Skip to content

NO-ISSUE: Synchronize From Upstream Repositories#701

Merged
openshift-merge-bot[bot] merged 102 commits intoopenshift:mainfrom
openshift-bot:synchronize-upstream
Apr 22, 2026
Merged

NO-ISSUE: Synchronize From Upstream Repositories#701
openshift-merge-bot[bot] merged 102 commits intoopenshift:mainfrom
openshift-bot:synchronize-upstream

Conversation

@openshift-bot
Copy link
Copy Markdown

@openshift-bot openshift-bot commented Apr 17, 2026

The downstream repository has been updated with the following following upstream commits:

Date Commit Author Message
2026-04-21 15:24:41 operator-framework/operator-controller@f5e93c1 dependabot[bot] 🌱 Bump github.com/google/go-containerregistry (#2666)
2026-04-20 17:44:29 operator-framework/operator-controller@baae0a6 dependabot[bot] 🌱 Bump click from 8.3.1 to 8.3.2 (#2665)
2026-04-20 17:41:45 operator-framework/operator-controller@7d7ea81 dependabot[bot] 🌱 Bump regex from 2026.3.32 to 2026.4.4 (#2664)
2026-04-20 17:39:01 operator-framework/operator-controller@91ea0ee dependabot[bot] 🌱 Bump marocchino/sticky-pull-request-comment (#2663)
2026-04-20 17:30:24 operator-framework/operator-controller@e45ca46 Joe Lanford 🐛 e2e: skip clusterobjectset cleanup when BoxcutterRuntime is disabled (#2662)
2026-04-18 02:27:14 operator-framework/operator-controller@52bf60f dependabot[bot] 🌱 Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (#2661)
2026-04-17 20:23:52 operator-framework/operator-controller@2b2669f dependabot[bot] 🌱 Bump dorny/paths-filter from 4 to 4.0.1 (#2660)
2026-04-17 20:18:22 operator-framework/operator-controller@58375a9 dependabot[bot] 🌱 Bump go.podman.io/image/v5 from 5.39.1 to 5.39.2 (#2659)
2026-04-17 20:12:53 operator-framework/operator-controller@665f701 dependabot[bot] 🌱 Bump marocchino/sticky-pull-request-comment from 3 to 3.0.2 (#2658)
2026-04-17 11:38:46 operator-framework/operator-controller@e20da75 Todd Short test: add TLS profile unit and e2e tests (#2653)
2026-04-17 06:59:15 operator-framework/operator-controller@3fa2e34 dependabot[bot] Bump github.com/moby/spdystream in /hack/tools/test-profiling (#2657)
2026-04-16 18:59:04 operator-framework/operator-controller@09f3c55 dependabot[bot] 🌱 Bump charset-normalizer from 3.4.6 to 3.4.7 (#2656)

The vendor/ directory has been updated and the following commits were carried:

Date Commit Author Message
2026-04-16 00:09:10 openshift/operator-framework-operator-controller@af81ade dtfranz UPSTREAM: <carry>: Add OpenShift specific files
2026-04-16 00:09:12 openshift/operator-framework-operator-controller@fcc703a Camila Macedo UPSTREAM: <carry>: Add new tests for single/own namespaces install modes
2026-04-16 00:09:12 openshift/operator-framework-operator-controller@cbd4e95 Camila Macedo UPSTREAM: <carry>: Upgrade OCP image from 4.20 to 4.21
2026-04-16 00:09:13 openshift/operator-framework-operator-controller@18e745a Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] - Change logic to get ocp images from openshift/catalogd/manifests.yaml
2026-04-16 00:09:14 openshift/operator-framework-operator-controller@a8f11a8 Todd Short UPSTREAM: <carry>: Update OCP catalogs to v4.21
2026-04-16 00:09:15 openshift/operator-framework-operator-controller@9fa43d7 Kui Wang UPSTREAM: <carry>: support singleown cases in disconnected
2026-04-16 00:09:16 openshift/operator-framework-operator-controller@715d9ef Kui Wang UPSTREAM: <carry>: fix cases 81696 and 74618 for product code changes
2026-04-16 00:09:16 openshift/operator-framework-operator-controller@93118e1 Camila Macedo UPSTREAM: <carry>: Define Default timeouts and apply their usage accross to avoid flakes
2026-04-16 00:09:17 openshift/operator-framework-operator-controller@db1bc13 Todd Short UPSTREAM: <carry>: Update to new feature-gate options in helm
2026-04-16 00:09:18 openshift/operator-framework-operator-controller@c9d0247 Camila Macedo UPSTREAM: <carry>: Fix flake for single/own ns tests by ensuring uniquess and waiting for k8s cleanups
2026-04-16 00:09:18 openshift/operator-framework-operator-controller@0f74b66 Camila Macedo UPSTREAM: <carry>: [OTE]: Enhance single/own ns based on review comments ( Follow-Up of: 714977c )
2026-04-16 00:09:19 openshift/operator-framework-operator-controller@9d0d6dc Kui Wang UPSTREAM: <carry>: Update OwnSingle template to use spec.config.inline.watchNamespace
2026-04-16 00:09:20 openshift/operator-framework-operator-controller@3fb6ecb Camila Macedo UPSTREAM: <carry>: [OTE]: Add webhook cleanup validation on extension uninstall
2026-04-16 00:09:21 openshift/operator-framework-operator-controller@8499f9d Kui Wang UPSTREAM: <carry>: Add [OTP] to migrated cases
2026-04-16 00:09:22 openshift/operator-framework-operator-controller@75a1b47 Camila Macedo UPSTREAM: <carry>: [OTE]: Upgrade dependencies used
2026-04-16 00:09:24 openshift/operator-framework-operator-controller@205a420 Camila Macedo UPSTREAM: <carry>: fix(OTE): fix OpenShift Kubernetes replace version format
2026-04-16 00:09:25 openshift/operator-framework-operator-controller@8e398eb Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] Upgrade go 1.24.6 and dependencies
2026-04-16 00:09:26 openshift/operator-framework-operator-controller@e43064d Kui Wang UPSTREAM: <carry>: add disconnected environment support with custom prow job for migrated qe cases
2026-04-16 00:09:27 openshift/operator-framework-operator-controller@5fe86ae Jian Zhang UPSTREAM: <carry>: migrate jiazha test cases to OTE
2026-04-16 00:09:28 openshift/operator-framework-operator-controller@9720262 Xia Zhao UPSTREAM: <carry>: migrate clustercatalog case to ote
2026-04-16 00:09:28 openshift/operator-framework-operator-controller@32512fe Kui Wang UPSTREAM: <carry>: migrate olmv1 QE stress cases
2026-04-16 00:09:29 openshift/operator-framework-operator-controller@2b404ca Todd Short UPSTREAM: <carry>: Use busybox/httpd to simulate probes
2026-04-16 00:09:30 openshift/operator-framework-operator-controller@8159148 Xia Zhao UPSTREAM: <carry>: migrate olmv1 QE cases
2026-04-16 00:09:31 openshift/operator-framework-operator-controller@3f3d37e Kui Wang UPSTREAM: <carry>: add agent for olmv1 qe cases
2026-04-16 00:09:31 openshift/operator-framework-operator-controller@05fecaa Todd Short UPSTREAM: <carry>: Disable upstream PodDisruptionBudget
2026-04-16 00:09:32 openshift/operator-framework-operator-controller@5f322c1 Rashmi Gottipati UPSTREAM: <carry>: Add AGENTS.md for AI code contributions
2026-04-16 00:09:33 openshift/operator-framework-operator-controller@f152d9f Rashmi Gottipati UPSTREAM: <carry>: address review comments through addl prompts
2026-04-16 00:09:33 openshift/operator-framework-operator-controller@e9912e3 Rashmi Gottipati UPSTREAM: <carry>: addressing some more review comments
2026-04-16 00:09:34 openshift/operator-framework-operator-controller@7a2d275 Rashmi Gottipati UPSTREAM: <carry>: remove DCO line
2026-04-16 00:09:34 openshift/operator-framework-operator-controller@2396b35 Bruno Andrade UPSTREAM: <carry>: migrate bandrade test cases to OTE
2026-04-16 00:09:35 openshift/operator-framework-operator-controller@9c3a382 Bruno Andrade UPSTREAM: <carry>: update metadata
2026-04-16 00:09:36 openshift/operator-framework-operator-controller@4a2f583 Bruno Andrade UPSTREAM: <carry>: remove originalName
2026-04-16 00:09:36 openshift/operator-framework-operator-controller@39de536 Jian Zhang UPSTREAM: <carry>: update 80458's timeout to 180s
2026-04-16 00:09:37 openshift/operator-framework-operator-controller@767fd8a Jian Zhang UPSTREAM: <carry>: update 83026 to specify the clustercatalog
2026-04-16 00:09:38 openshift/operator-framework-operator-controller@7344267 Catherine Chan-Tse UPSTREAM: <carry>: Update to golang 1.25 and ocp 4.22
2026-04-16 00:09:38 openshift/operator-framework-operator-controller@bd71ebb Predrag Knezevic UPSTREAM: <carry>: Use oc client for running e2e tests
2026-04-16 00:09:39 openshift/operator-framework-operator-controller@8a9f87c Predrag Knezevic UPSTREAM: <carry>: Run upstream e2e tests tagged with @catalogd-update
2026-04-16 00:09:39 openshift/operator-framework-operator-controller@2ccb91c Kui Wang UPSTREAM: <carry>: enhance case to make it more stable
2026-04-16 00:09:40 openshift/operator-framework-operator-controller@10f8df0 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-04-16 00:09:41 openshift/operator-framework-operator-controller@214b37c Evan Hearne UPSTREAM: <carry>: move sa creation out of buildCurlJob()
2026-04-16 00:09:41 openshift/operator-framework-operator-controller@862368c Evan Hearne UPSTREAM: <carry>: comment out delete service account
2026-04-16 00:09:42 openshift/operator-framework-operator-controller@c065d19 Evan Hearne UPSTREAM: <carry>: move defercleanup for sa for LIFO
2026-04-16 00:09:43 openshift/operator-framework-operator-controller@2334992 Evan Hearne UPSTREAM: <carry>: add polling so job fully deleted before proceed
2026-04-16 00:09:43 openshift/operator-framework-operator-controller@287f844 Luke Meyer UPSTREAM: <carry>: Revert "Merge pull request #594 from ehearne-redhat/add-service-account-curl-job"
2026-04-16 00:09:44 openshift/operator-framework-operator-controller@f4fc074 Camila Macedo UPSTREAM: <carry>: Remove openshift-redhat-marketplace catalog tests
2026-04-16 00:09:44 openshift/operator-framework-operator-controller@368696c Kui Wang UPSTREAM: <carry>: config watchnamespace cases
2026-04-16 00:09:45 openshift/operator-framework-operator-controller@5e1870e Xia Zhao UPSTREAM: <carry>: enhance ocp-79770
2026-04-16 00:09:46 openshift/operator-framework-operator-controller@2a73224 Kui Wang UPSTREAM: <carry>: upgrade version support case
2026-04-16 00:09:46 openshift/operator-framework-operator-controller@0c608ca Per Goncalves da Silva UPSTREAM: <carry>: Remove installed condition check from auth preflight test
2026-04-16 00:09:47 openshift/operator-framework-operator-controller@f4a2f5a Per Goncalves da Silva UPSTREAM: <carry>: Add openshift/api dependency
2026-04-16 00:09:48 openshift/operator-framework-operator-controller@f375992 Per Goncalves da Silva UPSTREAM: <carry>: Add boxcutter specific preflight auth test
2026-04-16 00:09:48 openshift/operator-framework-operator-controller@c02c49b Kui Wang UPSTREAM: <carry>: adjust watchnamespace case based on change
2026-04-16 00:09:49 openshift/operator-framework-operator-controller@78f1eed Camila Macedo UPSTREAM: <carry>: fix(ote): Use as operator-controller dep from root dir
2026-04-16 00:09:50 openshift/operator-framework-operator-controller@4016642 Bruno Andrade UPSTREAM: <carry>: add 83979 automation
2026-04-16 00:09:51 openshift/operator-framework-operator-controller@48245bd Bruno Andrade UPSTREAM: <carry>: add 85889 automation
2026-04-16 00:09:51 openshift/operator-framework-operator-controller@5f84555 Per Goncalves da Silva UPSTREAM: <carry>: Update test-operator startup script to fix pod probe endpoints
2026-04-16 00:09:52 openshift/operator-framework-operator-controller@98d5345 Per Goncalves da Silva UPSTREAM: <carry>: Fix up own-namespace invalid configuration test
2026-04-16 00:09:52 openshift/operator-framework-operator-controller@25b7369 Camila Macedo UPSTREAM: <carry>: Preflight tests use in-cluster catalog and bundles instead of openshift-pipelines-operator-rh
2026-04-16 00:09:53 openshift/operator-framework-operator-controller@f8d3f4d Kui Wang UPSTREAM: <carry>: adjust sa and permission test cases per new change from boxcutterruntime
2026-04-16 00:09:54 openshift/operator-framework-operator-controller@7534032 Camila Macedo UPSTREAM: <carry>: Update OCP catalogs to v4.22
2026-04-16 00:09:55 openshift/operator-framework-operator-controller@5bfe0c0 Camila Macedo UPSTREAM: <carry>: chore(OTE and Default Catalog Tests) Update go and dependencies
2026-04-16 00:09:56 openshift/operator-framework-operator-controller@51876f7 Jian Zhang UPSTREAM: <carry>: fix 83026 for TP cluster
2026-04-16 00:09:57 openshift/operator-framework-operator-controller@5bf74af Kui Wang UPSTREAM: <carry>: serviceAccount validation unified across all runtimes
2026-04-16 00:09:57 openshift/operator-framework-operator-controller@ba1d766 Stephen Benjamin UPSTREAM: <carry>: Fix OLMv1 test operator to listen on IPv6
2026-04-16 00:09:58 openshift/operator-framework-operator-controller@670127b Camila Macedo UPSTREAM: <carry>: Increase install timeout and add diagnostic logging for CE install tests
2026-04-16 00:09:59 openshift/operator-framework-operator-controller@4c140a5 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-04-16 00:09:59 openshift/operator-framework-operator-controller@124c5f8 Jian Zhang UPSTREAM: <carry>: update OCP-75441 to support multi-arch
2026-04-16 00:10:00 openshift/operator-framework-operator-controller@c2cfab0 Kui Wang UPSTREAM: <carry>: deployment config cases
2026-04-16 00:10:01 openshift/operator-framework-operator-controller@713dc0b Todd Short UPSTREAM: <carry>: Add OTE tests for OLMv1 DeploymentConfig support
2026-04-16 00:10:01 openshift/operator-framework-operator-controller@2583a49 Todd Short UPSTREAM: <carry>: Update openshift/api and client-go
2026-04-16 00:10:02 openshift/operator-framework-operator-controller@65172cd Camila Macedo UPSTREAM: <carry>: Add boxcutter tests
2026-04-16 00:10:03 openshift/operator-framework-operator-controller@397318f Xia Zhao UPSTREAM: <carry>: enhance QE cases
2026-04-16 00:10:03 openshift/operator-framework-operator-controller@e855dc2 Daniel Franz UPSTREAM: <carry>: Update quay-operator version to one containing arm64 support
2026-04-16 00:10:04 openshift/operator-framework-operator-controller@60602a9 Kui Wang UPSTREAM: <carry>: verify volume/volumeMount override
2026-04-16 00:10:04 openshift/operator-framework-operator-controller@9e9e5b8 Jian Zhang UPSTREAM: <carry>: Add long-duration test script and documents
2026-04-16 00:10:05 openshift/operator-framework-operator-controller@e72f900 Todd Short UPSTREAM: <carry>: Update grpc in default-catalog-consistency tests
2026-04-16 00:10:06 openshift/operator-framework-operator-controller@47661f7 Camila Macedo UPSTREAM: <carry>: Rename ClusterExtensionRevision to ClusterObjectSet in OTE tests
2026-04-16 00:10:06 openshift/operator-framework-operator-controller@4558a79 Camila Macedo UPSTREAM: <carry>: Skip incompatible operator test when Boxcutter uses ClusterObjectSet
2026-04-16 00:10:07 openshift/operator-framework-operator-controller@a404e66 Bruno Andrade UPSTREAM: <carry>: add ocp-87557
2026-04-16 00:10:07 openshift/operator-framework-operator-controller@fb35af9 Francesco Giudici UPSTREAM: <carry>: Add fgiudici as reviewer
2026-04-16 00:10:08 openshift/operator-framework-operator-controller@da1694e Camila Macedo UPSTREAM: <carry>: Remove skip for incompatible operator check after rename of CER
2026-04-16 00:10:09 openshift/operator-framework-operator-controller@ab83a4b Kui Wang UPSTREAM: <carry>: Test empty affinity erasure and cleanup
2026-04-16 00:10:09 openshift/operator-framework-operator-controller@3585edc Camila Macedo UPSTREAM: <carry>: Fix boxcutter finalizer ResourceNames in preflight test
2026-04-15 16:03:07 openshift/operator-framework-operator-controller@1540e2e Camila Macedo UPSTREAM: <carry>: Expand OTE docs with more comprehensive details
2026-04-20 09:57:03 openshift/operator-framework-operator-controller@79cfc14 Todd Short UPSTREAM: <carry>: Disable upstream TLSProfile tests
2026-04-20 18:19:32 openshift/operator-framework-operator-controller@3903654 Camila Macedo UPSTREAM: <carry>: OTE: Simplify by remove option to configure tests to run outside of OCP

This pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.

/cc @openshift/openshift-team-operator-framework

Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.6 to 3.4.7.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.6...3.4.7)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@openshift-bot openshift-bot added tide/merge-method-merge Denotes a PR that should use a standard merge by tide when it merges. kind/sync approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. labels Apr 17, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Apr 17, 2026
@openshift-ci-robot
Copy link
Copy Markdown

@openshift-bot: This pull request explicitly references no jira issue.

Details

In response to this:

The downstream repository has been updated with the following following upstream commits:

Date Commit Author Message
2026-04-16 18:59:04 operator-framework/operator-controller@09f3c55 dependabot[bot] 🌱 Bump charset-normalizer from 3.4.6 to 3.4.7 (#2656)

The vendor/ directory has been updated and the following commits were carried:

Date Commit Author Message
2026-04-16 00:09:10 openshift/operator-framework-operator-controller@af81ade dtfranz UPSTREAM: <carry>: Add OpenShift specific files
2026-04-16 00:09:12 openshift/operator-framework-operator-controller@fcc703a Camila Macedo UPSTREAM: <carry>: Add new tests for single/own namespaces install modes
2026-04-16 00:09:12 openshift/operator-framework-operator-controller@cbd4e95 Camila Macedo UPSTREAM: <carry>: Upgrade OCP image from 4.20 to 4.21
2026-04-16 00:09:13 openshift/operator-framework-operator-controller@18e745a Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] - Change logic to get ocp images from openshift/catalogd/manifests.yaml
2026-04-16 00:09:14 openshift/operator-framework-operator-controller@a8f11a8 Todd Short UPSTREAM: <carry>: Update OCP catalogs to v4.21
2026-04-16 00:09:15 openshift/operator-framework-operator-controller@9fa43d7 Kui Wang UPSTREAM: <carry>: support singleown cases in disconnected
2026-04-16 00:09:16 openshift/operator-framework-operator-controller@715d9ef Kui Wang UPSTREAM: <carry>: fix cases 81696 and 74618 for product code changes
2026-04-16 00:09:16 openshift/operator-framework-operator-controller@93118e1 Camila Macedo UPSTREAM: <carry>: Define Default timeouts and apply their usage accross to avoid flakes
2026-04-16 00:09:17 openshift/operator-framework-operator-controller@db1bc13 Todd Short UPSTREAM: <carry>: Update to new feature-gate options in helm
2026-04-16 00:09:18 openshift/operator-framework-operator-controller@c9d0247 Camila Macedo UPSTREAM: <carry>: Fix flake for single/own ns tests by ensuring uniquess and waiting for k8s cleanups
2026-04-16 00:09:18 openshift/operator-framework-operator-controller@0f74b66 Camila Macedo UPSTREAM: <carry>: [OTE]: Enhance single/own ns based on review comments ( Follow-Up of: 714977c )
2026-04-16 00:09:19 openshift/operator-framework-operator-controller@9d0d6dc Kui Wang UPSTREAM: <carry>: Update OwnSingle template to use spec.config.inline.watchNamespace
2026-04-16 00:09:20 openshift/operator-framework-operator-controller@3fb6ecb Camila Macedo UPSTREAM: <carry>: [OTE]: Add webhook cleanup validation on extension uninstall
2026-04-16 00:09:21 openshift/operator-framework-operator-controller@8499f9d Kui Wang UPSTREAM: <carry>: Add [OTP] to migrated cases
2026-04-16 00:09:22 openshift/operator-framework-operator-controller@75a1b47 Camila Macedo UPSTREAM: <carry>: [OTE]: Upgrade dependencies used
2026-04-16 00:09:24 openshift/operator-framework-operator-controller@205a420 Camila Macedo UPSTREAM: <carry>: fix(OTE): fix OpenShift Kubernetes replace version format
2026-04-16 00:09:25 openshift/operator-framework-operator-controller@8e398eb Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] Upgrade go 1.24.6 and dependencies
2026-04-16 00:09:26 openshift/operator-framework-operator-controller@e43064d Kui Wang UPSTREAM: <carry>: add disconnected environment support with custom prow job for migrated qe cases
2026-04-16 00:09:27 openshift/operator-framework-operator-controller@5fe86ae Jian Zhang UPSTREAM: <carry>: migrate jiazha test cases to OTE
2026-04-16 00:09:28 openshift/operator-framework-operator-controller@9720262 Xia Zhao UPSTREAM: <carry>: migrate clustercatalog case to ote
2026-04-16 00:09:28 openshift/operator-framework-operator-controller@32512fe Kui Wang UPSTREAM: <carry>: migrate olmv1 QE stress cases
2026-04-16 00:09:29 openshift/operator-framework-operator-controller@2b404ca Todd Short UPSTREAM: <carry>: Use busybox/httpd to simulate probes
2026-04-16 00:09:30 openshift/operator-framework-operator-controller@8159148 Xia Zhao UPSTREAM: <carry>: migrate olmv1 QE cases
2026-04-16 00:09:31 openshift/operator-framework-operator-controller@3f3d37e Kui Wang UPSTREAM: <carry>: add agent for olmv1 qe cases
2026-04-16 00:09:31 openshift/operator-framework-operator-controller@05fecaa Todd Short UPSTREAM: <carry>: Disable upstream PodDisruptionBudget
2026-04-16 00:09:32 openshift/operator-framework-operator-controller@5f322c1 Rashmi Gottipati UPSTREAM: <carry>: Add AGENTS.md for AI code contributions
2026-04-16 00:09:33 openshift/operator-framework-operator-controller@f152d9f Rashmi Gottipati UPSTREAM: <carry>: address review comments through addl prompts
2026-04-16 00:09:33 openshift/operator-framework-operator-controller@e9912e3 Rashmi Gottipati UPSTREAM: <carry>: addressing some more review comments
2026-04-16 00:09:34 openshift/operator-framework-operator-controller@7a2d275 Rashmi Gottipati UPSTREAM: <carry>: remove DCO line
2026-04-16 00:09:34 openshift/operator-framework-operator-controller@2396b35 Bruno Andrade UPSTREAM: <carry>: migrate bandrade test cases to OTE
2026-04-16 00:09:35 openshift/operator-framework-operator-controller@9c3a382 Bruno Andrade UPSTREAM: <carry>: update metadata
2026-04-16 00:09:36 openshift/operator-framework-operator-controller@4a2f583 Bruno Andrade UPSTREAM: <carry>: remove originalName
2026-04-16 00:09:36 openshift/operator-framework-operator-controller@39de536 Jian Zhang UPSTREAM: <carry>: update 80458's timeout to 180s
2026-04-16 00:09:37 openshift/operator-framework-operator-controller@767fd8a Jian Zhang UPSTREAM: <carry>: update 83026 to specify the clustercatalog
2026-04-16 00:09:38 openshift/operator-framework-operator-controller@7344267 Catherine Chan-Tse UPSTREAM: <carry>: Update to golang 1.25 and ocp 4.22
2026-04-16 00:09:38 openshift/operator-framework-operator-controller@bd71ebb Predrag Knezevic UPSTREAM: <carry>: Use oc client for running e2e tests
2026-04-16 00:09:39 openshift/operator-framework-operator-controller@8a9f87c Predrag Knezevic UPSTREAM: <carry>: Run upstream e2e tests tagged with @catalogd-update
2026-04-16 00:09:39 openshift/operator-framework-operator-controller@2ccb91c Kui Wang UPSTREAM: <carry>: enhance case to make it more stable
2026-04-16 00:09:40 openshift/operator-framework-operator-controller@10f8df0 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-04-16 00:09:41 openshift/operator-framework-operator-controller@214b37c Evan Hearne UPSTREAM: <carry>: move sa creation out of buildCurlJob()
2026-04-16 00:09:41 openshift/operator-framework-operator-controller@862368c Evan Hearne UPSTREAM: <carry>: comment out delete service account
2026-04-16 00:09:42 openshift/operator-framework-operator-controller@c065d19 Evan Hearne UPSTREAM: <carry>: move defercleanup for sa for LIFO
2026-04-16 00:09:43 openshift/operator-framework-operator-controller@2334992 Evan Hearne UPSTREAM: <carry>: add polling so job fully deleted before proceed
2026-04-16 00:09:43 openshift/operator-framework-operator-controller@287f844 Luke Meyer UPSTREAM: <carry>: Revert "Merge pull request #594 from ehearne-redhat/add-service-account-curl-job"
2026-04-16 00:09:44 openshift/operator-framework-operator-controller@f4fc074 Camila Macedo UPSTREAM: <carry>: Remove openshift-redhat-marketplace catalog tests
2026-04-16 00:09:44 openshift/operator-framework-operator-controller@368696c Kui Wang UPSTREAM: <carry>: config watchnamespace cases
2026-04-16 00:09:45 openshift/operator-framework-operator-controller@5e1870e Xia Zhao UPSTREAM: <carry>: enhance ocp-79770
2026-04-16 00:09:46 openshift/operator-framework-operator-controller@2a73224 Kui Wang UPSTREAM: <carry>: upgrade version support case
2026-04-16 00:09:46 openshift/operator-framework-operator-controller@0c608ca Per Goncalves da Silva UPSTREAM: <carry>: Remove installed condition check from auth preflight test
2026-04-16 00:09:47 openshift/operator-framework-operator-controller@f4a2f5a Per Goncalves da Silva UPSTREAM: <carry>: Add openshift/api dependency
2026-04-16 00:09:48 openshift/operator-framework-operator-controller@f375992 Per Goncalves da Silva UPSTREAM: <carry>: Add boxcutter specific preflight auth test
2026-04-16 00:09:48 openshift/operator-framework-operator-controller@c02c49b Kui Wang UPSTREAM: <carry>: adjust watchnamespace case based on change
2026-04-16 00:09:49 openshift/operator-framework-operator-controller@78f1eed Camila Macedo UPSTREAM: <carry>: fix(ote): Use as operator-controller dep from root dir
2026-04-16 00:09:50 openshift/operator-framework-operator-controller@4016642 Bruno Andrade UPSTREAM: <carry>: add 83979 automation
2026-04-16 00:09:51 openshift/operator-framework-operator-controller@48245bd Bruno Andrade UPSTREAM: <carry>: add 85889 automation
2026-04-16 00:09:51 openshift/operator-framework-operator-controller@5f84555 Per Goncalves da Silva UPSTREAM: <carry>: Update test-operator startup script to fix pod probe endpoints
2026-04-16 00:09:52 openshift/operator-framework-operator-controller@98d5345 Per Goncalves da Silva UPSTREAM: <carry>: Fix up own-namespace invalid configuration test
2026-04-16 00:09:52 openshift/operator-framework-operator-controller@25b7369 Camila Macedo UPSTREAM: <carry>: Preflight tests use in-cluster catalog and bundles instead of openshift-pipelines-operator-rh
2026-04-16 00:09:53 openshift/operator-framework-operator-controller@f8d3f4d Kui Wang UPSTREAM: <carry>: adjust sa and permission test cases per new change from boxcutterruntime
2026-04-16 00:09:54 openshift/operator-framework-operator-controller@7534032 Camila Macedo UPSTREAM: <carry>: Update OCP catalogs to v4.22
2026-04-16 00:09:55 openshift/operator-framework-operator-controller@5bfe0c0 Camila Macedo UPSTREAM: <carry>: chore(OTE and Default Catalog Tests) Update go and dependencies
2026-04-16 00:09:56 openshift/operator-framework-operator-controller@51876f7 Jian Zhang UPSTREAM: <carry>: fix 83026 for TP cluster
2026-04-16 00:09:57 openshift/operator-framework-operator-controller@5bf74af Kui Wang UPSTREAM: <carry>: serviceAccount validation unified across all runtimes
2026-04-16 00:09:57 openshift/operator-framework-operator-controller@ba1d766 Stephen Benjamin UPSTREAM: <carry>: Fix OLMv1 test operator to listen on IPv6
2026-04-16 00:09:58 openshift/operator-framework-operator-controller@670127b Camila Macedo UPSTREAM: <carry>: Increase install timeout and add diagnostic logging for CE install tests
2026-04-16 00:09:59 openshift/operator-framework-operator-controller@4c140a5 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-04-16 00:09:59 openshift/operator-framework-operator-controller@124c5f8 Jian Zhang UPSTREAM: <carry>: update OCP-75441 to support multi-arch
2026-04-16 00:10:00 openshift/operator-framework-operator-controller@c2cfab0 Kui Wang UPSTREAM: <carry>: deployment config cases
2026-04-16 00:10:01 openshift/operator-framework-operator-controller@713dc0b Todd Short UPSTREAM: <carry>: Add OTE tests for OLMv1 DeploymentConfig support
2026-04-16 00:10:01 openshift/operator-framework-operator-controller@2583a49 Todd Short UPSTREAM: <carry>: Update openshift/api and client-go
2026-04-16 00:10:02 openshift/operator-framework-operator-controller@65172cd Camila Macedo UPSTREAM: <carry>: Add boxcutter tests
2026-04-16 00:10:03 openshift/operator-framework-operator-controller@397318f Xia Zhao UPSTREAM: <carry>: enhance QE cases
2026-04-16 00:10:03 openshift/operator-framework-operator-controller@e855dc2 Daniel Franz UPSTREAM: <carry>: Update quay-operator version to one containing arm64 support
2026-04-16 00:10:04 openshift/operator-framework-operator-controller@60602a9 Kui Wang UPSTREAM: <carry>: verify volume/volumeMount override
2026-04-16 00:10:04 openshift/operator-framework-operator-controller@9e9e5b8 Jian Zhang UPSTREAM: <carry>: Add long-duration test script and documents
2026-04-16 00:10:05 openshift/operator-framework-operator-controller@e72f900 Todd Short UPSTREAM: <carry>: Update grpc in default-catalog-consistency tests
2026-04-16 00:10:06 openshift/operator-framework-operator-controller@47661f7 Camila Macedo UPSTREAM: <carry>: Rename ClusterExtensionRevision to ClusterObjectSet in OTE tests
2026-04-16 00:10:06 openshift/operator-framework-operator-controller@4558a79 Camila Macedo UPSTREAM: <carry>: Skip incompatible operator test when Boxcutter uses ClusterObjectSet
2026-04-16 00:10:07 openshift/operator-framework-operator-controller@a404e66 Bruno Andrade UPSTREAM: <carry>: add ocp-87557
2026-04-16 00:10:07 openshift/operator-framework-operator-controller@fb35af9 Francesco Giudici UPSTREAM: <carry>: Add fgiudici as reviewer
2026-04-16 00:10:08 openshift/operator-framework-operator-controller@da1694e Camila Macedo UPSTREAM: <carry>: Remove skip for incompatible operator check after rename of CER
2026-04-16 00:10:09 openshift/operator-framework-operator-controller@ab83a4b Kui Wang UPSTREAM: <carry>: Test empty affinity erasure and cleanup
2026-04-16 00:10:09 openshift/operator-framework-operator-controller@3585edc Camila Macedo UPSTREAM: <carry>: Fix boxcutter finalizer ResourceNames in preflight test

This pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.

/cc @openshift/openshift-team-operator-framework

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 17, 2026

@openshift-bot: GitHub didn't allow me to request PR reviews from the following users: openshift/openshift-team-operator-framework.

Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs.

Details

In response to this:

The downstream repository has been updated with the following following upstream commits:

Date Commit Author Message
2026-04-16 18:59:04 operator-framework/operator-controller@09f3c55 dependabot[bot] 🌱 Bump charset-normalizer from 3.4.6 to 3.4.7 (#2656)

The vendor/ directory has been updated and the following commits were carried:

Date Commit Author Message
2026-04-16 00:09:10 openshift/operator-framework-operator-controller@af81ade dtfranz UPSTREAM: <carry>: Add OpenShift specific files
2026-04-16 00:09:12 openshift/operator-framework-operator-controller@fcc703a Camila Macedo UPSTREAM: <carry>: Add new tests for single/own namespaces install modes
2026-04-16 00:09:12 openshift/operator-framework-operator-controller@cbd4e95 Camila Macedo UPSTREAM: <carry>: Upgrade OCP image from 4.20 to 4.21
2026-04-16 00:09:13 openshift/operator-framework-operator-controller@18e745a Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] - Change logic to get ocp images from openshift/catalogd/manifests.yaml
2026-04-16 00:09:14 openshift/operator-framework-operator-controller@a8f11a8 Todd Short UPSTREAM: <carry>: Update OCP catalogs to v4.21
2026-04-16 00:09:15 openshift/operator-framework-operator-controller@9fa43d7 Kui Wang UPSTREAM: <carry>: support singleown cases in disconnected
2026-04-16 00:09:16 openshift/operator-framework-operator-controller@715d9ef Kui Wang UPSTREAM: <carry>: fix cases 81696 and 74618 for product code changes
2026-04-16 00:09:16 openshift/operator-framework-operator-controller@93118e1 Camila Macedo UPSTREAM: <carry>: Define Default timeouts and apply their usage accross to avoid flakes
2026-04-16 00:09:17 openshift/operator-framework-operator-controller@db1bc13 Todd Short UPSTREAM: <carry>: Update to new feature-gate options in helm
2026-04-16 00:09:18 openshift/operator-framework-operator-controller@c9d0247 Camila Macedo UPSTREAM: <carry>: Fix flake for single/own ns tests by ensuring uniquess and waiting for k8s cleanups
2026-04-16 00:09:18 openshift/operator-framework-operator-controller@0f74b66 Camila Macedo UPSTREAM: <carry>: [OTE]: Enhance single/own ns based on review comments ( Follow-Up of: 714977c )
2026-04-16 00:09:19 openshift/operator-framework-operator-controller@9d0d6dc Kui Wang UPSTREAM: <carry>: Update OwnSingle template to use spec.config.inline.watchNamespace
2026-04-16 00:09:20 openshift/operator-framework-operator-controller@3fb6ecb Camila Macedo UPSTREAM: <carry>: [OTE]: Add webhook cleanup validation on extension uninstall
2026-04-16 00:09:21 openshift/operator-framework-operator-controller@8499f9d Kui Wang UPSTREAM: <carry>: Add [OTP] to migrated cases
2026-04-16 00:09:22 openshift/operator-framework-operator-controller@75a1b47 Camila Macedo UPSTREAM: <carry>: [OTE]: Upgrade dependencies used
2026-04-16 00:09:24 openshift/operator-framework-operator-controller@205a420 Camila Macedo UPSTREAM: <carry>: fix(OTE): fix OpenShift Kubernetes replace version format
2026-04-16 00:09:25 openshift/operator-framework-operator-controller@8e398eb Camila Macedo UPSTREAM: <carry>: [Default Catalog Tests] Upgrade go 1.24.6 and dependencies
2026-04-16 00:09:26 openshift/operator-framework-operator-controller@e43064d Kui Wang UPSTREAM: <carry>: add disconnected environment support with custom prow job for migrated qe cases
2026-04-16 00:09:27 openshift/operator-framework-operator-controller@5fe86ae Jian Zhang UPSTREAM: <carry>: migrate jiazha test cases to OTE
2026-04-16 00:09:28 openshift/operator-framework-operator-controller@9720262 Xia Zhao UPSTREAM: <carry>: migrate clustercatalog case to ote
2026-04-16 00:09:28 openshift/operator-framework-operator-controller@32512fe Kui Wang UPSTREAM: <carry>: migrate olmv1 QE stress cases
2026-04-16 00:09:29 openshift/operator-framework-operator-controller@2b404ca Todd Short UPSTREAM: <carry>: Use busybox/httpd to simulate probes
2026-04-16 00:09:30 openshift/operator-framework-operator-controller@8159148 Xia Zhao UPSTREAM: <carry>: migrate olmv1 QE cases
2026-04-16 00:09:31 openshift/operator-framework-operator-controller@3f3d37e Kui Wang UPSTREAM: <carry>: add agent for olmv1 qe cases
2026-04-16 00:09:31 openshift/operator-framework-operator-controller@05fecaa Todd Short UPSTREAM: <carry>: Disable upstream PodDisruptionBudget
2026-04-16 00:09:32 openshift/operator-framework-operator-controller@5f322c1 Rashmi Gottipati UPSTREAM: <carry>: Add AGENTS.md for AI code contributions
2026-04-16 00:09:33 openshift/operator-framework-operator-controller@f152d9f Rashmi Gottipati UPSTREAM: <carry>: address review comments through addl prompts
2026-04-16 00:09:33 openshift/operator-framework-operator-controller@e9912e3 Rashmi Gottipati UPSTREAM: <carry>: addressing some more review comments
2026-04-16 00:09:34 openshift/operator-framework-operator-controller@7a2d275 Rashmi Gottipati UPSTREAM: <carry>: remove DCO line
2026-04-16 00:09:34 openshift/operator-framework-operator-controller@2396b35 Bruno Andrade UPSTREAM: <carry>: migrate bandrade test cases to OTE
2026-04-16 00:09:35 openshift/operator-framework-operator-controller@9c3a382 Bruno Andrade UPSTREAM: <carry>: update metadata
2026-04-16 00:09:36 openshift/operator-framework-operator-controller@4a2f583 Bruno Andrade UPSTREAM: <carry>: remove originalName
2026-04-16 00:09:36 openshift/operator-framework-operator-controller@39de536 Jian Zhang UPSTREAM: <carry>: update 80458's timeout to 180s
2026-04-16 00:09:37 openshift/operator-framework-operator-controller@767fd8a Jian Zhang UPSTREAM: <carry>: update 83026 to specify the clustercatalog
2026-04-16 00:09:38 openshift/operator-framework-operator-controller@7344267 Catherine Chan-Tse UPSTREAM: <carry>: Update to golang 1.25 and ocp 4.22
2026-04-16 00:09:38 openshift/operator-framework-operator-controller@bd71ebb Predrag Knezevic UPSTREAM: <carry>: Use oc client for running e2e tests
2026-04-16 00:09:39 openshift/operator-framework-operator-controller@8a9f87c Predrag Knezevic UPSTREAM: <carry>: Run upstream e2e tests tagged with @catalogd-update
2026-04-16 00:09:39 openshift/operator-framework-operator-controller@2ccb91c Kui Wang UPSTREAM: <carry>: enhance case to make it more stable
2026-04-16 00:09:40 openshift/operator-framework-operator-controller@10f8df0 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-04-16 00:09:41 openshift/operator-framework-operator-controller@214b37c Evan Hearne UPSTREAM: <carry>: move sa creation out of buildCurlJob()
2026-04-16 00:09:41 openshift/operator-framework-operator-controller@862368c Evan Hearne UPSTREAM: <carry>: comment out delete service account
2026-04-16 00:09:42 openshift/operator-framework-operator-controller@c065d19 Evan Hearne UPSTREAM: <carry>: move defercleanup for sa for LIFO
2026-04-16 00:09:43 openshift/operator-framework-operator-controller@2334992 Evan Hearne UPSTREAM: <carry>: add polling so job fully deleted before proceed
2026-04-16 00:09:43 openshift/operator-framework-operator-controller@287f844 Luke Meyer UPSTREAM: <carry>: Revert "Merge pull request #594 from ehearne-redhat/add-service-account-curl-job"
2026-04-16 00:09:44 openshift/operator-framework-operator-controller@f4fc074 Camila Macedo UPSTREAM: <carry>: Remove openshift-redhat-marketplace catalog tests
2026-04-16 00:09:44 openshift/operator-framework-operator-controller@368696c Kui Wang UPSTREAM: <carry>: config watchnamespace cases
2026-04-16 00:09:45 openshift/operator-framework-operator-controller@5e1870e Xia Zhao UPSTREAM: <carry>: enhance ocp-79770
2026-04-16 00:09:46 openshift/operator-framework-operator-controller@2a73224 Kui Wang UPSTREAM: <carry>: upgrade version support case
2026-04-16 00:09:46 openshift/operator-framework-operator-controller@0c608ca Per Goncalves da Silva UPSTREAM: <carry>: Remove installed condition check from auth preflight test
2026-04-16 00:09:47 openshift/operator-framework-operator-controller@f4a2f5a Per Goncalves da Silva UPSTREAM: <carry>: Add openshift/api dependency
2026-04-16 00:09:48 openshift/operator-framework-operator-controller@f375992 Per Goncalves da Silva UPSTREAM: <carry>: Add boxcutter specific preflight auth test
2026-04-16 00:09:48 openshift/operator-framework-operator-controller@c02c49b Kui Wang UPSTREAM: <carry>: adjust watchnamespace case based on change
2026-04-16 00:09:49 openshift/operator-framework-operator-controller@78f1eed Camila Macedo UPSTREAM: <carry>: fix(ote): Use as operator-controller dep from root dir
2026-04-16 00:09:50 openshift/operator-framework-operator-controller@4016642 Bruno Andrade UPSTREAM: <carry>: add 83979 automation
2026-04-16 00:09:51 openshift/operator-framework-operator-controller@48245bd Bruno Andrade UPSTREAM: <carry>: add 85889 automation
2026-04-16 00:09:51 openshift/operator-framework-operator-controller@5f84555 Per Goncalves da Silva UPSTREAM: <carry>: Update test-operator startup script to fix pod probe endpoints
2026-04-16 00:09:52 openshift/operator-framework-operator-controller@98d5345 Per Goncalves da Silva UPSTREAM: <carry>: Fix up own-namespace invalid configuration test
2026-04-16 00:09:52 openshift/operator-framework-operator-controller@25b7369 Camila Macedo UPSTREAM: <carry>: Preflight tests use in-cluster catalog and bundles instead of openshift-pipelines-operator-rh
2026-04-16 00:09:53 openshift/operator-framework-operator-controller@f8d3f4d Kui Wang UPSTREAM: <carry>: adjust sa and permission test cases per new change from boxcutterruntime
2026-04-16 00:09:54 openshift/operator-framework-operator-controller@7534032 Camila Macedo UPSTREAM: <carry>: Update OCP catalogs to v4.22
2026-04-16 00:09:55 openshift/operator-framework-operator-controller@5bfe0c0 Camila Macedo UPSTREAM: <carry>: chore(OTE and Default Catalog Tests) Update go and dependencies
2026-04-16 00:09:56 openshift/operator-framework-operator-controller@51876f7 Jian Zhang UPSTREAM: <carry>: fix 83026 for TP cluster
2026-04-16 00:09:57 openshift/operator-framework-operator-controller@5bf74af Kui Wang UPSTREAM: <carry>: serviceAccount validation unified across all runtimes
2026-04-16 00:09:57 openshift/operator-framework-operator-controller@ba1d766 Stephen Benjamin UPSTREAM: <carry>: Fix OLMv1 test operator to listen on IPv6
2026-04-16 00:09:58 openshift/operator-framework-operator-controller@670127b Camila Macedo UPSTREAM: <carry>: Increase install timeout and add diagnostic logging for CE install tests
2026-04-16 00:09:59 openshift/operator-framework-operator-controller@4c140a5 Evan Hearne UPSTREAM: <carry>: add service account to curl job
2026-04-16 00:09:59 openshift/operator-framework-operator-controller@124c5f8 Jian Zhang UPSTREAM: <carry>: update OCP-75441 to support multi-arch
2026-04-16 00:10:00 openshift/operator-framework-operator-controller@c2cfab0 Kui Wang UPSTREAM: <carry>: deployment config cases
2026-04-16 00:10:01 openshift/operator-framework-operator-controller@713dc0b Todd Short UPSTREAM: <carry>: Add OTE tests for OLMv1 DeploymentConfig support
2026-04-16 00:10:01 openshift/operator-framework-operator-controller@2583a49 Todd Short UPSTREAM: <carry>: Update openshift/api and client-go
2026-04-16 00:10:02 openshift/operator-framework-operator-controller@65172cd Camila Macedo UPSTREAM: <carry>: Add boxcutter tests
2026-04-16 00:10:03 openshift/operator-framework-operator-controller@397318f Xia Zhao UPSTREAM: <carry>: enhance QE cases
2026-04-16 00:10:03 openshift/operator-framework-operator-controller@e855dc2 Daniel Franz UPSTREAM: <carry>: Update quay-operator version to one containing arm64 support
2026-04-16 00:10:04 openshift/operator-framework-operator-controller@60602a9 Kui Wang UPSTREAM: <carry>: verify volume/volumeMount override
2026-04-16 00:10:04 openshift/operator-framework-operator-controller@9e9e5b8 Jian Zhang UPSTREAM: <carry>: Add long-duration test script and documents
2026-04-16 00:10:05 openshift/operator-framework-operator-controller@e72f900 Todd Short UPSTREAM: <carry>: Update grpc in default-catalog-consistency tests
2026-04-16 00:10:06 openshift/operator-framework-operator-controller@47661f7 Camila Macedo UPSTREAM: <carry>: Rename ClusterExtensionRevision to ClusterObjectSet in OTE tests
2026-04-16 00:10:06 openshift/operator-framework-operator-controller@4558a79 Camila Macedo UPSTREAM: <carry>: Skip incompatible operator test when Boxcutter uses ClusterObjectSet
2026-04-16 00:10:07 openshift/operator-framework-operator-controller@a404e66 Bruno Andrade UPSTREAM: <carry>: add ocp-87557
2026-04-16 00:10:07 openshift/operator-framework-operator-controller@fb35af9 Francesco Giudici UPSTREAM: <carry>: Add fgiudici as reviewer
2026-04-16 00:10:08 openshift/operator-framework-operator-controller@da1694e Camila Macedo UPSTREAM: <carry>: Remove skip for incompatible operator check after rename of CER
2026-04-16 00:10:09 openshift/operator-framework-operator-controller@ab83a4b Kui Wang UPSTREAM: <carry>: Test empty affinity erasure and cleanup
2026-04-16 00:10:09 openshift/operator-framework-operator-controller@3585edc Camila Macedo UPSTREAM: <carry>: Fix boxcutter finalizer ResourceNames in preflight test

This pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.

/cc @openshift/openshift-team-operator-framework

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 17, 2026

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

Adds unit and end-to-end TLS profile tests, new E2E step implementations and deployment patch/restore logic, port-forward/TLS helpers, and bumps to several Python and Go module dependencies. No production API signatures were changed.

Changes

Cohort / File(s) Summary
Python dependency
requirements.txt
Pinned bumps: charset-normalizer==3.4.63.4.7, click==8.3.18.3.2, regex==2026.3.322026.4.4.
Go module updates
go.mod, hack/tools/test-profiling/go.mod
Updated go.podman.io/image/v5 v5.39.1 → v5.39.2 and indirect github.com/go-git/go-git/v5 v5.17.1 → v5.18.0; bumped test tooling github.com/moby/spdystream v0.5.0 → v0.5.1.
TLS unit tests
internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go
New integration-style tests that run ephemeral TLS servers and validate cipher, TLS version, and curve negotiation using package-level TLS profile overrides.
E2E feature
test/e2e/features/tls.feature
Added Gherkin scenarios (tagged @TLSProfile) for metrics endpoint TLS enforcement: min version, cipher, and curve checks.
E2E hooks / cleanup
test/e2e/steps/hooks.go
Added deploymentRestore type and scenarioContext.deploymentRestores; ScenarioCleanup restores patched deployment args in reverse order and waits for rollout; clusterObjectSet deletion conditioned on feature gate and name.
E2E step registrations
test/e2e/steps/steps.go
Registered 8+ new Godog steps for configuring deployments with custom TLS profiles and asserting endpoint TLS behaviors.
E2E TLS step implementations
test/e2e/steps/tls_steps.go
New large file: cipher/curve name→ID maps, kubectl service/port discovery, port-forward with TLS readiness probing, deployment patching and arg-recording for restore, and many exported step functions for TLS acceptance/rejection and cipher/curve negotiation assertions.

Sequence Diagram(s)

sequenceDiagram
    participant Tester as Tester
    participant TestHarness as Test Harness
    participant KubeAPI as Kubernetes API
    participant Kubectl as kubectl (port-forward)
    participant Pod as Target Pod
    participant TLSClient as Local TLS Client

    Tester->>TestHarness: Start TLS scenario (configure deployment)
    TestHarness->>KubeAPI: Patch Deployment args (--tls-profile=custom, ciphers, curves, min-version)
    KubeAPI-->>TestHarness: Acknowledge rollout / pods restarting
    TestHarness->>KubeAPI: Wait for rollout status
    KubeAPI-->>TestHarness: Pod ready
    TestHarness->>Kubectl: Start port-forward to Service:metricsPort
    Kubectl->>Pod: Forward local port to Pod metrics port
    TLSClient->>Kubectl: Dial local port (TLS client config)
    Kubectl->>Pod: Forward TLS handshake
    Pod-->>TLSClient: TLS handshake result (negotiated cipher/curve or failure)
    TLSClient-->>TestHarness: Report handshake outcome
    TestHarness->>Tester: Assert expected acceptance/rejection
    Tester->>TestHarness: Scenario end
    TestHarness->>KubeAPI: Restore original Deployment args (from deploymentRestores)
    KubeAPI-->>TestHarness: Rollout restore complete
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Test Structure And Quality ⚠️ Warning E2E test steps in tls_steps.go have nine tls.Dial() calls lacking explicit timeout protection, risking indefinite hangs. Replace plain tls.Dial() calls with tls.DialWithDialer() using net.Dialer with 30-second timeout, or enforce context deadlines on network operations.
Ipv6 And Disconnected Network Test Compatibility ⚠️ Warning New TLS e2e tests contain IPv4 hardcoded addresses that cause failures in IPv6-only disconnected CI environments. Modify test code to support both IPv4 and IPv6 loopback addresses, bind to [::1]:0, and add both addresses to certificate IPAddresses list.
✅ Passed checks (10 passed)
Check name Status Explanation
Title check ✅ Passed The title "NO-ISSUE: Synchronize From Upstream Repositories" accurately describes the main purpose of this changeset, which is a synchronization of upstream changes. The title is appropriate for a dependency update and test addition PR.
Docstring Coverage ✅ Passed Docstring coverage is 93.55% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All test names in newly added TLS test files are stable and deterministic with static function and scenario names containing no dynamic content.
Microshift Test Compatibility ✅ Passed The custom check is for Ginkgo e2e tests (It(), Describe(), Context() patterns). The PR adds standard Go unit tests and Godog BDD tests, not Ginkgo tests, making the check inapplicable.
Single Node Openshift (Sno) Test Compatibility ✅ Passed New tests are not Ginkgo e2e tests; tlsprofiles_connection_test.go uses standard Go testing, while tls.feature uses BDD/Godog framework. Neither makes multi-node assumptions.
Topology-Aware Scheduling Compatibility ✅ Passed PR contains only test infrastructure and dependency updates with no scheduling constraints affecting non-standard topologies.
Ote Binary Stdout Contract ✅ Passed PR adds E2E test infrastructure files without modifying main entry points or introducing stdout writes in process-level code that violates OTE Binary Stdout Contract.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 17, 2026

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: openshift-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 17, 2026

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: openshift-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

dependabot Bot and others added 5 commits April 17, 2026 06:59
Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/moby/spdystream/releases)
- [Commits](moby/spdystream@v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/moby/spdystream
  dependency-version: 0.5.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Unit tests in tlsprofiles package verify cipher negotiation, cipher
  rejection, min-version enforcement, and curve acceptance/rejection
  by starting a local TLS server with a custom profile and connecting
  to it with a restricted client config.
- e2e feature (tls.feature) patches the catalogd deployment with
  specific custom TLS settings for each scenario, asserts the expected
  connection behaviour, then restores the original args on cleanup.
  Covers min-version enforcement (TLSv1.3), cipher negotiation and
  rejection (TLS 1.2 + ECDHE_ECDSA), and curve enforcement (prime256v1
  accepted, secp521r1 rejected).
- GODOG_ARGS variable added to the e2e Makefile target so a single
  feature file can be run with: make test-e2e GODOG_ARGS=features/tls.feature

Signed-off-by: Todd Short <tshort@redhat.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) from 3 to 3.0.2.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](marocchino/sticky-pull-request-comment@v3...v3.0.2)

---
updated-dependencies:
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [go.podman.io/image/v5](https://github.com/containers/container-libs) from 5.39.1 to 5.39.2.
- [Release notes](https://github.com/containers/container-libs/releases)
- [Commits](containers/container-libs@image/v5.39.1...image/v5.39.2)

---
updated-dependencies:
- dependency-name: go.podman.io/image/v5
  dependency-version: 5.39.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 4 to 4.0.1.
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](dorny/paths-filter@v4...v4.0.1)

---
updated-dependencies:
- dependency-name: dorny/paths-filter
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Apr 17, 2026
@openshift-bot openshift-bot added the lgtm Indicates that a PR is ready to be merged. label Apr 17, 2026
@tmshort
Copy link
Copy Markdown
Contributor

tmshort commented Apr 17, 2026

I suspect this will fail due to the TLS profiles testing, in which case, we will want to skip them in openshift/Makefile

@tmshort
Copy link
Copy Markdown
Contributor

tmshort commented Apr 17, 2026

/lgtm

Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go (1)

135-139: Pin MinVersion in all TLS 1.2 client configs to ensure tests remain stable across Go versions.

These tests set MaxVersion: tls.VersionTLS12 to exercise TLS 1.2-specific behavior, but rely on Go's default minimum version (TLS 1.2 since Go 1.18). Go's documentation explicitly states the default is "currently" TLS 1.2, indicating it may change in future releases. Pinning MinVersion ensures these tests continue to validate the intended behavior regardless of Go version updates.

Add MinVersion: tls.VersionTLS12 to the tls.Config structs at lines 135–139, 164–168, 189–192, 216–221, and 247–252.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go` around lines
135 - 139, Tests create tls.Config literals that set MaxVersion:
tls.VersionTLS12 (for example the clientCfg variable) but don't set MinVersion;
add MinVersion: tls.VersionTLS12 to each tls.Config literal that pins MaxVersion
to tls.VersionTLS12 so the tests don't depend on Go's changing default minimum
TLS version—i.e., find every tls.Config struct in this test file that includes
MaxVersion: tls.VersionTLS12 and add MinVersion: tls.VersionTLS12 alongside it.
test/e2e/steps/tls_steps.go (1)

153-156: Set explicit MinVersion: tls.VersionTLS12 alongside MaxVersion for consistent behavior across Go versions.

These TLS 1.2-specific tests currently depend on Go's default minimum TLS version, which varies by release: TLS 1.0 before Go 1.18, and TLS 1.2 from Go 1.18 onward. Without an explicit MinVersion, tests running on Go 1.17 or earlier could unexpectedly negotiate TLS 1.0 or 1.1 instead of 1.2, causing the rejection test to fail and cipher/curve tests to validate incorrect protocol versions.

Suggested change
 		conn, err := tls.Dial("tcp", addr, &tls.Config{
 			InsecureSkipVerify: true, //nolint:gosec // self-signed cert in e2e
+			MinVersion:         tls.VersionTLS12,
 			MaxVersion:         tls.VersionTLS12,
 			CipherSuites:       []uint16{cipherID},
 		})

Apply to lines 153–156, 330–334, 356–360, 381–386, and 407–412.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/steps/tls_steps.go` around lines 153 - 156, The TLS tests set
MaxVersion: tls.VersionTLS12 but omit MinVersion, making behavior vary across Go
versions; update the tls.Config initializations (e.g., the tls.Dial call where
conn, err := tls.Dial("tcp", addr, &tls.Config{...}) and the other tls.Config
occurrences referenced in this file) to include MinVersion: tls.VersionTLS12
alongside MaxVersion so the client explicitly requires TLS 1.2; apply this
change to all mentioned spots (the blocks at the given ranges) to ensure
consistent TLS 1.2-only negotiation.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go`:
- Around line 135-139: Tests create tls.Config literals that set MaxVersion:
tls.VersionTLS12 (for example the clientCfg variable) but don't set MinVersion;
add MinVersion: tls.VersionTLS12 to each tls.Config literal that pins MaxVersion
to tls.VersionTLS12 so the tests don't depend on Go's changing default minimum
TLS version—i.e., find every tls.Config struct in this test file that includes
MaxVersion: tls.VersionTLS12 and add MinVersion: tls.VersionTLS12 alongside it.

In `@test/e2e/steps/tls_steps.go`:
- Around line 153-156: The TLS tests set MaxVersion: tls.VersionTLS12 but omit
MinVersion, making behavior vary across Go versions; update the tls.Config
initializations (e.g., the tls.Dial call where conn, err := tls.Dial("tcp",
addr, &tls.Config{...}) and the other tls.Config occurrences referenced in this
file) to include MinVersion: tls.VersionTLS12 alongside MaxVersion so the client
explicitly requires TLS 1.2; apply this change to all mentioned spots (the
blocks at the given ranges) to ensure consistent TLS 1.2-only negotiation.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: b7330088-cf6c-42dd-a75a-46e48b840574

📥 Commits

Reviewing files that changed from the base of the PR and between e79a121 and ac28118.

⛔ Files ignored due to path filters (15)
  • go.sum is excluded by !**/*.sum
  • hack/tools/test-profiling/go.sum is excluded by !**/*.sum
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/modules.txt is excluded by !**/vendor/**
  • vendor/go.podman.io/image/v5/docker/docker_client.go is excluded by !**/vendor/**, !vendor/**
  • vendor/go.podman.io/image/v5/version/version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/modules.txt is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (8)
  • go.mod
  • hack/tools/test-profiling/go.mod
  • internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go
  • requirements.txt
  • test/e2e/features/tls.feature
  • test/e2e/steps/hooks.go
  • test/e2e/steps/steps.go
  • test/e2e/steps/tls_steps.go
✅ Files skipped from review due to trivial changes (3)
  • hack/tools/test-profiling/go.mod
  • requirements.txt
  • go.mod

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.17.1 to 5.18.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.17.1...v5.18.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.18.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Apr 19, 2026
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go (1)

93-101: Serialize global TLS profile mutation in tests.

setCustomProfile mutates package-level globals for the full test duration. If any test in this package runs in parallel later, this becomes racy and can produce nondeterministic failures.

♻️ Proposed fix
 import (
 	"crypto/ecdsa"
@@
 	"net"
+	"sync"
 	"testing"
 	"time"
@@
 )
 
+var customProfileMu sync.Mutex
+
 // setCustomProfile configures the package-level custom TLS profile for the duration
 // of the test and restores the original state via t.Cleanup.
 func setCustomProfile(t *testing.T, cipherNames []string, curveNames []string, minVersion string) {
 	t.Helper()
+	customProfileMu.Lock()
+	t.Cleanup(func() { customProfileMu.Unlock() })
 
 	origProfile := configuredProfile
 	origCustom := customTLSProfile
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go` around lines
93 - 101, setCustomProfile currently mutates the package-level globals
configuredProfile and customTLSProfile for the full test duration, which is racy
if tests run in parallel; fix it by serializing access: add a package-level
sync.Mutex (e.g., tlsProfileMu) and have setCustomProfile Lock() at the start
and Unlock() in the t.Cleanup closure after restoring origProfile and
origCustom, so the global mutation is held while the test uses the custom
profile and released when cleanup runs.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/steps/tls_steps.go`:
- Around line 254-273: buildCustomTLSArgs currently only strips combined form
flags like "--tls-profile=..." and leaves split-form flags like "--tls-profile"
followed by "custom" in baseArgs, causing stale/conflicting args; update the
filtering loop in buildCustomTLSArgs to also detect split-form TLS flags
("--tls-profile", "--tls-custom-version", "--tls-custom-ciphers",
"--tls-custom-curves") and skip both the flag and its next argument when present
(ensure you check bounds before skipping the next element), so that all old TLS
flags (both joined and split forms) are removed before appending the new custom
TLS flags.

---

Nitpick comments:
In `@internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go`:
- Around line 93-101: setCustomProfile currently mutates the package-level
globals configuredProfile and customTLSProfile for the full test duration, which
is racy if tests run in parallel; fix it by serializing access: add a
package-level sync.Mutex (e.g., tlsProfileMu) and have setCustomProfile Lock()
at the start and Unlock() in the t.Cleanup closure after restoring origProfile
and origCustom, so the global mutation is held while the test uses the custom
profile and released when cleanup runs.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 109c5bfd-4af3-433e-835c-94ef97876c18

📥 Commits

Reviewing files that changed from the base of the PR and between ac28118 and b16e4d4.

⛔ Files ignored due to path filters (15)
  • go.sum is excluded by !**/*.sum
  • hack/tools/test-profiling/go.sum is excluded by !**/*.sum
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**
  • hack/tools/test-profiling/vendor/modules.txt is excluded by !**/vendor/**
  • vendor/go.podman.io/image/v5/docker/docker_client.go is excluded by !**/vendor/**, !vendor/**
  • vendor/go.podman.io/image/v5/version/version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/modules.txt is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (8)
  • go.mod
  • hack/tools/test-profiling/go.mod
  • internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go
  • requirements.txt
  • test/e2e/features/tls.feature
  • test/e2e/steps/hooks.go
  • test/e2e/steps/steps.go
  • test/e2e/steps/tls_steps.go
✅ Files skipped from review due to trivial changes (2)
  • hack/tools/test-profiling/go.mod
  • requirements.txt
🚧 Files skipped from review as they are similar to previous changes (3)
  • go.mod
  • test/e2e/steps/hooks.go
  • test/e2e/steps/steps.go

Comment on lines +254 to +273
func buildCustomTLSArgs(baseArgs []string, version, ciphers, curves string) []string {
filtered := make([]string, 0, len(baseArgs)+4)
for _, arg := range baseArgs {
switch {
case strings.HasPrefix(arg, "--tls-profile="),
strings.HasPrefix(arg, "--tls-custom-version="),
strings.HasPrefix(arg, "--tls-custom-ciphers="),
strings.HasPrefix(arg, "--tls-custom-curves="):
// drop — will be replaced below
default:
filtered = append(filtered, arg)
}
}
filtered = append(filtered, "--tls-profile=custom", "--tls-custom-version="+version)
if ciphers != "" {
filtered = append(filtered, "--tls-custom-ciphers="+ciphers)
}
if curves != "" {
filtered = append(filtered, "--tls-custom-curves="+curves)
}
Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Handle split-form TLS flags when rebuilding deployment args.

Current filtering only removes --tls-*=... forms. If existing args use split form (--tls-profile, custom), stale flags remain and can produce conflicting CLI input.

🐛 Proposed fix
 func buildCustomTLSArgs(baseArgs []string, version, ciphers, curves string) []string {
 	filtered := make([]string, 0, len(baseArgs)+4)
-	for _, arg := range baseArgs {
+	skipNext := false
+	for i, arg := range baseArgs {
+		if skipNext {
+			skipNext = false
+			continue
+		}
 		switch {
+		case arg == "--tls-profile",
+			arg == "--tls-custom-version",
+			arg == "--tls-custom-ciphers",
+			arg == "--tls-custom-curves":
+			// Drop split-form flag and its following value token (if present).
+			if i+1 < len(baseArgs) && !strings.HasPrefix(baseArgs[i+1], "--") {
+				skipNext = true
+			}
 		case strings.HasPrefix(arg, "--tls-profile="),
 			strings.HasPrefix(arg, "--tls-custom-version="),
 			strings.HasPrefix(arg, "--tls-custom-ciphers="),
 			strings.HasPrefix(arg, "--tls-custom-curves="):
 			// drop — will be replaced below
 		default:
 			filtered = append(filtered, arg)
 		}
 	}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func buildCustomTLSArgs(baseArgs []string, version, ciphers, curves string) []string {
filtered := make([]string, 0, len(baseArgs)+4)
for _, arg := range baseArgs {
switch {
case strings.HasPrefix(arg, "--tls-profile="),
strings.HasPrefix(arg, "--tls-custom-version="),
strings.HasPrefix(arg, "--tls-custom-ciphers="),
strings.HasPrefix(arg, "--tls-custom-curves="):
// drop — will be replaced below
default:
filtered = append(filtered, arg)
}
}
filtered = append(filtered, "--tls-profile=custom", "--tls-custom-version="+version)
if ciphers != "" {
filtered = append(filtered, "--tls-custom-ciphers="+ciphers)
}
if curves != "" {
filtered = append(filtered, "--tls-custom-curves="+curves)
}
func buildCustomTLSArgs(baseArgs []string, version, ciphers, curves string) []string {
filtered := make([]string, 0, len(baseArgs)+4)
skipNext := false
for i, arg := range baseArgs {
if skipNext {
skipNext = false
continue
}
switch {
case arg == "--tls-profile",
arg == "--tls-custom-version",
arg == "--tls-custom-ciphers",
arg == "--tls-custom-curves":
// Drop split-form flag and its following value token (if present).
if i+1 < len(baseArgs) && !strings.HasPrefix(baseArgs[i+1], "--") {
skipNext = true
}
case strings.HasPrefix(arg, "--tls-profile="),
strings.HasPrefix(arg, "--tls-custom-version="),
strings.HasPrefix(arg, "--tls-custom-ciphers="),
strings.HasPrefix(arg, "--tls-custom-curves="):
// drop — will be replaced below
default:
filtered = append(filtered, arg)
}
}
filtered = append(filtered, "--tls-profile=custom", "--tls-custom-version="+version)
if ciphers != "" {
filtered = append(filtered, "--tls-custom-ciphers="+ciphers)
}
if curves != "" {
filtered = append(filtered, "--tls-custom-curves="+curves)
}
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/steps/tls_steps.go` around lines 254 - 273, buildCustomTLSArgs
currently only strips combined form flags like "--tls-profile=..." and leaves
split-form flags like "--tls-profile" followed by "custom" in baseArgs, causing
stale/conflicting args; update the filtering loop in buildCustomTLSArgs to also
detect split-form TLS flags ("--tls-profile", "--tls-custom-version",
"--tls-custom-ciphers", "--tls-custom-curves") and skip both the flag and its
next argument when present (ensure you check bounds before skipping the next
element), so that all old TLS flags (both joined and split forms) are removed
before appending the new custom TLS flags.

@openshift-bot openshift-bot added the lgtm Indicates that a PR is ready to be merged. label Apr 20, 2026
@camilamacedo86
Copy link
Copy Markdown
Contributor

/retest-required

@tmshort
Copy link
Copy Markdown
Contributor

tmshort commented Apr 20, 2026

This requires #702 for this to pass.

tmshort and others added 21 commits April 21, 2026 16:53
Add 7 Ginkgo tests under [sig-olmv1][OCPFeatureGate:NewOLMDeploymentConfig]
covering the spec.config.inline.deploymentConfig feature:

Positive tests (verify applied customisations):
- environment variables
- resource requirements
- tolerations
- node selector
- annotations on deployment and pod template

Negative tests (verify terminal validation errors):
- invalid deploymentConfig.env type (string instead of array)
- unknown field inside deploymentConfig (additionalProperties:false)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Todd Short <tshort@redhat.com>
Signed-off-by: Todd Short <tshort@redhat.com>
…64 support

Signed-off-by: Daniel Franz <dfranz@redhat.com>
Signed-off-by: Todd Short <tshort@redhat.com>
…t in OTE tests

Update all remaining references to ClusterExtensionRevision in
openshift/tests-extension to use ClusterObjectSet, matching the
upstream rename in operator-framework/operator-controller#2589.

Files updated:
- test/qe/specs/olmv1_ce.go: RBAC resource names and comments
- test/olmv1-preflight.go: scenario constants, test names, RBAC rules
- .openshift-tests-extension/openshift_payload_olmv1.json: test name
- pkg/bindata/qe/bindata.go: embedded RBAC templates
- test/qe/testdata/olm/sa-nginx-limited-boxcutter.yaml: RBAC resources
- test/qe/testdata/olm/sa-nginx-insufficient-operand-rbac-boxcutter.yaml: RBAC resources

Signed-off-by: Camila Macedo <cmacedo@redhat.com>
Made-with: Cursor
…s ClusterObjectSet

The upstream rename of ClusterExtensionRevision to ClusterObjectSet
(operator-framework/operator-controller#2589) breaks the incompatible
operator detection in cluster-olm-operator. The cluster-olm-operator
binary still reads ClusterExtensionRevision resources to find operators
with olm.maxOpenShiftVersion, so after the rename it never detects
incompatible operators and InstalledOLMOperatorsUpgradeable stays True.

Skip this test when NewOLMBoxCutterRuntime feature gate is enabled
until cluster-olm-operator is updated to read ClusterObjectSet.

Signed-off-by: Camila Macedo <cmacedo@redhat.com>
Made-with: Cursor
Signed-off-by: Francesco Giudici <fgiudici@redhat.com>
Signed-off-by: Todd Short <todd.short@me.com>
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Apr 21, 2026
@tmshort
Copy link
Copy Markdown
Contributor

tmshort commented Apr 21, 2026

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Apr 21, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 21, 2026

@openshift-bot: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@tmshort
Copy link
Copy Markdown
Contributor

tmshort commented Apr 22, 2026

/verified by tmshort

No extraneous clusterobjectset messages in upstream-e2e logs.

The logs also contain:

go test -count=1 -v ./test/e2e/features_test.go --godog.tags="~@mirrored-registry && ~@TLSProfile" --k8s.cli=oc

Which properly disables the TLSProfiles tests for downstream.

All other changes were dependency bumps, and since the code builds and passes, I'm considering it verified.

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Apr 22, 2026
@openshift-ci-robot
Copy link
Copy Markdown

@tmshort: This PR has been marked as verified by tmshort.

Details

In response to this:

/verified by tmshort

No extraneous clusterobjectset messages in upstream-e2e logs.

The logs also contain:

go test -count=1 -v ./test/e2e/features_test.go --godog.tags="~@mirrored-registry && ~@TLSProfile" --k8s.cli=oc

Which properly disables the TLSProfiles tests for downstream.

All other changes were dependency bumps, and since the code builds and passes, I'm considering it verified.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-merge-bot openshift-merge-bot Bot merged commit 7c731ae into openshift:main Apr 22, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. kind/sync lgtm Indicates that a PR is ready to be merged. tide/merge-method-merge Denotes a PR that should use a standard merge by tide when it merges. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Development

Successfully merging this pull request may close these issues.