chore(SREP-4482, SREP-4486, SREP-4800: Boilerplate Update for Agentic SDLC Rollout)

[charlesgong]

What type of PR is this?
boilerplate

What this PR does / why we need it?
This PR moves the changes introduced in boilerplate for Agentic SDLC Rollout into MVP for ocm-agent-operator.
Related BP MRs

• SREP-4482: Update golangci-lint configuration with enhanced linters boilerplate#716
• SREP-4484: Enable Codecov Enforcement boilerplate#720
• [SREP-4485] add pre-commit hooks to golang-osd-operator convention boilerplate#723

Which Jira/Github issue(s) this PR fixes?
Part of Rollout for Agentic SDLC -

• Lint -https://redhat.atlassian.net/browse/SREP-4482
• Pre-Commit Hook - https://redhat.atlassian.net/browse/SREP-4486
• CodeCov - https://redhat.atlassian.net/browse/SREP-4800

Special notes for your reviewer:
Pre-checks (if applicable):

• Tested latest changes against a cluster
• Ran make generate command locally to validate code changes
• Included documentation changes with PR

Summary by CodeRabbit

• Chores

  • Updated build dependencies and container base images for improved security and stability.
  • Refreshed development tooling and CI/CD configuration.
  • Updated TLS certificates for development environments.

• Documentation

  • Added comprehensive developer documentation covering repository usage, build commands, testing procedures, and architecture overview.

[openshift-ci-robot]

@charlesgong: This pull request references SREP-4482 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

This pull request references SREP-4486 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

This pull request references SREP-4800 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

What type of PR is this?
boilerplate

What this PR does / why we need it?
This PR moves the changes introduced in boilerplate for Agentic SDLC Rollout into MVP for ocm-agent-operator.
Related BP MRs

• SREP-4482: Update golangci-lint configuration with enhanced linters boilerplate#716
• SREP-4484: Enable Codecov Enforcement boilerplate#720
• [SREP-4485] add pre-commit hooks to golang-osd-operator convention boilerplate#723

Which Jira/Github issue(s) this PR fixes?
Part of Rollout for Agentic SDLC -

• Lint -https://redhat.atlassian.net/browse/SREP-4482
• Pre-Commit Hook - https://redhat.atlassian.net/browse/SREP-4486
• CodeCov - https://redhat.atlassian.net/browse/SREP-4800

Special notes for your reviewer:
Pre-checks (if applicable):

• Tested latest changes against a cluster
• Ran make generate command locally to validate code changes
• Included documentation changes with PR

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Warning

Rate limit exceeded

@charlesgong has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 20 minutes and 13 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b09389e9-6211-413a-9260-f54d377092c6

📥 Commits

Reviewing files that changed from the base of the PR and between 37cac1d and 5a945e0.

⛔ Files ignored due to path filters (14)

• boilerplate/_data/backing-image-tag is excluded by !boilerplate/**
• boilerplate/_data/last-boilerplate-commit is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/.codecov.yml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/OWNERS_ALIASES is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/README.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/TEST_README.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/app-sre.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/csv-generate/csv-generate.sh is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/golangci.yml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/olm_pko_migration.py is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/pre-commit-config.yaml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/standard.mk is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/test_olm_pko_migration.py is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/update is excluded by !boilerplate/**

📒 Files selected for processing (24)

• .ci-operator.yaml
• .claude/commands/pre-commit.md
• .codecov.yml
• OWNERS_ALIASES
• build/Dockerfile
• build/Dockerfile.olm-registry
• build/Dockerfile.webhook
• controllers/addon/monitoring_stack_reconciler.go
• controllers/addon/phase_observe_operatorresource.go
• deploy-extras/development/01-metrics-server-tls-secret.yaml
• deploy-extras/development/webhook/00-tls-secret.yaml
• deploy-extras/development/webhook/validatingwebhookconfig.yaml
• deploy/80_addon-sermon-fedaration-token.yaml
• deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yaml
• deploy_pko/Cleanup-OLM-Job.yaml
• fips.go
• hack/hypershift/package/.test-fixtures/namespace-scope/hcp/addon-operator.yaml
• hack/hypershift/package/hcp/addon-operator.yaml.gotmpl
• hack/hypershift/package/manifest.yaml
• integration/fixtures_test.go
• integration/metrics_collection_test.go
• integration/monitoring_stack_test.go
• internal/metrics/recorder.go
• internal/webhooks/addon_webhook.go

Walkthrough

This PR updates build infrastructure (boilerplate and base images), establishes a tiered pre-commit hook configuration aligned to golden rules with agentic documentation, enables code coverage thresholds, adds comprehensive developer documentation, refreshes TLS certificates for development deployments, and performs hygiene cleanup across Kubernetes manifests and team aliases.

Changes

Infrastructure, Build, and Developer Experience Updates

Layer / File(s)	Summary
Build image and base image version bumps .ci-operator.yaml, build/Dockerfile, build/Dockerfile.olm-registry, build/Dockerfile.webhook	CI-operator and Dockerfile images updated from boilerplate image-v8.3.4 to image-v8.3.6 and UBI-minimal from 9.7-1776104705 to 9.7-1778562320 across builder and runtime stages.
Pre-commit hook golden rules configuration and agentic documentation .pre-commit-config.yaml, .claude/commands/pre-commit.md	.pre-commit-config.yaml restructured with reduced external checks (merge-conflict, trailing whitespace, YAML scoped to deploy/), pinned gitleaks and golangci-lint, and portable timeout-wrapped local hooks for Go build/mod-tidy/unit-test and RBAC checks. New .claude/commands/pre-commit.md documents three invocation modes and seven-step flow with result categorization, idempotency looping, bounded retries, security escalation, and structured final reporting.
Code coverage configuration thresholds .codecov.yml	Coverage status checks activated with project target 35%/threshold 1% and patch target 50%/threshold 1%.
Developer guidance and repository documentation AGENTS.md, CLAUDE.md	AGENTS.md added with repository overview, build/test/lint/generation workflows, local development setup, and architecture (CRDs, controllers, feature toggles, OCM integration). CLAUDE.md updated to reference AGENTS.md.
TLS certificates and webhook configuration updates deploy-extras/development/01-metrics-server-tls-secret.yaml, deploy-extras/development/webhook/00-tls-secret.yaml, deploy-extras/development/webhook/validatingwebhookconfig.yaml	TLS trust material refreshed for development: metrics-server secret ca-bundle/tls.crt/tls.key, webhook-server-cert ca.crt, and ValidatingWebhookConfiguration caBundle for vaddons.managed.openshift.io.
Whitespace and code hygiene cleanup deploy/80_addon-sermon-fedaration-token.yaml, deploy_pko/Cleanup-OLM-Job.yaml, deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yaml, hack/hypershift/package/hcp/addon-operator.yaml.gotmpl, hack/hypershift/package/.test-fixtures/namespace-scope/hcp/addon-operator.yaml, hack/hypershift/package/manifest.yaml, fips.go	Trailing whitespace removed across deployment manifests and template files; Go fmt.Println return values explicitly discarded in FIPS build initialization.
Team structure and OWNERS cleanup OWNERS_ALIASES	Removed abyrne55 from srep-functional-team-aurora and srep-functional-leads aliases; removed jharrington22 from srep-architects alias.

🎯 2 (Simple) | ⏱️ ~12 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
Ote Binary Stdout Contract	❌ Error	fips.go init() function writes to stdout via fmt.Println(), which corrupts OTE JSON output. Init functions are process-level code and cannot use stdout.	Use fmt.Fprintf(os.Stderr, ...) instead of fmt.Println() in fips.go init() function to output to stderr.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the primary change: a boilerplate update for the Agentic SDLC Rollout referenced by three Jira tickets (SREP-4482, SREP-4486, SREP-4800).
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The custom check for stable/deterministic Ginkgo test names is not applicable. The project uses testify/suite and standard Go testing, not Ginkgo. No test files were modified in this PR.
Test Structure And Quality	✅ Passed	The custom check requires reviewing Ginkgo test code. The PR adds tests using standard Go testing.T and testify/suite, not Ginkgo. No Ginkgo framework exists in this codebase.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests added. PR contains configuration, documentation, Kubernetes manifests, and image updates only. Check not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. The check is not applicable. PR contains only config updates, documentation, and build file changes.
Topology-Aware Scheduling Compatibility	✅ Passed	PR introduces no scheduling constraints. Changes are configuration, documentation, TLS certs, image tags, and whitespace only. No operator code or topology-unsafe affinity patterns added.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests added. PR adds 49 test files using testify/suite and standard Go testing.T, not Ginkgo (no ginkgo/gomega imports, no It/Describe/Context/When patterns). Check not applicable.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: charlesgong
Once this PR has been reviewed and has the lgtm label, please assign robshelly for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.24%. Comparing base (f930964) to head (9f1a994).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #724   +/-   ##
=======================================
  Coverage   59.24%   59.24%           
=======================================
  Files          62       62           
  Lines        4125     4125           
=======================================
  Hits         2444     2444           
  Misses       1532     1532           
  Partials      149      149           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

controllers/addon/phase_observe_operatorresource.go (1)

97-104: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Missing fallback in CSV phase switch causes false-ready path.

The switch no longer handles empty/unexpected phases, so unresolved CSV states can fall through as success (resultNil) instead of staying unready/retrying.

Proposed fix

 switch phase {
 case operatorsv1alpha1.CSVPhaseSucceeded:
 	// do nothing here
 case operatorsv1alpha1.CSVPhaseFailed:
 	message = "failed"
 case operatorsv1alpha1.CSVPhasePending, operatorsv1alpha1.CSVPhaseInstallReady, operatorsv1alpha1.CSVPhaseInstalling, operatorsv1alpha1.CSVPhaseUnknown, operatorsv1alpha1.CSVPhaseReplacing, operatorsv1alpha1.CSVPhaseDeleting, operatorsv1alpha1.CSVPhaseAny:
 	message = "unknown/pending"
+default:
+	message = "unknown/pending"
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@controllers/addon/phase_observe_operatorresource.go` around lines 97 - 104,
The switch on the CSV state variable phase (using
operatorsv1alpha1.CSVPhaseSucceeded/Failed/Pending/etc.) lacks a
default/fallback, so unexpected or empty phases fall through as success; update
the switch in controllers/addon/phase_observe_operatorresource.go to include a
default case that sets message (the same variable used for status) to an
"unknown/pending" or equivalent non-ready value and ensure the calling code does
not treat that path as resultNil/success (i.e., cause a retry or mark not-ready)
so unresolved CSV states don't incorrectly signal readiness.

deploy-extras/development/01-metrics-server-tls-secret.yaml (1)

1-14: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Stale validity comment after cert rotation.

The header comment claims this cert is valid until May 21 12:11:09 3021 GMT, but the rotated cert in ca-bundle.crt/tls.crt decodes to NotAfter: Jan 6 03:42:55 2034 GMT (~10 years from NotBefore: Jan 9 2024). Update the comment so dev users don't assume a far-future expiry.

📝 Proposed fix

 # This Secret is only for testing / dev.
-# This cert is valid till May 21 12:11:09 3021 GMT
+# This cert is valid till Jan  6 03:42:55 2034 GMT
 # When deployed as an OLM Bundle, OLM will handle injecting TLS secrets
 # CN = addon-operator-metrics.addon-operator.svc

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@deploy-extras/development/01-metrics-server-tls-secret.yaml` around lines 1 -
14, The top header comment is stale; update the comment above the Secret
(metadata.name: manager-metrics-tls) to reflect the certificate's actual
NotAfter value (NotAfter: Jan 6 03:42:55 2034 GMT) instead of "May 21 12:11:09
3021 GMT" so devs won't be misled; edit the first few comment lines to state the
correct expiry (and optionally note NotBefore: Jan 9 2024) while leaving the
rest of the Secret (ca-bundle.crt, tls.crt, tls.key) untouched.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.claude/commands/pre-commit.md:
- Around line 77-84: The fenced code block that begins with the triple backticks
around the "PRE-COMMIT SUMMARY" text lacks a language identifier; update the
opening fence in .claude/commands/pre-commit.md so it includes a language token
(for example "text" or "plain") immediately after the ``` to satisfy markdown
linting. Locate the block which contains the "PRE-COMMIT SUMMARY" header and
change the opening ``` to ```text (or another appropriate language) so the
linter recognizes the code fence.

---

Outside diff comments:
In `@controllers/addon/phase_observe_operatorresource.go`:
- Around line 97-104: The switch on the CSV state variable phase (using
operatorsv1alpha1.CSVPhaseSucceeded/Failed/Pending/etc.) lacks a
default/fallback, so unexpected or empty phases fall through as success; update
the switch in controllers/addon/phase_observe_operatorresource.go to include a
default case that sets message (the same variable used for status) to an
"unknown/pending" or equivalent non-ready value and ensure the calling code does
not treat that path as resultNil/success (i.e., cause a retry or mark not-ready)
so unresolved CSV states don't incorrectly signal readiness.

In `@deploy-extras/development/01-metrics-server-tls-secret.yaml`:
- Around line 1-14: The top header comment is stale; update the comment above
the Secret (metadata.name: manager-metrics-tls) to reflect the certificate's
actual NotAfter value (NotAfter: Jan 6 03:42:55 2034 GMT) instead of "May 21
12:11:09 3021 GMT" so devs won't be misled; edit the first few comment lines to
state the correct expiry (and optionally note NotBefore: Jan 9 2024) while
leaving the rest of the Secret (ca-bundle.crt, tls.crt, tls.key) untouched.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e6ddd226-f5cf-4464-a3f0-79b9780fd956

📥 Commits

Reviewing files that changed from the base of the PR and between ee483fd and 04bb6f9.

⛔ Files ignored due to path filters (14)

• boilerplate/_data/backing-image-tag is excluded by !boilerplate/**
• boilerplate/_data/last-boilerplate-commit is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/.codecov.yml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/OWNERS_ALIASES is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/README.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/TEST_README.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/app-sre.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/csv-generate/csv-generate.sh is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/golangci.yml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/olm_pko_migration.py is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/pre-commit-config.yaml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/standard.mk is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/test_olm_pko_migration.py is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/update is excluded by !boilerplate/**

📒 Files selected for processing (25)

• .ci-operator.yaml
• .claude/commands/pre-commit.md
• .codecov.yml
• .pre-commit-config.yaml
• OWNERS_ALIASES
• build/Dockerfile
• build/Dockerfile.olm-registry
• build/Dockerfile.webhook
• controllers/addon/monitoring_stack_reconciler.go
• controllers/addon/phase_observe_operatorresource.go
• deploy-extras/development/01-metrics-server-tls-secret.yaml
• deploy-extras/development/webhook/00-tls-secret.yaml
• deploy-extras/development/webhook/validatingwebhookconfig.yaml
• deploy/80_addon-sermon-fedaration-token.yaml
• deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yaml
• deploy_pko/Cleanup-OLM-Job.yaml
• fips.go
• hack/hypershift/package/.test-fixtures/namespace-scope/hcp/addon-operator.yaml
• hack/hypershift/package/hcp/addon-operator.yaml.gotmpl
• hack/hypershift/package/manifest.yaml
• integration/fixtures_test.go
• integration/metrics_collection_test.go
• integration/monitoring_stack_test.go
• internal/metrics/recorder.go
• internal/webhooks/addon_webhook.go

💤 Files with no reviewable changes (2)

• integration/fixtures_test.go
• OWNERS_ALIASES

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add language specification to fenced code block.

The fenced code block lacks a language identifier. Add a language specification to satisfy markdown linting rules.

📝 Proposed fix

-```
+```text
 PRE-COMMIT SUMMARY
 ==================
 Passed:     <list of hook IDs>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	```
	PRE-COMMIT SUMMARY
	==================
	Passed: <list of hook IDs>
	Auto-fixed: <list of hook IDs> → files staged
	Fixed: <list of hook IDs> → changes applied
	Failed: <list of hook IDs> → escalated to human
	Attempts: <N> of 2 maximum

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 77-77: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.claude/commands/pre-commit.md around lines 77 - 84, The fenced code block
that begins with the triple backticks around the "PRE-COMMIT SUMMARY" text lacks
a language identifier; update the opening fence in
.claude/commands/pre-commit.md so it includes a language token (for example
"text" or "plain") immediately after the ``` to satisfy markdown linting. Locate
the block which contains the "PRE-COMMIT SUMMARY" header and change the opening
``` to ```text (or another appropriate language) so the linter recognizes the
code fence.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.pre-commit-config.yaml:
- Around line 41-52: The hooks list for the pre-commit-hooks repo is missing the
large-file protection; add the check-added-large-files hook to the existing
hooks under repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 by
inserting an entry with id: check-added-large-files (optionally with args like
--maxkb=<value> to match repo policy) alongside check-merge-conflict,
trailing-whitespace, end-of-file-fixer and check-yaml so large files are
rejected at commit time; update the hooks block that currently contains id:
check-merge-conflict and id: trailing-whitespace to include id:
check-added-large-files.
- Around line 76-99: Add a new pre-commit hook entry alongside the existing
go-build and go-mod-tidy hooks: create a hook with id "go-fmt" (name "go fmt")
that uses the system language and executes the Go formatter over staged Go files
(targeting .go files or using types: [go]); ensure it runs before other checks,
sets appropriate file matching (e.g., .go files), and configures pass_filenames
so formatting applies to staged files, keeping the hook consistent with the
existing go-mod-tidy and go-build entries.

In `@AGENTS.md`:
- Around line 1-3: The document's top-level heading is incorrect: replace the
first-line title "# CLAUDE.md" with "# AGENTS.md" so the file title matches the
filename and conforms to the guideline for AGENTS.md; update only the heading
line at the top of the file.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 35d0e577-e9ed-4322-b055-7f639e4c18a6

📥 Commits

Reviewing files that changed from the base of the PR and between ca9026b and 37cac1d.

⛔ Files ignored due to path filters (14)

• boilerplate/_data/backing-image-tag is excluded by !boilerplate/**
• boilerplate/_data/last-boilerplate-commit is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/.codecov.yml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/OWNERS_ALIASES is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/README.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/TEST_README.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/app-sre.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/csv-generate/csv-generate.sh is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/golangci.yml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/olm_pko_migration.py is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/pre-commit-config.yaml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/standard.mk is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/test_olm_pko_migration.py is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/update is excluded by !boilerplate/**

📒 Files selected for processing (20)

• .ci-operator.yaml
• .claude/commands/pre-commit.md
• .codecov.yml
• .pre-commit-config.yaml
• AGENTS.md
• CLAUDE.md
• OWNERS_ALIASES
• build/Dockerfile
• build/Dockerfile.olm-registry
• build/Dockerfile.webhook
• deploy-extras/development/01-metrics-server-tls-secret.yaml
• deploy-extras/development/webhook/00-tls-secret.yaml
• deploy-extras/development/webhook/validatingwebhookconfig.yaml
• deploy/80_addon-sermon-fedaration-token.yaml
• deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yaml
• deploy_pko/Cleanup-OLM-Job.yaml
• fips.go
• hack/hypershift/package/.test-fixtures/namespace-scope/hcp/addon-operator.yaml
• hack/hypershift/package/hcp/addon-operator.yaml.gotmpl
• hack/hypershift/package/manifest.yaml

✅ Files skipped from review due to trivial changes (12)

• build/Dockerfile.webhook
• CLAUDE.md
• hack/hypershift/package/manifest.yaml
• .codecov.yml
• fips.go
• deploy_pko/Cleanup-OLM-Job.yaml
• hack/hypershift/package/.test-fixtures/namespace-scope/hcp/addon-operator.yaml
• OWNERS_ALIASES
• hack/hypershift/package/hcp/addon-operator.yaml.gotmpl
• .ci-operator.yaml
• deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yaml
• deploy/80_addon-sermon-fedaration-token.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

• build/Dockerfile.olm-registry
• build/Dockerfile
• deploy-extras/development/webhook/validatingwebhookconfig.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add required large-file protection hook.

check-added-large-files is missing, so oversized artifacts can slip into commits. Please add a large-file check in this hook set to match repository policy.

As per coding guidelines ".pre-commit-config.yaml: Pre-commit hooks configured in .pre-commit-config.yaml should include go-fmt, go-mod-tidy, and large file checks".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.pre-commit-config.yaml around lines 41 - 52, The hooks list for the
pre-commit-hooks repo is missing the large-file protection; add the
check-added-large-files hook to the existing hooks under repo:
https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 by inserting an entry
with id: check-added-large-files (optionally with args like --maxkb=<value> to
match repo policy) alongside check-merge-conflict, trailing-whitespace,
end-of-file-fixer and check-yaml so large files are rejected at commit time;
update the hooks block that currently contains id: check-merge-conflict and id:
trailing-whitespace to include id: check-added-large-files.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Restore required go-fmt hook.

go-mod-tidy is present, but go-fmt is not configured. Please add a go-fmt pre-commit hook to keep formatting enforcement aligned with policy.

As per coding guidelines ".pre-commit-config.yaml: Pre-commit hooks configured in .pre-commit-config.yaml should include go-fmt, go-mod-tidy, and large file checks".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.pre-commit-config.yaml around lines 76 - 99, Add a new pre-commit hook
entry alongside the existing go-build and go-mod-tidy hooks: create a hook with
id "go-fmt" (name "go fmt") that uses the system language and executes the Go
formatter over staged Go files (targeting .go files or using types: [go]);
ensure it runs before other checks, sets appropriate file matching (e.g., .go
files), and configures pass_filenames so formatting applies to staged files,
keeping the hook consistent with the existing go-mod-tidy and go-build entries.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix top-level document title to match file name.

Line 1 currently says # CLAUDE.md in AGENTS.md; rename it to # AGENTS.md to avoid confusion in navigation/search.

As per coding guidelines "AGENTS.md: Document agents and their capabilities in AGENTS.md".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@AGENTS.md` around lines 1 - 3, The document's top-level heading is incorrect:
replace the first-line title "# CLAUDE.md" with "# AGENTS.md" so the file title
matches the filename and conforms to the guideline for AGENTS.md; update only
the heading line at the top of the file.

[openshift-ci]

@charlesgong: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.