fix: fbc bootstrap process

Allda · Allda · commit 2d48088ae60e · 2025-06-26T09:56:27.000+02:00
There have been couple of issues with the bootstraping of new FBC
catalog versions:

- The ISV repositories refused the PR because it wasn't created by
  project owner - now partner is asked to approve the PR
- A commit was missing "Signed-off-by"
- A script produced duplicated values in catalog mapping

All these things have been fixed and 4.19 catalogs have been
bootrstraped.

JIRA: ISV-6057

Signed-off-by: Ales Raszka &lt;araszka@redhat.com&gt;
diff --git a/operator-pipeline-images/operatorcert/entrypoints/check_permissions.py b/operator-pipeline-images/operatorcert/entrypoints/check_permissions.py
@@ -68,6 +68,7 @@ def setup_argparser() -> argparse.ArgumentParser:
     return parser
 
 
+# pylint: disable=too-many-public-methods
 class OperatorReview:
     """
     A class represents a pull request review and permissions check
@@ -244,7 +245,7 @@ def check_permissions(self) -> bool:
             # Members of the organization have permissions to submit a PR
             return True
         if self.is_partner():
-            return self.check_permission_for_partner()
+            return self.check_permission_for_partner(is_catalog_promotion_pr)
         if self.check_permission_for_community():
             return True
         # Enable PR approval on forked repository
@@ -350,13 +351,17 @@ def pr_owner_can_write(self) -> bool:
             return True
         return False
 
-    def check_permission_for_partner(self) -> bool:
+    def check_permission_for_partner(self, is_catalog_promotion_pr: bool) -> bool:
         """
         Check if the pull request owner has permissions to submit a PR for the for
         partner operator.
         A user has permissions to submit a PR if the user is listed in the certification
         project in Pyxis.
 
+        Args:
+            is_catalog_promotion_pr (bool): A boolean value indicating if the pull request
+            is a catalog promotion PR that needs to be reviewed by users
+
         Raises:
             NoPermissionError: An exception raised when user does not have permissions
             to submit a PR
@@ -372,6 +377,12 @@ def check_permission_for_partner(self) -> bool:
             )
         container = project.get("container") or {}
         usernames = container.get("github_usernames") or []
+        if is_catalog_promotion_pr:
+            LOGGER.info(
+                "Pull request is a catalog promotion PR. Asking for review from partners.."
+            )
+            self.request_review_from_partners(usernames)
+            return False
         if self.pr_owner not in usernames:
             raise NoPermissionError(
                 f"User {self.pr_owner} does not have permissions to submit a PR for "
@@ -465,6 +476,24 @@ def request_review_from_owners(self) -> None:
             ["gh", "pr", "comment", self.pull_request_url, "--body", comment_text]
         )
 
+    def request_review_from_partners(self, reviewers: list[str]) -> None:
+        """
+        Request review from the partner by adding a comment to the PR.
+        """
+        reviewers_with_at = ", ".join(map(lambda x: f"@{x}", reviewers))
+        comment_text = (
+            "The author of the PR is not listed as one of the reviewers in certification project.\n"
+            f"{reviewers_with_at}: please review the PR and approve it with an "
+            "`/approve` comment.\n\n"
+            "Consider adding the author of the PR to the list of reviewers in "
+            "the certification project if you want automated merge without explicit "
+            "approval."
+        )
+
+        run_command(
+            ["gh", "pr", "comment", self.pull_request_url, "--body", comment_text]
+        )
+
 
 def extract_operators_from_catalog(
     head_repo: OperatorRepo, catalog_operators: list[str]
diff --git a/operator-pipeline-images/tests/entrypoints/test_check_permissions.py b/operator-pipeline-images/tests/entrypoints/test_check_permissions.py
@@ -340,39 +340,65 @@ def test_OperatorReview_pr_owner_can_write(
 
 
 @pytest.mark.parametrize(
-    ["project", "valid"],
+    ["project", "catalog_promotion_pr", "approved", "valid"],
     [
-        pytest.param(None, False, id="no project"),
-        pytest.param({}, False, id="no container"),
-        pytest.param({"container": {}}, False, id="no github_usernames"),
+        pytest.param(None, False, False, False, id="no project"),
+        pytest.param({}, False, False, False, id="no container"),
+        pytest.param({"container": {}}, False, False, False, id="no github_usernames"),
         pytest.param(
-            {"container": {"github_usernames": None}}, False, id="no github_usernames"
+            {"container": {"github_usernames": None}},
+            False,
+            False,
+            False,
+            id="no github_usernames",
         ),
         pytest.param(
             {"container": {"github_usernames": ["user123"]}},
             False,
+            False,
+            False,
             id="user not in github_usernames",
         ),
         pytest.param(
             {"container": {"github_usernames": ["owner"]}},
+            False,
+            True,
+            True,
+            id="user in github_usernames",
+        ),
+        pytest.param(
+            {"container": {"github_usernames": ["owner"]}},
+            True,
+            False,
             True,
             id="user in github_usernames",
         ),
     ],
 )
+@patch(
+    "operatorcert.entrypoints.check_permissions.OperatorReview.request_review_from_partners"
+)
 @patch("operatorcert.entrypoints.check_permissions.pyxis.get_project")
 def test_OperatorReview_check_permission_for_partner(
     mock_pyxis_project: MagicMock,
+    mock_request_review_from_partners: MagicMock,
     review_partner: check_permissions.OperatorReview,
     project: dict[str, Any],
+    catalog_promotion_pr: bool,
+    approved: bool,
     valid: bool,
 ) -> None:
     mock_pyxis_project.return_value = project
     if valid:
-        assert review_partner.check_permission_for_partner() == True
+        assert (
+            review_partner.check_permission_for_partner(catalog_promotion_pr)
+            == approved
+        )
+        if catalog_promotion_pr:
+            mock_request_review_from_partners.assert_called_once()
     else:
         with pytest.raises(check_permissions.NoPermissionError):
-            review_partner.check_permission_for_partner()
+            review_partner.check_permission_for_partner(catalog_promotion_pr)
 
 
 @pytest.mark.parametrize(
@@ -465,6 +491,29 @@ def test_OperatorReview_request_review_from_maintainers(
     )
 
 
+@patch("operatorcert.entrypoints.check_permissions.run_command")
+def test_OperatorReview_request_review_from_partners(
+    mock_command: MagicMock,
+    review_community: check_permissions.OperatorReview,
+) -> None:
+    review_community.request_review_from_partners(["user1", "user2"])
+    mock_command.assert_called_once_with(
+        [
+            "gh",
+            "pr",
+            "comment",
+            review_community.pull_request_url,
+            "--body",
+            "The author of the PR is not listed as one of the reviewers in certification project.\n"
+            f"@user1, @user2: please review the PR and approve it with an "
+            "`/approve` comment.\n\n"
+            "Consider adding the author of the PR to the list of reviewers in "
+            "the certification project if you want automated merge without explicit "
+            "approval.",
+        ]
+    )
+
+
 @patch("operatorcert.entrypoints.check_permissions.run_command")
 def test_OperatorReview_request_review_from_owners(
     mock_command: MagicMock,
diff --git a/scripts/promote-catalog.py b/scripts/promote-catalog.py
@@ -126,20 +126,26 @@ def add_catalog_to_ci_mapping(
     """
     operator_ci_path = repo_dir / "operators" / operator_name / "ci.yaml"
     with open(operator_ci_path, "r") as ci_file:
-        ci_content = YAML().load(ci_file)
+        yaml = YAML()
+        yaml.preserve_quotes = True
+
+        ci_content = yaml.load(ci_file)
 
     # Append target version to the catalog mapping for
     # a same template as used for the source version
     mapping = ci_content.get("fbc", {}).get("catalog_mapping", {})
+    all_catalog_from_mapping = [
+        catalog for template in mapping for catalog in template.get("catalog_names", [])
+    ]
+    if f"v{target_version}" in all_catalog_from_mapping:
+        LOG.info(
+            "Catalog %s already exists in the mapping for operator %s",
+            target_version,
+            operator_name,
+        )
+        return None
     for template in mapping:
         if f"v{source_version}" in template.get("catalog_names", []):
-            if f"v{target_version}" in template.get("catalog_names", []):
-                LOG.info(
-                    "Catalog %s already exists in the mapping for operator %s",
-                    target_version,
-                    operator_name,
-                )
-                return
             template["catalog_names"].append(f"v{target_version}")
             break
     else:
@@ -149,9 +155,12 @@ def add_catalog_to_ci_mapping(
             operator_name,
         )
         return None
+
     with open(operator_ci_path, "w") as ci_file:
         yaml = YAML()
         yaml.explicit_start = True
+        yaml.preserve_quotes = True
+        yaml.indent(mapping=2, sequence=4, offset=2)
         yaml.dump(ci_content, ci_file)
     return operator_ci_path
 
@@ -206,8 +215,16 @@ def commit_and_push(
     """
     git_repo.index.add(files_to_commit)
     LOG.info("Committing and pushing changes to %s", head_branch)
-    git_repo.index.commit(message)
-    git_repo.remotes.origin.push(head_branch)
+
+    # Construct the Signed-off-by line
+    name = git_repo.config_reader().get_value("user", "name")
+    email = git_repo.config_reader().get_value("user", "email")
+
+    signed_off_by = f"Signed-off-by: {name} <{email}>"
+    full_message = f"{message}\n\n{signed_off_by}"
+
+    git_repo.index.commit(full_message)
+    git_repo.remotes.upstream.push(head_branch)
 
 
 def create_pr(
@@ -228,7 +245,7 @@ def create_pr(
         local_repo (str): Work directory
     """
     gh_repo = ORGANIZATIONS[local_repo]["gh_repository"]
-    LOG.info("Creating PR in %s for branch %s", gh_repo, head)
+    LOG.info("Creating PR in %s for branch %s to %s", gh_repo, head, base)
     gh_api_url = f"https://api.github.com/repos/{gh_repo}/pulls"
     data = {"head": head, "base": base, "title": title, "body": body}
     return github.post(gh_api_url, data)
