RHWA-1016: Set Agent image in container's environment

[clobrano]

Why we need this PR

The controller derives the Agent's image when the RELATED_IMAGE_SBR_AGENT environment variable is unset.
To prevent potential failures in this process, this PR ensure the environment variable is always set.

Changes made

• Set RELATED_IMAGE_SBR_AGENT for operator to locate agent image
• Remove agent image derivation fallback

Which issue(s) this PR fixes

Fixes #RHWA-1016

Test plan

No functionality was changed, hence the usual e2e tests must pass.

NOTE that we need to merge openshift/release#79603 first

Summary by CodeRabbit

• Refactor
  • Controller now reads the agent image from a dedicated environment variable and will retry reconciliation if it’s missing.
• Chores
  • Build and bundle pipeline updated to allow environment-variable substitution and to expose/embed the agent image in releases and manifests.
  • Deployment config tweak: topology spread behavior explicitly set.
• Tests
  • Test suite updated to use and validate the configured agent image in test environments.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@clobrano: This pull request references RHWA-1016 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target either version "5.0." or "openshift-5.0.", but it targets "rhwa-4.22-0" instead.

Details

In response to this:

Why we need this PR

The controller derives the Agent's image when the RELATED_IMAGE_SBR_AGENT environment variable is unset.
To prevent potential failures in this process, this PR ensure the environment variable is always set.

Changes made

• Set RELATED_IMAGE_SBR_AGENT for operator to locate agent image
• Remove agent image derivation fallback

Which issue(s) this PR fixes

Fixes #RHWA-1016

Test plan

No functionality was changed, hence the usual e2e tests must pass.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Replace operator-image-based agent image derivation with reading RELATED_IMAGE_AGENT. Removed DeriveAgentImageFromOperator and its test, added getAgentImage() in the controller that reads medik8sv1alpha1.RelatedImageAgent, updated tests to set the env var, and wired the env var through manager manifest, CSV, kustomize, and Makefile bundle step.

Changes

Agent Image Resolution via Environment Variable

Layer / File(s)	Summary
Remove derivation helper and rename constant api/v1alpha1/storagebasedremediationconfig_types.go, api/v1alpha1/storagebasedremediationconfig_types_test.go	Removed unused imports and logger, deleted exported DeriveAgentImageFromOperator, removed its unit test, and renamed the related-image constant to RelatedImageAgent = "RELATED_IMAGE_AGENT".
Controller: read RELATED_IMAGE_AGENT at runtime internal/controller/storagebasedremediationconfig_controller.go	Added getAgentImage(logger) that reads medik8sv1alpha1.RelatedImageAgent (env RELATED_IMAGE_AGENT) and returns an error if unset; updated Reconcile to call r.getAgentImage(logger) and requeue on error.
Update controller tests to set env var internal/controller/storagebasedremediationconfig_controller_test.go	Added testOperatorImage/testAgentImage, set RELATED_IMAGE_AGENT in multiple BeforeEach blocks with DeferCleanup, and updated DaemonSet assertions to expect testAgentImage.
Wire env var through manifests and build config/manager/kustomization.yaml, config/manager/manager.yaml, bundle/manifests/storage-based-remediation.clusterserviceversion.yaml, Makefile, .gitignore	Kustomize patch injects RELATED_IMAGE_AGENT from ${AGENT_IMG} into the manager Deployment; manager.yaml sets topologySpreadConstraints.whenUnsatisfiable; CSV gets a RELATED_IMAGE_AGENT env var and relatedImages entry for the agent; Makefile exports AGENT_IMG and runs envsubst in the bundle pipeline; .gitignore removed an obsolete manager entry.

Sequence Diagram(s)

sequenceDiagram
  participant Reconcile
  participant getAgentImage
  participant RELATED_IMAGE_AGENT as EnvVar
  Reconcile->>getAgentImage: request agent image
  getAgentImage->>RELATED_IMAGE_AGENT: read environment variable
  alt EnvVar set
    RELATED_IMAGE_AGENT-->>getAgentImage: image string
    getAgentImage-->>Reconcile: return image
  else EnvVar empty
    RELATED_IMAGE_AGENT-->>getAgentImage: empty
    getAgentImage-->>Reconcile: return error (requeue)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Suggested reviewers

• slintes
• beekhof
• razo7

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: setting the agent image in the container's environment variable.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[clobrano]

/test 4.20-openshift-e2e

[clobrano]

CI job needs a PR too. It adds the CI RELATED_IMAGE_SBR_AGENT env var instead than update the (now) existing value.

[razo7]

Is there any need for the full quay repo path instaed?

[clobrano]

The full path is replaced in the bundle
https://github.com/clobrano/storage-based-remediation/blob/60a790184bcd04ed635666b18d89589850175365/Makefile#L673-L674

[clobrano]

I'm having a look at the conflict

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/controller/storagebasedremediationconfig_controller_test.go`:
- Around line 378-379: The assertions comparing container.Image (and the related
assertions at the other location) depend on RELATED_IMAGE_SBR_AGENT being set
globally; make each affected test self-contained by setting
RELATED_IMAGE_SBR_AGENT to the expected testAgentImage in that test's BeforeEach
(or immediately before the assertion) and registering a cleanup to restore the
original value (using DeferCleanup or AfterEach calling os.Unsetenv/restore the
previous value). Update the test blocks that reference container.Image and
testAgentImage (and the second occurrence around the other assertion) to call
os.Setenv("RELATED_IMAGE_SBR_AGENT", testAgentImage) and defer a cleanup to
restore or unset it so tests do not rely on process-global state.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fcd4f1b0-fbd6-4e65-be1a-add902e1a501

📥 Commits

Reviewing files that changed from the base of the PR and between fa5cf59 and a494bd0.

📒 Files selected for processing (7)

• Makefile
• api/v1alpha1/storagebasedremediationconfig_types.go
• api/v1alpha1/storagebasedremediationconfig_types_test.go
• bundle/manifests/storage-based-remediation.clusterserviceversion.yaml
• config/manager/manager.yaml
• internal/controller/storagebasedremediationconfig_controller.go
• internal/controller/storagebasedremediationconfig_controller_test.go

💤 Files with no reviewable changes (2)

• api/v1alpha1/storagebasedremediationconfig_types_test.go
• api/v1alpha1/storagebasedremediationconfig_types.go

[clobrano]

NOTE that we need to merge openshift/release#79603 first

EDIT

after commit d799f91, the CI change above might not be necessary anymore

CI is expected to build the CSV using the new RELATED_IMAGE_AGENT environment variable and the CI registry.
If the PR passes existing E2E tests while using this variable, it confirms the agent image is being correctly pulled from the new source, validating the change.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Makefile`:
- Line 674: The yq selector in the Makefile currently targets
(.spec.relatedImages[] | select(.name == "agent")).image which doesn't match the
CSV entry named "sbr-agent" and can no-op; update the selector in the Makefile's
yq invocation to select the relatedImages entry by the actual name "sbr-agent"
(i.e., replace the select(.name == "agent") predicate with select(.name ==
"sbr-agent")) so the AGENT_IMG value is applied to the correct
(.spec.relatedImages[]).image field.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9fb4f685-5632-4a57-bc0c-fa24449d5628

📥 Commits

Reviewing files that changed from the base of the PR and between 1066ea2 and d799f91.

📒 Files selected for processing (6)

• Makefile
• api/v1alpha1/storagebasedremediationconfig_types.go
• bundle/manifests/storage-based-remediation.clusterserviceversion.yaml
• config/manager/manager.yaml
• internal/controller/storagebasedremediationconfig_controller.go
• internal/controller/storagebasedremediationconfig_controller_test.go

[clobrano]

/test 4.20-openshift-e2e

[slintes]

IMHO this can be done in a more "kustomize" than "yq" way:

step 1:
remove RELATED_IMAGE_AGENT env var completely from manager.yaml

step 2:
add this to its kustomization.yaml instead:

patches:
- patch: |
    - op: add
      path: /spec/template/spec/containers/0/env/-
      value:
        name: RELATED_IMAGE_AGENT
        value: ${AGENT_IMG}
  target:
    kind: Deployment
    name: controller-manager

(and please delete that weird imagePullPolicy thing from images(!) 🤷🏼‍♂️ )

step 3:
in the Makefile

• add export AGENT_IMG after its declared
• in the bundle target, add | envsubst between kustomize build ... and operator-sdk generate...., and remove the 2 yq commands

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Makefile`:
- Line 673: The Makefile's bundle pipeline uses an unscoped envsubst which may
replace unintended ${...} placeholders; restrict envsubst to only AGENT_IMG by
invoking envsubst with that variable (so only AGENT_IMG is substituted) when
piping the output of the kustomize build before calling $(OPERATOR_SDK) generate
bundle, ensuring other ${...} placeholders remain untouched; update the pipeline
line referencing $(KUSTOMIZE) build and envsubst accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3689d73e-02dc-401a-9ba4-f9171e40ce0d

📥 Commits

Reviewing files that changed from the base of the PR and between d799f91 and 21acb54.

📒 Files selected for processing (9)

• .gitignore
• Makefile
• api/v1alpha1/storagebasedremediationconfig_types.go
• api/v1alpha1/storagebasedremediationconfig_types_test.go
• bundle/manifests/storage-based-remediation.clusterserviceversion.yaml
• config/manager/kustomization.yaml
• config/manager/manager.yaml
• internal/controller/storagebasedremediationconfig_controller.go
• internal/controller/storagebasedremediationconfig_controller_test.go

💤 Files with no reviewable changes (2)

• api/v1alpha1/storagebasedremediationconfig_types_test.go
• .gitignore

✅ Files skipped from review due to trivial changes (2)

• config/manager/manager.yaml
• internal/controller/storagebasedremediationconfig_controller_test.go

[clobrano]

/test 4.20-openshift-e2e

[slintes]

lgtm

not sure if there are any open discussions, or if we want to keep this open and merge thr release PR first...

/hold

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: clobrano, slintes

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [clobrano,slintes]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@config/manager/kustomization.yaml`:
- Around line 9-18: The patch in config/manager/kustomization.yaml inserts
RELATED_IMAGE_AGENT with a literal value of ${AGENT_IMG}, which is only being
envsubst'ed for the OLM bundle; update the build/render pipeline so non-bundle
paths also perform envsubst. Specifically, modify the Makefile targets
(build-installer, build-openshift-installer, deploy) or their underlying render
steps that process config/default and config/openshift-default to run envsubst
on the rendered YAML (or otherwise substitute AGENT_IMG) so RELATED_IMAGE_AGENT
in the controller-manager Deployment is replaced with the actual AGENT_IMG value
rather than left as the literal ${AGENT_IMG}.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fffb6ddd-ca86-4376-a48c-c0f94ac934dd

📥 Commits

Reviewing files that changed from the base of the PR and between 21acb54 and 4c45645.

📒 Files selected for processing (9)

• .gitignore
• Makefile
• api/v1alpha1/storagebasedremediationconfig_types.go
• api/v1alpha1/storagebasedremediationconfig_types_test.go
• bundle/manifests/storage-based-remediation.clusterserviceversion.yaml
• config/manager/kustomization.yaml
• config/manager/manager.yaml
• internal/controller/storagebasedremediationconfig_controller.go
• internal/controller/storagebasedremediationconfig_controller_test.go

💤 Files with no reviewable changes (2)

• .gitignore
• api/v1alpha1/storagebasedremediationconfig_types_test.go

✅ Files skipped from review due to trivial changes (1)

• config/manager/manager.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "1) Confirm placeholder injection in manager kustomization"
rg -n '\$\{AGENT_IMG\}' config/manager/kustomization.yaml

echo
echo "2) Confirm non-bundle kustomize paths currently skip envsubst"
rg -n '^\s*\$\(KUSTOMIZE\) build config/default( \|| >)' Makefile -C1
rg -n '^\s*\$\(KUSTOMIZE\) build config/openshift-default >' Makefile -C1

echo
echo "3) If kustomize exists, check rendered default manifest for literal placeholder"
if command -v kustomize >/dev/null 2>&1; then
  kustomize build config/default | rg -n 'RELATED_IMAGE_AGENT|\$\{AGENT_IMG\}' -C1
else
  echo "kustomize not found on PATH; install it and rerun step 3."
fi

Repository: medik8s/storage-based-remediation

Length of output: 1142

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== config/manager/kustomization.yaml (context around injected placeholder) =="
nl -ba config/manager/kustomization.yaml | sed -n '1,120p'

echo
echo "== Where envsubst is used (repo-wide) =="
rg -n "envsubst" -S . || true

echo
echo "== Where AGENT_IMG is referenced (repo-wide) =="
rg -n "AGENT_IMG" -S . || true

echo
echo "== KUSTOMIZE build/apply pipelines in Makefile that might render manifests =="
rg -n "\\$\\(KUSTOMIZE\\) build|kustomize build" Makefile -S || true

Repository: medik8s/storage-based-remediation

Length of output: 216

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== config/manager/kustomization.yaml (first 160 lines) =="
cat -n config/manager/kustomization.yaml | sed -n '1,160p'

echo
echo "== Where envsubst is used (repo-wide) =="
rg -n "envsubst" -S . || true

echo
echo "== Where AGENT_IMG is referenced (repo-wide) =="
rg -n "AGENT_IMG" -S . || true

echo
echo "== Kustomize build/apply pipelines in Makefile(s) =="
rg -n "\\$\\(KUSTOMIZE\\) build|kustomize build|\\$\\(KUBECTL\\) apply|\\$\\(KUBECTL\\) delete" Makefile* -S || true
ls -la

Repository: medik8s/storage-based-remediation

Length of output: 6658

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Makefile: KUSTOMIZE definition =="
rg -n "^[A-Z_]+\\s*\\??=\\s*.*kustomize" Makefile
rg -n "KUSTOMIZE\\s*[:?]?=" Makefile

echo
echo "== Makefile: relevant targets around build/install/deploy =="
rg -n "^build-installer:|^build-openshift-installer:|^deploy:|^undeploy:|^bundle|generate bundle|OPERATOR_SDK generate bundle" Makefile

echo
echo "== Show Makefile sections around those matches =="
# Use awk to print ~40 lines around each match line number
python3 - <<'PY'
import re, subprocess, os, sys
import pathlib

mk = pathlib.Path("Makefile").read_text().splitlines()
pat = re.compile(r'^(build-installer:|build-openshift-installer:|deploy:|undeploy:|bundle|generate bundle|OPERATOR_SDK generate bundle)')
for i,line in enumerate(mk, start=1):
    if pat.search(line):
        start=max(1,i-25); end=min(len(mk), i+35)
        print("\n\n--- Makefile lines", start, "-", end, "(around", i, ")", "---")
        for j in range(start,end+1):
            print(f"{j:5d}\t{mk[j-1]}")
PY

Repository: medik8s/storage-based-remediation

Length of output: 43375

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== kustomization.yaml files under config/manager =="
find config/manager -maxdepth 6 -name "kustomization.yaml" -print | sort

echo
echo "== Inspect config/manager/config/default/kustomization.yaml (if present) =="
if [ -f config/manager/config/default/kustomization.yaml ]; then
  cat -n config/manager/config/default/kustomization.yaml
else
  echo "MISSING: config/manager/config/default/kustomization.yaml"
fi

echo
echo "== Inspect config/manager/manager.yaml (referenced by root kustomization.yaml) =="
if [ -f config/manager/manager.yaml ]; then
  rg -n "RELATED_IMAGE_AGENT|AGENT_IMG|\$\{AGENT_IMG\}" config/manager/manager.yaml || true
  cat -n config/manager/manager.yaml | sed -n '1,220p'
else
  echo "MISSING: config/manager/manager.yaml"
fi

echo
echo "== Find RELATED_IMAGE_AGENT usage across config/manager =="
rg -n "RELATED_IMAGE_AGENT|\$\{AGENT_IMG\}" config/manager || true

Repository: medik8s/storage-based-remediation

Length of output: 5212

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Directory layout under config/manager =="
ls -la config/manager
echo
find config/manager -maxdepth 3 -type d -print | sort

echo
echo "== Any kustomization.yaml under config/manager (any depth) =="
find config/manager -type f -name "kustomization.yaml" -print | sort

echo
echo "== Check for expected overlay directories =="
for d in config/manager/config/default config/manager/config/openshift-default config/manager/config/manifests config/manager/default config/manager/openshift-default config/manager/manifests; do
  if [ -d "$d" ]; then
    echo "FOUND: $d"
    ls -la "$d"
  else
    echo "MISSING: $d"
  fi
done

echo
echo "== Show first 160 lines of config/manager/kustomization.yaml (root) =="
cat -n config/manager/kustomization.yaml | sed -n '1,200p' || true

Repository: medik8s/storage-based-remediation

Length of output: 1376

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Find update-manifests target =="
rg -n "^update-manifests:|update-manifests" Makefile

echo
echo "== Show Makefile section around update-manifests =="
python3 - <<'PY'
import pathlib, re
mk = pathlib.Path("Makefile").read_text().splitlines()
for i,l in enumerate(mk, start=1):
    if re.match(r"^update-manifests:", l):
        start=max(1,i-30); end=min(len(mk), i+120)
        print(f"\n--- Makefile lines {start}-{end} (around update-manifests at {i}) ---")
        for j in range(start,end+1):
            print(f"{j:5d}\t{mk[j-1]}")
        break
PY

echo
echo "== Check how config/manifests or config/manager/config/default might be generated =="
rg -n "config/manager/config/default|config/manager/config/openshift-default|config/manifests|config/manager/manifests" Makefile config -S || true

echo
echo "== Check for scripts that create those directories =="
find hack scripts tools -type f -maxdepth 3 -print 2>/dev/null | head -n 50

Repository: medik8s/storage-based-remediation

Length of output: 9442

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== config/ tree (top level) =="
ls -la config | head -n 200

echo
echo "== config/default contents =="
ls -la config/default 2>/dev/null || true
if [ -f config/default/kustomization.yaml ]; then
  echo "--- config/default/kustomization.yaml (head) ---"
  cat -n config/default/kustomization.yaml | sed -n '1,200p'
fi

echo
echo "== config/openshift-default contents =="
ls -la config/openshift-default 2>/dev/null || true
if [ -f config/openshift-default/kustomization.yaml ]; then
  echo "--- config/openshift-default/kustomization.yaml (head) ---"
  cat -n config/openshift-default/kustomization.yaml | sed -n '1,200p'
fi

echo
echo "== config/manifests contents =="
ls -la config/manifests 2>/dev/null || true
if [ -f config/manifests/kustomization.yaml ]; then
  echo "--- config/manifests/kustomization.yaml (head) ---"
  cat -n config/manifests/kustomization.yaml | sed -n '1,200p'
fi

echo
echo "== Search for RELATED_IMAGE_AGENT / AGENT_IMG within config/ =="
rg -n "RELATED_IMAGE_AGENT|\$\{AGENT_IMG\}|AGENT_IMG" config -S || true

echo
echo "== Search for envsubst within Makefile and scripts =="
rg -n "envsubst" Makefile scripts tools config -S || true

Repository: medik8s/storage-based-remediation

Length of output: 13864

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Makefile targets: manifests, kustomize, generate kustomize =="
rg -n "^manifests:|^kustomize:|^generate:|generate kustomize|kustomize ##|kustomize " Makefile

echo
echo "== Search for envsubst usage across repo (AGENT_IMG-related) =="
rg -n "envsubst" -S . || true
rg -n "envsubst.*AGENT_IMG|AGENT_IMG.*envsubst|\\$\\{AGENT_IMG\\}" -S . || true

echo
echo "== Search for RELATED_IMAGE_AGENT across repo =="
rg -n "RELATED_IMAGE_AGENT" -S . || true

echo
echo "== Search for substitutions of AGENT_IMG besides bundle envsubst =="
rg -n "AGENT_IMG" -S Makefile scripts hack config test || true

echo
echo "== Where config/manager/config/* is created (if at all) =="
rg -n "config/manager/config" -S Makefile hack scripts tools || true

echo
echo "== Where config/default/config/manifests are referenced relative to config/manager =="
rg -n "cd config/manager.*build config/(default|openshift-default|manifests)" -S Makefile

Repository: medik8s/storage-based-remediation

Length of output: 6573

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Makefile: manifests target =="
rg -n "^manifests:" Makefile
python3 - <<'PY'
import pathlib, re
mk = pathlib.Path("Makefile").read_text().splitlines()
for i,l in enumerate(mk, start=1):
    if re.match(r'^manifests:', l):
        start=max(1,i-20); end=min(len(mk), i+120)
        print(f"--- Makefile lines {start}-{end} (around manifests at {i}) ---")
        for j in range(start,end+1):
            print(f"{j:5d}\t{mk[j-1]}")
        break
PY

echo
echo "== Makefile: kustomize target =="
rg -n "^kustomize:" Makefile
python3 - <<'PY'
import pathlib, re
mk = pathlib.Path("Makefile").read_text().splitlines()
for i,l in enumerate(mk, start=1):
    if re.match(r'^kustomize:', l):
        start=max(1,i-20); end=min(len(mk), i+120)
        print(f"--- Makefile lines {start}-{end} (around kustomize at {i}) ---")
        for j in range(start,end+1):
            print(f"{j:5d}\t{mk[j-1]}")
        break
PY

echo
echo "== Makefile: check for any generation of config/manager/config/* =="
rg -n "config/manager/config/default|config/manager/config/openshift-default|config/manager/config/manifests|config/manager/config" Makefile || true
rg -n "config/default|config/openshift-default|config/manifests" Makefile | head -n 80 || true

echo
echo "== Show Makefile dependency graph around build-installer/deploy =="
python3 - <<'PY'
import pathlib, re
mk = pathlib.Path("Makefile").read_text().splitlines()
targets = ["build-installer","build-openshift-installer","deploy","kustomize","manifests","generate"]
for t in targets:
    for i,l in enumerate(mk, start=1):
        if re.match(r'^'+re.escape(t)+r':', l):
            print("\nTarget:", t, "line", i)
            print(l)
            # print next 10 lines
            for j in range(i, min(i+15, len(mk))+1):
                pass
            break
PY

Repository: medik8s/storage-based-remediation

Length of output: 15240

---

Fix ${AGENT_IMG} placeholder substitution for non-bundle renders

config/manager/kustomization.yaml patches the controller-manager Deployment to set RELATED_IMAGE_AGENT to value: ${AGENT_IMG}. The OLM bundle path substitutes it via envsubst '$$AGENT_IMG', but make build-installer, make build-openshift-installer, and make deploy render config/default / config/openshift-default without envsubst, so ${AGENT_IMG} can reach the deployed controller literally.

💡 Suggested fix (Makefile) to apply envsubst to all render paths

 .PHONY: build-installer
 build-installer: update-manifests manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment.
 	mkdir -p dist
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(QUAY_OPERATOR_NAME):$(IMAGE_TAG)
-	$(KUSTOMIZE) build config/default > dist/install.yaml
+	$(KUSTOMIZE) build config/default | envsubst '$$AGENT_IMG' > dist/install.yaml

 .PHONY: build-openshift-installer
 build-openshift-installer: update-manifests manifests generate kustomize ## Generate a consolidated YAML with CRDs, deployment, and OpenShift SecurityContextConstraints.
 	mkdir -p dist
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(QUAY_OPERATOR_NAME):$(IMAGE_TAG)
-	$(KUSTOMIZE) build config/openshift-default > dist/install.yaml
+	$(KUSTOMIZE) build config/openshift-default | envsubst '$$AGENT_IMG' > dist/install.yaml

 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
+	$(KUSTOMIZE) build config/default | envsubst '$$AGENT_IMG' | $(KUBECTL) apply -f -

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config/manager/kustomization.yaml` around lines 9 - 18, The patch in
config/manager/kustomization.yaml inserts RELATED_IMAGE_AGENT with a literal
value of ${AGENT_IMG}, which is only being envsubst'ed for the OLM bundle;
update the build/render pipeline so non-bundle paths also perform envsubst.
Specifically, modify the Makefile targets (build-installer,
build-openshift-installer, deploy) or their underlying render steps that process
config/default and config/openshift-default to run envsubst on the rendered YAML
(or otherwise substitute AGENT_IMG) so RELATED_IMAGE_AGENT in the
controller-manager Deployment is replaced with the actual AGENT_IMG value rather
than left as the literal ${AGENT_IMG}.

[clobrano]

CI is not yet up-to-date to handle this change (see openshift/release#79603)

/override ci/prow/4.20-openshift-e2e

[openshift-ci]

@clobrano: Overrode contexts on behalf of clobrano: ci/prow/4.20-openshift-e2e

Details

In response to this:

CI is not yet up-to-date to handle this change (see openshift/release#79603)

/override ci/prow/4.20-openshift-e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[slintes]

/hold cancel

[clobrano]

CI is not yet up-to-date to handle this change (see openshift/release#79603)

/override ci/prow/4.20-openshift-e2e

[openshift-ci]

@clobrano: Overrode contexts on behalf of clobrano: ci/prow/4.20-openshift-e2e

Details

In response to this:

CI is not yet up-to-date to handle this change (see openshift/release#79603)

/override ci/prow/4.20-openshift-e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.