Skip to content

OLS-3522: Generate operator deployment args from related_images.json#1806

Open
blublinsky wants to merge 1 commit into
openshift:mainfrom
blublinsky:related-images-pipeline
Open

OLS-3522: Generate operator deployment args from related_images.json#1806
blublinsky wants to merge 1 commit into
openshift:mainfrom
blublinsky:related-images-pipeline

Conversation

@blublinsky

@blublinsky blublinsky commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Description

Summary

  • Make related_images.json the single source of truth for operator operand image wiring via new optional fields: operator_arg (CLI flag) and operator_target: "image" (operator container).
  • Generate config/default/deployment-patch.yaml from related_images.json using hack/generate_deployment_patch.sh, hooked into make manifests / make bundle.
  • Remove duplicate hack/image_placeholders.json and consolidate substitution logic in hack/image_args_lib.sh for make deploy, hack/update_bundle.sh, and hack/install/install-operator-direct.sh.
  • Strip operator_arg / operator_target from CSV spec.relatedImages so OLM metadata stays name+image only.
    Closes OLS-3522
    Motivation
    Operand images were wired in three places (related_images.json, image_placeholders.json, deployment-patch.yaml). Adding or removing an image required coordinated manual edits; stale flags like --ocp-rag-image could linger after an operand was retired.

Type of change

  • [x ] Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up dependent library

Related Tickets & Documents

Checklist before requesting a review

  • I have performed a self-review of my code.
  • PR has passed all pre-merge test jobs.
  • If it is a core feature, I have added thorough tests.

Testing

  • Please provide detailed steps to perform tests related to this code change.
  • How were the fix/results from this change verified? Please provide relevant screenshots or results.

Summary by CodeRabbit

  • New Features

    • Added automated generation of deployment patches from related image configuration.
    • Centralized image substitution for deployments and bundle artifacts.
    • Added support for configuring operator image arguments and targets through related image metadata.
  • Documentation

    • Updated deployment and bundle management documentation to reflect the new image wiring workflow.
  • Bug Fixes

    • Improved default image resolution for the RHOKP component, with fallback support.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 9, 2026
@openshift-ci-robot

openshift-ci-robot commented Jul 9, 2026

Copy link
Copy Markdown

@blublinsky: This pull request references OLS-3522 which is a valid jira issue.

Details

In response to this:

Description

Summary

  • Make related_images.json the single source of truth for operator operand image wiring via new optional fields: operator_arg (CLI flag) and operator_target: "image" (operator container).
  • Generate config/default/deployment-patch.yaml from related_images.json using hack/generate_deployment_patch.sh, hooked into make manifests / make bundle.
  • Remove duplicate hack/image_placeholders.json and consolidate substitution logic in hack/image_args_lib.sh for make deploy, hack/update_bundle.sh, and hack/install/install-operator-direct.sh.
  • Strip operator_arg / operator_target from CSV spec.relatedImages so OLM metadata stays name+image only.
    Closes OLS-3522
    Motivation
    Operand images were wired in three places (related_images.json, image_placeholders.json, deployment-patch.yaml). Adding or removing an image required coordinated manual edits; stale flags like --ocp-rag-image could linger after an operand was retired.

Type of change

  • [x ] Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up dependent library

Related Tickets & Documents

Checklist before requesting a review

  • I have performed a self-review of my code.
  • PR has passed all pre-merge test jobs.
  • If it is a core feature, I have added thorough tests.

Testing

  • Please provide detailed steps to perform tests related to this code change.
  • How were the fix/results from this change verified? Please provide relevant screenshots or results.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Changes

Related image wiring

Layer / File(s) Summary
Shared patch generation and substitution
hack/image_args_lib.sh, hack/generate_deployment_patch.sh, config/default/deployment-patch.yaml
Related-image metadata now generates deployment patches and supplies centralized placeholder substitution.
Manifest and direct deployment integration
Makefile, config/default/kustomization.yaml, hack/install/install-operator-direct.sh
Manifest and deployment flows use the shared image argument library instead of hack/image_placeholders.json.
Bundle generation and CSV updates
hack/update_bundle.sh
Bundle updates apply related-image values to CSV container images, arguments, and spec.relatedImages.
Related-image contract and defaults
.ai/spec/what/bundle-composition.md, docs/olm-bundle-management.md, hack/snapshot_to_image_list.sh, internal/controller/utils/constants.go
Documentation describes operator wiring metadata, and the RHOKP default resolves through related-images data with a fallback.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant related_images.json
  participant Makefile
  participant image_args_lib.sh
  participant deployment-patch.yaml
  participant hack/update_bundle.sh
  participant CSV
  related_images.json->>Makefile: provide image and operator metadata
  Makefile->>image_args_lib.sh: generate or substitute deployment patch
  image_args_lib.sh->>deployment-patch.yaml: write resolved patch structure
  hack/update_bundle.sh->>image_args_lib.sh: read patch entries
  image_args_lib.sh->>CSV: supply image and argument substitutions
  hack/update_bundle.sh->>CSV: update relatedImages entries
Loading

Possibly related PRs

Suggested reviewers: bparees, xrajesh

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 42.86% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: generating operator deployment args from related_images.json.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from bparees and xrajesh July 9, 2026 11:41
@openshift-ci

openshift-ci Bot commented Jul 9, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign bparees for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 10, 2026
@blublinsky blublinsky force-pushed the related-images-pipeline branch from 0d346a4 to 4487cec Compare July 10, 2026 20:59
@openshift-ci openshift-ci Bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 10, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.ai/spec/what/bundle-composition.md:
- Line 40: Correct the documented GetDefaultImage location in the bundle
composition description: reference internal/relatedimages/loader.go as its
implementation and note that internal/controller/utils/constants.go invokes it
through imageDefaultOr, replacing the inaccurate constants.go reference.

In `@docs/olm-bundle-management.md`:
- Around line 127-129: Add a language identifier to the workflow code fence in
the documentation, changing the opening fence to ```text (or another suitable
language) while preserving the workflow content.

In `@hack/snapshot_to_image_list.sh`:
- Around line 3-4: Update the comment above the loop to document both
related-image wiring fields, operator_arg and operator_target, or explicitly
state that the script ignores all wiring metadata and only updates
image/revision.

In `@hack/update_bundle.sh`:
- Around line 141-150: The loop uses the lowercase placeholder variable, but
both yq sub() expressions reference the incorrect uppercase PLACEHOLDER
variable. Update the image and argument replacement commands inside the loop
reading image_args::list_patch_entries to interpolate ${placeholder}, ensuring
the corresponding CSV placeholders are replaced.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 5f8aa005-8d82-4959-baa2-64c4d653d9ca

📥 Commits

Reviewing files that changed from the base of the PR and between 79db18e and 4487cec.

⛔ Files ignored due to path filters (1)
  • related_images.json is excluded by !related_images.json
📒 Files selected for processing (12)
  • .ai/spec/what/bundle-composition.md
  • Makefile
  • config/default/deployment-patch.yaml
  • config/default/kustomization.yaml
  • docs/olm-bundle-management.md
  • hack/generate_deployment_patch.sh
  • hack/image_args_lib.sh
  • hack/image_placeholders.json
  • hack/install/install-operator-direct.sh
  • hack/snapshot_to_image_list.sh
  • hack/update_bundle.sh
  • internal/controller/utils/constants.go
💤 Files with no reviewable changes (1)
  • hack/image_placeholders.json


16. The lightspeed-operator reconciles the agentic console plugin as a fully managed operand: Phase 1/2 reconciliation, `AgenticConsolePluginReady` status condition, health monitoring, and finalizer cleanup via `RemoveAgenticConsole()`. The lightspeed-operator reconciles the agentic alerts adapter as a fully managed operand (OLS-3348, opt-in via `spec.ols.deployment.alertsAdapter.configMapRef`): Phase 1/2 reconciliation when enabled, `AlertsAdapterReady` status condition (`NotConfigured` when disabled), health monitoring, operand teardown on disable, ConfigMap watcher restarts, and finalizer cleanup via `RemoveAlertsAdapter()`.
17. Agentic operand images default from `related_images.json` (via `GetDefaultImage` in `constants.go`) and are passed to the operator through CSV deployment args: `--agentic-console-image` (`lightspeed-agentic-console-plugin`) and `--alerts-adapter-image` (`lightspeed-agentic-alerts-adapter`). Images are substituted by `hack/update_bundle.sh` from `hack/image_placeholders.json` and `config/default/deployment-patch.yaml`. Until Konflux productizes both operands, images may use interim Konflux `:main` or other non-`registry.redhat.io` references.
17. Operand images default from `related_images.json` (via `GetDefaultImage` in `constants.go`) and are passed to the operator through CSV deployment args defined by `operator_arg` on each `related_images.json` entry. `config/default/deployment-patch.yaml` is generated from that file (`make manifests`); `hack/update_bundle.sh` substitutes digests at bundle time.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Correct the documented GetDefaultImage location.

GetDefaultImage is implemented in internal/relatedimages/loader.go; internal/controller/utils/constants.go invokes it through imageDefaultOr. Update the sentence to avoid sending maintainers to the wrong file.

As per path instructions, Markdown architecture descriptions must be cross-checked against the current implementation.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ai/spec/what/bundle-composition.md at line 40, Correct the documented
GetDefaultImage location in the bundle composition description: reference
internal/relatedimages/loader.go as its implementation and note that
internal/controller/utils/constants.go invokes it through imageDefaultOr,
replacing the inaccurate constants.go reference.

Source: Path instructions

Comment on lines 127 to +129
**Workflow:**
```
related_images.json → hack/update_bundle.sh → CSV relatedImages → CSV deployment args → Controller → Operand deployments
related_images.json → make manifests (deployment-patch.yaml) → hack/update_bundle.sh → CSV relatedImages + deployment args → Controller → Operand deployments

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Add a language identifier to the workflow code fence.

Use ```text (or another appropriate language) so the documentation passes markdownlint MD040.

🧰 Tools
🪛 markdownlint-cli2 (0.22.1)

[warning] 128-128: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/olm-bundle-management.md` around lines 127 - 129, Add a language
identifier to the workflow code fence in the documentation, changing the opening
fence to ```text (or another suitable language) while preserving the workflow
content.

Source: Linters/SAST tools

Comment on lines +3 to +4
# Component wiring (snapshot name, Konflux quay prefix, product registry prefix, operator_arg) lives in
# related_images.json optional fields; this script only loops those entries and updates image/revision.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Document both related-image wiring fields.

The contract includes both operator_arg and operator_target, but this comment names only operator_arg. Include both fields, or explicitly state that this script ignores wiring metadata and only updates image/revision.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hack/snapshot_to_image_list.sh` around lines 3 - 4, Update the comment above
the loop to document both related-image wiring fields, operator_arg and
operator_target, or explicitly state that the script ignores all wiring metadata
and only updates image/revision.

Comment thread hack/update_bundle.sh
Comment on lines +141 to +150
while IFS='|' read -r name placeholder target _; do
IMG=$(${JQ} -r --arg n "${name}" '.[] | select(.name==$n) | .image' <<<"${RELATED_IMAGES}")
[ -z "${IMG}" ] || [ "${IMG}" = "null" ] && continue
# Escape double quotes for use inside yq double-quoted string
IMG_SAFE=$(printf '%s' "${IMG}" | sed 's/"/\\"/g')
if [ "${TARGET}" = "image" ]; then
if [ "${target}" = "image" ]; then
${YQ} "(.spec.install.spec.deployments[].spec.template.spec.containers[].image |= sub(\"${PLACEHOLDER}\", \"${IMG_SAFE}\"))" -i ${CSV_FILE}
else
${YQ} "(.spec.install.spec.deployments[].spec.template.spec.containers[].args[] |= sub(\"${PLACEHOLDER}\", \"${IMG_SAFE}\"))" -i ${CSV_FILE}
fi
done
done < <(image_args::list_patch_entries "${RELATED_IMAGES_FILENAME}" "${JQ}")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
rg -n 'PLACEHOLDER|placeholder' hack/update_bundle.sh

Repository: openshift/lightspeed-operator

Length of output: 520


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '--- hack/update_bundle.sh (top 220 lines) ---'
cat -n hack/update_bundle.sh | sed -n '1,220p'

echo
echo '--- PLACEHOLDER assignments/usages in repository ---'
rg -n '(^|[^A-Za-z0-9_])PLACEHOLDER=|export +PLACEHOLDER|PLACEHOLDER[^A-Za-z0-9_]' hack/update_bundle.sh . -g '!**/vendor/**'

Repository: openshift/lightspeed-operator

Length of output: 8177


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '--- hack/image_args_lib.sh outline ---'
ast-grep outline hack/image_args_lib.sh --view expanded || true

echo
echo '--- relevant functions/lines ---'
rg -n 'list_patch_entries|PLACEHOLDER|placeholder' hack/image_args_lib.sh hack/update_bundle.sh

Repository: openshift/lightspeed-operator

Length of output: 2251


Use the loop's placeholder variable here. image_args::list_patch_entries feeds the placeholder into placeholder, but the yq sub() calls read ${PLACEHOLDER} instead. That leaves the pattern empty/unset, so the CSV placeholders are not replaced with the related image values.

🧰 Tools
🪛 Shellcheck (0.11.0)

[warning] 141-141: placeholder appears unused. Verify use (or export if used externally).

(SC2034)


[info] 142-142: Expressions don't expand in single quotes, use double quotes for that.

(SC2016)


[info] 146-146: Possible misspelling: PLACEHOLDER may not be assigned. Did you mean placeholder?

(SC2153)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hack/update_bundle.sh` around lines 141 - 150, The loop uses the lowercase
placeholder variable, but both yq sub() expressions reference the incorrect
uppercase PLACEHOLDER variable. Update the image and argument replacement
commands inside the loop reading image_args::list_patch_entries to interpolate
${placeholder}, ensuring the corresponding CSV placeholders are replaced.

Source: Linters/SAST tools

@openshift-ci

openshift-ci Bot commented Jul 10, 2026

Copy link
Copy Markdown

@blublinsky: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/bundle-e2e-4-21 4487cec link true /test bundle-e2e-4-21

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants