AGENT-1522: bump InternalReleaseImage to v1#6174
Conversation
|
@andfasano: This pull request references AGENT-1522 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Pipeline controller notification For optional jobs, comment This repository is configured in: LGTM mode |
WalkthroughThis PR migrates InternalReleaseImage handling from ChangesInternalReleaseImage API migration
Estimated code review effort: 3 (Moderate) | ~25 minutes 🚥 Pre-merge checks | ✅ 13 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (13 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: andfasano The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@cmd/machine-config-operator/start.go`:
- Around line 72-75: Do not call
ctrlctx.InformerFactory.Machineconfiguration().V1().InternalReleaseImages()
before checking the feature gate; instead declare iriInformer as nil first and
only assign it by calling
ctrlctx.InformerFactory.Machineconfiguration().V1().InternalReleaseImages()
after FeatureGatesHandler.Enabled(features.FeatureGateNoRegistryClusterInstall)
returns true so the informer is not registered when the gate is off; update the
block around iriInformer, FeatureGatesHandler.Enabled and
features.FeatureGateNoRegistryClusterInstall accordingly.
In `@go.mod`:
- Around line 458-460: The go.mod contains unsafe personal-fork replace
directives (replace github.com/openshift/api => github.com/pawanpinjarkar/api
... and replace github.com/openshift/client-go => github.com/andfasano/client-go
...) which must be removed or replaced with approved upstream module versions
and pinned hashes; to fix, delete those two replace lines or change them to the
official upstream modules with explicit, reviewed pseudo-versions or checksums,
run go mod tidy and regenerate vendor/modules.txt (or go.sum) to remove the
forks, and if you must keep non-upstream code document justification and add
prodsec controls (pinned version/hash, CVE review, SBOM/signing) in the PR
description.
In `@pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go`:
- Around line 329-330: When seeding informer fixtures you currently ignore the
error returned by GetIndexer().Add(...) which can hide malformed objects; update
each call to GetIndexer().Add(c) in internalreleaseimage_controller_test.go to
check its error return and fail the test on error (e.g. if err :=
informerFactory.Machineconfiguration().V1().InternalReleaseImages().Informer().GetIndexer().Add(c);
err != nil { t.Fatalf("failed to add fixture: %v", err) } or use
require.NoError(t, err)), and apply the same change to the other
GetIndexer().Add(...) calls in that block so fixture insertion errors are
surfaced immediately.
In `@pkg/controller/internalreleaseimage/internalreleaseimage_controller.go`:
- Around line 604-605: Replace context.TODO() calls in the sync path with a
reconcile-scoped timeout context: for each API call in syncInternalReleaseImage
(e.g.,
ctrl.client.MachineconfigurationV1().InternalReleaseImages().UpdateStatus, Get,
Update and any MachineConfigs Create/Update calls referenced around lines 630,
720, 729, 731, 743, 771), create a context with context.WithTimeout(parentCtx,
<reasonableDuration>) and defer cancel() so the RPC is bounded; pass that
context into the client call and handle the context error as usual. Ensure you
choose a sensible timeout and reuse the same pattern for all
Get/Update/UpdateStatus calls in this controller.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: fe904214-e91e-4d77-aafc-47c2978623a4
⛔ Files ignored due to path filters (39)
go.sumis excluded by!**/*.sumvendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/api/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yamlis excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.gois excluded by!**/vendor/**,!vendor/**,!**/zz_generated*vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.gois excluded by!**/vendor/**,!vendor/**,!**/zz_generated*vendor/github.com/openshift/api/features.mdis excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/api/features/features.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/api/machineconfiguration/v1/register.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/api/machineconfiguration/v1/types.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/api/machineconfiguration/v1/types_internalreleaseimage.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yamlis excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yamlis excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.gois excluded by!**/vendor/**,!vendor/**,!**/zz_generated*vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yamlis excluded by!**/vendor/**,!vendor/**,!**/zz_generated*vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.gois excluded by!**/vendor/**,!vendor/**,!**/zz_generated*vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsconfig.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsresourcelabels.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/config/applyconfigurations/utils.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimage.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagebundlestatus.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimageref.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagespec.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagestatus.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/utils.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_internalreleaseimage.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_machineconfiguration_client.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/generated_expansion.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/internalreleaseimage.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/machineconfiguration_client.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1/interface.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1/internalreleaseimage.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/internalreleaseimage.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1/expansion_generated.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1/internalreleaseimage.gois excluded by!**/vendor/**,!vendor/**vendor/modules.txtis excluded by!**/vendor/**,!vendor/**
📒 Files selected for processing (25)
cmd/machine-config-controller/start.gocmd/machine-config-daemon/start.gocmd/machine-config-operator/start.gogo.modmanifests/machineconfigcontroller/internalreleaseimage-deletion-guard-validatingadmissionpolicy.yamlpkg/controller/bootstrap/bootstrap.gopkg/controller/certrotation/certrotation_controller.gopkg/controller/certrotation/helpers_test.gopkg/controller/common/iri_secret_merger.gopkg/controller/common/iri_secret_merger_test.gopkg/controller/internalreleaseimage/aggregation.gopkg/controller/internalreleaseimage/internalreleaseimage_bootstrap.gopkg/controller/internalreleaseimage/internalreleaseimage_bootstrap_test.gopkg/controller/internalreleaseimage/internalreleaseimage_controller.gopkg/controller/internalreleaseimage/internalreleaseimage_controller_test.gopkg/controller/internalreleaseimage/internalreleaseimage_helpers_test.gopkg/controller/internalreleaseimage/internalreleaseimage_renderer.gopkg/controller/template/template_controller.gopkg/controller/template/template_controller_test.gopkg/daemon/internalreleaseimage/internalreleaseimage_helpers_test.gopkg/daemon/internalreleaseimage/internalreleaseimage_manager.gopkg/daemon/internalreleaseimage/internalreleaseimage_manager_test.gopkg/operator/operator.gotest/e2e-bootstrap/bootstrap_test.gotest/e2e-iri/iri_test.go
| i.Machineconfiguration().V1().InternalReleaseImages().Informer().GetIndexer().Add(c) | ||
| } |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE="pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go"
if [ ! -f "$FILE" ]; then
echo "Missing file: $FILE"
exit 1
fi
nl -ba "$FILE" | sed -n '300,380p'
echo "---- surrounding imports ----"
nl -ba "$FILE" | sed -n '1,120p'
echo "---- grep for Indexer().Add(c) in file ----"
rg -n "Indexer\(\)\.Add\(" "$FILE" || trueRepository: openshift/machine-config-operator
Length of output: 120
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE="pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go"
if [ ! -f "$FILE" ]; then
echo "Missing file: $FILE"
exit 1
fi
nl -ba "$FILE" | sed -n '300,380p'
echo "---- surrounding imports ----"
nl -ba "$FILE" | sed -n '1,120p'
echo "---- grep for Indexer().Add(c) in file ----"
rg -n "Indexer\(\)\.Add\(" "$FILE" || trueRepository: openshift/machine-config-operator
Length of output: 120
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE="pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go"
if [ ! -f "$FILE" ]; then
echo "Missing file: $FILE" >&2
exit 1
fi
echo "---- lines 300-380 (cat -n) ----"
cat -n "$FILE" | sed -n '300,380p'
echo "---- grep for Indexer().Add(c) in file ----"
rg -n "Indexer\(\)\.Add\(" "$FILE" || true
echo "---- check for other Add(...) calls on that indexer ----"
rg -n "GetIndexer\(\)\.Add\(" "$FILE" || true
echo "---- inspect exact lines 329-330 ----"
cat -n "$FILE" | sed -n '320,340p'Repository: openshift/machine-config-operator
Length of output: 5240
Handle Indexer.Add errors when seeding informer fixtures.
The return value from GetIndexer().Add(...) is ignored when inserting fixtures, which can hide malformed objects and lead to misleading test outcomes (same pattern applies to the other GetIndexer().Add(...) calls in this block).
Proposed fix
- i.Machineconfiguration().V1().InternalReleaseImages().Informer().GetIndexer().Add(c)
+ require.NoError(t, i.Machineconfiguration().V1().InternalReleaseImages().Informer().GetIndexer().Add(c))🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go`
around lines 329 - 330, When seeding informer fixtures you currently ignore the
error returned by GetIndexer().Add(...) which can hide malformed objects; update
each call to GetIndexer().Add(c) in internalreleaseimage_controller_test.go to
check its error return and fail the test on error (e.g. if err :=
informerFactory.Machineconfiguration().V1().InternalReleaseImages().Informer().GetIndexer().Add(c);
err != nil { t.Fatalf("failed to add fixture: %v", err) } or use
require.NoError(t, err)), and apply the same change to the other
GetIndexer().Add(...) calls in that block so fixture insertion errors are
surfaced immediately.
Source: Coding guidelines
|
/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880 |
|
@pablintino: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info. |
|
/payload-job-with-prs periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880 |
|
@pablintino: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/f9891120-6598-11f1-85b3-151bb12aa17e-0 |
|
/payload-job-with-prs periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880 |
|
@andfasano: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info. |
|
/payload-job-with-prs periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880 |
|
@andfasano: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info. |
|
/payload-job-with-prs periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880 |
|
@andfasano: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/fa81a320-65b2-11f1-8f52-076e43fcbb6b-0 |
b766b66 to
3b253da
Compare
c790bf8 to
93d430b
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 467: Remove the two personal-fork replace directives that route
github.com/openshift/api to github.com/pawanpinjarkar/api and
github.com/openshift/client-go to github.com/andfasano/client-go from the go.mod
file. After removing these replace statements, run go mod tidy to finalize the
dependency graph back to the upstream versions pinned on lines 40-41. If the
vendor directory was pre-generated with the fork paths, update it accordingly.
Before completing the merge, verify that the upstream PRs (openshift/api#2880
and openshift/client-go#383) are on track to be merged into their main branches
soon.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
latest available to fetch InternalReleaseImage v1
|
/test ? |
|
/test e2e-agent-compact-ipv4 |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 53: Update the golang.org/x/net dependency pin in go.mod to a version at
or above v0.51.0, since v0.50.0 is affected by the GO-2026-4559 issue in the
http2 package. If you cannot bump it, verify the codebase never uses the
affected HTTP/2 paths, but the preferred fix is to raise the x/net version and
keep any related module sums in sync.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
| github.com/vincent-petithory/dataurl v1.0.0 | ||
| github.com/vmware/govmomi v0.45.1 | ||
| golang.org/x/net v0.48.0 | ||
| golang.org/x/net v0.50.0 |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Bump golang.org/x/net past the fixed release.
v0.50.0 falls in GO-2026-4559, which affects golang.org/x/net/http2 and is fixed in v0.51.0; please raise this pin or confirm the repo never reaches the affected HTTP/2 paths. (osv.dev)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` at line 53, Update the golang.org/x/net dependency pin in go.mod to a
version at or above v0.51.0, since v0.50.0 is affected by the GO-2026-4559 issue
in the http2 package. If you cannot bump it, verify the codebase never uses the
affected HTTP/2 paths, but the preferred fix is to raise the x/net version and
keep any related module sums in sync.
|
/test e2e-agent-compact-ipv4-iso-no-registry |
|
@andfasano: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
- What I did
This patch bumps the openshift/api to fetch the InternalReleaseImage v1.
Requires openshift/api#2880
Requires openshift/client-go#383
Note: currently go.mod is temporary patched to allow payload testing as per the following comment openshift/api#2880 (comment)
Summary by CodeRabbit