OCPSTRAT-2876: Allow inclusion/exclusion of manifests based on the OCP major version

[JoelSpeed]

This introduces a new CVO manifest filter based on the OCP major version.

The intended usage would allow folks to say "this manifest should be deployed on OCP 5 and skipped on OCP 4"

The library-go component here is limiting this feature to FeatureGate and CustomResourceDefinition only for now.

This is not intended for use beyond the feature gating mechanisms we have today. We expect FeatureGate and CustomResourceDefinition yamls to vary by release, but all other inclusion/exclusion should be handled by existing mechanisms like the feature-gate inclusion mechanism.

Example usage:

release.openshift.io/major-version: 5,6,7

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Excluded labels (none allowed) (1)

• do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: JoelSpeed
Once this PR has been reviewed and has the lgtm label, please assign davidhurta for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@JoelSpeed: This pull request references OCPSTRAT-2876 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the feature to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Currently based on #1273

TODO

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@JoelSpeed: This pull request references OCPSTRAT-2876 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the feature to target the "4.22.0" version, but no target version was set.

Details

In response to this:

This introduces a new CVO manifest filter based on the OCP major version.

The intended usage would allow folks to say "this manifest should be deployed on OCP 5 and skipped on OCP 4"

The library-go component here is limiting this feature to FeatureGate and CustomResourceDefinition only for now.

This is not intended for use beyond the feature gating mechanisms we have today. We expect FeatureGate and CustomResourceDefinition yamls to vary by release, but all other inclusion/exclusion should be handled by existing mechanisms like the feature-gate inclusion mechanism.

Example usage:

release.openshift.io/major-version: 5,6,7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[JoelSpeed]

@DavidHurta If you are available, I'd appreciate if you could help me with this feature as well

[DavidHurta]

@JoelSpeed, I will be happy to assist.

/cc

[openshift-ci]

@JoelSpeed: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-techpreview	2d6aae6	link	true	/test e2e-aws-ovn-techpreview
ci/prow/lint	2d6aae6	link	true	/test lint

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[DavidHurta]

The PR looks solid!

A few comments about a thing here or there, but nothing drastic.
The overall functionality is 👍

[DavidHurta]

Here, the purpose of MajorVersion is starting to become a bit fuzzy in comparison to the Release.Version field. The meaning of MajorVersion in the inclusion filtering context is clear; however, here we use it in a general struct type representing the contents of a release image. Thus, their purpose becomes less clear.

We could do one of the following:

• Document MajorVersion field to make the difference between Release.Version and MajorVersion clearer.
• Leave only one source of truth (that is, Release.Version), and extract the major version when needed using a function.
• Create a new field ParsedVersion semver.Version; we could use it to get access to the parsed cached version of the update easily. This could even be utilized in the future when we need easy access to the parsed version of an update, which is more handy for fine grained processing. This would bring additional value to the new field, make it more general, and make its distinction clearer. The call sites requiring the MajorVersion would need to be updated to just ptr.To(payload.ParsedVersion.Major), so it would still be readable. I am more inclined towards this approach, but I am curious what you think.

[DavidHurta]

Here we start to duplicate some logic. I am curious whether we could leverage the existing loadReleaseMetadata function here instead of manually loading the release version.

The loadReleaseMetadata function also contains some additional validation, such as:

	if metadata.Kind != "cincinnati-metadata-v0" {
		return release, fmt.Errorf("unrecognized Cincinnati metadata kind %q", metadata.Kind)
	}

[DavidHurta]

Something like:

func loadReleaseVersion(releaseDir string) (semver.Version, error) {
	release, err := loadReleaseMetadata(releaseDir)
	if err != nil {
		return semver.Version{}, err
	}

	parsedVersion, err := semver.Parse(release.Version)
	if err != nil {
		return semver.Version{}, err
	}
	return parsedVersion, nil
}

[DavidHurta]

Comment not related to the selected line

---

Thank you for the complex testing of the rendering!

The overall testing coverage of the PR is solid. However, we do not have an integration test to determine whether the CVO will actually apply the manifest based on the major version. I am doubtful whether this feature will receive end-to-end tests. Thus, I think it would be beneficial to increase the test coverage to ensure that the CVO truly does respect the major version when loading and applying manifests, WDYT?

Something like: DavidHurta@ee1907b