Skip to content

NO-JIRA: Sync downstream 20260430 0751#282

Open
matzew wants to merge 9 commits intoopenshift:mainfrom
matzew:sync-downstream-20260430-0751
Open

NO-JIRA: Sync downstream 20260430 0751#282
matzew wants to merge 9 commits intoopenshift:mainfrom
matzew:sync-downstream-20260430-0751

Conversation

@matzew
Copy link
Copy Markdown
Member

@matzew matzew commented Apr 30, 2026

bringing latest to main

manusa and others added 8 commits April 27, 2026 08:22
@manusa @claude
fix(http): complete hot-reload surface for HTTP middleware config (co…
c3661a7 
…ntainers#1107)

* fix(http): complete hot-reload surface for HTTP middleware config

Follow-up to containers#1105. RequestMiddleware and MaxBodyMiddleware were bound
to the startup config snapshot, so after SIGHUP the well-known handler
(per-request Load) and RequestMiddleware (startup value) disagreed about
trust_proxy_headers. Extend the per-request Load pattern to both
middlewares, add a regression test for the containers#1105 auth reload fix, add a
unit test for StaticConfigState, and guard Store against nil.

- Thread *config.StaticConfigState through RequestMiddleware and
  MaxBodyMiddleware so trust_proxy_headers and max_body_bytes pick up
  SIGHUP-reloaded values without a restart
- Flatten the Serve middleware chain via a local chain helper to keep
  composition readable as layers grow
- Document the non-nil invariant on StaticConfigState.Load and ignore
  nil in Store; drop redundant nil checks in wellknown.buildResourceURL

Closes containers#1106

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Marc Nuri <marc@marcnuri.com>

* chore(style): go fmt pkg/http/middleware_test.go

Drop trailing blank line flagged by gofmt on CI.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Marc Nuri <marc@marcnuri.com>

---------

Signed-off-by: Marc Nuri <marc@marcnuri.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@nader-ziada
fix(auth): propagate certificate_authority to token exchange HTTP cli…
a07a199 
…ent (containers#1109)

Signed-off-by: Nader Ziada <nziada@redhat.com>
@dependabot
build(deps): bump github.com/google/jsonschema-go from 0.4.2 to 0.4.3 (
e3e0e24 
…containers#1112)

Bumps [github.com/google/jsonschema-go](https://github.com/google/jsonschema-go) from 0.4.2 to 0.4.3.
- [Release notes](https://github.com/google/jsonschema-go/releases)
- [Commits](google/jsonschema-go@v0.4.2...0.4.3)

---
updated-dependencies:
- dependency-name: github.com/google/jsonschema-go
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@swghosh
feat(api): add MCP resource (containers#1091)
ae96122 
* Add MCP resources to Toolset interface

Signed-off-by: Swarup Ghosh <swghosh@redhat.com>

* Add MCP resource capabilities to Server

Signed-off-by: Swarup Ghosh <swghosh@redhat.com>

* React to changes in the Toolset interface

Signed-off-by: Swarup Ghosh <swghosh@redhat.com>

* Update suggestions encountered during review

Signed-off-by: Swarup Ghosh <swghosh@redhat.com>

* Update suggestions from review

Signed-off-by: Swarup Ghosh <swghosh@redhat.com>

* Add more test coverage for MCP resources

(assertion pairing in resource_test.go, Blob/MIMEType-override coverage, filter/mutator tests, AddResource URI-validation panic)

Signed-off-by: Swarup Ghosh <swghosh@redhat.com>

---------

Signed-off-by: Swarup Ghosh <swghosh@redhat.com>
@dependabot
build(deps): bump mcpchecker/mcpchecker in the github-actions group (c…
5b3c320 
…ontainers#1118)

Bumps the github-actions group with 1 update: [mcpchecker/mcpchecker](https://github.com/mcpchecker/mcpchecker).


Updates `mcpchecker/mcpchecker` from 0.0.16 to 0.0.17
- [Release notes](https://github.com/mcpchecker/mcpchecker/releases)
- [Changelog](https://github.com/mcpchecker/mcpchecker/blob/main/CHANGELOG.md)
- [Commits](mcpchecker/mcpchecker@v0.0.16...v0.0.17)

---
updated-dependencies:
- dependency-name: mcpchecker/mcpchecker
  dependency-version: 0.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@nader-ziada
fix(http): fall back to openid-configuration when well-known endpoint…
dc86d41 
… returns empty body (containers#1117)

Signed-off-by: Nader Ziada <nziada@redhat.com>
@dependabot
build(deps): bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.0 (c…
bf7a489 
…ontainers#1120)

Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/fsnotify/fsnotify/releases)
- [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md)
- [Commits](fsnotify/fsnotify@v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/fsnotify/fsnotify
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@matzew
Merge remote-tracking branch 'upstream/main' into sync-downstream-202…
b0cd7e8 
…60430-0751

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Apr 30, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Apr 30, 2026

@matzew: This pull request explicitly references no jira issue.

Details

In response to this:

bringing latest to main

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 30, 2026
edited
Loading

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)
  • Sync downstream

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ab6c5023-8798-46bd-bac6-aa47869bff9b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from Kaustubh-pande and manusa April 30, 2026 05:54
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Apr 30, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 30, 2026
@matzew
Copy link
Copy Markdown
Member Author

matzew commented Apr 30, 2026

/override "Konflux kflux-prd-rh02 / openshift-mcp-server-on-pull-request"

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Apr 30, 2026

@matzew: Overrode contexts on behalf of matzew: Konflux kflux-prd-rh02 / openshift-mcp-server-on-pull-request

Details

In response to this:

/override "Konflux kflux-prd-rh02 / openshift-mcp-server-on-pull-request"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@matzew
adding mcp resources api to missing toolsets
1ece0f4 
Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Apr 30, 2026

@matzew: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/test 1ece0f4 link true /test test
ci/prow/lint 1ece0f4 link true /test lint
ci/prow/images 1ece0f4 link true /test images
ci/prow/fips-image-scan-openshift-mcp-server 1ece0f4 link true /test fips-image-scan-openshift-mcp-server

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kaustubh-pande Kaustubh-pande Awaiting requested review from Kaustubh-pande

@manusa manusa Awaiting requested review from manusa

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@matzew @openshift-ci-robot @manusa @nader-ziada @swghosh