated.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/types_swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/certificates/v1beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/certificates/v1beta1/zz_generated.prerelease-lifecycle.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/k8s.io/api/coordination/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/k8s.io/api/coordination/v1alpha2/generated.proto is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (59)
  • .bingo/Variables.mk
  • .bingo/controller-gen.mod
  • .bingo/crd-diff.mod
  • .bingo/kustomize.mod
  • .bingo/variables.env
  • AGENTS.md
  • Makefile
  • api/v1/clustercatalog_types.go
  • api/v1/clusterextension_types.go
  • api/v1/clusterobjectset_types.go
  • api/v1/groupversion_info.go
  • applyconfigurations/api/v1/clustercatalog.go
  • applyconfigurations/api/v1/clusterextension.go
  • applyconfigurations/api/v1/clusterobjectset.go
  • applyconfigurations/internal/internal.go
  • go.mod
  • hack/api-lint-diff/run.sh
  • hack/conftest/policy/README.md
  • hack/conftest/policy/prometheus-networkpolicies.rego
  • hack/test/install-prometheus.sh
  • hack/tools/crd-generator/main_test.go
  • helm/prom_experimental.yaml
  • helm/prometheus/Chart.yaml
  • helm/prometheus/templates/clusterrole-prometheus.yml
  • helm/prometheus/templates/clusterrolebinding-prometheus.yml
  • helm/prometheus/templates/networkpolicy-prometheus.yml
  • helm/prometheus/templates/prometheus-prometheus.yml
  • helm/prometheus/templates/prometheusrule-controller-alerts.yml
  • helm/prometheus/templates/secret-prometheus-metrics-token.yml
  • helm/prometheus/templates/service-prometheus-service.yml
  • helm/prometheus/templates/serviceaccount-prometheus.yml
  • helm/prometheus/templates/servicemonitor-catalogd-controller-manager-metrics-monitor.yml
  • helm/prometheus/templates/servicemonitor-kubelet.yml
  • helm/prometheus/templates/servicemonitor-operator-controller-controller-manager-metrics-monitor.yml
  • helm/prometheus/values.yaml
  • internal/operator-controller/rukpak/bundle/registryv1bundleconfig.json
  • internal/operator-controller/rukpak/preflights/crdupgradesafety/crdupgradesafety_test.go
  • internal/operator-controller/rukpak/preflights/crdupgradesafety/testdata/manifests/crd-oneof-removed-new.json
  • internal/operator-controller/rukpak/preflights/crdupgradesafety/testdata/manifests/crd-oneof-removed-old.json
  • internal/operator-controller/rukpak/preflights/crdupgradesafety/testdata/manifests/crd-oneof-safe-addition-new.json
  • internal/operator-controller/rukpak/preflights/crdupgradesafety/testdata/manifests/crd-oneof-safe-addition-old.json
  • internal/shared/util/image/helm_test.go
  • internal/shared/util/test/utils.go
  • internal/shared/util/tlsprofiles/tlsprofiles.go
  • internal/shared/util/tlsprofiles/tlsprofiles_test.go
  • openshift/tests-extension/go.mod
  • requirements.txt
  • test/e2e/features/tls.feature
  • test/e2e/features_test.go
  • test/e2e/steps/steps.go
  • test/e2e/steps/tls_steps.go
  • test/e2e/support-bundle.yaml
  • test/internal/summary/artifacts.go
  • test/internal/summary/summary.go
  • test/internal/summary/templates/alert.md.tmpl
  • test/internal/summary/templates/mermaid_chart.md.tmpl
  • test/internal/summary/templates/summary.md.tmpl
  • testdata/prometheus/values-experimental.yaml
  • testdata/prometheus/values.yaml
💤 Files with no reviewable changes (18)
  • .bingo/kustomize.mod
  • helm/prometheus/templates/clusterrole-prometheus.yml
  • helm/prometheus/templates/servicemonitor-catalogd-controller-manager-metrics-monitor.yml
  • helm/prometheus/templates/service-prometheus-service.yml
  • helm/prometheus/values.yaml
  • helm/prometheus/templates/prometheusrule-controller-alerts.yml
  • helm/prometheus/templates/serviceaccount-prometheus.yml
  • helm/prometheus/templates/networkpolicy-prometheus.yml
  • helm/prometheus/templates/servicemonitor-kubelet.yml
  • helm/prometheus/Chart.yaml
  • helm/prometheus/templates/secret-prometheus-metrics-token.yml
  • internal/shared/util/test/utils.go
  • hack/conftest/policy/prometheus-networkpolicies.rego
  • hack/test/install-prometheus.sh
  • helm/prometheus/templates/prometheus-prometheus.yml
  • helm/prometheus/templates/clusterrolebinding-prometheus.yml
  • helm/prom_experimental.yaml
  • helm/prometheus/templates/servicemonitor-operator-controller-controller-manager-metrics-monitor.yml
✅ Files skipped from review due to trivial changes (6)
  • internal/operator-controller/rukpak/preflights/crdupgradesafety/testdata/manifests/crd-oneof-removed-old.json
  • requirements.txt
  • internal/operator-controller/rukpak/preflights/crdupgradesafety/testdata/manifests/crd-oneof-safe-addition-old.json
  • internal/operator-controller/rukpak/bundle/registryv1bundleconfig.json
  • .bingo/variables.env
  • applyconfigurations/internal/internal.go
🚧 Files skipped from review as they are similar to previous changes (26)
  • .bingo/controller-gen.mod
  • test/internal/summary/artifacts.go
  • test/e2e/support-bundle.yaml
  • hack/tools/crd-generator/main_test.go
  • api/v1/clusterextension_types.go
  • test/e2e/features/tls.feature
  • internal/operator-controller/rukpak/preflights/crdupgradesafety/testdata/manifests/crd-oneof-safe-addition-new.json
  • testdata/prometheus/values-experimental.yaml
  • internal/shared/util/image/helm_test.go
  • api/v1/clustercatalog_types.go
  • test/e2e/steps/steps.go
  • .bingo/crd-diff.mod
  • api/v1/groupversion_info.go
  • .bingo/Variables.mk
  • openshift/tests-extension/go.mod
  • applyconfigurations/api/v1/clustercatalog.go
  • applyconfigurations/api/v1/clusterobjectset.go
  • test/e2e/features_test.go
  • test/internal/summary/summary.go
  • internal/shared/util/tlsprofiles/tlsprofiles.go
  • applyconfigurations/api/v1/clusterextension.go
  • api/v1/clusterobjectset_types.go
  • internal/shared/util/tlsprofiles/tlsprofiles_test.go
  • test/e2e/steps/tls_steps.go
  • internal/operator-controller/rukpak/preflights/crdupgradesafety/crdupgradesafety_test.go
  • go.mod

@openshift-ci

openshift-ci Bot commented Jun 13, 2026

Copy link
Copy Markdown
Contributor

@openshift-bot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-upgrade-ovn-single-node 9d2c9fc link false /test e2e-aws-upgrade-ovn-single-node
ci/prow/openshift-e2e-aws 9d2c9fc link true /test openshift-e2e-aws

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@anik120 anik120 Awaiting requested review from anik120

@thetechnick thetechnick Awaiting requested review from thetechnick

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. kind/sync tide/merge-method-merge Denotes a PR that should use a standard merge by tide when it merges.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.