[Draft] - bumping with o/api changes to reflect new capabilities

[miyadav]

bumping changes from my fork to add new capabilities .
WIP - OCPCLOUD-3368
/hold

Generated by - claude-opus-4-6(2.1.169)

Summary by CodeRabbit

• Bug Fixes
  • Cluster version capability reporting now respects feature gates, ensuring gated capabilities are excluded from reported results when their gates are not enabled.
• Chores
  • Updated module dependency resolution via an API dependency redirect.
• Tests
  • Refreshed CVO scenario expectations and expanded capability unit tests to validate feature-gate filtering and excluded-capability behavior.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 31632744-10c1-4cab-88e2-81a9b86035a2

📥 Commits

Reviewing files that changed from the base of the PR and between 7329a7e and 0272f58.

⛔ Files ignored due to path filters (7)

• go.sum is excluded by !**/*.sum, !go.sum
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (3)

• go.mod
• lib/capability/capability.go
• lib/capability/capability_test.go

🚧 Files skipped from review as they are similar to previous changes (3)

• go.mod
• lib/capability/capability.go
• lib/capability/capability_test.go

---

Walkthrough

The PR adds feature-gate filtering to cluster version capabilities. A new FilterByFeatureGates export excludes capabilities whose required gates are not enabled. SetCapabilities now accepts enabledFeatureGates to exclude gated capabilities from Known/Enabled/ImplicitlyEnabled sets. Tests validate filtering behavior across gate-enabled and gate-disabled scenarios, the sync worker passes feature gates to capability computation, test scenarios use the filtering in initialization, and a module replacement redirects the API import.

Changes

Feature-gate filtering for cluster version capabilities

Layer / File(s)	Summary
Feature-gate capability mapping and filtering logic lib/capability/capability.go	Introduces featureGatedCapabilities map and gatedCapabilities helper to compute excluded capabilities, exports FilterByFeatureGates to filter capability slices, updates SetCapabilities to accept enabledFeatureGates and exclude gated capabilities from the Known set, and extends categorizeEnabledCapabilities to skip excluded capabilities while preserving implicitness behavior for non-excluded ones.
Comprehensive test coverage for feature-gate filtering lib/capability/capability_test.go	Adds allFeatureGates helper, refactors TestSetCapabilities and TestSetCapabilitiesWithImplicitlyEnabled to include enabledGates and gate-dependent expected values, adds "no gates enabled" test scenarios validating that gated capabilities are absent from both Known and Enabled, and introduces TestFilterByFeatureGates to verify filtering behavior when all gates are enabled versus no gates are enabled.
Sync worker and test scenario integration pkg/cvo/sync_worker.go, pkg/cvo/cvo_scenarios_test.go	SyncWorker.Update passes work.EnabledFeatureGates to SetCapabilities for feature-gate-aware capability computation. Test scenarios import the capability package and update sortedCaps and sortedKnownCaps initialization to use FilterByFeatureGates with an empty enabled-gates set.
API module dependency redirect go.mod	Adds replace directive to redirect github.com/openshift/api to github.com/miyadav/api at the specified pseudo-version.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 13 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 55.56% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title is vague and generic, using non-specific phrases like 'bumping with o/api changes' that don't clearly convey what the actual changes accomplish.	Revise the title to be more specific about the primary change, such as: 'Add feature-gated capability filtering support' or 'Implement capability filtering based on enabled feature gates'.

✅ Passed checks (13 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The PR uses standard Go testing (t.Run) with static, descriptive test names. No Ginkgo tests with dynamic identifiers found; all test names are stable and lack UUIDs, timestamps, or generated suffi...
Test Structure And Quality	✅ Passed	PR does not contain Ginkgo test code; modified tests use standard Go testing package with proper cleanup patterns, meaningful assertion messages, and single-responsibility test cases.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. All test modifications are standard Go unit tests (testing package), not Ginkgo e2e tests, so this check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. All modified test files use Go's standard testing package, not Ginkgo framework.
Topology-Aware Scheduling Compatibility	✅ Passed	The PR only modifies capability-filtering and feature-gate handling logic in CVO code. No scheduling constraints (affinity, anti-affinity, nodeSelector, replicas, tolerations, topology spread) are...
Ote Binary Stdout Contract	✅ Passed	All code changes are in library functions or test code with no stdout writes at process level. No main(), init(), TestMain(), or BeforeSuite() functions with logging violations were added or modified.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added. The only Ginkgo file modified is test/cvo/cvo_suite_test.go, which is just a test runner with no actual test cases. All 58 other test files are standard Go unit...
No-Weak-Crypto	✅ Passed	No weak cryptography found. PR contains no MD5, SHA1, DES, RC4, 3DES, Blowfish, or ECB usage. The single string comparison (container image digest) is not a secret/token requiring constant-time com...
Container-Privileges	✅ Passed	The PR contains hostNetwork: true in the CVO deployment manifest, which has explicit justification in comments explaining the operational necessity for the cluster version operator.
No-Sensitive-Data-In-Logs	✅ Passed	No new logging statements with sensitive data were introduced. The PR adds feature-gate capability filtering without exposing passwords, tokens, API keys, PII, session IDs, hostnames, or customer d...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: miyadav
Once this PR has been reviewed and has the lgtm label, please assign hongkailiu for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 118: go.mod currently contains a local replace directive pointing
github.com/openshift/api to a personal fork (the replace line referencing
github.com/miyadav/api), which must be removed or updated before merging;
replace that directive with the official module (remove the replace or point to
github.com/openshift/api at the appropriate tagged release) only after
OpenShift/api PR `#2884` is merged and an upstream release containing the needed
changes exists, and verify the release includes the expected capability/license
provenance before switching the dependency back to upstream.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e5f16882-9423-42ae-bc77-b4b83e14eb44

📥 Commits

Reviewing files that changed from the base of the PR and between 810bfc1 and 9a6cea5.

⛔ Files ignored due to path filters (56)

• go.sum is excluded by !**/*.sum, !go.sum
• vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_operator.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_image.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/install.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/types_etcd.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/security/v1/types.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify the fork commit exists and check for merge plan documentation

# Check if the target commit exists in the fork
echo "=== Checking if fork commit exists ==="
git ls-remote https://github.com/miyadav/api.git | grep -E "79a53623c27b|refs/heads/.*"

# Check if openshift/api PR `#2884` is merged
echo -e "\n=== Checking status of openshift/api PR `#2884` ==="
gh api repos/openshift/api/pulls/2884 --jq '.state, .merged, .merged_at, .title' 2>/dev/null || echo "Cannot access PR `#2884` - may need authentication"

# Search for any TODO or plan to replace with official version
echo -e "\n=== Searching for documented plan to replace fork ==="
rg -i "TODO|FIXME|TEMPORARY|miyadav" --type=md -C 2

Repository: openshift/cluster-version-operator

Length of output: 6985

---

go.mod: Remove personal-fork replace before production merge

go.mod currently uses replace github.com/openshift/api => github.com/miyadav/api v0.0.0-20260610140604-79a53623c27b. The target fork commit exists, but OpenShift/api PR #2884 is still open (merged=false), so merging this change would bake in an unmerged personal-fork dependency.

• Update/remove the replace to use the official github.com/openshift/api at a tagged release once PR #2884 is merged.
• Ensure the upstream release includes the expected capability changes (and provenance/license expectations) before pointing back to it.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 118, go.mod currently contains a local replace directive
pointing github.com/openshift/api to a personal fork (the replace line
referencing github.com/miyadav/api), which must be removed or updated before
merging; replace that directive with the official module (remove the replace or
point to github.com/openshift/api at the appropriate tagged release) only after
OpenShift/api PR `#2884` is merged and an upstream release containing the needed
changes exists, and verify the release includes the expected capability/license
provenance before switching the dependency back to upstream.

Source: Coding guidelines

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 118: Remove the replace directive in go.mod that currently points to the
personal fork github.com/miyadav/api. Before proceeding, verify that
openshift/api PR `#2884` has been merged and published as an official release tag.
Update the require directive to pin to the official github.com/openshift/api
module at the appropriate release version tag instead of using a pseudo-version.
Delete the entire replace line that references the miyadav/api fork. This
ensures the project depends on the official upstream module rather than a
personal fork, eliminating the supply-chain security concern.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 64f2bc7f-b24f-4144-8c85-d7cd07a9655a

📥 Commits

Reviewing files that changed from the base of the PR and between 4349892 and 09b1000.

⛔ Files ignored due to path filters (6)

• go.sum is excluded by !**/*.sum, !go.sum
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, confirm the current state of go.mod line 118 and surrounding context
head -n 130 go.mod | tail -n 20

Repository: openshift/cluster-version-operator

Length of output: 1129

---

🏁 Script executed:

# Search for all replace directives in go.mod to understand the full context
rg "^replace " go.mod

Repository: openshift/cluster-version-operator

Length of output: 282

---

🏁 Script executed:

# Check the git history for this change to understand intent and justification
git log --oneline -20 -- go.mod

Repository: openshift/cluster-version-operator

Length of output: 130

---

🏁 Script executed:

# Search for references to OCPCLOUD-3368 or the fork in commit messages
git log --all --grep="3368\|miyadav" --oneline

Repository: openshift/cluster-version-operator

Length of output: 264

---

🏁 Script executed:

# Get the full commit message for the recent go.mod update
git show 09b1000a

Repository: openshift/cluster-version-operator

Length of output: 50395

---

🏁 Script executed:

# Check if there are any references to the fork or PR `#2884` in the codebase
rg "2884|OCPCLOUD-3368|miyadav" --type md --type go

Repository: openshift/cluster-version-operator

Length of output: 4398

---

🏁 Script executed:

# Check the openshift/api module to see what version would be pinned without the replace
git log --oneline --max-count=1 -- go.mod | while read hash rest; do
  git show "$hash" | grep -A5 -B5 "openshift/api"
done

Repository: openshift/cluster-version-operator

Length of output: 50391

---

🏁 Script executed:

# Look for any related issues or PRs in commit history around capability/compatibility
git log --oneline -30 | head -20

Repository: openshift/cluster-version-operator

Length of output: 130

---

Remove the personal-fork replace directive before merging to production.

The replace directive still points to github.com/miyadav/api instead of the official github.com/openshift/api module. Although the pseudo-version was updated from the previous review (to v0.0.0-20260617162329-2cf942dc34c9), indicating active fork development, this does not resolve the supply-chain security concern:

• The commit message ("update o/api as per latest changes on fork") provides no justification for the fork usage.
• There is no confirmation that upstream openshift/api PR #2884 has been merged or released.
• Pseudo-versions (v0.0.0-*) are pre-release and unsuitable for production without explicit security justification.
• A personal fork introduces supply-chain risk unless integrated upstream.

Before this PR reaches main:

1. Verify that openshift/api PR #2884 has been merged into the official repository and a release tag has been published.
2. Update the go.mod require directive to pin the official release version.
3. Remove the replace directive entirely.
4. Confirm that the released version includes the expected capability changes for CompatibilityRequirements and ClusterAPI.

This directive is appropriate for WIP development but must not proceed to production.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 118, Remove the replace directive in go.mod that currently
points to the personal fork github.com/miyadav/api. Before proceeding, verify
that openshift/api PR `#2884` has been merged and published as an official release
tag. Update the require directive to pin to the official
github.com/openshift/api module at the appropriate release version tag instead
of using a pseudo-version. Delete the entire replace line that references the
miyadav/api fork. This ensures the project depends on the official upstream
module rather than a personal fork, eliminating the supply-chain security
concern.

Source: Coding guidelines