AGENT-1522: Graduate InternalReleaseImage from v1alpha1 to v1

[pawanpinjarkar]

• Created machineconfiguration/v1/types_internalreleaseimage.go with v1 API
• Updated compatibility level from 4 (alpha) to 1 (stable/GA)
• Registered InternalReleaseImage types in v1 scheme
• Created v1 integration test suite
• Updated payload CRD script to use v1 instead of v1alpha1
• Generated all CRD manifests, deepcopy, and swagger docs

Original PR from @sadasu #2863

[openshift-ci-robot]

@pawanpinjarkar: This pull request references AGENT-1522 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

• Created machineconfiguration/v1/types_internalreleaseimage.go with v1 API
• Updated compatibility level from 4 (alpha) to 1 (stable/GA)
• Registered InternalReleaseImage types in v1 scheme
• Created v1 integration test suite
• Updated payload CRD script to use v1 instead of v1alpha1
• Generated all CRD manifests, deepcopy, and swagger docs

Original PR from @sadasu #2863

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Hello @pawanpinjarkar! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces the InternalReleaseImage custom resource to the OpenShift machineconfiguration API. The change adds Go type definitions for a cluster-scoped singleton CRD with spec and status fields, registers those types with the Kubernetes scheme, updates generated CRD manifests to reflect v1 API stability, includes a comprehensive test suite covering validation and reconciliation scenarios, and updates the build script to exclude the prior v1alpha1 pattern.

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Microshift Test Compatibility	⚠️ Warning	CRD validation tests added for InternalReleaseImage (machineconfiguration.openshift.io) lack [apigroup:...] tag or [Skipped:MicroShift] label, but this API is unavailable on MicroShift.	Add [apigroup:machineconfiguration.openshift.io] tag to test name so MicroShift CI automatically skips it, or add [Skipped:MicroShift] label.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title clearly and specifically describes the main change: graduating the InternalReleaseImage API from v1alpha1 to v1, which aligns with all the file changes in the changeset.
Description check	✅ Passed	The description provides a structured list of changes directly related to the changeset, covering the key modifications like type definitions, scheme registration, test suite creation, and CRD manifest updates.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR contains no Ginkgo tests (It, Describe, Context, When, etc.). Only YAML-based CRD test definitions added; check not applicable.
Test Structure And Quality	✅ Passed	YAML test manifest meets all quality standards: single-responsibility tests, framework-managed BeforeEach/AfterEach cleanup, proper timeouts, meaningful assertions in generated code.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds no Ginkgo e2e tests; only YAML-based CRD validation test manifest added, which is not a Ginkgo e2e test. Check not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds only API type definitions and CRD manifests, no deployment manifests, operator code, controllers, or scheduling constraints that would affect topology compatibility.
Ote Binary Stdout Contract	✅ Passed	PR adds only API type definitions, scheme registration, YAML manifests, and shell script updates with no process-level code (main, init, TestMain, suite setup) that writes to stdout.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR does not add Ginkgo e2e tests. Changes include API types, CRD manifests, registration code, and a YAML CRD validation test manifest (not executable Go tests). Check is not applicable.
No-Weak-Crypto	✅ Passed	No weak cryptography, custom crypto implementations, or non-constant-time secret comparisons found. PR contains only API type definitions, CRD manifests, test definitions, and build scripts.
Container-Privileges	✅ Passed	PR contains no container/workload manifests; it only updates Kubernetes API types, CRD definitions, and scripts—the container-privileges check is not applicable.
No-Sensitive-Data-In-Logs	✅ Passed	PR contains only API type definitions and CRD manifests with no logging code. Verified no logging statements, hardcoded secrets, PII, or sensitive data exposure throughout all modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign everettraven for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml (1)

1-307: ⚡ Quick win

Consider adding test for singleton name constraint.

The CRD has a validation rule enforcing metadata.name == 'cluster', but there's no onCreate test verifying that a different name (e.g., metadata.name: not-cluster) is properly rejected. This would help ensure the singleton constraint is working correctly.

📋 Suggested test case

Add this test case to the onCreate section:

  - name: Should reject non-cluster name (singleton constraint)
    initial: |
      apiVersion: machineconfiguration.openshift.io/v1
      kind: InternalReleaseImage
      metadata:
        name: not-cluster
      spec:
        releases:
          - name: ocp-release-bundle-4.18.0-x86_64
    expectedError: "internalreleaseimage is a singleton, .metadata.name must be 'cluster'"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml`
around lines 1 - 307, Add an onCreate test to verify the singleton name
constraint for InternalReleaseImage: in the onCreate array add a test (e.g.,
name "Should reject non-cluster name (singleton constraint)") that creates an
InternalReleaseImage with metadata.name: not-cluster and a minimal spec.releases
entry, and set expectedError to the singleton rejection message (e.g.,
"internalreleaseimage is a singleton, .metadata.name must be 'cluster'"). Locate
the block handling onCreate tests and the InternalReleaseImage test entries
(symbols: onCreate, InternalReleaseImage, metadata.name, spec.releases) and
ensure the new test follows the same YAML structure as the other onCreate cases.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@machineconfiguration/v1/types_internalreleaseimage.go`:
- Around line 19-24: The type comment for InternalReleaseImage lacks
documentation that this is a cluster-scoped singleton; update the top-of-file
doc comment for InternalReleaseImage to state that only one instance is allowed
and its metadata.name must equal "cluster" (i.e., singleton resource enforced by
validation metadata.name == 'cluster'), and mention it is cluster-scoped so
consumers understand it represents a single cluster-wide configuration.
- Around line 103-120: Update the comment for the Conditions field to document
the MinItems/MaxItems validation and optionality: state that when the optional
Conditions slice is present it must contain between 1 and 5 metav1.Condition
entries (inclusive) corresponding to the allowed types (Mounted, Installing,
Available, Removing, Degraded), but the entire field may be omitted when no
status is available; ensure this text is added right above the Conditions
[]metav1.Condition `json:"conditions,omitempty"` declaration so reviewers can
see the +kubebuilder:validation:MinItems=1 and
+kubebuilder:validation:MaxItems=5 constraints are documented.
- Around line 70-78: Update the comment for the Conditions field on the
InternalReleaseImage type to document the +kubebuilder:validation:MinItems=1 and
+kubebuilder:validation:MaxItems=20 constraints and clarify the +optional
behavior: state that the field may be omitted entirely, but if present it must
contain between 1 and 20 metav1.Condition entries (valid types: Degraded), and
note the listType=map/listMapKey behavior as already described; edit the comment
immediately above the Conditions []metav1.Condition declaration to include this
text so reviewers can see the validation rules and optionality.

---

Nitpick comments:
In
`@machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml`:
- Around line 1-307: Add an onCreate test to verify the singleton name
constraint for InternalReleaseImage: in the onCreate array add a test (e.g.,
name "Should reject non-cluster name (singleton constraint)") that creates an
InternalReleaseImage with metadata.name: not-cluster and a minimal spec.releases
entry, and set expectedError to the singleton rejection message (e.g.,
"internalreleaseimage is a singleton, .metadata.name must be 'cluster'"). Locate
the block handling onCreate tests and the InternalReleaseImage test entries
(symbols: onCreate, InternalReleaseImage, metadata.name, spec.releases) and
ensure the new test follows the same YAML structure as the other onCreate cases.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 662c10ce-ee1a-4b46-8b2b-217c2756384d

📥 Commits

Reviewing files that changed from the base of the PR and between 1194f4c and 582270b.

⛔ Files ignored due to path filters (6)

• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• machineconfiguration/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/zz_generated*
• machineconfiguration/v1/zz_generated.featuregated-crd-manifests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• machineconfiguration/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*

📒 Files selected for processing (6)

• hack/update-payload-crds.sh
• machineconfiguration/v1/register.go
• machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml
• machineconfiguration/v1/types_internalreleaseimage.go
• payload-manifests/crds/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml
• payload-manifests/crds/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml

💤 Files with no reviewable changes (1)

• hack/update-payload-crds.sh

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document the singleton constraint in the type description.

The type has a validation rule enforcing metadata.name == 'cluster', but this singleton nature is not documented in the type's description comment. Users reading the API documentation need to know this is a cluster-scoped singleton resource.

📝 Suggested documentation addition

 // InternalReleaseImage is used to keep track and manage a set
 // of release bundles (OCP and OLM operators images) that are stored
-// into the control planes nodes.
+// into the control plane nodes.
+// This is a singleton resource; the metadata.name must be 'cluster'.
 //
 // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// InternalReleaseImage is used to keep track and manage a set
	// of release bundles (OCP and OLM operators images) that are stored
	// into the control planes nodes.
	//
	// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
	// +openshift:compatibility-gen:level=1
	// InternalReleaseImage is used to keep track and manage a set
	// of release bundles (OCP and OLM operators images) that are stored
	// into the control plane nodes.
	// This is a singleton resource; the metadata.name must be 'cluster'.
	//
	// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
	// +openshift:compatibility-gen:level=1

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@machineconfiguration/v1/types_internalreleaseimage.go` around lines 19 - 24,
The type comment for InternalReleaseImage lacks documentation that this is a
cluster-scoped singleton; update the top-of-file doc comment for
InternalReleaseImage to state that only one instance is allowed and its
metadata.name must equal "cluster" (i.e., singleton resource enforced by
validation metadata.name == 'cluster'), and mention it is cluster-scoped so
consumers understand it represents a single cluster-wide configuration.

Source: Coding guidelines

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document MinItems and MaxItems constraints for conditions field.

The conditions field has +kubebuilder:validation:MinItems=1 and +kubebuilder:validation:MaxItems=20 markers that are not documented in the field comment. Per API review requirements, all validation markers must be documented.

Additionally, since the field is +optional, the comment should clarify that when the field is present, it must contain between 1 and 20 items, but the field can be omitted entirely.

📝 Suggested documentation fix

 // conditions represent the observations of the InternalReleaseImage controller current state.
 // Valid types are: Degraded.
 // If Degraded is true, that means something has gone wrong in the controller.
+// When present, conditions must contain at least 1 entry and must not exceed 20 entries.
 // +listType=map

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@machineconfiguration/v1/types_internalreleaseimage.go` around lines 70 - 78,
Update the comment for the Conditions field on the InternalReleaseImage type to
document the +kubebuilder:validation:MinItems=1 and
+kubebuilder:validation:MaxItems=20 constraints and clarify the +optional
behavior: state that the field may be omitted entirely, but if present it must
contain between 1 and 20 metav1.Condition entries (valid types: Degraded), and
note the listType=map/listMapKey behavior as already described; edit the comment
immediately above the Conditions []metav1.Condition declaration to include this
text so reviewers can see the validation rules and optionality.

Source: Coding guidelines

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document MinItems and MaxItems constraints for conditions field.

The conditions field has +kubebuilder:validation:MinItems=1 and +kubebuilder:validation:MaxItems=5 markers that are not documented in the field comment. Per API review requirements, all validation markers must be documented.

Additionally, since the field is +optional, clarify that when present, it must contain between 1 and 5 items, but can be omitted entirely when the bundle has no status yet.

📝 Suggested documentation fix

 // conditions represent the observations of an internal release image current state. Valid types are:
 // Mounted, Installing, Available, Removing and Degraded.
 //
 // If Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes.
 // If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed.
 // If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used.
 // If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed.
 // If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).
 //
 // In general, after installing a new release bundle, it is required to wait for the Conditions "Available" to become "True" (and all
 // the other conditions to be equal to "False") before being able to pull its content.
+// When present, conditions must contain at least 1 entry and must not exceed 5 entries.
 //
 // +listType=map

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// conditions represent the observations of an internal release image current state. Valid types are:
	// Mounted, Installing, Available, Removing and Degraded.
	//
	// If Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes.
	// If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed.
	// If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used.
	// If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed.
	// If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).
	//
	// In general, after installing a new release bundle, it is required to wait for the Conditions "Available" to become "True" (and all
	// the other conditions to be equal to "False") before being able to pull its content.
	//
	// +listType=map
	// +listMapKey=type
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=5
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`
	// conditions represent the observations of an internal release image current state. Valid types are:
	// Mounted, Installing, Available, Removing and Degraded.
	//
	// If Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes.
	// If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed.
	// If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used.
	// If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed.
	// If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).
	//
	// In general, after installing a new release bundle, it is required to wait for the Conditions "Available" to become "True" (and all
	// the other conditions to be equal to "False") before being able to pull its content.
	// When present, conditions must contain at least 1 entry and must not exceed 5 entries.
	//
	// +listType=map
	// +listMapKey=type
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=5
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@machineconfiguration/v1/types_internalreleaseimage.go` around lines 103 -
120, Update the comment for the Conditions field to document the
MinItems/MaxItems validation and optionality: state that when the optional
Conditions slice is present it must contain between 1 and 5 metav1.Condition
entries (inclusive) corresponding to the allowed types (Mounted, Installing,
Available, Removing, Degraded), but the entire field may be omitted when no
status is available; ensure this text is added right above the Conditions
[]metav1.Condition `json:"conditions,omitempty"` declaration so reviewers can
see the +kubebuilder:validation:MinItems=1 and
+kubebuilder:validation:MaxItems=5 constraints are documented.

Source: Coding guidelines

[openshift-ci]

@pawanpinjarkar: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	582270b	link	true	/test verify

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.