feat(ISV-7180): Fail static check when bundle attempts to replace itself#947
Merged
JakubDurkac merged 2 commits intomainfrom May 7, 2026
Merged
feat(ISV-7180): Fail static check when bundle attempts to replace itself#947JakubDurkac merged 2 commits intomainfrom
JakubDurkac merged 2 commits intomainfrom
Conversation
Review Summary by QodoPrevent bundles from replacing themselves in static checks
WalkthroughsDescription• Add validation to prevent bundles from replacing themselves • Fail static check when bundle's replaces version matches current version • Add test case for self-replacement scenario Diagramflowchart LR
A["Bundle replaces check"] --> B["Extract replaces version"]
B --> C["Compare with current version"]
C --> D{Versions match?}
D -->|Yes| E["Fail with error message"]
D -->|No| F["Continue validation"]
File Changes1. operatorcert/static_tests/common/bundle.py
|
Code Review by Qodo
Context used 1. Replaces split can IndexError
|
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
Comment on lines
248
to
249
| delimiter = ".v" if ".v" in replaces else "." | ||
| replaces_version = replaces.split(delimiter, 1)[1] |
There was a problem hiding this comment.
1. Replaces split can indexerror 🐞 Bug ☼ Reliability
check_replaces_availability blindly does replaces.split(...)[1], so a malformed spec.replaces that lacks the expected delimiter will raise IndexError. The check runner converts uncaught exceptions into a Fail whose message is the full traceback, leaking noisy internals instead of a clear validation error.
Agent Prompt
### Issue description
`check_replaces_availability()` assumes `spec.replaces` always contains the expected delimiter and unconditionally does `split(...)[1]`. If the value is malformed, this raises `IndexError` and the framework surfaces a full traceback as the failure message.
### Issue Context
Static checks should emit actionable `Fail(...)` messages, not Python tracebacks.
### Fix Focus Areas
- operatorcert/static_tests/common/bundle.py[245-257]
- operatorcert/operator_repo/checks/__init__.py[157-175]
### Suggested fix
- Ensure `replaces` is a non-empty string.
- Parse it safely (e.g., via `partition`/`rpartition`) and validate you actually got a version component.
- On invalid format, `yield Fail("Invalid spec.replaces value ... expected <name>.v<version>")` and `return` (instead of throwing).
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Comment on lines
248
to
260
| delimiter = ".v" if ".v" in replaces else "." | ||
| replaces_version = replaces.split(delimiter, 1)[1] | ||
|
|
||
| if replaces_version == bundle.csv_operator_version: | ||
| yield Fail( | ||
| f"{bundle} attempts to replace itself. Please set " | ||
| "'spec.replaces' field to a different version in the CSV." | ||
| ) | ||
| return | ||
|
|
||
| ver_to_dir = { | ||
| x.csv_operator_version: x.operator_version | ||
| for x in bundle.operator.all_bundles() |
There was a problem hiding this comment.
2. Replaces name not validated 🐞 Bug ≡ Correctness
check_replaces_availability discards the operator name from spec.replaces and resolves the replaced bundle using only the extracted version, which can select the wrong bundle if the CSV references a different operator name. This can produce misleading failures (including the new “replace itself” message) or miss the real configuration error (wrong replaces target name).
Agent Prompt
### Issue description
`check_replaces_availability()` ignores the operator name portion of `spec.replaces` and matches the replaced bundle only by version. If `spec.replaces` mistakenly points to a different operator CSV name, this check can validate against the wrong bundle (or emit a misleading error).
### Issue Context
`spec.replaces` is a CSV *name*; both name and version parts are meaningful. The code already has access to `bundle.csv_operator_name` and `bundle.csv_operator_version`.
### Fix Focus Areas
- operatorcert/static_tests/common/bundle.py[245-271]
### Suggested fix
- Parse `spec.replaces` into `(replaces_name, replaces_version)`.
- If `replaces_name != bundle.csv_operator_name`, `yield Fail(...)` explaining the mismatch and `return`.
- Keep using `replaces_version` for `ver_to_dir` lookup after name validation.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
mantomas
approved these changes
May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The rest of the problems defined by ISV-7180 was already fixed previously in #928 and #930.
Tested the check in my fork: JakubDurkac/community-operators-pipeline-preprod#2
Merge Request Checklists