feat: EnvoyPatchPolicy support targetRefs

[zirain]

xref: #8623

• add targetRefs to EnvoyPatchPolicy
• add warning condition if still using spec.targetRef

[netlify]

✅ Deploy Preview for cerulean-figolla-1f9435 canceled.

Name	Link
🔨 Latest commit	3036432
🔍 Latest deploy log	https://app.netlify.com/projects/cerulean-figolla-1f9435/deploys/69e5924622f55f0008c9114c

[codecov]

Codecov Report

❌ Patch coverage is 85.91549% with 30 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.32%. Comparing base (d80fb5b) to head (5c2d13c).

Files with missing lines	Patch %	Lines
internal/xds/runner/runner.go	57.14%	17 Missing and 7 partials ⚠️
internal/gatewayapi/envoypatchpolicy.go	98.33%	1 Missing and 1 partial ⚠️
internal/gatewayapi/status/envoypatchpolicy.go	92.00%	2 Missing ⚠️
internal/xds/translator/jsonpatch.go	83.33%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8713      +/-   ##
==========================================
- Coverage   74.35%   74.32%   -0.03%     
==========================================
  Files         245      245              
  Lines       38847    38987     +140     
==========================================
+ Hits        28883    28979      +96     
- Misses       7963     7995      +32     
- Partials     2001     2013      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[zirain]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 75527614e2

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[zirain]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f26683595c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[arkodg]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6a5bcf3f2c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Drop stale ancestors when targetRefs are removed

The merge branch preserves any existingStatus.Ancestors entry that is missing from the newly translated status (else path here), which makes ancestor status sticky across updates. If a policy previously targeted two Gateways and later removes one targetRef, the removed target is no longer emitted in the new translation, but this code keeps it forever, so users continue to see outdated attachment/condition state. The merged result should prune ancestors absent from the latest status (or gate retention by generation) instead of always carrying them forward.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Build ancestorRef from the actual target before validation

For non-merged mode, ancestorRef is derived with getAncestorRefForPolicy before validating targetRef.Group/Kind, so every entry is normalized to a Gateway ancestor even when the input ref is invalid. With targetRefs, an invalid and a valid ref that share the same name can collide on the same ancestor: the invalid one sets Accepted=False, and the valid one then cannot flip it to accepted because the accepted condition already exists. This produces incorrect status (rejected) even when patches were successfully applied to the valid target.

Useful? React with 👍 / 👎.