AGENT-1522: bump InternalReleaseImage to v1

[andfasano]

- What I did
This patch bumps the openshift/api to fetch the InternalReleaseImage v1.

Requires openshift/api#2880
Requires openshift/client-go#383

Note: currently go.mod is temporary patched to allow payload testing as per the following comment openshift/api#2880 (comment)

Summary by CodeRabbit

• Refactor

  • Migrate Internal Release Image handling from the alpha API to the stable v1 API across controllers, daemon manager, bootstrapping, and e2e tests.
  • When the relevant feature gate is enabled, the system switches to the v1 InternalReleaseImages informer for internal image processing.

• Bug Fixes

  • Update the internal release image deletion admission policy to match DELETE requests using the v1 API version.
  • Improve Internal Release Image deletion handling for cached tombstones.

• Chores

  • Update dependency/module versions and adjust test/bootstrap wiring for the API migration.

[openshift-ci-robot]

@andfasano: This pull request references AGENT-1522 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

- What I did
This patch bumps the openshift/api to fetch the InternalReleaseImage v1.

Requires openshift/api#2880
Requires openshift/client-go#383

Note: currently go.mod is temporary patched to allow payload testing as per the following comment openshift/api#2880 (comment)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

Walkthrough

This PR migrates the InternalReleaseImage resource from the deprecated machineconfiguration/v1alpha1 API to the stable machineconfiguration/v1 API. Changes span bootstrap manifest decoding, core controller reconciliation, daemon-side management, operator plumbing, command initialization, and comprehensive test updates. Kubernetes YAML policies and Go module dependencies are also updated to reflect the v1 API surface.

Changes

InternalReleaseImage v1alpha1 → v1 API Migration

Layer / File(s)	Summary
Go module dependencies go.mod	Updated github.com/openshift/api and github.com/openshift/client-go versions; added replace directives for alternate module paths; refreshed transitive dependencies for go-openapi and kubernetes libraries.
Bootstrap manifest decoding and scheme registration pkg/controller/bootstrap/bootstrap.go	Removes v1alpha1 import and scheme registration; adds mcfgv1 types to runtime scheme; updates UniversalDecoder group-versions to include corev1/imagev1; changes manifest type assertion from v1alpha1 to v1 InternalReleaseImage.
Core IRI controller reconciliation pkg/controller/internalreleaseimage/internalreleaseimage_controller.go, pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go	Updates informer/lister types to v1; migrates event handlers (add/update/delete) to v1 types; refactors status initialization and retry-based updates with v1 condition type constants; updates finalizer management to use MachineconfigurationV1 client; test fixtures wired to v1 informers with v1 API client lookups.
IRI status aggregation and utilities pkg/controller/internalreleaseimage/aggregation.go, pkg/controller/internalreleaseimage/internalreleaseimage_bootstrap.go, pkg/controller/internalreleaseimage/internalreleaseimage_renderer.go, pkg/controller/common/iri_secret_merger.go, pkg/controller/common/iri_secret_merger_test.go, pkg/controller/internalreleaseimage/internalreleaseimage_helpers_test.go	Aggregation pipeline updated to process mcfgv1.InternalReleaseImageBundleStatus; bootstrap and renderer functions accept v1 InternalReleaseImage types; credential merger constructors accept v1 lister/objects; all condition type constants switched to mcfgv1 enums; test helpers build v1 objects.
Daemon-side IRI manager pkg/daemon/internalreleaseimage/internalreleaseimage_manager.go, pkg/daemon/internalreleaseimage/internalreleaseimage_manager_test.go, pkg/daemon/internalreleaseimage/internalreleaseimage_helpers_test.go	Imports and type signatures updated to v1 informer/lister; event handlers and enqueue logic operate on v1 InternalReleaseImage; condition type constants switched to mcfgv1; tombstone extraction handles v1 types; test assertions updated to v1 condition constants and informer endpoints.
Operator and template controller integration pkg/operator/operator.go, pkg/controller/template/template_controller.go, pkg/controller/template/template_controller_test.go, pkg/controller/certrotation/certrotation_controller.go, pkg/controller/certrotation/helpers_test.go	Operator struct and New() constructor accept v1 InternalReleaseImageInformer; template controller imports and parameter types updated to v1; template test fixture wired to v1 informer and constructs v1 IRI objects; certrotation controller queries MachineconfigurationV1 for IRI existence checks.
Command startup and Kubernetes policies cmd/machine-config-controller/start.go, cmd/machine-config-daemon/start.go, cmd/machine-config-operator/start.go, manifests/machineconfigcontroller/internalreleaseimage-deletion-guard-validatingadmissionpolicy.yaml	Controller/daemon/operator start commands wire v1 InternalReleaseImages informers from InformerFactory.Machineconfiguration().V1(); ValidatingAdmissionPolicy updated to enforce v1 resources.
E2E test infrastructure test/e2e-bootstrap/bootstrap_test.go, test/e2e-iri/iri_test.go	E2E bootstrap test updated to wire v1 IRI informer; e2e IRI tests switch from legacy InternalReleaseImages() to MachineconfigurationV1Interface.InternalReleaseImages(); all condition assertions and deletions updated to use v1 API and mcfgv1 condition type constants.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 41.03% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: upgrading InternalReleaseImage API from v1alpha1 to v1.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	No Ginkgo tests found in PR. All modified test files use standard Go testing.T framework with stable, deterministic test names. Check is not applicable.
Test Structure And Quality	✅ Passed	Tests in this PR use standard Go testing, not Ginkgo. The check is specific to Ginkgo test code structure, making it inapplicable to this API version migration PR.
Microshift Test Compatibility	✅ Passed	PR does not add new Ginkgo e2e tests; it only updates existing tests from v1alpha1 to v1 APIs. The check only applies to newly added tests.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e test blocks were added in this PR. Test file modifications are only API version updates (v1alpha1 to v1) for existing tests using standard Go testing patterns, not Ginkgo.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR only migrates InternalReleaseImage API from v1alpha1 to v1 across code and manifests. No pod scheduling constraints, affinity rules, topology spread constraints, nodeSelectors targeting con...
Ote Binary Stdout Contract	✅ Passed	PR only migrates InternalReleaseImage API types from v1alpha1 to v1; no process-level stdout writes were introduced. Existing klog usage in cmd files is safe as klog v2 logs to stderr by default.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests added. PR only migrates existing v1alpha1 tests to v1 API, with minimal line changes (+1/-1 and +14/-15).
No-Weak-Crypto	✅ Passed	No weak cryptography patterns (MD5, SHA1, DES, RC4, ECB, etc.) or custom crypto implementations found. Only legitimate, standard crypto libraries used. bytes.Equal usages are safe (JSON null check...
Container-Privileges	✅ Passed	PR changes do not include any container manifests with privileged settings. Only manifest change is a ValidatingAdmissionPolicy with API version update, containing no container specs.
No-Sensitive-Data-In-Logs	✅ Passed	This PR performs API version migration from v1alpha1 to v1 for InternalReleaseImage. No new logging statements were added and existing logging does not expose passwords, tokens, API keys, PII, or o...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: andfasano
Once this PR has been reviewed and has the lgtm label, please assign harshwardhanpatil07 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cmd/machine-config-operator/start.go`:
- Around line 72-75: Do not call
ctrlctx.InformerFactory.Machineconfiguration().V1().InternalReleaseImages()
before checking the feature gate; instead declare iriInformer as nil first and
only assign it by calling
ctrlctx.InformerFactory.Machineconfiguration().V1().InternalReleaseImages()
after FeatureGatesHandler.Enabled(features.FeatureGateNoRegistryClusterInstall)
returns true so the informer is not registered when the gate is off; update the
block around iriInformer, FeatureGatesHandler.Enabled and
features.FeatureGateNoRegistryClusterInstall accordingly.

In `@go.mod`:
- Around line 458-460: The go.mod contains unsafe personal-fork replace
directives (replace github.com/openshift/api => github.com/pawanpinjarkar/api
... and replace github.com/openshift/client-go => github.com/andfasano/client-go
...) which must be removed or replaced with approved upstream module versions
and pinned hashes; to fix, delete those two replace lines or change them to the
official upstream modules with explicit, reviewed pseudo-versions or checksums,
run go mod tidy and regenerate vendor/modules.txt (or go.sum) to remove the
forks, and if you must keep non-upstream code document justification and add
prodsec controls (pinned version/hash, CVE review, SBOM/signing) in the PR
description.

In `@pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go`:
- Around line 329-330: When seeding informer fixtures you currently ignore the
error returned by GetIndexer().Add(...) which can hide malformed objects; update
each call to GetIndexer().Add(c) in internalreleaseimage_controller_test.go to
check its error return and fail the test on error (e.g. if err :=
informerFactory.Machineconfiguration().V1().InternalReleaseImages().Informer().GetIndexer().Add(c);
err != nil { t.Fatalf("failed to add fixture: %v", err) } or use
require.NoError(t, err)), and apply the same change to the other
GetIndexer().Add(...) calls in that block so fixture insertion errors are
surfaced immediately.

In `@pkg/controller/internalreleaseimage/internalreleaseimage_controller.go`:
- Around line 604-605: Replace context.TODO() calls in the sync path with a
reconcile-scoped timeout context: for each API call in syncInternalReleaseImage
(e.g.,
ctrl.client.MachineconfigurationV1().InternalReleaseImages().UpdateStatus, Get,
Update and any MachineConfigs Create/Update calls referenced around lines 630,
720, 729, 731, 743, 771), create a context with context.WithTimeout(parentCtx,
<reasonableDuration>) and defer cancel() so the RPC is bounded; pass that
context into the client call and handle the context error as usual. Ensure you
choose a sensible timeout and reuse the same pattern for all
Get/Update/UpdateStatus calls in this controller.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: fe904214-e91e-4d77-aafc-47c2978623a4

📥 Commits

Reviewing files that changed from the base of the PR and between 1b26733 and b766b66.

⛔ Files ignored due to path filters (39)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1/types_internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsresourcelabels.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagebundlestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimageref.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_machineconfiguration_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/generated_expansion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/machineconfiguration_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1/interface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1/internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1/expansion_generated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1/internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (25)

• cmd/machine-config-controller/start.go
• cmd/machine-config-daemon/start.go
• cmd/machine-config-operator/start.go
• go.mod
• manifests/machineconfigcontroller/internalreleaseimage-deletion-guard-validatingadmissionpolicy.yaml
• pkg/controller/bootstrap/bootstrap.go
• pkg/controller/certrotation/certrotation_controller.go
• pkg/controller/certrotation/helpers_test.go
• pkg/controller/common/iri_secret_merger.go
• pkg/controller/common/iri_secret_merger_test.go
• pkg/controller/internalreleaseimage/aggregation.go
• pkg/controller/internalreleaseimage/internalreleaseimage_bootstrap.go
• pkg/controller/internalreleaseimage/internalreleaseimage_bootstrap_test.go
• pkg/controller/internalreleaseimage/internalreleaseimage_controller.go
• pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go
• pkg/controller/internalreleaseimage/internalreleaseimage_helpers_test.go
• pkg/controller/internalreleaseimage/internalreleaseimage_renderer.go
• pkg/controller/template/template_controller.go
• pkg/controller/template/template_controller_test.go
• pkg/daemon/internalreleaseimage/internalreleaseimage_helpers_test.go
• pkg/daemon/internalreleaseimage/internalreleaseimage_manager.go
• pkg/daemon/internalreleaseimage/internalreleaseimage_manager_test.go
• pkg/operator/operator.go
• test/e2e-bootstrap/bootstrap_test.go
• test/e2e-iri/iri_test.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
FILE="pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go"
if [ ! -f "$FILE" ]; then
  echo "Missing file: $FILE"
  exit 1
fi
nl -ba "$FILE" | sed -n '300,380p'
echo "---- surrounding imports ----"
nl -ba "$FILE" | sed -n '1,120p'
echo "---- grep for Indexer().Add(c) in file ----"
rg -n "Indexer\(\)\.Add\(" "$FILE" || true

Repository: openshift/machine-config-operator

Length of output: 120

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
FILE="pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go"
if [ ! -f "$FILE" ]; then
  echo "Missing file: $FILE"
  exit 1
fi
nl -ba "$FILE" | sed -n '300,380p'
echo "---- surrounding imports ----"
nl -ba "$FILE" | sed -n '1,120p'
echo "---- grep for Indexer().Add(c) in file ----"
rg -n "Indexer\(\)\.Add\(" "$FILE" || true

Repository: openshift/machine-config-operator

Length of output: 120

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
FILE="pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go"

if [ ! -f "$FILE" ]; then
  echo "Missing file: $FILE" >&2
  exit 1
fi

echo "---- lines 300-380 (cat -n) ----"
cat -n "$FILE" | sed -n '300,380p'

echo "---- grep for Indexer().Add(c) in file ----"
rg -n "Indexer\(\)\.Add\(" "$FILE" || true

echo "---- check for other Add(...) calls on that indexer ----"
rg -n "GetIndexer\(\)\.Add\(" "$FILE" || true

echo "---- inspect exact lines 329-330 ----"
cat -n "$FILE" | sed -n '320,340p'

Repository: openshift/machine-config-operator

Length of output: 5240

---

Handle Indexer.Add errors when seeding informer fixtures.

The return value from GetIndexer().Add(...) is ignored when inserting fixtures, which can hide malformed objects and lead to misleading test outcomes (same pattern applies to the other GetIndexer().Add(...) calls in this block).

Proposed fix

- i.Machineconfiguration().V1().InternalReleaseImages().Informer().GetIndexer().Add(c)
+ require.NoError(t, i.Machineconfiguration().V1().InternalReleaseImages().Informer().GetIndexer().Add(c))

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go`
around lines 329 - 330, When seeding informer fixtures you currently ignore the
error returned by GetIndexer().Add(...) which can hide malformed objects; update
each call to GetIndexer().Add(c) in internalreleaseimage_controller_test.go to
check its error return and fail the test on error (e.g. if err :=
informerFactory.Machineconfiguration().V1().InternalReleaseImages().Informer().GetIndexer().Add(c);
err != nil { t.Fatalf("failed to add fixture: %v", err) } or use
require.NoError(t, err)), and apply the same change to the other
GetIndexer().Add(...) calls in that block so fixture insertion errors are
surfaced immediately.

Source: Coding guidelines

[pablintino]

/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880

[openshift-ci]

@pablintino: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

[pablintino]

/payload-job-with-prs periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880

[openshift-ci]

@pablintino: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/f9891120-6598-11f1-85b3-151bb12aa17e-0

[andfasano]

/payload-job-with-prs periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880

[openshift-ci]

@andfasano: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

[andfasano]

/payload-job-with-prs periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880

[openshift-ci]

@andfasano: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

[andfasano]

/payload-job-with-prs periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview openshift/api#2880

[openshift-ci]

@andfasano: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-nightly-5.0-e2e-agent-compact-iso-no-registry-techpreview

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/fa81a320-65b2-11f1-8f52-076e43fcbb6b-0

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 467: Remove the two personal-fork replace directives that route
github.com/openshift/api to github.com/pawanpinjarkar/api and
github.com/openshift/client-go to github.com/andfasano/client-go from the go.mod
file. After removing these replace statements, run go mod tidy to finalize the
dependency graph back to the upstream versions pinned on lines 40-41. If the
vendor directory was pre-generated with the fork paths, update it accordingly.
Before completing the merge, verify that the upstream PRs (openshift/api#2880
and openshift/client-go#383) are on track to be merged into their main branches
soon.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

[coderabbitai]

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

⚠️ Personal-fork replace directives are still present — confirm removal before merge to main.

Lines 467 and 469 route github.com/openshift/api and github.com/openshift/client-go through personal forks (pawanpinjarkar and andfasano). While the PR description correctly documents this as a temporary patch for payload testing, these directives must be removed before merging to main, as they would otherwise persist in production builds and vendor artifacts.

Observations:

• The fork versions have been updated since the previous review (June 9 → June 23 pseudo-versions), indicating active development on the forks.
• The upstream versions on lines 40–41 are pinned to legitimate openshift pseudo-versions, but the replace directives override them.
• No CVE audit, license audit, SBOM, or signing expectations are documented for the fork artifacts.

Required before merge:

1. Confirm that AGENT-1522: Graduate InternalReleaseImage from v1alpha1 to v1 api#2880 and AGENT-1522: bump IRI to v1 client-go#383 are on track to merge to their main branches soon.
2. Remove these two replace directives and run go mod tidy to finalize the upstream dependency graph.
3. Update the vendor tree if it was pre-generated with the fork paths.

Also applies to: 469-469

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 467, Remove the two personal-fork replace directives that
route github.com/openshift/api to github.com/pawanpinjarkar/api and
github.com/openshift/client-go to github.com/andfasano/client-go from the go.mod
file. After removing these replace statements, run go mod tidy to finalize the
dependency graph back to the upstream versions pinned on lines 40-41. If the
vendor directory was pre-generated with the fork paths, update it accordingly.
Before completing the merge, verify that the upstream PRs (openshift/api#2880
and openshift/client-go#383) are on track to be merged into their main branches
soon.

Source: Path instructions

[openshift-ci]

@andfasano: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/bootstrap-unit	93d430b	link	true	/test bootstrap-unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.