Do not merge: Ocp 88331 88332 automation manual check

[dtfranz]

Exercising new tests manually since they won't run in the presubmits

Summary by CodeRabbit

• Tests
  • Added an automated test suite validating OLMv1 ClusterExtension “progress deadline” behavior, including cases where bundle installation fails to meet the deadline and expected status conditions are surfaced.
  • Added upgrade scenario coverage that switches from healthy to failing bundles, confirming the new revision continues rolling out and reports probe failures and related status updates correctly.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 73564e1d-d39c-48e8-bffa-ca90133a9f57

📥 Commits

Reviewing files that changed from the base of the PR and between a43d503 and 44a3970.

📒 Files selected for processing (1)

• openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go

🚧 Files skipped from review as they are similar to previous changes (1)

• openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go

---

Walkthrough

A new Ginkgo QE test file is added for the OLMv1 ClusterExtension progress deadline feature. It defines two end-to-end test scenarios covering single-bundle failure and upgrade-with-failure cases, provides a fixture builder that provisions namespaces, RBAC, and constructs bundle/catalog images via oc start-build, and implements polling helpers for asserting OLM status conditions and revisions.

Changes

OLMv1 ClusterExtension Progress Deadline QE Tests

Layer / File(s)	Summary
Imports and package setup openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go	Package declaration and imports for tar/image building, JSON/YAML templating, Ginkgo/Gomega test framework, and Kubernetes client interactions.
Test suite and progress deadline scenarios openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go	Ginkgo describe block gated by NewOLMBoxCutterRuntime with per-spec diagnostic printing. Two test cases: one creates a ClusterExtension with 10-minute deadline on a failing bundle and asserts ProgressDeadlineExceeded on both ClusterObjectSet and ClusterExtension; the other creates a healthy bundle, waits for success, patches the extension to a failing bundle version, and asserts dual-revision state with probe failure.
Fixture data structures and resource creation openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go	rolloutFailureBundle and rolloutFailureFixture structs parameterize test data. newRolloutFailureFixture creates namespace, service accounts, RBAC bindings, builds and images for each bundle version via oc start-build, builds a catalog image, creates the ClusterCatalog CR, and waits for serving. newClusterExtension generates a ClusterExtension object targeting the fixture catalog with optional ProgressDeadlineMinutes.
Image build infrastructure and tar archive creation openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go	buildImage creates ImageStream and BuildConfig, constructs a build tar archive from filename-to-bytes content map, runs oc start-build as admin with --wait, and cleans up temporary resources. createBuildArchive writes tar headers and file content with proper writer closure and error handling.
Bundle and catalog template generation openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go	bundleImageFiles assembles bundle Dockerfile, annotations/properties, CSV, and script ConfigMap templates with placeholder substitution for case ID, bundle version, and controller image. catalogImageFiles generates catalog package entries and bundles as JSON lines with replace relationships and alpha channel. replaceAll applies all placeholder-to-value substitutions. Embedded template constants provide complete Dockerfile and manifest content for both bundles and catalogs.
Status polling and assertion helpers openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go	expectClusterCatalogServing polls until TypeServing is true. expectClusterExtensionCondition polls and validates condition type, status, reason, and message substring. expectClusterObjectSetCondition polls and validates condition type, status, and exact reason. expectActiveRevisions polls until Status.ActiveRevisions contains exactly the expected revisions. eventually wraps Gomega Eventually with standardized polling interval and timeout. deleteObject deletes objects and suppresses NotFound errors.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 2 warnings)

Check name	Status	Explanation	Resolution
No-Sensitive-Data-In-Logs	❌ Error	Line 264 logs raw output from oc start-build command in error messages, which could expose sensitive build system details, environment information, or error diagnostics without filtering.	Remove the 'output' variable from the error message, or sanitize it to exclude sensitive details before logging. Use a generic error message and log the full output separately to a debug/verbose log level only.
Title check	⚠️ Warning	The title 'Do not merge: Ocp 88331 88332 automation manual check' contains a directive ('Do not merge') and is vague about what the actual change accomplishes, making it misleading as a summary of the changeset.	Revise the title to describe the actual change, e.g., 'Add OLMv1 cluster extension progress deadline test suite' or 'Add tests for OCP-88331 and OCP-88332 progress deadline behavior', removing the 'do not merge' prefix which is metadata better handled by PR labels.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All Ginkgo test titles (Describe and It blocks) use stable, static strings with no dynamic information. Test names contain Polarion IDs and descriptive text only, with no pod names, timestamps, UUI...
Test Structure And Quality	✅ Passed	Test file meets all quality requirements: single responsibility (each test checks one behavior), proper BeforeEach/AfterEach with DeferCleanup for all resources including cluster-scoped ClusterRole...
Microshift Test Compatibility	✅ Passed	Test uses buildv1.BuildConfig and imagev1.ImageStream (unavailable on MicroShift) but is protected by exutil.SkipMicroshift(oc) in BeforeEach hook that calls g.Skip() on MicroShift clusters.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	Test does not assume multiple nodes or HA cluster configuration; deployment replicas set to 1, no anti-affinity/topology constraints, no node counting logic or multi-node scheduling requirements fo...
Topology-Aware Scheduling Compatibility	✅ Passed	File is a test suite (Ginkgo specs) in test/qe/specs/, not a deployment manifest, operator code, or controller. Custom check applies only to production code changes.
Ote Binary Stdout Contract	✅ Passed	The new test file contains no stdout writes at process level. Only fmt.Sprintf (string formatting) is used inside test functions, no logging packages are imported, and the sole package-level var is...
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	Test is fully compatible with IPv6-only and disconnected environments. No IPv4 hardcoded addresses, proper HTTP server binding to '::' for IPv4/IPv6, all images from cluster-internal registry or re...
No-Weak-Crypto	✅ Passed	No weak cryptographic algorithms (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or insecure secret comparisons detected in the test file.
Container-Privileges	✅ Passed	The new test file contains no privileged container configurations. Security contexts properly set allowPrivilegeEscalation to false, drop ALL capabilities, and run as non-root user (runAsNonRoot: t...

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="Running error: context loading failed: failed to load packages: failed to load packages: failed to load with go/packages: err: exit status 1: stderr: go: inconsistent vendoring in :\n\tgithub.com/BurntSushi/toml@v1.6.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt\n\tgithub.com/Masterminds/semver/v3@v3.5.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt\n\tgithub.com/blang/semver/v4@v4.0.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt\n\tgithub.com/cert-manager/cert-manager@v1.20.2: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt\n\tgithub.com/containerd/containerd@v1.7.32: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt\n\tgithub.com/cucumber/godog@v0.15.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt\n\tgithub.com/evanphx/json-patch@v5.9.11+incompatib

... [truncated 33104 characters] ...

txt\n\tk8s.io/kubectl: is replaced in go.mod, but not marked as replaced in vendor/modules.txt\n\tk8s.io/kubelet: is replaced in go.mod, but not marked as replaced in vendor/modules.txt\n\tk8s.io/kubernetes: is replaced in go.mod, but not marked as replaced in vendor/modules.txt\n\tk8s.io/metrics: is replaced in go.mod, but not marked as replaced in vendor/modules.txt\n\tk8s.io/mount-utils: is replaced in go.mod, but not marked as replaced in vendor/modules.txt\n\tk8s.io/pod-security-admission: is replaced in go.mod, but not marked as replaced in vendor/modules.txt\n\tk8s.io/sample-apiserver: is replaced in go.mod, but not marked as replaced in vendor/modules.txt\n\n\tTo ignore the vendor directory, use -mod=readonly or -mod=mod.\n\tTo sync the vendor directory, run:\n\t\tgo mod vendor\n"

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dtfranz
Once this PR has been reviewed and has the lgtm label, please assign oceanc80 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dtfranz]

/test e2e-aws-olmv1-ext

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go`:
- Around line 263-265: The oc.AsAdmin().WithoutNamespace().Run("start-build")
command with Output() call lacks a timeout/cancellation boundary and can block
indefinitely if the build stalls. Refactor this code to use context.Context with
a timeout (via context.WithTimeout) to enforce a bounded wait duration on the
start-build operation. Pass the timeout context through the command execution
chain and update error handling to properly handle context.DeadlineExceeded
errors that may occur when the timeout is exceeded.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3f12419e-b7e6-4d88-a56b-1b62142a16af

📥 Commits

Reviewing files that changed from the base of the PR and between ecd140b and 1c6aca5.

📒 Files selected for processing (2)

• openshift/tests-extension/.openshift-tests-extension/openshift_payload_olmv1.json
• openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add a timeout/cancellation boundary around oc start-build --wait.

Output() can block indefinitely when a build stalls, which can hang the spec and tie up CI capacity. Please enforce a bounded wait path for this external call.

As per coding guidelines, "Go security (prodsec-skills): ... context.Context for cancellation and timeouts".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openshift/tests-extension/test/qe/specs/olmv1_ce_progress_deadline.go` around
lines 263 - 265, The oc.AsAdmin().WithoutNamespace().Run("start-build") command
with Output() call lacks a timeout/cancellation boundary and can block
indefinitely if the build stalls. Refactor this code to use context.Context with
a timeout (via context.WithTimeout) to enforce a bounded wait duration on the
start-build operation. Pass the timeout context through the command execution
chain and update error handling to properly handle context.DeadlineExceeded
errors that may occur when the timeout is exceeded.

Source: Coding guidelines

[dtfranz]

/test e2e-aws-techpreview-olmv1-ext

[dtfranz]

/test e2e-aws-techpreview-olmv1-ext

[dtfranz]

Running tests again with progression timeout set to CRD minimum of 10.
/test e2e-aws-techpreview-olmv1-ext

[dtfranz]

/test e2e-aws-techpreview-olmv1-ext

[dtfranz]

/test e2e-aws-techpreview-olmv1-ext

[openshift-ci]

@dtfranz: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.