Skip to content

Commit 3b59c4f

Browse files
Merge pull request #236 from dustman9000/termination-message-policy
SREP-4556: Add terminationMessagePolicy for OCP 4.21 conformance
2 parents 6c48650 + a046425 commit 3b59c4f

12 files changed

Lines changed: 104 additions & 11 deletions

File tree

.ci-operator.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
build_root_image:
22
name: boilerplate
33
namespace: openshift
4-
tag: image-v8.3.4
4+
tag: image-v8.3.5

OWNERS_ALIASES

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,6 @@ aliases:
6161
- casey-williams-rh
6262
- boranx
6363
srep-functional-team-thor:
64-
- a7vicky
6564
- diakovnec
6665
- MitaliBhalla
6766
- feichashao
@@ -92,5 +91,4 @@ aliases:
9291
- maorfr
9392
- rogbas
9493
srep-architects:
95-
- jharrington22
9694
- cblecker
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
image-v8.3.4
1+
image-v8.3.5
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
0613e5c5f79aec861fd0afe53b6a9373b8d169d7
1+
294b1978042a939fb940bc8ae89e498991a7ca43

boilerplate/openshift/golang-osd-operator/OWNERS_ALIASES

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,6 @@ aliases:
6161
- casey-williams-rh
6262
- boranx
6363
srep-functional-team-thor:
64-
- a7vicky
6564
- diakovnec
6665
- MitaliBhalla
6766
- feichashao
@@ -92,5 +91,4 @@ aliases:
9291
- maorfr
9392
- rogbas
9493
srep-architects:
95-
- jharrington22
9694
- cblecker

boilerplate/openshift/golang-osd-operator/README.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,18 @@ Checks consist of:
119119
- `go generate`. This is a no-op if you have no `//go:generate`
120120
directives in your code.
121121

122+
## PKO (Package Operator) fixture validation
123+
124+
Operators deployed via [Package Operator](https://package-operator.run/) can define snapshot test fixtures that validate `.gotmpl` template rendering. If `deploy_pko/manifest.yaml` exists and contains a `test:` section, the following targets are available:
125+
126+
- `make validate-pko-fixtures` validates that committed fixtures in `deploy_pko/.test-fixtures/` match the current template output. This runs automatically as part of `make validate` (and therefore `make container-validate`). Repos without PKO test fixtures are silently skipped.
127+
- `make generate-pko-fixtures` regenerates fixtures after intentional changes to `.gotmpl` files or `manifest.yaml` config. Review the diff and commit the updated fixtures alongside the template changes.
128+
- `make container-generate-pko-fixtures` runs fixture generation inside the boilerplate backing container, which has `kubectl-package` pre-installed. Useful if you don't have `kubectl-package` installed locally. The repository is bind-mounted into the container, so the generated fixtures appear directly in your local `deploy_pko/.test-fixtures/` directory — no manual copy step needed.
129+
130+
Both targets require `kubectl-package`. If it is not found, the target fails with installation instructions. The backing container image includes `kubectl-package`, so `make container-validate` and `make container-generate-pko-fixtures` always work.
131+
132+
**Important:** Buildah's `COPY *` includes dotfiles and dotdirs (contrary to standard glob behavior), so `deploy_pko/.test-fixtures/` will be included in the PKO OCI image unless excluded. `make generate-pko-fixtures` automatically creates a `deploy_pko/.dockerignore` with `.test-fixtures` to prevent this. `make validate-pko-fixtures` verifies the exclusion exists. Without it, PKO will see duplicate objects and fail to deploy the ClusterPackage.
133+
122134
## FIPS (Federal Information Processing Standards)
123135

124136
To enable FIPS in your build there is a `make ensure-fips` target.

boilerplate/openshift/golang-osd-operator/ensure.sh

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,23 @@ golangci-lint)
3131
fi
3232
;;
3333

34+
kubectl-package)
35+
KUBECTL_PACKAGE_VERSION="v1.18.6"
36+
GOPATH=$(go env GOPATH)
37+
if which kubectl-package ; then
38+
exit
39+
else
40+
mkdir -p "${GOPATH}/bin"
41+
if ! echo "${PATH}" | grep -q "${GOPATH}/bin"; then
42+
echo "${GOPATH}/bin not in $PATH"
43+
exit 1
44+
fi
45+
DOWNLOAD_URL="https://github.com/package-operator/package-operator/releases/download/${KUBECTL_PACKAGE_VERSION}/kubectl-package_${GOOS}_amd64"
46+
curl -sfL "${DOWNLOAD_URL}" -o "${GOPATH}/bin/kubectl-package"
47+
chmod +x "${GOPATH}/bin/kubectl-package"
48+
fi
49+
;;
50+
3451
opm)
3552
mkdir -p .opm/bin
3653
cd .opm/bin

boilerplate/openshift/golang-osd-operator/standard.mk

Lines changed: 67 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -309,10 +309,72 @@ prow-config:
309309
# Targets used by prow
310310
######################
311311

312+
# validate-pko-fixtures: Validate PKO package templates against committed snapshot fixtures.
313+
# Silently skips if deploy_pko/ has no manifest.yaml with a test section.
314+
# Requires kubectl-package; see https://github.com/package-operator/package-operator/releases
315+
.PHONY: validate-pko-fixtures
316+
validate-pko-fixtures:
317+
@if [ -d deploy_pko ] && grep -q '^test:' deploy_pko/manifest.yaml 2>/dev/null; then \
318+
${CONVENTION_DIR}/ensure.sh kubectl-package; \
319+
echo "Validating PKO package fixtures..."; \
320+
kubectl-package validate deploy_pko/ || \
321+
(echo "ERROR: PKO fixture validation failed. Rendered templates do not match committed fixtures." >&2; \
322+
echo "If you intentionally changed a deploy_pko/ .gotmpl or manifest.yaml config, regenerate fixtures:" >&2; \
323+
echo " make generate-pko-fixtures" >&2; \
324+
echo " git diff deploy_pko/.test-fixtures/" >&2; \
325+
echo "Review the diff to confirm only your intended changes are reflected, then commit the updated fixtures." >&2; \
326+
echo "If you did NOT intend to change template output, your modifications may have introduced an unintended" >&2; \
327+
echo "regression in the rendered deployment manifests. Review your changes to deploy_pko/ carefully." >&2; \
328+
exit 1); \
329+
if [ -d deploy_pko/.test-fixtures ]; then \
330+
ignore_file=""; \
331+
if [ -f deploy_pko/.containerignore ]; then \
332+
ignore_file="deploy_pko/.containerignore"; \
333+
elif [ -f deploy_pko/.dockerignore ]; then \
334+
ignore_file="deploy_pko/.dockerignore"; \
335+
fi; \
336+
if [ -z "$$ignore_file" ]; then \
337+
echo "ERROR: deploy_pko/.test-fixtures/ exists but no .dockerignore or .containerignore found in deploy_pko/." >&2; \
338+
echo "Without it, test fixtures will be included in the PKO OCI image, causing Duplicate Object errors." >&2; \
339+
echo "Fix: run 'make generate-pko-fixtures' to auto-create deploy_pko/.dockerignore" >&2; \
340+
exit 1; \
341+
elif ! grep -q '\.test-fixtures' "$$ignore_file"; then \
342+
echo "ERROR: $$ignore_file exists but does not exclude .test-fixtures." >&2; \
343+
echo "Without this exclusion, test fixtures will be included in the PKO OCI image." >&2; \
344+
echo "Fix: add '.test-fixtures' to $$ignore_file" >&2; \
345+
exit 1; \
346+
fi; \
347+
fi; \
348+
fi
349+
350+
# generate-pko-fixtures: Regenerate PKO snapshot fixtures after template changes.
351+
# Requires kubectl-package; see https://github.com/package-operator/package-operator/releases
352+
.PHONY: generate-pko-fixtures
353+
generate-pko-fixtures:
354+
@if [ -d deploy_pko ] && grep -q '^test:' deploy_pko/manifest.yaml 2>/dev/null; then \
355+
${CONVENTION_DIR}/ensure.sh kubectl-package; \
356+
echo "Regenerating PKO test fixtures..."; \
357+
rm -rf deploy_pko/.test-fixtures; \
358+
kubectl-package validate deploy_pko/ && \
359+
if [ ! -f deploy_pko/.dockerignore ] && [ ! -f deploy_pko/.containerignore ]; then \
360+
echo ".test-fixtures" > deploy_pko/.dockerignore; \
361+
echo "Created deploy_pko/.dockerignore to exclude .test-fixtures from PKO image."; \
362+
elif [ -f deploy_pko/.dockerignore ] && ! grep -q '\.test-fixtures' deploy_pko/.dockerignore; then \
363+
echo ".test-fixtures" >> deploy_pko/.dockerignore; \
364+
echo "Added .test-fixtures to deploy_pko/.dockerignore."; \
365+
elif [ -f deploy_pko/.containerignore ] && ! grep -q '\.test-fixtures' deploy_pko/.containerignore; then \
366+
echo ".test-fixtures" >> deploy_pko/.containerignore; \
367+
echo "Added .test-fixtures to deploy_pko/.containerignore."; \
368+
fi; \
369+
echo "Fixtures regenerated. Review with 'git diff deploy_pko/.test-fixtures/' and commit."; \
370+
else \
371+
echo "No PKO test configuration found in deploy_pko/manifest.yaml, nothing to generate."; \
372+
fi
373+
312374
# validate: Ensure code generation has not been forgotten; and ensure
313375
# generated and boilerplate code has not been modified.
314376
.PHONY: validate
315-
validate: boilerplate-freeze-check generate-check
377+
validate: boilerplate-freeze-check generate-check validate-pko-fixtures
316378

317379
# lint: Perform static analysis.
318380
.PHONY: lint
@@ -396,6 +458,10 @@ container-validate:
396458
container-coverage:
397459
${BOILERPLATE_CONTAINER_MAKE} coverage
398460

461+
.PHONY: container-generate-pko-fixtures
462+
container-generate-pko-fixtures:
463+
${BOILERPLATE_CONTAINER_MAKE} generate-pko-fixtures
464+
399465
# Run all container-* validation targets in sequence.
400466
# Set NONINTERACTIVE=true to skip debug shells and fail fast for CI/automation.
401467
.PHONY: container-all

build/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM quay.io/redhat-services-prod/openshift/boilerplate:image-v8.3.4 AS builder
1+
FROM quay.io/redhat-services-prod/openshift/boilerplate:image-v8.3.5 AS builder
22

33
WORKDIR /workspace
44
# Copy the Go Modules manifests
@@ -18,7 +18,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -mod=mod -a -o
1818

1919
# Use distroless as minimal base image to package the manager binary
2020
# Refer to https://github.com/GoogleContainerTools/distroless for more details
21-
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1773939694
21+
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1776833838
2222
WORKDIR /
2323
COPY --from=builder /workspace/manager .
2424
USER nonroot:nonroot

build/Dockerfile.olm-registry

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ COPY ${SAAS_OPERATOR_DIR} manifests
44
RUN initializer --permissive
55

66
# ubi-micro does not work for clusters with fips enabled unless we make OpenSSL available
7-
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1773939694
7+
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1776833838
88

99
COPY --from=builder /bin/registry-server /bin/registry-server
1010
COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe

0 commit comments

Comments
 (0)