AGENT-1522: Graduate IRI object from v1alpha1 to V1

[sadasu]

No description provided.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@sadasu: This pull request references AGENT-1522 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Hello @sadasu! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 7bf5f54a-08be-483b-97d1-7c2e6d23cd8e

📥 Commits

Reviewing files that changed from the base of the PR and between 8a95912 and 96524e8.

⛔ Files ignored due to path filters (6)

• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/zz_generated*
• machineconfiguration/v1/zz_generated.featuregated-crd-manifests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• machineconfiguration/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*

📒 Files selected for processing (6)

• hack/update-payload-crds.sh
• machineconfiguration/v1/register.go
• machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml
• machineconfiguration/v1/types_internalreleaseimage.go
• payload-manifests/crds/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml
• payload-manifests/crds/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml

💤 Files with no reviewable changes (1)

• hack/update-payload-crds.sh

✅ Files skipped from review due to trivial changes (1)

• machineconfiguration/v1/register.go

🚧 Files skipped from review as they are similar to previous changes (3)

• payload-manifests/crds/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml
• machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml
• machineconfiguration/v1/types_internalreleaseimage.go

---

📝 Walkthrough

Walkthrough

This PR introduces the InternalReleaseImage custom resource as a stable v1 API type. The change defines a cluster-scoped singleton resource that manages references to release bundles, with spec validation constraining up to 16 named references following an ocp-release-bundle-<version>-<arch|stream> naming pattern. The status section tracks per-bundle installation state via conditions and OCI image references. Go types are registered with the v1 scheme, CRD manifests are updated from v1alpha1 to v1 with stable compatibility guarantees, a comprehensive test suite validates creation and update scenarios, and the build script configuration is adjusted to include related osimagestreams CRDs.

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to evaluate whether it is related to the changeset.	Add a description explaining the purpose and scope of graduating IRI from v1alpha1 to v1, including any migration considerations or breaking changes.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the main change: graduating the IRI object from v1alpha1 to v1, which is directly supported by all file changes in the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names in the PR are stable and deterministic; no dynamic identifiers (UUIDs, timestamps, node names, etc.) appear in test titles. Dynamic data correctly resides in test bodies/messages.
Test Structure And Quality	✅ Passed	All 10 tests have single responsibility, meaningful assertion messages, framework handles setup/cleanup with timeouts, and follows codebase YAML test patterns consistently.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests were added; PR adds only YAML-based CRD validation tests, Go type definitions, and manifests.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests were added in this PR. Changes are API type definitions and CRD manifests; the YAML test file is a controller-gen schema validation suite, not a Ginkgo e2e test.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR only promotes InternalReleaseImage API type from v1alpha1 to v1, containing no scheduling constraints, deployment manifests, or operator code.
Ote Binary Stdout Contract	✅ Passed	PR adds only API type definitions and CRD manifests with no process-level code that could write to stdout. No main(), init(), TestMain(), or stdout-writing functions found.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. It only adds CRD type definitions, registration, and controller-runtime validation tests in YAML format.
No-Weak-Crypto	✅ Passed	No weak crypto patterns found. PR adds API type definitions with only standard OCI image digest format validation references, no implementations.
Container-Privileges	✅ Passed	No container manifests with privilege escalation settings found; no privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, or allowPrivilegeEscalation occurrences in any files.
No-Sensitive-Data-In-Logs	✅ Passed	No logging that exposes passwords, tokens, API keys, PII, session IDs, internal hostnames, or customer data found in any modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml (1)

6-88: ⚡ Quick win

Add a negative create test for singleton name enforcement.

Please add an onCreate case where metadata.name is not cluster and assert the XValidation rejection. This guards the singleton contract introduced on the type.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml`
around lines 6 - 88, Add a new onCreate test case that attempts to create an
InternalReleaseImage whose metadata.name is not "cluster" to ensure the
singleton name check rejects it; create an entry (e.g., name: "Reject
non-cluster singleton name") with an initial manifest using kind:
InternalReleaseImage and metadata.name: "not-cluster" (include a minimal
spec.releases item), and set expectedError to assert the XValidation rejection
(include "XValidation" in the expectedError string) so the test verifies the
singleton name enforcement.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@machineconfiguration/v1/types_internalreleaseimage.go`:
- Around line 37-39: Update the field comments to document omission behavior and
any list-size constraints: for the top-level field Status (type
InternalReleaseImageStatus) add that if omitted the controller will treat it as
empty/unknown and will not expose any observed state; for Status.Conditions add
what omitting the slice means (no conditions are recorded) and explicitly state
any +optional semantics; for Status.Releases[].Conditions document that omitting
the conditions slice implies no recorded per-release conditions and add the
exact MinItems/MaxItems constraints from the kubebuilder markers (e.g.,
“MinItems=N” or “MaxItems=M”) to the comment so consumers know list-size limits;
update the comments adjacent to the fields Status,
InternalReleaseImageStatus.Conditions, and the Releases[].Conditions field to
include both omission behavior and the MinItems/MaxItems text.

---

Nitpick comments:
In
`@machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml`:
- Around line 6-88: Add a new onCreate test case that attempts to create an
InternalReleaseImage whose metadata.name is not "cluster" to ensure the
singleton name check rejects it; create an entry (e.g., name: "Reject
non-cluster singleton name") with an initial manifest using kind:
InternalReleaseImage and metadata.name: "not-cluster" (include a minimal
spec.releases item), and set expectedError to assert the XValidation rejection
(include "XValidation" in the expectedError string) so the test verifies the
singleton name enforcement.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2f0a2a5c-6ed0-4ec5-82b7-5b2132b9d70d

📥 Commits

Reviewing files that changed from the base of the PR and between 9f55304 and 8a95912.

⛔ Files ignored due to path filters (12)

• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes-Hypershift-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes-Hypershift-OKD.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes-SelfManagedHA-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes-SelfManagedHA-OKD.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/zz_generated*
• machineconfiguration/v1/zz_generated.featuregated-crd-manifests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• machineconfiguration/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*
• machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• openapi/openapi.json is excluded by !openapi/**

📒 Files selected for processing (14)

• features.md
• features/features.go
• hack/update-payload-crds.sh
• machineconfiguration/v1/register.go
• machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml
• machineconfiguration/v1/types_internalreleaseimage.go
• payload-manifests/crds/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml
• payload-manifests/crds/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml
• payload-manifests/crds/0000_80_machine-config_01_machineconfignodes-Hypershift-Default.crd.yaml
• payload-manifests/crds/0000_80_machine-config_01_machineconfignodes-Hypershift-OKD.crd.yaml
• payload-manifests/crds/0000_80_machine-config_01_machineconfignodes-SelfManagedHA-Default.crd.yaml
• payload-manifests/crds/0000_80_machine-config_01_machineconfignodes-SelfManagedHA-OKD.crd.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml

💤 Files with no reviewable changes (3)

• hack/update-payload-crds.sh
• payload-manifests/crds/0000_80_machine-config_01_machineconfignodes-Hypershift-Default.crd.yaml
• payload-manifests/crds/0000_80_machine-config_01_machineconfignodes-Hypershift-OKD.crd.yaml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document omitted behavior and list-size constraints in field comments.

The comments for status, status.conditions, and status.releases[].conditions don’t currently document (a) what happens when omitted, and (b) the MinItems/MaxItems constraints where declared. Please add those details directly to each field comment to satisfy API doc requirements.

As per coding guidelines, “For each field with +optional marker, document the behavior when the field is omitted” and “For each field with +kubebuilder:validation:MinItems/MaxItems markers, document the constraints in the field comment.”

Also applies to: 70-78, 103-120

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@machineconfiguration/v1/types_internalreleaseimage.go` around lines 37 - 39,
Update the field comments to document omission behavior and any list-size
constraints: for the top-level field Status (type InternalReleaseImageStatus)
add that if omitted the controller will treat it as empty/unknown and will not
expose any observed state; for Status.Conditions add what omitting the slice
means (no conditions are recorded) and explicitly state any +optional semantics;
for Status.Releases[].Conditions document that omitting the conditions slice
implies no recorded per-release conditions and add the exact MinItems/MaxItems
constraints from the kubebuilder markers (e.g., “MinItems=N” or “MaxItems=M”) to
the comment so consumers know list-size limits; update the comments adjacent to
the fields Status, InternalReleaseImageStatus.Conditions, and the
Releases[].Conditions field to include both omission behavior and the
MinItems/MaxItems text.

[openshift-ci]

@sadasu: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	96524e8	link	true	/test verify

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.