OCPCLOUD-3429: Mount provider images with image volumes by mdbooth · Pull Request #527 · openshift/cluster-capi-operator

mdbooth · 2026-04-24T07:16:22Z

Switches capi-operator to mount provider images via image volumes instead of pulling them. The image volume feature is beta in 1.35 (on by default), and GA in 1.36. This means we can rely on cri-o to pull images. This has many benefits:

We utilise cri-o's layer cache to reduce network traffic
The operator will not start until all images are available
The operator does not restart due to image pull failures
We no longer have to consider disconnected and mirror registries, as cri-o is already configured

In practise this looks like:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: capi-operator
  name: capi-operator
  namespace: openshift-cluster-api-operator
spec:
  ...
  containers:
  - name: capi-operator
    env:
    - name: POD_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.name
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    ...
    volumeMounts:                                                                                                                                                                                                                                                                                                 
    - mountPath: /var/lib/provider-images/aws-cluster-api-controllers                                                                                                                                                                                                                                             
      name: provider-aws
      readOnly: true                                                                                                                                                                                                                                                                                              
      subPath: capi-operator-manifests                                                                                                                                                                                                                                                                            
    - mountPath: /var/lib/provider-images/azure-cluster-api-controllers
      name: provider-azure
      readOnly: true                                                                                                                                                                                                                                                                                              
      subPath: capi-operator-manifests
    ...
  volumes:
  - image:
      pullPolicy: IfNotPresent                                                                                                                                                                                                                                                                                    
      reference: registry.build10.ci.openshift.org/ci-ln-wj5xgck/stable@sha256:8d39c59163295ef55e7387621a7e2b0cee52b8576787119e679aa37aa535a3f4
    name: provider-aws                                                                                                                                                                                                                                                                                            
  - image:
      pullPolicy: IfNotPresent
      reference: registry.build10.ci.openshift.org/ci-ln-wj5xgck/stable@sha256:c892becefd8a17e745c6c84abbf27b242e2f59ac07bd230838088a84d5b3a731
    name: provider-azure
  ...

kubelet mounts all the provider images for us under /var/lib/provider-images. images.json is removed entirely. This does present us with a minor problem, because we still need to be able to substitute release images in provider manifests. We previously got that from images.json because we needed it to pull the images. To work round this, we set POD_NAME and POD_NAMESPACE, and the operator inspects its pod to get the provider image references.

The excessive events failures in techpreview jobs are due to kubernetes/kubernetes#138644.

Summary by CodeRabbit

Release Notes

New Features
- Added directory-based provider image discovery workflow.
Refactor
- Simplified provider image loading by removing remote image fetching, extraction, and registry mirror resolution.
- Changed operator initialization from JSON configuration to environment variable-driven directory scanning.
Chores
- Removed legacy image discovery configuration files and utilities.

openshift-merge-bot · 2026-04-24T07:16:25Z

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

openshift-ci-robot · 2026-04-24T07:16:26Z

@mdbooth: This pull request references OCPCLOUD-3429 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-04-24T07:16:47Z

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

▶️ Resume reviews
🔍 Trigger review

Walkthrough

This PR replaces JSON-based provider image discovery with directory-based scanning. Remote container image fetching logic (including pull secrets, registry mirrors, and trusted CAs) is removed. The operator now mounts provider-specific image directories via Pod volume bindings and scans on-disk manifests instead of extracting remote layers.

Changes

Cohort / File(s)	Summary
Operator Bootstrap `cmd/capi-operator/main.go`	Replaces `--images-json` parameter with `--provider-image-dir`; adds `POD_NAME` and `POD_NAMESPACE` environment variable requirements; introduces `BuildImageRefMapFromPod` to correlate pod volumes to image references; updates `loadProviderImages` to scan directories instead of reading JSON.
Dependency Cleanup `go.mod`	Removes Docker/OCI-related dependencies: `github.com/docker/cli`, `github.com/google/go-containerregistry`, `github.com/containerd/stargz-snapshotter/estargz`, `github.com/docker/distribution`, `github.com/docker/docker-credential-helpers`, `github.com/opencontainers/image-spec`, `github.com/vbatts/tar-split`, and `gotest.tools/v3`.
Provider Image Discovery `pkg/providerimages/providerimages.go`	Removes `ReadProviderImages` and remote fetching logic; introduces `ScanProviderImages` for on-disk manifest scanning and `BuildImageRefMapFromPod` for volume-to-imageRef mapping; deletes `ContentID` field from `ProviderImageManifests`.
Registry Mirroring & Auth `pkg/providerimages/mirrors.go`, `pkg/providerimages/pullsecret.go`, `pkg/providerimages/trustedca.go`	Removes three files: mirror resolution logic, Docker pull-secret parsing, and custom TLS transport configuration for registry access (no longer needed with directory-based approach).
Configuration Management `dev-images.json`, `pkg/util/readconfig.go`	Deletes JSON image lookup table and its corresponding file-reading utility function.
CAPI Operator Manifest `manifests/0000_30_cluster-api-installer_05_deployment.yaml`	Replaces single ConfigMap mount (`/etc/cluster-api-config-images`) with multiple provider-specific image volume mounts at `/var/lib/provider-images/<provider>`; injects `POD_NAME` and `POD_NAMESPACE` environment variables; removes `--images-json` startup argument.
ConfigMap Resources `manifests/0000_30_cluster-api-installer_04_images.configmap.yaml`, `manifests/0000_30_cluster-api-installer_00_tombstones.yaml`	Deletes `cluster-capi-operator-images` ConfigMap (previously supplied `images.json` mapping); adds corresponding tombstone manifest to ensure cleanup during upgrades.
CAPI Controllers Manifest `manifests/0000_30_cluster-api_11_deployment.yaml`	Removes `PROVIDER_IMAGE_DIR` environment variable and provider-images `emptyDir` volume mount (no longer used by controllers).
Test Fixtures `pkg/test/provider_fixtures.go`	Removes `WithContentID` builder method and `contentID` field from `ProviderImageManifestsBuilder`.
Provider Image Tests `pkg/providerimages/providerimages_test.go`, `pkg/providerimages/mirrors_test.go`, `pkg/providerimages/trustedca_test.go`	Refactors `providerimages_test.go` from mock remote fetch/extraction to real filesystem scanning; deletes test suites for mirrors and trusted CA (removed functionality).
Revision Controller Tests `pkg/controllers/revision/revision_controller_test.go`, `pkg/controllers/revision/suite_test.go`	Updates assertions to use `Name` instead of deleted `ContentID` field; removes `WithContentID` calls from provider fixtures; renames YAML fixture names for clarity.

Sequence Diagram

sequenceDiagram
    actor Operator as capi-operator Pod
    participant KubeAPI as Kubernetes API
    participant Pod as Pod Spec Reader
    participant FS as Filesystem<br/>(Provider Images Dir)
    
    Operator->>KubeAPI: Fetch own Pod spec
    KubeAPI-->>Operator: Pod manifest
    Operator->>Pod: BuildImageRefMapFromPod(podName, namespace)
    Pod->>Pod: Extract volume.source.image → imageRef<br/>Extract volume.mountPath basename → key
    Pod-->>Operator: imageRefMap (key→imageRef)
    
    Operator->>FS: ScanProviderImages(providerImageDir, imageRefMap)
    FS->>FS: Iterate provider subdirectories
    FS->>FS: For each provider: load metadata.yaml + manifests.yaml
    FS->>FS: Validate profiles via discoverProfiles
    FS-->>Operator: []ProviderImageManifests<br/>(ManifestsPath points to on-disk file)
    
    Operator->>Operator: Load & register provider controllers
    Note over Operator: Use imageRef + profile names<br/>for logging & organization

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	❓ Inconclusive	Unable to inspect the test file content as no verification output was provided to assess.	Please provide the verification output from the provider images test file inspection to assess adherence to guidelines.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main architectural change: switching from JSON-driven provider image discovery to Kubernetes image volume mounts.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All Ginkgo test names across modified test files use stable, deterministic strings without dynamic content like timestamps, UUIDs, or runtime-dependent values.
Microshift Test Compatibility	✅ Passed	PR modifies existing controller unit tests using envtest, not adding new Ginkgo e2e tests. MicroShift compatibility assessment not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add or modify any e2e tests. Changes are limited to infrastructure manifests, operator code, unit tests, and dependency management.
Topology-Aware Scheduling Compatibility	✅ Passed	PR does not introduce topology-unsafe scheduling constraints; deployments use hardcoded replicas: 1, nodeSelector for control-plane, proper tolerations, and exclude HyperShift while including SNO.
Ote Binary Stdout Contract	✅ Passed	The pull request does not violate the OTE Binary Stdout Contract. The logging system is properly configured to write to stderr via klog.LogToStderr(true), all logging uses the structured logr.Logger interface, and no direct stdout writes exist in the process-level code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR modifies only unit tests in pkg/ subdirectories and does not add any new Ginkgo e2e tests.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

Generate code and open pull requests
Plan features and break down work
Investigate incidents and troubleshoot customer tickets together
Automate recurring tasks and respond to alerts with triggers
Summarize progress and report instantly

Built for teams:

Shared memory across your entire org—no repeating context
Per-thread sandboxes to safely plan and execute work
Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

mdbooth · 2026-04-24T07:18:14Z

/pipeline auto

openshift-merge-bot · 2026-04-24T07:18:18Z

Pipeline controller notification

The pipeline-auto label has been added to this PR. Second-stage tests will be triggered automatically when all first-stage tests pass.

openshift-merge-bot · 2026-04-24T07:36:46Z

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-capi-techpreview
/test e2e-aws-ovn
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-aws-ovn-techpreview
/test e2e-aws-ovn-techpreview-upgrade
/test e2e-azure-capi-techpreview
/test e2e-azure-ovn-techpreview
/test e2e-azure-ovn-techpreview-upgrade
/test e2e-gcp-capi-techpreview
/test e2e-gcp-ovn-techpreview
/test e2e-metal3-capi-techpreview
/test e2e-openstack-capi-techpreview
/test e2e-openstack-ovn-techpreview
/test e2e-vsphere-capi-techpreview
/test regression-clusterinfra-aws-ipi-techpreview-capi

coderabbitai

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

go.mod (1)
1-413: ⚠️ Potential issue | 🔴 Critical

Remove remaining go-containerregistry import from manifests-gen/customizations.go.

The attempted removal of container registry dependencies is incomplete. While most Docker and container registry packages were successfully removed (docker/cli, containerd, docker/distribution, opencontainers/image-spec show no imports), manifests-gen/customizations.go still imports github.com/google/go-containerregistry/pkg/name at line 8. Either this import must be removed and the code refactored to work with the new filesystem-based image approach, or go-containerregistry needs to remain as an explicit dependency in go.mod.

The indirect container-related dependencies (github.com/distribution/reference and github.com/opencontainers/go-digest) are legitimately required by other dependencies (kubernetes, cluster-api, and various CAPI providers) and do not represent unused container registry functionality.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 1 - 413, manifests-gen/customizations.go still imports
github.com/google/go-containerregistry/pkg/name; remove that import and refactor
any usages (e.g., name.ParseReference, name.Reference, name.Tag, name.Digest) to
use the new filesystem-based image approach or plain string parsing/standard
library helpers, or if you intend to keep go-containerregistry, add it
explicitly to go.mod; after changes run gofmt and go mod tidy to drop the
dependency if unused.

🧹 Nitpick comments (1)

pkg/providerimages/providerimages.go (1)

106-140: Consider including init containers in volume mount discovery.

The function only iterates over pod.Spec.Containers but not pod.Spec.InitContainers. While the current deployment doesn't use init containers with image volume mounts, future changes could add them and the mapping would be incomplete.

♻️ Optional: Include init containers

 	// Correlate volume mounts with image references
 	imageRefMap := make(map[string]string)

+	// Collect volume mounts from all containers
+	allContainers := append(pod.Spec.InitContainers, pod.Spec.Containers...)
-	for i := range pod.Spec.Containers {
-		c := &pod.Spec.Containers[i]
+	for i := range allContainers {
+		c := &allContainers[i]
 		for j := range c.VolumeMounts {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/providerimages/providerimages.go` around lines 106 - 140,
BuildImageRefMapFromPod currently only iterates pod.Spec.Containers when
correlating VolumeMounts to volumeImageRefs, so mounts from init containers are
missed; update the function to also iterate pod.Spec.InitContainers (same volume
mount handling as for pod.Spec.Containers) so that init container VolumeMounts
contribute to imageRefMap, keeping the existing logic that uses
filepath.Base(vm.MountPath) and volumeImageRefs to populate imageRefMap.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@go.mod`:
- Around line 1-413: manifests-gen/customizations.go still imports
github.com/google/go-containerregistry/pkg/name; remove that import and refactor
any usages (e.g., name.ParseReference, name.Reference, name.Tag, name.Digest) to
use the new filesystem-based image approach or plain string parsing/standard
library helpers, or if you intend to keep go-containerregistry, add it
explicitly to go.mod; after changes run gofmt and go mod tidy to drop the
dependency if unused.

---

Nitpick comments:
In `@pkg/providerimages/providerimages.go`:
- Around line 106-140: BuildImageRefMapFromPod currently only iterates
pod.Spec.Containers when correlating VolumeMounts to volumeImageRefs, so mounts
from init containers are missed; update the function to also iterate
pod.Spec.InitContainers (same volume mount handling as for pod.Spec.Containers)
so that init container VolumeMounts contribute to imageRefMap, keeping the
existing logic that uses filepath.Base(vm.MountPath) and volumeImageRefs to
populate imageRefMap.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 51e0f395-ceb8-4b01-bc5d-495be656053e

📥 Commits

Reviewing files that changed from the base of the PR and between 2a796b2 and a937531.

⛔ Files ignored due to path filters (231)

go.sum is excluded by !**/*.sum
vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/AUTHORS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/file_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/native_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/memorystore/store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/types/authconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/client/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/client/command.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/helper.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/and/and_closer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/compression/compression.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/estargz/estargz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/gzip/zip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/redact/redact.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/retry/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/retry/wait/kubernetes_apimachinery_wait.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/verify/verify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/zstd/zstd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/anon.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/authn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/basic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/bearer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/compression/compression.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/logs/logs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/hash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/match/match.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/rebase.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/compressed.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/uncompressed.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/platform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/progress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/check.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/delete.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/mount.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/multi_write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/progress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/puller.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/pusher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/referrers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/schema1.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/useragent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/stream/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/stream/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/zz_deepcopy_generated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.gitattributes is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.goreleaser.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/SECURITY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/compressible.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bytereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/compress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/decompress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/fse.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/gen.sh is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/compress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/huff0.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/le.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/unsafe_disabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/unsafe_enabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/decode_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/encode_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/snappy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/s2sx.mod is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/s2sx.sum is excluded by !**/*.sum, !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blockdec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blockenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blocktype_string.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bytebuf.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bytereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decodeheader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decoder_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/dict.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_base.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_best.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_better.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_dfast.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_fast.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/encoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/encoder_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/framedec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/frameenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_encoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_predefined.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/hash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/history.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_arm64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_asm.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_safe.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/simple_go124.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/snappy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/zip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/zstd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/versioned.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/common.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/format.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/reader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_actime1.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_actime2.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/strconv.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/writer.go is excluded by !**/vendor/**, !vendor/**
vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (18)

cmd/capi-operator/main.go
dev-images.json
go.mod
manifests/0000_30_cluster-api-installer_00_tombstones.yaml
manifests/0000_30_cluster-api-installer_04_images.configmap.yaml
manifests/0000_30_cluster-api-installer_05_deployment.yaml
manifests/0000_30_cluster-api_11_deployment.yaml
pkg/controllers/revision/revision_controller_test.go
pkg/controllers/revision/suite_test.go
pkg/providerimages/mirrors.go
pkg/providerimages/mirrors_test.go
pkg/providerimages/providerimages.go
pkg/providerimages/providerimages_test.go
pkg/providerimages/pullsecret.go
pkg/providerimages/trustedca.go
pkg/providerimages/trustedca_test.go
pkg/test/provider_fixtures.go
pkg/util/readconfig.go

💤 Files with no reviewable changes (9)

dev-images.json
pkg/util/readconfig.go
pkg/providerimages/trustedca_test.go
manifests/0000_30_cluster-api_11_deployment.yaml
pkg/providerimages/mirrors.go
manifests/0000_30_cluster-api-installer_04_images.configmap.yaml
pkg/providerimages/trustedca.go
pkg/providerimages/mirrors_test.go
pkg/providerimages/pullsecret.go

openshift-merge-bot · 2026-04-24T09:16:24Z

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (1)

pkg/providerimages/providerimages_test.go (1)
61-333: Add explicit unit tests for BuildImageRefMapFromPod edge cases.

The new pod-spec correlation function lacks dedicated unit tests. Add coverage for multiple containers mounting the same volume (verify behavior when overwrites occur), conflicting mount path basenames (where different volumes extract the same basename), and non-image volumes (confirm they are properly skipped).
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@pkg/providerimages/providerimages_test.go` around lines 61 - 333, Add unit
tests covering BuildImageRefMapFromPod edge cases: create new test functions
(e.g., Test_BuildImageRefMapFromPod_MultipleContainers,
Test_BuildImageRefMapFromPod_ConflictingBasenames,
Test_BuildImageRefMapFromPod_NonImageVolumes) that construct Pod specs and call
BuildImageRefMapFromPod to assert expected behavior—verify that when multiple
containers mount the same volume the last write/overwrite behavior is asserted,
when different volumes resolve to the same mount-path basename the conflict is
detected/handled as expected, and that volumes which are not image-type (or lack
the expected annotation/field) are skipped; use table-driven cases and Gomega
assertions similar to existing tests for ScanProviderImages and reference the
BuildImageRefMapFromPod symbol to locate the implementation to test.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@manifests/0000_30_cluster-api-installer_05_deployment.yaml`:
- Around line 131-170: The volume image references under the names provider-aws,
provider-azure, provider-baremetal, provider-cluster-capi-controllers,
provider-cluster-capi-operator, provider-gcp, provider-ibmcloud,
provider-openstack, provider-openstack-resource-controller, and provider-vsphere
must be converted from tag-based pullspecs (e.g.,
registry.ci.openshift.org/openshift:aws-cluster-api-controllers) to
digest-resolved pullspecs; replace each volumes[].image.reference value with the
exact digest form
(registry.ci.openshift.org/openshift/<image-name>@sha256:<digest>) that matches
the image used by the payload/container images (or the image-references file),
preserving pullPolicy, so the deployment uses immutable, reproducible images.

In `@pkg/providerimages/providerimages.go`:
- Around line 82-84: The loop in providerimages.go currently ignores directories
that yield errNoCapiManifests by continuing, which hides missing/malformed
provider content; change the behavior so that when errors.Is(err,
errNoCapiManifests) is true you fail fast: return or propagate a wrapped error
(including the provider identifier/path and context) from the enclosing function
instead of continuing, or at minimum log an explicit error with the provider and
return a non-nil error; update the handling around the symbol errNoCapiManifests
and the surrounding function that iterates provider dirs to propagate the
failure to the caller so the operator cannot start silently with missing
providers.

---

Nitpick comments:
In `@pkg/providerimages/providerimages_test.go`:
- Around line 61-333: Add unit tests covering BuildImageRefMapFromPod edge
cases: create new test functions (e.g.,
Test_BuildImageRefMapFromPod_MultipleContainers,
Test_BuildImageRefMapFromPod_ConflictingBasenames,
Test_BuildImageRefMapFromPod_NonImageVolumes) that construct Pod specs and call
BuildImageRefMapFromPod to assert expected behavior—verify that when multiple
containers mount the same volume the last write/overwrite behavior is asserted,
when different volumes resolve to the same mount-path basename the conflict is
detected/handled as expected, and that volumes which are not image-type (or lack
the expected annotation/field) are skipped; use table-driven cases and Gomega
assertions similar to existing tests for ScanProviderImages and reference the
BuildImageRefMapFromPod symbol to locate the implementation to test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 98eb7cbc-f5b1-4d62-9b1f-7a7251f0a8c5

📥 Commits

Reviewing files that changed from the base of the PR and between a937531 and 8d09225.

⛔ Files ignored due to path filters (231)

go.sum is excluded by !**/*.sum
vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/AUTHORS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/file_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/native_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/memorystore/store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/types/authconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/client/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/client/command.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/helper.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/and/and_closer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/compression/compression.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/estargz/estargz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/gzip/zip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/redact/redact.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/retry/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/retry/wait/kubernetes_apimachinery_wait.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/verify/verify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/zstd/zstd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/anon.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/authn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/basic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/bearer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/compression/compression.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/logs/logs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/hash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/match/match.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/rebase.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/compressed.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/uncompressed.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/platform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/progress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/check.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/delete.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/mount.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/multi_write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/progress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/puller.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/pusher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/referrers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/schema1.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/useragent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/stream/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/stream/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/zz_deepcopy_generated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.gitattributes is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.goreleaser.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/SECURITY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/compressible.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bytereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/compress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/decompress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/fse.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/gen.sh is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/compress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/huff0.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/le.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/unsafe_disabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/unsafe_enabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/decode_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/encode_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/snappy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/s2sx.mod is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/s2sx.sum is excluded by !**/*.sum, !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blockdec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blockenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blocktype_string.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bytebuf.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bytereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decodeheader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decoder_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/dict.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_base.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_best.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_better.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_dfast.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_fast.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/encoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/encoder_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/framedec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/frameenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_encoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_predefined.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/hash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/history.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_arm64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_asm.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_safe.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/simple_go124.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/snappy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/zip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/zstd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/versioned.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/common.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/format.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/reader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_actime1.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_actime2.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/strconv.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/writer.go is excluded by !**/vendor/**, !vendor/**
vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (18)

cmd/capi-operator/main.go
dev-images.json
go.mod
manifests/0000_30_cluster-api-installer_00_tombstones.yaml
manifests/0000_30_cluster-api-installer_04_images.configmap.yaml
manifests/0000_30_cluster-api-installer_05_deployment.yaml
manifests/0000_30_cluster-api_11_deployment.yaml
pkg/controllers/revision/revision_controller_test.go
pkg/controllers/revision/suite_test.go
pkg/providerimages/mirrors.go
pkg/providerimages/mirrors_test.go
pkg/providerimages/providerimages.go
pkg/providerimages/providerimages_test.go
pkg/providerimages/pullsecret.go
pkg/providerimages/trustedca.go
pkg/providerimages/trustedca_test.go
pkg/test/provider_fixtures.go
pkg/util/readconfig.go

💤 Files with no reviewable changes (9)

dev-images.json
manifests/0000_30_cluster-api_11_deployment.yaml
pkg/util/readconfig.go
manifests/0000_30_cluster-api-installer_04_images.configmap.yaml
pkg/providerimages/trustedca_test.go
pkg/providerimages/trustedca.go
pkg/providerimages/mirrors_test.go
pkg/providerimages/pullsecret.go
pkg/providerimages/mirrors.go

✅ Files skipped from review due to trivial changes (4)

pkg/test/provider_fixtures.go
pkg/controllers/revision/revision_controller_test.go
go.mod
manifests/0000_30_cluster-api-installer_00_tombstones.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

pkg/controllers/revision/suite_test.go

openshift-merge-bot · 2026-04-24T11:02:48Z

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-capi-techpreview
/test e2e-aws-ovn
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-aws-ovn-techpreview
/test e2e-aws-ovn-techpreview-upgrade
/test e2e-azure-capi-techpreview
/test e2e-azure-ovn-techpreview
/test e2e-azure-ovn-techpreview-upgrade
/test e2e-gcp-capi-techpreview
/test e2e-gcp-ovn-techpreview
/test e2e-metal3-capi-techpreview
/test e2e-openstack-capi-techpreview
/test e2e-openstack-ovn-techpreview
/test e2e-vsphere-capi-techpreview
/test regression-clusterinfra-aws-ipi-techpreview-capi

theobarberbany · 2026-04-24T11:04:02Z

+          subPath: capi-operator-manifests
+          readOnly: true
+        - name: provider-vsphere
+          mountPath: /var/lib/provider-images/vsphere-cluster-api-controllers


we're missing nutanix (which hasn't merged yet so fair) but would be good to get in here

We were also missing CAPIO itself 😬 (fixed)

We could add nutanix in advance, I think. I think it will safely skip providers with no profiles. But what if they have no /capi-operator-manifests at all 🤔 Lets do that as a follow-up. We should do it in advance of nutanix support, though, so it can be presubmit testing.

Nutanix has /capi-operator-manifests, we were just blocked on getting images.json merged: openshift/cluster-api-provider-nutanix#8

But what if they have no /capi-operator-manifests at all 🤔

Can we test this? Before merge?

theobarberbany · 2026-04-24T11:35:04Z

          secretName: capi-operator-metrics-tls
+      - name: provider-aws
+        image:
+          reference: registry.ci.openshift.org/openshift:aws-cluster-api-controllers


these get rewritten during our build pipeline for images.json - they end up as proxy.<openshift.foo.xyz> - does art / our current tooling support this?

e.g

I0218 22:02:55.023990 1 providerimages.go:153] "looking for provider manifests in container images" I0218 22:03:13.503377 1 providerimages.go:187] "no provider manifests found in container image" image="quay-proxy.ci.openshift.org/openshift/ci@sha256:1e05ca1e5022213b7132adbfcd82bbd59dd8d95f7d5ac218476ca1c994b7bc7a" I0218 22:03:13.504383 1 providerimages.go:190] "found provider manifests in container image" image="quay-proxy.ci.openshift.org/openshift/ci@sha256:9ff1850446c0d9b0b0f953a201d2e256b7743d1a4e7e432aa08fcf33f08e14b4" provider="cluster-api" type="core" version="v1.11.3" profile="default" ocpPlatform="" I0218 22:03:13.504474 1 providerimages.go:187] "no provider manifests found in container image" image="quay-proxy.ci.openshift.org/openshift/ci@sha256:7a3d9c5faf3957c939cc516bedb7cd3976070572f6db56a0b7546d602b72eced" I0218 22:03:13.504514 1 providerimages.go:187] "no provider manifests found in container image" image="quay-proxy.ci.openshift.org/openshift/ci@sha256:8fabc3998b621982e6b766e7c1ae2f444368182db333c9dffdb8b39669f80499" I0218 22:03:13.504548 1 providerimages.go:187] "no provider manifests found in container image" image="quay-proxy.ci.openshift.org/openshift/ci@sha256:39d9078721e3a6bc02988500467d95f29423dc0e7cb534858f95d9547aa98ada" I0218 22:03:13.504580 1 providerimages.go:187] "no provider manifests found in container image" image="quay-proxy.ci.openshift.org/openshift/ci@sha256:de70a5dedd4ce36ab094cf66094a792685639401fa37f185f7472273d2dcc63c" I0218 22:03:13.504612 1 providerimages.go:187] "no provider manifests found in container image" image="quay-proxy.ci.openshift.org/openshift/ci@sha256:b737e0cf2f1174f28af611949013c2a469118c2bd70640f6943788889cdd8ce5" I0218 22:03:13.504644 1 providerimages.go:187] "no provider manifests found in container image" image="quay-proxy.ci.openshift.org/openshift/ci@sha256:c444fd9abb154d315e222e4c3198eac1c71f534f4e940c020e843b237ce1dc34" I0218 22:03:13.504678 1 providerimages.go:190] "found provider manifests in container image" image="registry.build02.ci.openshift.org/ci-op-rls11vd9/stable@sha256:68b30416795bf3e544dc240607585047779b95d0c036c2e4b58a287e8ee42bce" provider="cluster-api-provider-gcp" type="infrastructure" version="v1.11.0" profile="default" ocpPlatform="GCP" I0218 22:03:13.504723 1 providerimages.go:187] "no provider manifests found in container image" image="quay-proxy.ci.openshift.org/openshift/ci@sha256:36365a6d0cccb4f5e48fe832ae15de32e2f5b1099e21acbf33e08f8fd8e4871f" I0218 22:03:13.504764 1 providerimages.go:202] "finished looking for provider manifests in container images"

If it's working - it probably does, but I'd be curious as to what this looks like on a cluster that's live / where that rewriting happens.

ah - I think code rabbit already called this out?

these get rewritten during our build pipeline for images.json - they end up as proxy.<openshift.foo.xyz> - does art / our current tooling support this?

Yeah. The tooling is fortunately very dumb: it's a straight string substitution on the yamls. images.yaml was substituted using the same mechanism in the same place.

theobarberbany · 2026-04-24T11:48:00Z

+)

-	mirrors, skippedWildcards, err := getImageRegistryMirrors(ctx, k8sClient)
+// ScanProviderImages scans providerImageDir for subdirectories containing


there's no logging in any of this - which will make debugging a PITA. The old flow had pretty good logs to help understand where problem may lie. Can we add some logging back?

I can add some logging.

Did this get missed? I'm not seeing logging in this file still.

coderabbitai

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pkg/providerimages/providerimages.go (1)

196-212: ⚠️ Potential issue | 🟠 Major

Don't treat os.Stat failures as "not a profile".

If either os.Stat returns something other than os.ErrNotExist—for example EACCES or a mount/I/O error—this code currently collapses that into metadataExists/manifestsExists == false. When both stats fail, the directory is skipped as if it were not a profile at all. That can hide broken image-volume mounts and start the operator with providers silently omitted. Propagate non-NotExist errors before the existence checks.

Suggested fix

 	metadataInfo, metadataErr := os.Stat(metadataPath)
 	manifestsInfo, manifestsErr := os.Stat(manifestsPath)
+
+	if metadataErr != nil && !errors.Is(metadataErr, os.ErrNotExist) {
+		return nil, false, fmt.Errorf("failed to stat metadata for profile %s: %w", profileName, metadataErr)
+	}
+
+	if manifestsErr != nil && !errors.Is(manifestsErr, os.ErrNotExist) {
+		return nil, false, fmt.Errorf("failed to stat manifests for profile %s: %w", profileName, manifestsErr)
+	}
 
 	metadataExists := metadataErr == nil && !metadataInfo.IsDir()
 	manifestsExists := manifestsErr == nil && !manifestsInfo.IsDir()

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/providerimages/providerimages.go` around lines 196 - 212, The code treats
any os.Stat error as "missing", which hides real errors; change the logic in the
provider image discovery (around metadataInfo/metadataErr and
manifestsInfo/manifestsErr handling) to first check metadataErr and
manifestsErr: if either error is non-nil and not os.ErrNotExist, return that
error (wrapped with context like "profile %s") instead of converting it to
metadataExists/manifestsExists false; only treat os.ErrNotExist as absence and
then use metadataExists/manifestsExists to decide returning nil or the
errMissingMetadata/errMissingManifests errors.

🧹 Nitpick comments (1)

pkg/providerimages/providerimages_test.go (1)
61-333: Add direct coverage for BuildImageRefMapFromPod.

This suite exercises the directory scan well, but the new runtime path also depends on correlating Pod volumes[].image.reference with volumeMounts[].mountPath. A small fake-client test for BuildImageRefMapFromPod would help lock down the cases most likely to regress here: multiple containers, non-image volumes, and mounts whose basename does not match the scanned provider directory.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@pkg/providerimages/providerimages_test.go` around lines 61 - 333, Add a
focused unit test for BuildImageRefMapFromPod in providerimages_test.go that
constructs a Pod with multiple containers and a mix of image-backed volumes and
non-image volumes and volumeMounts whose mountPath basenames both match and do
not match provider directory names; call BuildImageRefMapFromPod(pod) and assert
the returned map contains the expected image references for mounts whose
basename matches and omits or ignores non-image volumes and mismatched
basenames, covering multiple containers and duplicate mounts to ensure dedup
behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cmd/capi-operator/main.go`:
- Around line 172-184: The code currently silently continues with a nil
imageRefMap when pod identity env vars are missing; change it to fail fast
unless the explicit local override is provided: after reading
podName/podNamespace and before calling providerimages.ScanProviderImages, add a
check that if podName=="" || podNamespace=="" then verify providerImageDir is
set (the explicit override); if providerImageDir is empty return an error (e.g.,
fmt.Errorf("missing POD_NAME/POD_NAMESPACE and no --provider-image-dir
override")) otherwise proceed (optionally log that the override is being used).
Update the block around podName/podNamespace,
providerimages.BuildImageRefMapFromPod, and the call to
providerimages.ScanProviderImages to enforce this behavior.

---

Outside diff comments:
In `@pkg/providerimages/providerimages.go`:
- Around line 196-212: The code treats any os.Stat error as "missing", which
hides real errors; change the logic in the provider image discovery (around
metadataInfo/metadataErr and manifestsInfo/manifestsErr handling) to first check
metadataErr and manifestsErr: if either error is non-nil and not os.ErrNotExist,
return that error (wrapped with context like "profile %s") instead of converting
it to metadataExists/manifestsExists false; only treat os.ErrNotExist as absence
and then use metadataExists/manifestsExists to decide returning nil or the
errMissingMetadata/errMissingManifests errors.

---

Nitpick comments:
In `@pkg/providerimages/providerimages_test.go`:
- Around line 61-333: Add a focused unit test for BuildImageRefMapFromPod in
providerimages_test.go that constructs a Pod with multiple containers and a mix
of image-backed volumes and non-image volumes and volumeMounts whose mountPath
basenames both match and do not match provider directory names; call
BuildImageRefMapFromPod(pod) and assert the returned map contains the expected
image references for mounts whose basename matches and omits or ignores
non-image volumes and mismatched basenames, covering multiple containers and
duplicate mounts to ensure dedup behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 4eac1f45-37a6-4dce-97a1-eaad594097f3

📥 Commits

Reviewing files that changed from the base of the PR and between 8d09225 and 2aebeaa.

⛔ Files ignored due to path filters (231)

go.sum is excluded by !**/*.sum
vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/AUTHORS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/file_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/native_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/memorystore/store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/types/authconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/client/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/client/command.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/helper.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/and/and_closer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/compression/compression.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/estargz/estargz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/gzip/zip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/redact/redact.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/retry/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/retry/wait/kubernetes_apimachinery_wait.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/verify/verify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/zstd/zstd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/anon.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/authn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/basic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/bearer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/compression/compression.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/logs/logs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/hash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/match/match.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/rebase.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/compressed.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/uncompressed.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/platform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/progress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/check.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/delete.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/mount.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/multi_write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/progress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/puller.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/pusher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/referrers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/schema1.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/useragent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/stream/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/stream/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/zz_deepcopy_generated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.gitattributes is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.goreleaser.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/SECURITY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/compressible.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bytereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/compress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/decompress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/fse.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/gen.sh is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/compress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/huff0.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/le.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/unsafe_disabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/unsafe_enabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/decode_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/encode_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/snappy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/s2sx.mod is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/s2sx.sum is excluded by !**/*.sum, !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blockdec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blockenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blocktype_string.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bytebuf.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bytereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decodeheader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decoder_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/dict.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_base.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_best.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_better.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_dfast.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_fast.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/encoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/encoder_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/framedec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/frameenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_encoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_predefined.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/hash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/history.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_arm64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_asm.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_safe.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/simple_go124.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/snappy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/zip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/zstd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/versioned.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/common.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/format.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/reader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_actime1.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_actime2.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/strconv.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/writer.go is excluded by !**/vendor/**, !vendor/**
vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (19)

cmd/capi-operator/main.go
dev-images.json
go.mod
manifests/0000_30_cluster-api-installer_00_tombstones.yaml
manifests/0000_30_cluster-api-installer_04_images.configmap.yaml
manifests/0000_30_cluster-api-installer_05_deployment.yaml
manifests/0000_30_cluster-api_11_deployment.yaml
manifests/image-references
pkg/controllers/revision/revision_controller_test.go
pkg/controllers/revision/suite_test.go
pkg/providerimages/mirrors.go
pkg/providerimages/mirrors_test.go
pkg/providerimages/providerimages.go
pkg/providerimages/providerimages_test.go
pkg/providerimages/pullsecret.go
pkg/providerimages/trustedca.go
pkg/providerimages/trustedca_test.go
pkg/test/provider_fixtures.go
pkg/util/readconfig.go

💤 Files with no reviewable changes (9)

pkg/util/readconfig.go
manifests/0000_30_cluster-api_11_deployment.yaml
pkg/providerimages/mirrors_test.go
manifests/0000_30_cluster-api-installer_04_images.configmap.yaml
dev-images.json
pkg/providerimages/trustedca_test.go
pkg/providerimages/trustedca.go
pkg/providerimages/pullsecret.go
pkg/providerimages/mirrors.go

✅ Files skipped from review due to trivial changes (1)

pkg/controllers/revision/suite_test.go

🚧 Files skipped from review as they are similar to previous changes (2)

manifests/0000_30_cluster-api-installer_00_tombstones.yaml
go.mod

coderabbitai

Actionable comments posted: 3

🧹 Nitpick comments (1)

pkg/providerimages/providerimages.go (1)
106-140: Add direct tests for the pod-to-mount correlation path.

This helper is now the only source of provider image refs, but the new test suite only exercises ScanProviderImages. A focused unit test around multiple containers, unrelated image volumes, and missing mounts would make deployment-shape regressions much easier to catch.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@pkg/providerimages/providerimages.go` around lines 106 - 140, Add focused
unit tests for BuildImageRefMapFromPod that directly exercise the pod→mount
correlation: create pods with multiple containers, volumes (including image
volumes and unrelated volumes), and mounts (including missing mounts and nested
mount paths), populate a fake k8s client (use controller-runtime's fake client)
with the Pod, call BuildImageRefMapFromPod(ctx, fakeClient, podName,
podNamespace) and assert the returned map contains expected subdirectory keys
(use filepath.Base of mount paths) mapped to the correct image references and
that unrelated or unmounted image volumes are not present; include separate
cases for multiple containers mounting the same volume and volumes without
Image.Reference to cover all branches in BuildImageRefMapFromPod.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@manifests/0000_30_cluster-api-installer_05_deployment.yaml`:
- Around line 63-106: Mounts currently set subPath: capi-operator-manifests
cause provider discovery to fail because ScanProviderImages() expects
/var/lib/provider-images/<provider> and discoverProfiles() appends
capi-operator-manifests; fix by updating the manifest entries (the listed
volumes with name provider-*) to remove subPath: capi-operator-manifests so the
mountPath exposes /var/lib/provider-images/<provider> directly, or alternatively
modify discoverProfiles() in pkg/providerimages/providerimages.go to stop
appending "capi-operator-manifests" when scanning provider directories (choose
one consistent approach and apply the same change to the other occurrences noted
around lines 135-178).
- Around line 39-46: The pod-identity guard currently treats any non-empty
POD_NAMESPACE as an error causing loadProviderImages() to always return
errPodIdentityNotSet once POD_NAMESPACE is injected; update the condition in the
loadProviderImages/initialization block that checks podName and podNamespace so
it returns errPodIdentityNotSet only when either podName == "" or podNamespace
== "" (i.e., use podName == "" || podNamespace == ""), referencing the podName,
podNamespace variables and the errPodIdentityNotSet error to locate and correct
the check.

In `@pkg/providerimages/providerimages.go`:
- Around line 89-99: The code appends ProviderImageManifests with a possibly
empty ImageRef when imageRefMap lacks an entry for a discovered subdir, which
should be a hard error; update the loop that builds result (where imageRef :=
imageRefMap[subdir] and you construct ProviderImageManifests) to check for
existence in imageRefMap (use the comma-ok pattern) and return or propagate an
error if missing (include subdir/subdirPath in the error message) instead of
using the zero-value ImageRef; ensure callers of this function handle the
returned error accordingly.

---

Nitpick comments:
In `@pkg/providerimages/providerimages.go`:
- Around line 106-140: Add focused unit tests for BuildImageRefMapFromPod that
directly exercise the pod→mount correlation: create pods with multiple
containers, volumes (including image volumes and unrelated volumes), and mounts
(including missing mounts and nested mount paths), populate a fake k8s client
(use controller-runtime's fake client) with the Pod, call
BuildImageRefMapFromPod(ctx, fakeClient, podName, podNamespace) and assert the
returned map contains expected subdirectory keys (use filepath.Base of mount
paths) mapped to the correct image references and that unrelated or unmounted
image volumes are not present; include separate cases for multiple containers
mounting the same volume and volumes without Image.Reference to cover all
branches in BuildImageRefMapFromPod.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: b44a38cf-51a1-4bf5-8fa5-44cd80555895

📥 Commits

Reviewing files that changed from the base of the PR and between 2aebeaa and 335fba7.

⛔ Files ignored due to path filters (231)

go.sum is excluded by !**/*.sum
vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/containerd/stargz-snapshotter/estargz/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/AUTHORS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/configfile/file_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/default_store_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/file_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/credentials/native_store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/memorystore/store.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/cli/cli/config/types/authconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/client/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/client/command.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/helper.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker-credential-helpers/credentials/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/and/and_closer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/compression/compression.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/estargz/estargz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/gzip/zip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/redact/redact.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/retry/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/retry/wait/kubernetes_apimachinery_wait.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/verify/verify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/internal/zstd/zstd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/anon.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/authn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/basic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/bearer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/compression/compression.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/logs/logs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/empty/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/hash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/match/match.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/mutate/rebase.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/compressed.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/uncompressed.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/platform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/progress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/check.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/delete.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/mount.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/multi_write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/progress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/puller.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/pusher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/referrers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/schema1.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/useragent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/stream/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/stream/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/go-containerregistry/pkg/v1/zz_deepcopy_generated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.gitattributes is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/.goreleaser.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/SECURITY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/compressible.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/bytereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/compress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/decompress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/fse/fse.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/gen.sh is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/compress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/decompress_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/huff0/huff0.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/le.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/unsafe_disabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/le/unsafe_enabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/decode_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/encode_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/internal/snapref/snappy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/s2sx.mod is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/s2sx.sum is excluded by !**/*.sum, !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bitreader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bitwriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blockdec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blockenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/blocktype_string.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bytebuf.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/bytereader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decodeheader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/decoder_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/dict.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_base.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_best.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_better.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_dfast.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/enc_fast.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/encoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/encoder_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/framedec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/frameenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_encoder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/fse_predefined.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/hash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/history.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_arm64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_asm.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_safe.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/matchlen_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqdec_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/seqenc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/simple_go124.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/snappy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/zip.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/klauspost/compress/zstd/zstd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/opencontainers/image-spec/specs-go/versioned.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/common.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/format.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/reader.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_actime1.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_actime2.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/stat_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/strconv.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/vbatts/tar-split/archive/tar/writer.go is excluded by !**/vendor/**, !vendor/**
vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (19)

cmd/capi-operator/main.go
dev-images.json
go.mod
manifests/0000_30_cluster-api-installer_00_tombstones.yaml
manifests/0000_30_cluster-api-installer_04_images.configmap.yaml
manifests/0000_30_cluster-api-installer_05_deployment.yaml
manifests/0000_30_cluster-api_11_deployment.yaml
manifests/image-references
pkg/controllers/revision/revision_controller_test.go
pkg/controllers/revision/suite_test.go
pkg/providerimages/mirrors.go
pkg/providerimages/mirrors_test.go
pkg/providerimages/providerimages.go
pkg/providerimages/providerimages_test.go
pkg/providerimages/pullsecret.go
pkg/providerimages/trustedca.go
pkg/providerimages/trustedca_test.go
pkg/test/provider_fixtures.go
pkg/util/readconfig.go

💤 Files with no reviewable changes (9)

dev-images.json
pkg/providerimages/mirrors_test.go
pkg/util/readconfig.go
pkg/providerimages/trustedca.go
pkg/providerimages/pullsecret.go
manifests/0000_30_cluster-api_11_deployment.yaml
manifests/0000_30_cluster-api-installer_04_images.configmap.yaml
pkg/providerimages/trustedca_test.go
pkg/providerimages/mirrors.go

✅ Files skipped from review due to trivial changes (2)

manifests/image-references
manifests/0000_30_cluster-api-installer_00_tombstones.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

pkg/test/provider_fixtures.go
pkg/controllers/revision/revision_controller_test.go
cmd/capi-operator/main.go

openshift-merge-bot · 2026-04-24T14:34:32Z

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

openshift-merge-bot · 2026-04-24T14:34:44Z

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

mdbooth · 2026-04-24T14:54:17Z

The earlier okd-scos-images failure was real, caused by adding nutanix. The problem is that nutanix is built for OCP, but not OKD. Adding it would require us to split the configuration, or to add it to OKD. I remember this is why it's not already in there, because we've tried to add it before. This is a problem for another day. I've removed the commit which added nutanix from this PR.

openshift-merge-bot · 2026-04-24T15:05:56Z

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-capi-techpreview
/test e2e-aws-ovn
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-aws-ovn-techpreview
/test e2e-aws-ovn-techpreview-upgrade
/test e2e-azure-capi-techpreview
/test e2e-azure-ovn-techpreview
/test e2e-azure-ovn-techpreview-upgrade
/test e2e-gcp-capi-techpreview
/test e2e-gcp-ovn-techpreview
/test e2e-metal3-capi-techpreview
/test e2e-openstack-capi-techpreview
/test e2e-openstack-ovn-techpreview
/test e2e-vsphere-capi-techpreview
/test regression-clusterinfra-aws-ipi-techpreview-capi

mdbooth · 2026-05-01T14:26:05Z

/override ?

openshift-ci · 2026-05-01T14:26:21Z

@mdbooth: /override requires failed status contexts, check run or a prowjob name to operate on.
The following unknown contexts/checkruns were given:

?

Only the following failed contexts/checkruns were expected:

CodeRabbit
ci/prow/build
ci/prow/e2e-aws-capi-disconnected-techpreview
ci/prow/e2e-aws-capi-techpreview
ci/prow/e2e-aws-ovn
ci/prow/e2e-aws-ovn-serial-1of2
ci/prow/e2e-aws-ovn-serial-2of2
ci/prow/e2e-aws-ovn-techpreview
ci/prow/e2e-aws-ovn-techpreview-upgrade
ci/prow/e2e-azure-capi-techpreview
ci/prow/e2e-azure-ovn-techpreview
ci/prow/e2e-azure-ovn-techpreview-upgrade
ci/prow/e2e-gcp-capi-techpreview
ci/prow/e2e-gcp-ovn-techpreview
ci/prow/e2e-metal3-capi-techpreview
ci/prow/e2e-openstack-capi-techpreview
ci/prow/e2e-openstack-ovn-techpreview
ci/prow/e2e-vsphere-capi-techpreview
ci/prow/images
ci/prow/lint
ci/prow/okd-scos-images
ci/prow/regression-clusterinfra-aws-ipi-techpreview-capi
ci/prow/unit
ci/prow/vendor
ci/prow/verify-deps
pull-ci-openshift-cluster-capi-operator-main-build
pull-ci-openshift-cluster-capi-operator-main-e2e-aws-capi-disconnected-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-aws-capi-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-aws-ovn
pull-ci-openshift-cluster-capi-operator-main-e2e-aws-ovn-serial-1of2
pull-ci-openshift-cluster-capi-operator-main-e2e-aws-ovn-serial-2of2
pull-ci-openshift-cluster-capi-operator-main-e2e-aws-ovn-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-aws-ovn-techpreview-upgrade
pull-ci-openshift-cluster-capi-operator-main-e2e-azure-capi-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-azure-ovn-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-azure-ovn-techpreview-upgrade
pull-ci-openshift-cluster-capi-operator-main-e2e-gcp-capi-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-gcp-ovn-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-metal3-capi-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-openstack-capi-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-openstack-ovn-techpreview
pull-ci-openshift-cluster-capi-operator-main-e2e-vsphere-capi-techpreview
pull-ci-openshift-cluster-capi-operator-main-images
pull-ci-openshift-cluster-capi-operator-main-lint
pull-ci-openshift-cluster-capi-operator-main-okd-scos-images
pull-ci-openshift-cluster-capi-operator-main-regression-clusterinfra-aws-ipi-techpreview-capi
pull-ci-openshift-cluster-capi-operator-main-unit
pull-ci-openshift-cluster-capi-operator-main-vendor
pull-ci-openshift-cluster-capi-operator-main-verify-deps
tide

If you are trying to override a checkrun that has a space in it, you must put a double quote on the context.

Details

In response to this:

/override ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

mdbooth · 2026-05-01T14:26:53Z

/override ci/prow/e2e-openstack-ovn-techpreview

Overriding because it causes the PR to be mis-reported as needing attention.

openshift-ci · 2026-05-01T14:27:06Z

@mdbooth: Overrode contexts on behalf of mdbooth: ci/prow/e2e-openstack-ovn-techpreview

Details

In response to this:

/override ci/prow/e2e-openstack-ovn-techpreview

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

theobarberbany

did a deeper pass on the current state of the PR (thanks claude) - inline comments below. verified that SelfImageRef replacement still happens in revisiongenerator/transform.go so that's not a regression, tombstone coverage is correct, deleted code has no remaining callers, and there's no race on volume readiness.

theobarberbany · 2026-05-07T10:03:58Z

+// BuildImageRefMapFromPod reads the given pod's spec to build a mapping
+// from mount subdirectory names to image references. It correlates image
+// volumes with their volume mounts to determine which image is mounted where.
+func BuildImageRefMapFromPod(ctx context.Context, k8sClient client.Reader, podName, podNamespace string) (map[string]string, error) {


BuildImageRefMapFromPod has no tests. this is the new critical path - correlating volumes to image refs via the pod spec. two nested loops, filepath.Base extraction, filtering by image volume type. should be straightforward to test with fake.NewClientBuilder(). worth covering: happy path with image volumes, non-image volumes being filtered out, volume mount with no matching volume, and the filepath.Base extraction from nested mount paths.

theobarberbany · 2026-05-07T10:03:58Z

-		contentID, err := writeManifestsWithHash(manifestsPath, profile.Manifests, profile.Metadata.SelfImageRef, imageRef)
-		if err != nil {
-			return nil, fmt.Errorf("failed to write manifests for profile %s: %w", profile.Profile, err)
+	for i := range pod.Spec.Containers {


this only iterates Containers, not InitContainers. fine today (no init containers in the deployment) but worth a comment so nobody gets bitten later if one gets added.

theobarberbany · 2026-05-07T10:03:59Z

+	providerImageDir := extraflags.String(
+		"provider-image-dir",
+		defaultProviderImageDirPath,
+		"Directory containing provider image manifests. In dev mode, set to a local directory to skip pod spec reading.",


I know you said you'd remove the dev mode stuff - just flagging that this help text still says "skip pod spec reading" but loadProviderImages unconditionally requires POD_NAME/POD_NAMESPACE. either fix or remove.

This is still in here - but not worth blocking on / redoing the CI run. FYI @mdbooth if you're gonna touch this any time soon.

theobarberbany · 2026-05-07T10:03:59Z


+	var logProviderProfiles []any
+	for _, profile := range providerProfiles {
+		logProviderProfiles = append(logProviderProfiles, profile.Name, fmt.Sprintf("%s/%s", profile.ImageRef, profile.Profile))


using provider names as log keys makes the structured output non-standard and harder to filter. one line per profile with fixed keys would be cleaner:

for _, profile := range providerProfiles { log.Info("loaded provider profile", "name", profile.Name, "imageRef", profile.ImageRef, "profile", profile.Profile) }

theobarberbany · 2026-05-07T10:04:07Z

one more thing - pkg/providerimages/suite_test.go bootstraps a ginkgo suite but all the ginkgo tests in this package were deleted (mirrors_test.go, trustedca_test.go). the new tests use standard go testing. this file runs zero specs now, should be removed.

theobarberbany · 2026-05-07T10:08:48Z

nit (not in scope for this PR): loadProfile reads manifest content into .Manifests but nothing downstream uses it - consumers read from ManifestsPath on disk. could skip the read and just check the file exists.

mdbooth · 2026-05-07T13:13:46Z

Unrelated flake (fixed in #551)

/test unit

openshift-merge-bot · 2026-05-07T13:26:01Z

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-capi-disconnected-techpreview
/test e2e-aws-capi-techpreview
/test e2e-aws-ovn
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-aws-ovn-techpreview
/test e2e-aws-ovn-techpreview-upgrade
/test e2e-azure-capi-techpreview
/test e2e-azure-ovn-techpreview
/test e2e-azure-ovn-techpreview-upgrade
/test e2e-gcp-capi-techpreview
/test e2e-gcp-ovn-techpreview
/test e2e-metal3-capi-techpreview
/test e2e-openstack-capi-techpreview
/test e2e-openstack-ovn-techpreview
/test e2e-vsphere-capi-techpreview
/test regression-clusterinfra-aws-ipi-techpreview-capi

openshift-merge-bot · 2026-05-07T20:09:58Z

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

openshift-merge-bot · 2026-05-08T07:44:44Z

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

mdbooth · 2026-05-08T10:07:22Z

Permafailing

/override ci/prow/e2e-openstack-ovn-techpreview

openshift-ci · 2026-05-08T10:07:39Z

@mdbooth: Overrode contexts on behalf of mdbooth: ci/prow/e2e-openstack-ovn-techpreview

Details

In response to this:

Permafailing

/override ci/prow/e2e-openstack-ovn-techpreview

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci · 2026-05-08T10:07:41Z

@mdbooth: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-azure-ovn-techpreview	`33b782c`	link	false	`/test e2e-azure-ovn-techpreview`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

mdbooth · 2026-05-08T10:09:35Z

Unrelated [sig-olmv1] OLMv1 operator with webhooks should have a working conversion webhook

/test e2e-aws-ovn-serial-2of2

mdbooth · 2026-05-08T10:12:21Z

/test e2e-azure-ovn-techpreview-upgrade

theobarberbany · 2026-05-11T12:21:56Z

/lgtm
/approve

openshift-ci · 2026-05-11T12:23:21Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: theobarberbany

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [theobarberbany]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

mdbooth · 2026-05-11T13:31:49Z

/verified by CI primarily e2e-aws-capi-disconnected-techpreview

openshift-ci-robot · 2026-05-11T13:32:02Z

@mdbooth: This PR has been marked as verified by CI primarily e2e-aws-capi-disconnected-techpreview.

Details

In response to this:

/verified by CI primarily e2e-aws-capi-disconnected-techpreview

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Apr 24, 2026

openshift-ci Bot requested review from RadekManak and nrb April 24, 2026 07:16

mdbooth force-pushed the image-volumes branch from 13db5b1 to a937531 Compare April 24, 2026 07:17

openshift-merge-bot Bot added the pipeline-auto label Apr 24, 2026

coderabbitai Bot reviewed Apr 24, 2026

View reviewed changes

mdbooth mentioned this pull request Apr 24, 2026

DNM: Test openshift/cluster-capi-operator#527 with aws-disconnected openshift/release#78315

Closed

mdbooth force-pushed the image-volumes branch from a937531 to 8d09225 Compare April 24, 2026 10:47

coderabbitai Bot reviewed Apr 24, 2026

View reviewed changes

Comment thread manifests/0000_30_cluster-api-installer_05_deployment.yaml

Comment thread pkg/providerimages/providerimages.go

theobarberbany reviewed Apr 24, 2026

View reviewed changes

mdbooth added a commit to openshift-cloud-team/release that referenced this pull request Apr 24, 2026

DNM: test disconnected job with openshift/cluster-capi-operator#527

80c0f73

theobarberbany reviewed Apr 24, 2026

View reviewed changes

mdbooth force-pushed the image-volumes branch from 8d09225 to 2aebeaa Compare April 24, 2026 13:21

coderabbitai Bot reviewed Apr 24, 2026

View reviewed changes

Comment thread cmd/capi-operator/main.go Outdated

mdbooth force-pushed the image-volumes branch from 2aebeaa to 335fba7 Compare April 24, 2026 14:02

coderabbitai Bot reviewed Apr 24, 2026

View reviewed changes

Comment thread manifests/0000_30_cluster-api-installer_05_deployment.yaml

Comment thread manifests/0000_30_cluster-api-installer_05_deployment.yaml

Comment thread pkg/providerimages/providerimages.go

mdbooth force-pushed the image-volumes branch from 335fba7 to 48c07f0 Compare April 24, 2026 14:51

theobarberbany reviewed May 7, 2026

View reviewed changes

mdbooth added 3 commits May 7, 2026 12:19

Improved logging when scanning images

25057dc

make vendor

3cc3f13

Add tests for BuildImageRefMap

33b782c

openshift-ci-robot removed the verified Signifies that the PR passed pre-merge verification criteria label May 7, 2026

openshift-ci Bot assigned theobarberbany May 11, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label May 11, 2026

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 11, 2026

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label May 11, 2026

openshift-merge-bot Bot merged commit 1805bd0 into openshift:main May 11, 2026
25 of 26 checks passed

mdbooth deleted the image-volumes branch May 11, 2026 13:54

Conversation

mdbooth commented Apr 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Release Notes

Uh oh!

openshift-merge-bot Bot commented Apr 24, 2026

Uh oh!

openshift-ci-robot commented Apr 24, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai Bot commented Apr 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviews paused

Walkthrough

Changes

Sequence Diagram

Estimated code review effort

❌ Failed checks (1 warning, 1 inconclusive)

Uh oh!

mdbooth commented Apr 24, 2026

Uh oh!

openshift-merge-bot Bot commented Apr 24, 2026

Uh oh!

openshift-merge-bot Bot commented Apr 24, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

openshift-merge-bot Bot commented Apr 24, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

openshift-merge-bot Bot commented Apr 24, 2026

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

theobarberbany Apr 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

openshift-merge-bot Bot commented Apr 24, 2026

Uh oh!

openshift-merge-bot Bot commented Apr 24, 2026

Uh oh!

mdbooth commented Apr 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-merge-bot Bot commented Apr 24, 2026

Uh oh!

mdbooth commented May 1, 2026

mdbooth commented Apr 24, 2026 •

edited

Loading

openshift-ci-robot commented Apr 24, 2026 •

edited by openshift-ci Bot

Loading

coderabbitai Bot commented Apr 24, 2026 •

edited

Loading

theobarberbany Apr 24, 2026 •

edited

Loading

mdbooth commented Apr 24, 2026 •

edited

Loading

mdbooth commented May 1, 2026 •

edited

Loading

theobarberbany left a comment •

edited

Loading

mdbooth commented May 7, 2026 •

edited

Loading

openshift-ci Bot commented May 8, 2026 •

edited

Loading