updating operator-framework api w/ additional bundle validation by acornett21 · Pull Request #1370 · redhat-openshift-ecosystem/openshift-preflight

acornett21 · 2026-02-16T20:31:11Z

Motivation

Over time and historically, the catalogs produced by any/all of are tooling, contain bundles that:

break for all customers
break for some customers
break the OCP UI

With that we try to improve the validation overtime as more and more sharp edges are found. One such incident was found where a partners relatedImages section contained an invalid sha256 value, casing oc-mirror of the catalog to be broken. Luckly, for that instance, the bundle in question was the first version that the operator author had released, so a removal/fix was able to be made.

During that remove/fix operator-framework/api was updated with further bundle validation to catch these types of issues:

DependsOn: add bundle relatedimage image pullspec validation operator-framework/api#475

Testing

This PR points to a fork/commit of operator-framework/api, below is what would be outputted for an incorrect bundle in the catalog.

PFLT_INDEXIMAGE=registry.redhat.io/redhat/certified-operator-index:v4.20 preflight check operator check operator registry.connect.redhat.com/nvidia/gpu-operator-bundle:v23.3.0

...
time="2026-02-16T10:41:18-07:00" level=error msg="Error: Value spec.relatedImages[3].image: relatedImages[3] has an invalid image pullspec \"nvcr.io/nvidia/k8s/container-toolkit@sha256:489125ceae5864280e4d6a9ab52ab0f650b3179349a7298c4a204feb60b661a\": invalid checksum digest length" check=ValidateOperatorBundle error="validate operator bundle error"
time="2026-02-16T10:41:18-07:00" level=info msg="check completed" check=ValidateOperatorBundle result=FAILED

coveralls · 2026-02-16T20:40:25Z

coverage: 84.053%. remained the same
when pulling 57e747e on acornett21:update_of_api
into 5aed1c7 on redhat-openshift-ecosystem:main.

dcibot · 2026-02-16T21:16:40Z

from change #1370:

SUCCESS https://www.distributed-ci.io/jobs/fd0a72c5-928a-4dc8-be57-d5627b9d0ba0/jobStates

dcibot · 2026-02-17T18:37:45Z

from change #1370:

SUCCESS https://www.distributed-ci.io/jobs/162965fe-c852-4a88-ac32-988f8389fe96/jobStates

dcibot · 2026-02-25T20:03:49Z

from change #1370:

SUCCESS https://www.distributed-ci.io/jobs/4218a4d5-5fa6-416f-9345-10b849f7f2ec/jobStates

github-actions

## 📋 Review Summary

This Pull Request updates multiple dependencies, particularly bumping operator-framework/api to v0.40.0 and adding a replace directive for testing additional bundle validation. The changes to go.mod and go.sum appear correct for a draft or testing context, but introduce a supply chain issue if merged as-is.

🔍 General Feedback

Dependency Updates: The general dependency version bumps and indirect module additions in go.mod and go.sum look standard and align with expected Go module management practices.
Testing Context: As mentioned in the PR description, if this branch is primarily for testing the output against a specific fork, consider converting the PR to a Draft to clearly signal that it is not yet ready to be merged.

bcrochet · 2026-02-26T18:36:34Z

/retest

dcibot · 2026-02-26T20:02:19Z

from change #1370:

SUCCESS https://www.distributed-ci.io/jobs/27f6f80e-926c-47c8-b90f-0c913b0fb1d4/jobStates

bcrochet

There's a bit more here than just operator-framework api... I'm fine with that, as long as we've validated that things like graphql and go-containerregistry haven't had breaking changes.

/lgtm

Signed-off-by: Adam D. Cornett <adc@redhat.com>

acornett21 · 2026-03-02T17:26:05Z

@bcrochet I thought I had added those as a separate commit, but since I did not I just rolled them back to keep this PR clean. I'll update the other things in another PR.

dcibot · 2026-03-02T18:08:02Z

from change #1370:

SUCCESS https://www.distributed-ci.io/jobs/0d24ed62-2881-4584-a020-8eba60fe1251/jobStates

bcrochet

/lgtm

openshift-ci · 2026-03-03T14:54:05Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: acornett21, bcrochet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [acornett21,bcrochet]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

acornett21 added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 16, 2026

openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 16, 2026

openshift-ci Bot requested review from jomkz and komish February 16, 2026 20:31

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 16, 2026

acornett21 added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 16, 2026

acornett21 force-pushed the update_of_api branch from 82b0a8b to 57e747e Compare February 17, 2026 17:51

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 18, 2026

acornett21 force-pushed the update_of_api branch from 57e747e to 3d34f66 Compare February 25, 2026 16:27

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 25, 2026

acornett21 added gemini-review and removed do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Feb 25, 2026

github-actions Bot reviewed Feb 25, 2026

View reviewed changes

Comment thread go.mod Outdated

acornett21 force-pushed the update_of_api branch from 3d34f66 to 65e7bb9 Compare February 26, 2026 18:38

github-actions Bot removed the gemini-review label Feb 26, 2026

bcrochet approved these changes Feb 26, 2026

View reviewed changes

openshift-ci Bot assigned bcrochet Feb 26, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Feb 26, 2026

acornett21 force-pushed the update_of_api branch from 65e7bb9 to 725ff0a Compare March 2, 2026 17:21

openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Mar 2, 2026

updating operator-framework api w/ additional bundle validation

a2415ff

Signed-off-by: Adam D. Cornett <adc@redhat.com>

acornett21 force-pushed the update_of_api branch from 725ff0a to a2415ff Compare March 2, 2026 17:24

bcrochet approved these changes Mar 3, 2026

View reviewed changes

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Mar 3, 2026

acornett21 merged commit 1a41e40 into redhat-openshift-ecosystem:main Mar 3, 2026
17 checks passed

Conversation

acornett21 commented Feb 16, 2026

Motivation

Testing

Uh oh!

coveralls commented Feb 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dcibot commented Feb 16, 2026

Uh oh!

dcibot commented Feb 17, 2026

Uh oh!

dcibot commented Feb 25, 2026

Uh oh!

github-actions Bot left a comment

Choose a reason for hiding this comment

🔍 General Feedback

Uh oh!

Uh oh!

bcrochet commented Feb 26, 2026

Uh oh!

dcibot commented Feb 26, 2026

Uh oh!

bcrochet left a comment

Choose a reason for hiding this comment

Uh oh!

acornett21 commented Mar 2, 2026

Uh oh!

dcibot commented Mar 2, 2026

Uh oh!

bcrochet left a comment

Choose a reason for hiding this comment

Uh oh!

openshift-ci Bot commented Mar 3, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

coveralls commented Feb 16, 2026 •

edited

Loading