WIP: OCPBUGS-65896: Update library-go to remove Progressing on scaling

[tchap]

This is currently only open to test openshift/library-go#2128

/hold

Summary by CodeRabbit

• Chores
  • Updated internal dependencies to improve compatibility and stability.
• Bug Fixes / Behavior Changes
  • Adjusted deployment condition statuses and timestamps for authentication and OAuth server resources.
  • Refined status messages (wording, punctuation) and replaced “latest generation” with “latest revision” in progress notices.

[openshift-ci-robot]

@tchap: This pull request references Jira Issue OCPBUGS-65896, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (ksiddiqu@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This currently tests openshift/library-go#2128

/hold

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: e2cc4876-b19c-4a4f-8be6-b14d01693f9d

📥 Commits

Reviewing files that changed from the base of the PR and between f7e5f4e and 64308c9.

📒 Files selected for processing (2)

• test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-body-cluster.yaml
• test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/5749-body-cluster.yaml

---

Walkthrough

Updates OpenShift module versions in go.mod and adjusts test expected-output YAML status conditions for Authentication/OAuthServer resources; adds a replace directive pointing github.com/openshift/library-go to a fork.

Changes

Cohort / File(s)	Summary
Module file go.mod	Bumped github.com/openshift/api and github.com/openshift/client-go require versions; added replace mapping github.com/openshift/library-go → github.com/tchap/library-go at a specific pseudo-version.
Test expected outputs test-data/apply-configuration/.../oauth-apiserver-creation-minimal/.../operator.openshift.io/authentications/c5b3-body-cluster.yaml, test-data/apply-configuration/.../oauth-server-creation-minimal/.../operator.openshift.io/authentications/5749-body-cluster.yaml	Updated status.conditions entries: adjusted condition messages (punctuation and wording: “latest generation” → “latest revision”), swapped timestamps/status for degraded/available conditions, added reason: Unavailable and modified status values in a few conditions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 10

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly references the bug ticket (OCPBUGS-65896) and identifies the main intent: updating library-go to remove Progressing condition on scaling. It accurately summarizes the core change shown in the dependencies update and test data modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	PR only modifies go.mod and test-data YAML files; no Ginkgo test files with dynamic test names are introduced or modified.
Test Structure And Quality	✅ Passed	PR modifies only go.mod dependencies and test fixture YAML files, not Ginkgo test code.
Microshift Test Compatibility	✅ Passed	PR only modifies go.mod dependencies and YAML test fixture files, not new Ginkgo e2e test code.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	Pull request contains no new Ginkgo e2e test code, only go.mod and YAML test data updates.
Topology-Aware Scheduling Compatibility	✅ Passed	This pull request only updates Go module dependencies and adjusts test fixtures; it does not modify any deployment manifests, operator controllers, or introduce pod affinity/anti-affinity, topology spread constraints, node selectors, or PDB changes.
Ote Binary Stdout Contract	✅ Passed	The pull request does not violate the OTE Binary Stdout Contract. The OTE test extension binary uses klog.Fatal() for error handling which logs to stderr by default. No module-level Ginkgo calls that could emit stdout are present.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR does not add new Ginkgo e2e tests; it updates Go module dependencies and modifies static YAML test fixture files used for golden file comparison testing.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[tchap]

/retest

[tchap]

/retest-required

[tchap]

/retest-required

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Around line 136-137: The replace directive currently pointing to the personal
fork "github.com/tchap/library-go" must be removed and replaced with the
official upstream module; delete the replace line `replace
github.com/openshift/library-go => github.com/tchap/library-go v0.0.0-...` and
update the canonical require for `github.com/openshift/library-go` to the
pseudo-version or release that contains the merged openshift/library-go#2128
commit (preserve the `// branch: workload-condition-overwrites` note in your
commit message rather than in go.mod), then run `go mod tidy` to refresh go.sum
and ensure no remaining references to the fork remain.

---

ℹ️ Review info

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 4cdf558 and b2426e5.

⛔ Files ignored due to path filters (10)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/library-go/pkg/apps/deployment/status.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/workload/workload.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/encryption/controllers/key_controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/encryption/crypto/keys.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/encryption/encryptionconfig/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/encryption/secrets/secrets.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/encryption/secrets/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/encryption/state/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (10)

• bindata/oauth-apiserver/deploy.yaml
• bindata/oauth-openshift/deployment.yaml
• go.mod
• pkg/operator/workload/testdata/sync_ds_scenario_1.yaml
• pkg/operator/workload/testdata/sync_ds_scenario_2.yaml
• pkg/operator/workload/testdata/sync_ds_scenario_3.yaml
• test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/c5b3-body-cluster.yaml
• test-data/apply-configuration/overall/oauth-apiserver-creation-minimal/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/apps/deployments/7350-body-apiserver.yaml
• test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/5749-body-cluster.yaml
• test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication/apps/deployments/a3d6-body-oauth-openshift.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Replace directive points to a personal fork — must be swapped for the official upstream before merging.

github.com/tchap/library-go is a personal fork. Once openshift/library-go#2128 merges and a proper release/pseudo-version is cut for github.com/openshift/library-go, this replace directive (and its corresponding go.sum entries) must be removed and the canonical require version on line 15 updated to point at the merged commit.

The // branch: workload-condition-overwrites comment is a useful breadcrumb — consider preserving it in the commit message rather than in go.mod itself.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 136 - 137, The replace directive currently pointing to
the personal fork "github.com/tchap/library-go" must be removed and replaced
with the official upstream module; delete the replace line `replace
github.com/openshift/library-go => github.com/tchap/library-go v0.0.0-...` and
update the canonical require for `github.com/openshift/library-go` to the
pseudo-version or release that contains the merged openshift/library-go#2128
commit (preserve the `// branch: workload-condition-overwrites` note in your
commit message rather than in go.mod), then run `go mod tidy` to refresh go.sum
and ensure no remaining references to the fork remain.

[openshift-merge-robot]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: tchap
Once this PR has been reviewed and has the lgtm label, please assign ibihim for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@tchap: This pull request references Jira Issue OCPBUGS-65896, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (ksiddiqu@redhat.com), skipping review request.

Details

In response to this:

This is currently only open to test openshift/library-go#2128

/hold

Summary by CodeRabbit

• Chores
• Updated internal dependencies to enhance compatibility and stability.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

♻️ Duplicate comments (1)

go.mod (1)

136-137: ⚠️ Potential issue | 🟠 Major

Personal fork replace must not ship in final merge branch.

At Line 137, github.com/openshift/library-go is still redirected to a personal fork. This is fine for WIP testing, but it remains a merge blocker until replaced with the canonical upstream module version containing the needed fix.

#!/bin/bash
# Verify whether personal fork references still exist in module files.
# Expected before merge: no matches for github.com/tchap/library-go.

set -euo pipefail

echo "== go.mod references =="
rg -n 'github\.com/tchap/library-go|replace\s+github\.com/openshift/library-go' go.mod

echo
echo "== go.sum references =="
if [ -f go.sum ]; then
  rg -n 'github\.com/tchap/library-go' go.sum || true
else
  echo "go.sum not present"
fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 136 - 137, The go.mod contains a replace directive
redirecting github.com/openshift/library-go to a personal fork ("replace
github.com/openshift/library-go => github.com/tchap/library-go
v0.0.0-20260414082126-08c8c154ce03"); remove or replace that line with the
canonical upstream module version (or delete the replace and set the correct
upstream version in the require section), then run go mod tidy to update go.sum
and confirm no remaining references to github.com/tchap/library-go; ensure the
final commit contains only the official upstream module reference for
github.com/openshift/library-go.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@go.mod`:
- Around line 136-137: The go.mod contains a replace directive redirecting
github.com/openshift/library-go to a personal fork ("replace
github.com/openshift/library-go => github.com/tchap/library-go
v0.0.0-20260414082126-08c8c154ce03"); remove or replace that line with the
canonical upstream module version (or delete the replace and set the correct
upstream version in the require section), then run go mod tidy to update go.sum
and confirm no remaining references to github.com/tchap/library-go; ensure the
final commit contains only the official upstream module reference for
github.com/openshift/library-go.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: e66d7000-3c58-4319-a856-ac540d01341c

📥 Commits

Reviewing files that changed from the base of the PR and between b2426e5 and f7e5f4e.

⛔ Files ignored due to path filters (3)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Makefile is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (1)

• go.mod

[tchap]

/retest-required

[openshift-ci-robot]

@tchap: This pull request references Jira Issue OCPBUGS-65896, which is invalid:

• expected the bug to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

This is currently only open to test openshift/library-go#2128

/hold

Summary by CodeRabbit

• Chores
• Updated internal dependencies to improve compatibility and stability.
• Bug Fixes / Behavior Changes
• Adjusted deployment condition statuses and timestamps for authentication and OAuth server resources.
• Refined status messages (wording, punctuation) and replaced “latest generation” with “latest revision” in progress notices.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@tchap: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-operator-disruptive	b2426e5	link	true	/test e2e-gcp-operator-disruptive
ci/prow/e2e-aws-operator-encryption-rotation-serial-ote-1of2	64308c9	link	false	/test e2e-aws-operator-encryption-rotation-serial-ote-1of2
ci/prow/e2e-aws-operator-encryption-kms-serial-ote-1of2	64308c9	link	false	/test e2e-aws-operator-encryption-kms-serial-ote-1of2
ci/prow/e2e-aws-operator-serial-ote	64308c9	link	false	/test e2e-aws-operator-serial-ote
ci/prow/e2e-aws-operator-encryption-kms-serial-ote-2of2	64308c9	link	false	/test e2e-aws-operator-encryption-kms-serial-ote-2of2
ci/prow/e2e-aws-operator-encryption-serial-ote-2of2	64308c9	link	false	/test e2e-aws-operator-encryption-serial-ote-2of2
ci/prow/e2e-aws-operator-encryption-perf-serial-ote-2of2	64308c9	link	false	/test e2e-aws-operator-encryption-perf-serial-ote-2of2
ci/prow/e2e-gcp-operator-encryption-perf	64308c9	link	true	/test e2e-gcp-operator-encryption-perf
ci/prow/e2e-aws-operator-encryption-perf-serial-ote-1of2	64308c9	link	false	/test e2e-aws-operator-encryption-perf-serial-ote-1of2
ci/prow/e2e-aws-operator-encryption-serial-ote-1of2	64308c9	link	false	/test e2e-aws-operator-encryption-serial-ote-1of2
ci/prow/e2e-aws-operator-encryption-rotation-serial-ote-2of2	64308c9	link	false	/test e2e-aws-operator-encryption-rotation-serial-ote-2of2

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.