CNTRLPLANE-3510: Enable additional golangci-lint linters

[bryan-cox]

Summary

Enables five new golangci-lint linters and fixes all violations across the codebase:

• errorlint: Enforces errors.As/errors.Is instead of type assertions/direct comparisons on errors, enabling proper wrapped-error detection
• nilerr: Detects functions that check err != nil then silently return nil, swallowing errors. Intentional cases (e.g., not-found during cleanup) are suppressed with //nolint:nilerr comments
• noctx: Requires http.NewRequestWithContext instead of http.NewRequest/http.Get, ensuring HTTP requests respect context cancellation
• usestdlibvars: Enforces stdlib constants (http.StatusOK, http.MethodGet) instead of magic literals
• dupword: Catches duplicate words in comments (e.g., "the the", "is is")

Also adds unit tests covering the behavioral changes introduced by the linter fixes.

Commits

1. chore: enable additional golangci-lint linters — .golangci.yml configuration
2. fix: resolve all errorlint violations — errors.As/errors.Is migration across ~30 files
3. fix: suppress intentional nilerr violations — //nolint:nilerr for legitimate error-swallowing patterns
4. fix: resolve all noctx violations — http.NewRequestWithContext migration
5. fix: resolve all usestdlibvars violations — stdlib constant usage
6. fix: resolve all dupword violations — comment typo fixes
7. test: add unit tests for linter fix error paths — 21 new test cases validating wrapped-error detection, URL parsing, error retryability, and more

Test plan

• make lint passes with all new linters enabled
• make test passes (unit tests)
• New unit tests cover key behavioral changes from errorlint (errors.As wrapped error detection) and noctx fixes
• CI e2e tests pass

🤖 Generated with Claude Code

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@bryan-cox: This pull request explicitly references no jira issue.

Details

In response to this:

Summary

• Enable the errorlint golangci-lint linter which catches three categories of error handling bugs:
• %v/%s used instead of %w in fmt.Errorf() — errors not wrapped, breaks errors.Is/errors.As chains
• Direct error comparison (==/!=) instead of errors.Is() — fails on wrapped errors
• Error type assertions instead of errors.As() — fails on wrapped errors
• Fix all existing violations across 76 files
• Set max-same-issues: 0 so all violations surface in a single lint run

Test plan

• make lint passes with 0 issues
• make test passes with no regressions
• CI e2e tests pass

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [bryan-cox]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR standardizes error handling and context usage across the repository: it enables the errorlint and nilerr linters; replaces many non-wrapping fmt.Errorf uses with %w; converts direct type assertions/equality to errors.As / errors.Is where appropriate; makes HTTP requests, dialing, and some command executions context-aware (http.NewRequestWithContext, DialContext, exec.CommandContext); adds //nolint:nilerr annotations on intentional retry branches returning nil errors; and applies corresponding test updates. No public API signatures were changed.

Suggested reviewers

• muraee
• sdminonne
• clebs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

[codecov]

Codecov Report

❌ Patch coverage is 21.17647% with 201 lines in your changes missing coverage. Please review.
✅ Project coverage is 40.45%. Comparing base (c3cc46c) to head (3907a5c).
⚠️ Report is 20 commits behind head on main.

Files with missing lines	Patch %	Lines
...ostedcontrolplane/hostedcontrolplane_controller.go	0.00%	19 Missing ⚠️
...trollers/hostedcluster/hostedcluster_controller.go	16.66%	15 Missing ⚠️
...perator/controllers/hostedcontrolplane/kas/auth.go	0.00%	12 Missing ⚠️
...tor/controllers/resources/kas/admissionpolicies.go	0.00%	10 Missing ⚠️
availability-prober/availability_prober.go	0.00%	7 Missing ⚠️
support/supportedversion/version.go	36.36%	6 Missing and 1 partial ⚠️
cmd/infra/azure/rbac.go	0.00%	6 Missing ⚠️
cmd/infra/powervs/destroy.go	0.00%	6 Missing ⚠️
...ontrollers/hostedcontrolplane/oauth/idp_convert.go	14.28%	6 Missing ⚠️
...rollers/hostedcontrolplane/v2/oauth/idp_convert.go	14.28%	6 Missing ⚠️
... and 61 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8567      +/-   ##
==========================================
+ Coverage   40.34%   40.45%   +0.11%     
==========================================
  Files         755      755              
  Lines       93167    93259      +92     
==========================================
+ Hits        37587    37728     +141     
+ Misses      52877    52831      -46     
+ Partials     2703     2700       -3     

Files with missing lines	Coverage Δ
cmd/infra/aws/util/errors.go	100.00% <100.00%> (+100.00%)	⬆️
cmd/nodepool/core/create.go	20.23% <100.00%> (ø)
...erator/controllers/gcpprivateserviceconnect/dns.go	18.25% <100.00%> (+0.23%)	⬆️
...rollers/hostedcluster/internal/proxy/validation.go	82.60% <100.00%> (ø)
...rshift-operator/controllers/nodepool/conditions.go	53.93% <100.00%> (ø)
ignition-server/controllers/cache.go	100.00% <100.00%> (ø)
sharedingress-config-generator/controller.go	62.28% <100.00%> (ø)
...t/controlplane-component/token-minter-container.go	89.09% <ø> (ø)
support/globalconfig/proxy.go	0.00% <ø> (ø)
support/util/util.go	39.54% <100.00%> (ø)
... and 72 more

... and 4 files with indirect coverage changes

Flag	Coverage Δ
cmd-support	34.53% <30.55%> (+0.23%)	⬆️
cpo-hostedcontrolplane	41.74% <16.25%> (-0.02%)	⬇️
cpo-other	40.34% <14.81%> (+0.20%)	⬆️
hypershift-operator	50.77% <23.68%> (+0.04%)	⬆️
other	31.57% <15.78%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cmd/nodepool/core/create.go`:
- Around line 198-201: The Get call that checks the HostedCluster payload
currently swallows all errors (client.Get(..., hc) then return nil), which hides
transient API/RBAC issues; update the error handling to only ignore NotFound by
using apierrors.IsNotFound(err) (from k8s.io/apimachinery/pkg/api/errors) — if
IsNotFound(err) return nil, otherwise return the error (or wrap and return it);
ensure you add the import for apierrors and adjust the branch after the
client.Get so logger.Info remains for NotFound but other errors are propagated
instead of being dropped.

In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go`:
- Around line 4469-4471: The code currently embeds the raw AWS error text into
the returned error (fmt.Errorf("%w: aws returned an error: %w", wrapped, err)),
which then flows into the ValidOIDCConfiguration status message; change this to
avoid surfacing provider-specific error text by returning a generic provider
error (e.g., fmt.Errorf("%w: aws returned an error", wrapped)) and separately
log the original err to the controller logger (or record it as an event) so the
detailed AWS error is available in logs but not in the status message; update
the site that constructs/returns wrapped (the place where variables wrapped and
err are used with fmt.Errorf) to remove embedding err and ensure you call the
controller logger (or event recorder) to log err.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 567af7d2-b72e-4f37-b4ed-c788a51be81d

📥 Commits

Reviewing files that changed from the base of the PR and between 36dfb1b and 2fe9cef.

📒 Files selected for processing (86)

• .golangci.yml
• cmd/bastion/aws/create.go
• cmd/cluster/core/create.go
• cmd/infra/aws/iam.go
• cmd/infra/aws/iam_policies.go
• cmd/infra/aws/route53.go
• cmd/infra/aws/util/errors.go
• cmd/infra/powervs/create.go
• cmd/infra/powervs/destroy.go
• cmd/kubeconfig/create.go
• cmd/nodepool/core/create.go
• control-plane-operator/controllers/gcpprivateserviceconnect/dns.go
• control-plane-operator/controllers/gcpprivateserviceconnect/psc_endpoint_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller_test.go
• control-plane-operator/controllers/hostedcontrolplane/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/kas_pki_setup.go
• control-plane-operator/controllers/hostedcontrolplane/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/assets/assets.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/kubevirt/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/powervs/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/etcd/statefulset.go
• control-plane-operator/controllers/hostedcontrolplane/v2/ignitionserver/pki.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/oauth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/secretencryption.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/olm/catalogs/deployment.go
• control-plane-operator/hostedclusterconfigoperator/cmd.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/kas/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/registry/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
• control-plane-operator/hostedclusterconfigoperator/operator/config.go
• control-plane-pki-operator/certificatesigningcontroller/certificatesigningcontroller.go
• control-plane-pki-operator/targetconfigcontroller/targetconfigcontroller.go
• control-plane-pki-operator/topology/detector.go
• etcd-backup/etcdbackup.go
• etcd-recovery/etcdrecovery.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
• hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
• hypershift-operator/controllers/hostedcluster/internal/proxy/validation.go
• hypershift-operator/controllers/nodepool/apiserver-haproxy/haproxy.go
• hypershift-operator/controllers/nodepool/aws_test.go
• hypershift-operator/controllers/nodepool/conditions.go
• hypershift-operator/controllers/nodepool/config.go
• hypershift-operator/controllers/nodepool/nodepool_controller.go
• hypershift-operator/controllers/nodepool/nto.go
• hypershift-operator/controllers/platform/aws/controller.go
• hypershift-operator/controllers/platform/gcp/privateserviceconnect_controller.go
• hypershift-operator/controllers/uwmtelemetry/uwm_telemetry.go
• ignition-server/cmd/start.go
• ignition-server/controllers/local_ignitionprovider.go
• ignition-server/controllers/tokensecret_controller.go
• karpenter-operator/controllers/karpenter/machine_approver.go
• karpenter-operator/controllers/nodeclass/ec2_nodeclass_controller.go
• karpenter-operator/main.go
• kubevirtexternalinfra/externalinfra.go
• pkg/etcdcli/etcdcli.go
• support/azureutil/azureutil.go
• support/controlplane-component/controlplane-component.go
• support/controlplane-component/controlplane-component_test.go
• support/controlplane-component/kubeconfig.go
• support/gcpapi/gcs_client.go
• support/konnectivityproxy/dialer.go
• support/releaseinfo/registryclient/client.go
• support/releaseinfo/releaseinfo.go
• support/supportedversion/version.go
• support/thirdparty/docker/pkg/archive/archive.go
• support/thirdparty/library-go/pkg/image/registryclient/client.go
• support/thirdparty/oc/pkg/cli/image/manifest/manifest.go
• support/util/util.go
• support/validations/authentication.go
• test/e2e/util/aws.go
• test/e2e/util/dump/dump.go
• test/e2e/util/node.go
• test/e2e/util/oauth.go
• test/e2e/util/reqserving/verifycp.go
• test/e2e/util/reqserving/verifypods.go
• test/e2e/util/reqserving/vpa.go
• test/e2e/util/reqserving/waitfor.go
• test/e2e/util/util.go
• test/e2e/util/version.go

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cmd/infra/aws/route53.go`:
- Around line 189-191: The cleanup currently swallows every error from
LookupZone; change it to only ignore the specific "zone not found" case and
return any other error. Update the block around the LookupZone call (id, err :=
LookupZone(ctx, client, name, false)) to inspect err: if it matches the
sentinel/not-found condition returned by LookupZone (or use errors.Is/ a helper
like IsZoneNotFound(err) / AWS's NotFound error check), then continue silently,
otherwise return the error so real Route53/API failures are propagated.

In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go`:
- Line 1435: The error return wraps the wrong variable because the outer err
(from platform.GetPlatform) is nil; update the return in the
PlatformCredentialsFound status update failure so only the statusErr is wrapped
with %w and the reconcile error is included with a non-wrapping verb (or capture
the reconcile error into a separate variable). Locate the code around
p.ReconcileCredentials(...) and the fmt.Errorf(...) return and change the
formatting to include the reconcile error without %w (e.g., %v) and use %w only
for statusErr so you don't accidentally wrap a nil outer err.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c16340aa-bb8a-4eb6-91c1-7304d463990f

📥 Commits

Reviewing files that changed from the base of the PR and between 2fe9cef and 680d473.

📒 Files selected for processing (86)

• .golangci.yml
• cmd/bastion/aws/create.go
• cmd/cluster/core/create.go
• cmd/infra/aws/iam.go
• cmd/infra/aws/iam_policies.go
• cmd/infra/aws/route53.go
• cmd/infra/aws/util/errors.go
• cmd/infra/powervs/create.go
• cmd/infra/powervs/destroy.go
• cmd/kubeconfig/create.go
• cmd/nodepool/core/create.go
• control-plane-operator/controllers/gcpprivateserviceconnect/dns.go
• control-plane-operator/controllers/gcpprivateserviceconnect/psc_endpoint_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller_test.go
• control-plane-operator/controllers/hostedcontrolplane/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/kas_pki_setup.go
• control-plane-operator/controllers/hostedcontrolplane/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/assets/assets.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/kubevirt/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/powervs/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/etcd/statefulset.go
• control-plane-operator/controllers/hostedcontrolplane/v2/ignitionserver/pki.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/oauth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/secretencryption.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/olm/catalogs/deployment.go
• control-plane-operator/hostedclusterconfigoperator/cmd.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/kas/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/registry/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
• control-plane-operator/hostedclusterconfigoperator/operator/config.go
• control-plane-pki-operator/certificatesigningcontroller/certificatesigningcontroller.go
• control-plane-pki-operator/targetconfigcontroller/targetconfigcontroller.go
• control-plane-pki-operator/topology/detector.go
• etcd-backup/etcdbackup.go
• etcd-recovery/etcdrecovery.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
• hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
• hypershift-operator/controllers/hostedcluster/internal/proxy/validation.go
• hypershift-operator/controllers/nodepool/apiserver-haproxy/haproxy.go
• hypershift-operator/controllers/nodepool/aws_test.go
• hypershift-operator/controllers/nodepool/conditions.go
• hypershift-operator/controllers/nodepool/config.go
• hypershift-operator/controllers/nodepool/nodepool_controller.go
• hypershift-operator/controllers/nodepool/nto.go
• hypershift-operator/controllers/platform/aws/controller.go
• hypershift-operator/controllers/platform/gcp/privateserviceconnect_controller.go
• hypershift-operator/controllers/uwmtelemetry/uwm_telemetry.go
• ignition-server/cmd/start.go
• ignition-server/controllers/local_ignitionprovider.go
• ignition-server/controllers/tokensecret_controller.go
• karpenter-operator/controllers/karpenter/machine_approver.go
• karpenter-operator/controllers/nodeclass/ec2_nodeclass_controller.go
• karpenter-operator/main.go
• kubevirtexternalinfra/externalinfra.go
• pkg/etcdcli/etcdcli.go
• support/azureutil/azureutil.go
• support/controlplane-component/controlplane-component.go
• support/controlplane-component/controlplane-component_test.go
• support/controlplane-component/kubeconfig.go
• support/gcpapi/gcs_client.go
• support/konnectivityproxy/dialer.go
• support/releaseinfo/registryclient/client.go
• support/releaseinfo/releaseinfo.go
• support/supportedversion/version.go
• support/thirdparty/docker/pkg/archive/archive.go
• support/thirdparty/library-go/pkg/image/registryclient/client.go
• support/thirdparty/oc/pkg/cli/image/manifest/manifest.go
• support/util/util.go
• support/validations/authentication.go
• test/e2e/util/aws.go
• test/e2e/util/dump/dump.go
• test/e2e/util/node.go
• test/e2e/util/oauth.go
• test/e2e/util/reqserving/verifycp.go
• test/e2e/util/reqserving/verifypods.go
• test/e2e/util/reqserving/vpa.go
• test/e2e/util/reqserving/waitfor.go
• test/e2e/util/util.go
• test/e2e/util/version.go

✅ Files skipped from review due to trivial changes (16)

• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/kubevirt/config.go
• etcd-recovery/etcdrecovery.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/secretencryption.go
• test/e2e/util/reqserving/vpa.go
• support/thirdparty/docker/pkg/archive/archive.go
• .golangci.yml
• test/e2e/util/reqserving/verifycp.go
• hypershift-operator/controllers/nodepool/conditions.go
• test/e2e/util/node.go
• hypershift-operator/controllers/uwmtelemetry/uwm_telemetry.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/kas/admissionpolicies.go
• test/e2e/util/reqserving/waitfor.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/powervs/config.go
• karpenter-operator/controllers/karpenter/machine_approver.go
• test/e2e/util/aws.go
• test/e2e/util/oauth.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE="hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go"
# Print a window around the referenced line with line numbers
nl -ba "$FILE" | sed -n '1400,1480p'

Repository: openshift/hypershift

Length of output: 107

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE="hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go"

# Show numbered lines around the reported line
cat -n "$FILE" | sed -n '1400,1480p'

echo "----"

# Find the exact error string occurrence(s)
rg -n "failed to reconcile platform credentials" "$FILE" || true

Repository: openshift/hypershift

Length of output: 4670

---

Fix error wrapping to avoid nil/stale err in PlatformCredentialsFound status update failure.

Line 1435 is outside the if err := p.ReconcileCredentials(...); ... shadowed scope, so %w wraps the outer err from platform.GetPlatform (nil when execution reaches this branch). Wrap only statusErr.

Suggested fix

-				return ctrl.Result{}, fmt.Errorf("failed to reconcile platform credentials: %w, failed to update status: %w", err, statusErr)
+				return ctrl.Result{}, fmt.Errorf("failed to update PlatformCredentialsFound status: %w", statusErr)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go` at
line 1435, The error return wraps the wrong variable because the outer err (from
platform.GetPlatform) is nil; update the return in the PlatformCredentialsFound
status update failure so only the statusErr is wrapped with %w and the reconcile
error is included with a non-wrapping verb (or capture the reconcile error into
a separate variable). Locate the code around p.ReconcileCredentials(...) and the
fmt.Errorf(...) return and change the formatting to include the reconcile error
without %w (e.g., %v) and use %w only for statusErr so you don't accidentally
wrap a nil outer err.

[bryan-cox]

This isn't part of the changes in this PR. Scope creep.

[coderabbitai]

@bryan-cox Understood—agreed, that’s outside the linter-focused scope of this PR. I’ll drop that suggestion here.

Would you like me to open a follow-up GitHub issue to track it? If yes, I’ll file one referencing this PR/comment with something like:

• Title: hostedcluster_controller: wrap only statusErr on PlatformCredentialsFound status update failure
• Summary: In hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go (around Line 1435), the return path on status update failure wraps the wrong variable; should wrap only statusErr for accurate error propagation.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go (1)

1004-1011: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Close HTTP response body in KAS health check.

httpClient.Do(req) response is never closed. In a recurrent reconcile loop this can leak connections and eventually degrade controller reliability.

Suggested fix

 resp, err := httpClient.Do(req)
 if err != nil {
 	return err
 }
+defer resp.Body.Close()
 
 if resp.StatusCode != http.StatusOK {
 	return fmt.Errorf("APIServer endpoint %s is not healthy", ingressPoint)
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go`
around lines 1004 - 1011, The HTTP response from httpClient.Do(req) is not
closed, which can leak connections; after the successful call to
httpClient.Do(req) (the resp variable returned) add proper cleanup by ensuring
the response body is consumed/ discarded as needed and closed (e.g., call
io.Copy(io.Discard, resp.Body) then defer resp.Body.Close() immediately after
checking err) before checking resp.StatusCode for ingressPoint health so
connections are returned to the pool.

kubernetes-default-proxy/kubernetes_default_proxy.go (1)

70-84: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Close the listener on ctx cancellation so Accept() unblocks and shutdown completes.
net.ListenConfig.Listen(ctx, ...) only uses ctx during the listen setup; canceling ctx does not close the returned net.Listener, so a blocked listener.Accept() can remain stuck. Trigger shutdown by calling listener.Close() when ctx.Done() fires, and when Accept() returns an error, exit cleanly when the error is due to closure (e.g., net.ErrClosed) / when ctx.Err()!=nil—don’t just log and continue.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kubernetes-default-proxy/kubernetes_default_proxy.go` around lines 70 - 84,
The listener created by (&net.ListenConfig{}).Listen(ctx, ...) must be closed
when ctx is cancelled so Accept() unblocks: start a goroutine that waits for
<-ctx.Done() and calls listener.Close(), and change the Accept() error handling
in the accept loop (function/method containing listener, Accept, s.log and ctx)
to stop continuing on errors caused by closure—use errors.Is(err, net.ErrClosed)
or check ctx.Err()!=nil and then return (or return ctx.Err()) instead of logging
and continue; keep logging for unexpected Accept errors only.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@availability-prober/availability_prober.go`:
- Around line 120-127: The infinite retry loop around creating and sending the
request (the for ; ; time.Sleep(sleepTime) loop that calls
http.NewRequestWithContext(ctx, ...) and client.Do(req)) doesn't stop when ctx
is canceled; update the loop to observe ctx.Done() and exit cleanly: before
sleeping or retrying check if ctx.Err() != nil (or select on ctx.Done()) and
break/return when canceled, and also after a failed client.Do(req) check
ctx.Err() and stop rather than continuing; ensure this change touches the loop
that constructs req and calls client.Do so the goroutine can exit when the
provided context is canceled.

---

Outside diff comments:
In
`@control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go`:
- Around line 1004-1011: The HTTP response from httpClient.Do(req) is not
closed, which can leak connections; after the successful call to
httpClient.Do(req) (the resp variable returned) add proper cleanup by ensuring
the response body is consumed/ discarded as needed and closed (e.g., call
io.Copy(io.Discard, resp.Body) then defer resp.Body.Close() immediately after
checking err) before checking resp.StatusCode for ingressPoint health so
connections are returned to the pool.

In `@kubernetes-default-proxy/kubernetes_default_proxy.go`:
- Around line 70-84: The listener created by (&net.ListenConfig{}).Listen(ctx,
...) must be closed when ctx is cancelled so Accept() unblocks: start a
goroutine that waits for <-ctx.Done() and calls listener.Close(), and change the
Accept() error handling in the accept loop (function/method containing listener,
Accept, s.log and ctx) to stop continuing on errors caused by closure—use
errors.Is(err, net.ErrClosed) or check ctx.Err()!=nil and then return (or return
ctx.Err()) instead of logging and continue; keep logging for unexpected Accept
errors only.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 47b1656b-eed1-4f13-beb4-589d2a91e790

📥 Commits

Reviewing files that changed from the base of the PR and between 680d473 and d46eed7.

📒 Files selected for processing (98)

• .golangci.yml
• availability-prober/availability_prober.go
• cmd/bastion/aws/create.go
• cmd/cluster/core/create.go
• cmd/infra/aws/iam.go
• cmd/infra/aws/iam_policies.go
• cmd/infra/aws/route53.go
• cmd/infra/aws/util/errors.go
• cmd/infra/azure/rbac.go
• cmd/infra/powervs/create.go
• cmd/infra/powervs/destroy.go
• cmd/kubeconfig/create.go
• cmd/nodepool/core/create.go
• control-plane-operator/controllers/gcpprivateserviceconnect/dns.go
• control-plane-operator/controllers/gcpprivateserviceconnect/psc_endpoint_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller_test.go
• control-plane-operator/controllers/hostedcontrolplane/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/kas_pki_setup.go
• control-plane-operator/controllers/hostedcontrolplane/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/assets/assets.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/kubevirt/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/powervs/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cno/deployment_init_container_test.go
• control-plane-operator/controllers/hostedcontrolplane/v2/etcd/statefulset.go
• control-plane-operator/controllers/hostedcontrolplane/v2/ignitionserver/pki.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/oauth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/secretencryption.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/olm/catalogs/deployment.go
• control-plane-operator/endpoint-resolver/server_test.go
• control-plane-operator/hostedclusterconfigoperator/cmd.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/kas/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/registry/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
• control-plane-operator/hostedclusterconfigoperator/operator/config.go
• control-plane-operator/metrics-proxy/proxy_test.go
• control-plane-pki-operator/certificatesigningcontroller/certificatesigningcontroller.go
• control-plane-pki-operator/targetconfigcontroller/targetconfigcontroller.go
• control-plane-pki-operator/topology/detector.go
• etcd-backup/etcdbackup.go
• etcd-recovery/etcdrecovery.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
• hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
• hypershift-operator/controllers/hostedcluster/internal/proxy/validation.go
• hypershift-operator/controllers/nodepool/apiserver-haproxy/haproxy.go
• hypershift-operator/controllers/nodepool/aws_test.go
• hypershift-operator/controllers/nodepool/conditions.go
• hypershift-operator/controllers/nodepool/config.go
• hypershift-operator/controllers/nodepool/nodepool_controller.go
• hypershift-operator/controllers/nodepool/nto.go
• hypershift-operator/controllers/platform/aws/controller.go
• hypershift-operator/controllers/platform/gcp/privateserviceconnect_controller.go
• hypershift-operator/controllers/uwmtelemetry/uwm_telemetry.go
• ignition-server/cmd/start.go
• ignition-server/controllers/local_ignitionprovider.go
• ignition-server/controllers/tokensecret_controller.go
• karpenter-operator/controllers/karpenter/machine_approver.go
• karpenter-operator/controllers/nodeclass/ec2_nodeclass_controller.go
• karpenter-operator/main.go
• kubernetes-default-proxy/kubernetes_default_proxy.go
• kubevirtexternalinfra/externalinfra.go
• pkg/etcdcli/etcdcli.go
• sharedingress-config-generator/controller.go
• sharedingress-config-generator/controller_test.go
• sharedingress-config-generator/haproxy_client.go
• support/azureutil/azureutil.go
• support/controlplane-component/controlplane-component.go
• support/controlplane-component/controlplane-component_test.go
• support/controlplane-component/kubeconfig.go
• support/gcpapi/gcs_client.go
• support/konnectivityproxy/dialer.go
• support/releaseinfo/registryclient/client.go
• support/releaseinfo/releaseinfo.go
• support/supportedversion/version.go
• support/thirdparty/docker/pkg/archive/archive.go
• support/thirdparty/library-go/pkg/image/registryclient/client.go
• support/thirdparty/oc/pkg/cli/image/manifest/manifest.go
• support/util/util.go
• support/validations/authentication.go
• test/e2e/util/aws.go
• test/e2e/util/dump/dump.go
• test/e2e/util/dump/journals.go
• test/e2e/util/external_oidc.go
• test/e2e/util/node.go
• test/e2e/util/oauth.go
• test/e2e/util/reqserving/verifycp.go
• test/e2e/util/reqserving/verifypods.go
• test/e2e/util/reqserving/vpa.go
• test/e2e/util/reqserving/waitfor.go
• test/e2e/util/util.go
• test/e2e/util/version.go
• test/integration/framework/hosted-cluster.go

✅ Files skipped from review due to trivial changes (14)

• support/validations/authentication.go
• support/util/util.go
• .golangci.yml
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/deployment.go
• hypershift-operator/controllers/nodepool/apiserver-haproxy/haproxy.go
• test/e2e/util/aws.go
• hypershift-operator/controllers/uwmtelemetry/uwm_telemetry.go
• test/e2e/util/reqserving/vpa.go
• etcd-backup/etcdbackup.go
• test/e2e/util/node.go
• karpenter-operator/controllers/karpenter/machine_approver.go
• test/e2e/util/reqserving/verifycp.go
• cmd/nodepool/core/create.go
• cmd/cluster/core/create.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle context cancellation to stop the probe loop.

Line 120 currently retries forever. Once ctx is canceled, Do(req) will keep failing and this loop never exits.

Suggested fix

 	for ; ; time.Sleep(sleepTime) {
+		select {
+		case <-ctx.Done():
+			log.Info("probe canceled, exiting", "reason", ctx.Err())
+			return
+		default:
+		}
 		req, err := http.NewRequestWithContext(ctx, http.MethodGet, target.String(), nil)
 		if err != nil {
 			log.Error(err, "Failed to create request, retrying...")
 			continue
 		}
 		response, err := client.Do(req)
 		if err != nil {
+			if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
+				log.Info("probe canceled, exiting", "reason", err)
+				return
+			}
 			log.Error(err, "Request failed, retrying...")
 			continue
 		}

As per coding guidelines "Do not leak goroutines — ensure they exit cleanly".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	for ; ; time.Sleep(sleepTime) {
	response, err := client.Get(target.String())
	req, err := http.NewRequestWithContext(ctx, http.MethodGet, target.String(), nil)
	if err != nil {
	log.Error(err, "Failed to create request, retrying...")
	continue
	}
	response, err := client.Do(req)
	if err != nil {
	for ; ; time.Sleep(sleepTime) {
	select {
	case <-ctx.Done():
	log.Info("probe canceled, exiting", "reason", ctx.Err())
	return
	default:
	}
	req, err := http.NewRequestWithContext(ctx, http.MethodGet, target.String(), nil)
	if err != nil {
	log.Error(err, "Failed to create request, retrying...")
	continue
	}
	response, err := client.Do(req)
	if err != nil {
	if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
	log.Info("probe canceled, exiting", "reason", err)
	return
	}
	log.Error(err, "Request failed, retrying...")
	continue
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@availability-prober/availability_prober.go` around lines 120 - 127, The
infinite retry loop around creating and sending the request (the for ; ;
time.Sleep(sleepTime) loop that calls http.NewRequestWithContext(ctx, ...) and
client.Do(req)) doesn't stop when ctx is canceled; update the loop to observe
ctx.Done() and exit cleanly: before sleeping or retrying check if ctx.Err() !=
nil (or select on ctx.Done()) and break/return when canceled, and also after a
failed client.Do(req) check ctx.Err() and stop rather than continuing; ensure
this change touches the loop that constructs req and calls client.Do so the
goroutine can exit when the provided context is canceled.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

availability-prober/availability_prober.go (1)

120-129: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add explicit context cancellation check to exit the loop.

The infinite retry loop now uses a context-aware HTTP request but never checks if the context is canceled. When ctx is done, client.Do(req) will fail but the loop continues retrying forever, leaking the goroutine.

🔄 Proposed fix

 	for ; ; time.Sleep(sleepTime) {
+		select {
+		case <-ctx.Done():
+			log.Info("probe canceled, exiting", "reason", ctx.Err())
+			return
+		default:
+		}
 		req, err := http.NewRequestWithContext(ctx, http.MethodGet, target.String(), nil)
 		if err != nil {
 			log.Error(err, "Failed to create request, retrying...")
 			continue
 		}
 		response, err := client.Do(req)
 		if err != nil {
+			if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
+				log.Info("probe canceled, exiting", "reason", err)
+				return
+			}
 			log.Error(err, "Request failed, retrying...")
 			continue
 		}

As per coding guidelines "Do not leak goroutines — ensure they exit cleanly".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@availability-prober/availability_prober.go` around lines 120 - 129, The retry
loop in availability_prober.go (the for ; ; time.Sleep(sleepTime) loop) must
explicitly check ctx cancellation so the goroutine can exit instead of retrying
forever; update the loop in the probe function to select on ctx.Done() (or check
ctx.Err()) before/inside each iteration and return/break when the context is
canceled, and also after client.Do(req) errors verify ctx cancellation before
continuing to retry so the function exits cleanly on cancellation.

cmd/infra/aws/route53.go (1)

189-191: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Verify error type before suppressing; only ignore "zone not found".

Line 191 returns nil for every LookupZone failure. This silently skips real Route53 or API errors during cleanup. Only "zone not found" should be non-fatal.

🔍 Proposed fix

 	id, err := LookupZone(ctx, client, name, false)
 	if err != nil {
-		return nil //nolint:nilerr // zone not found during cleanup is non-fatal
+		if strings.Contains(err.Error(), "not found") {
+			return nil //nolint:nilerr // zone not found during cleanup is non-fatal
+		}
+		return fmt.Errorf("failed to lookup public hosted zone %s: %w", name, err)
 	}

As per coding guidelines "Always check errors — don't ignore them".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/infra/aws/route53.go` around lines 189 - 191, The current cleanup ignores
every LookupZone error by returning nil; change this to only suppress the
specific "zone not found" case and return other errors. After calling
LookupZone(ctx, client, name, false) check the error with the appropriate
predicate (e.g., errors.Is(err, ErrZoneNotFound) or the SDK-specific sentinel /
error code check used by LookupZone), only treat that case as non-fatal and
continue, otherwise return the actual err instead of nil and remove the blanket
//nolint:nilerr suppression; reference LookupZone and the surrounding cleanup
logic to implement this conditional handling.

🧹 Nitpick comments (1)

control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller_test.go (1)

894-894: 💤 Low value

Incorrect pattern: wrapping error in assertion failure message.

The second argument to BeNil() should be a descriptive string, not a wrapped error. If err is nil, the message is unused. If err is not nil, you're creating a new error wrapping the original, which doesn't help test readability. Use a plain string or just pass the error directly.

✨ Suggested fix

-			g.Expect(err).To(BeNil(), fmt.Errorf("error setting custom kubeconfig status failed: %w", err))
+			g.Expect(err).To(BeNil(), "error setting custom kubeconfig status failed")

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller_test.go`
at line 894, The test currently wraps the returned error into fmt.Errorf and
passes it as the message to g.Expect(err).To(BeNil(...)), which is incorrect;
replace the wrapped-error message with a plain descriptive string or assert the
error directly (e.g., use g.Expect(err).ToNot(HaveOccurred()) or
g.Expect(err).To(BeNil(), "error setting custom kubeconfig status failed")) and
remove the fmt.Errorf(...) wrapping around err so the assertion message is a
simple string and the original err is used only as the value under test.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@hypershift-operator/controllers/uwmtelemetry/uwm_telemetry.go`:
- Around line 105-108: The current r.Get(ctx,
client.ObjectKeyFromObject(telemeterClientSecret), telemeterClientSecret) call
treats all errors as a missing secret; change the logic in the Reconcile (or the
method containing this r.Get) to distinguish a NotFound error from other errors:
if apierrors.IsNotFound(err) then log the disabled-telemetry message and return
ctrl.Result{}, nil, but for any other err return ctrl.Result{}, err (or wrap and
return the error) so real failures are surfaced; update the branch that
references telemeterClientSecret and r.Get to perform this explicit error check.

---

Duplicate comments:
In `@availability-prober/availability_prober.go`:
- Around line 120-129: The retry loop in availability_prober.go (the for ; ;
time.Sleep(sleepTime) loop) must explicitly check ctx cancellation so the
goroutine can exit instead of retrying forever; update the loop in the probe
function to select on ctx.Done() (or check ctx.Err()) before/inside each
iteration and return/break when the context is canceled, and also after
client.Do(req) errors verify ctx cancellation before continuing to retry so the
function exits cleanly on cancellation.

In `@cmd/infra/aws/route53.go`:
- Around line 189-191: The current cleanup ignores every LookupZone error by
returning nil; change this to only suppress the specific "zone not found" case
and return other errors. After calling LookupZone(ctx, client, name, false)
check the error with the appropriate predicate (e.g., errors.Is(err,
ErrZoneNotFound) or the SDK-specific sentinel / error code check used by
LookupZone), only treat that case as non-fatal and continue, otherwise return
the actual err instead of nil and remove the blanket //nolint:nilerr
suppression; reference LookupZone and the surrounding cleanup logic to implement
this conditional handling.

---

Nitpick comments:
In
`@control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller_test.go`:
- Line 894: The test currently wraps the returned error into fmt.Errorf and
passes it as the message to g.Expect(err).To(BeNil(...)), which is incorrect;
replace the wrapped-error message with a plain descriptive string or assert the
error directly (e.g., use g.Expect(err).ToNot(HaveOccurred()) or
g.Expect(err).To(BeNil(), "error setting custom kubeconfig status failed")) and
remove the fmt.Errorf(...) wrapping around err so the assertion message is a
simple string and the original err is used only as the value under test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: af9d2add-8cea-4043-8b6d-f6eecd27403c

📥 Commits

Reviewing files that changed from the base of the PR and between d46eed7 and 3726f85.

📒 Files selected for processing (101)

• .golangci.yml
• availability-prober/availability_prober.go
• cmd/bastion/aws/create.go
• cmd/cluster/core/create.go
• cmd/infra/aws/iam.go
• cmd/infra/aws/iam_policies.go
• cmd/infra/aws/route53.go
• cmd/infra/aws/util/errors.go
• cmd/infra/azure/create_iam.go
• cmd/infra/azure/rbac.go
• cmd/infra/powervs/create.go
• cmd/infra/powervs/destroy.go
• cmd/kubeconfig/create.go
• cmd/nodepool/core/create.go
• control-plane-operator/controllers/gcpprivateserviceconnect/dns.go
• control-plane-operator/controllers/gcpprivateserviceconnect/psc_endpoint_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller_test.go
• control-plane-operator/controllers/hostedcontrolplane/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/kas_pki_setup.go
• control-plane-operator/controllers/hostedcontrolplane/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/assets/assets.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/kubevirt/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/powervs/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cno/deployment_init_container_test.go
• control-plane-operator/controllers/hostedcontrolplane/v2/etcd/statefulset.go
• control-plane-operator/controllers/hostedcontrolplane/v2/ignitionserver/pki.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/oauth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/secretencryption.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/olm/catalogs/deployment.go
• control-plane-operator/endpoint-resolver/server_test.go
• control-plane-operator/hostedclusterconfigoperator/cmd.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/kas/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/registry/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
• control-plane-operator/hostedclusterconfigoperator/operator/config.go
• control-plane-operator/metrics-proxy/proxy_test.go
• control-plane-pki-operator/certificatesigningcontroller/certificatesigningcontroller.go
• control-plane-pki-operator/targetconfigcontroller/targetconfigcontroller.go
• control-plane-pki-operator/topology/detector.go
• etcd-backup/etcdbackup.go
• etcd-recovery/etcdrecovery.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
• hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
• hypershift-operator/controllers/hostedcluster/internal/proxy/validation.go
• hypershift-operator/controllers/nodepool/apiserver-haproxy/haproxy.go
• hypershift-operator/controllers/nodepool/aws_test.go
• hypershift-operator/controllers/nodepool/conditions.go
• hypershift-operator/controllers/nodepool/config.go
• hypershift-operator/controllers/nodepool/nodepool_controller.go
• hypershift-operator/controllers/nodepool/nto.go
• hypershift-operator/controllers/platform/aws/controller.go
• hypershift-operator/controllers/platform/gcp/privateserviceconnect_controller.go
• hypershift-operator/controllers/uwmtelemetry/uwm_telemetry.go
• ignition-server/cmd/start.go
• ignition-server/controllers/local_ignitionprovider.go
• ignition-server/controllers/tokensecret_controller.go
• karpenter-operator/controllers/karpenter/machine_approver.go
• karpenter-operator/controllers/nodeclass/ec2_nodeclass_controller.go
• karpenter-operator/main.go
• konnectivity-socks5-proxy/http_proxy.go
• kubernetes-default-proxy/kubernetes_default_proxy.go
• kubevirtexternalinfra/externalinfra.go
• pkg/etcdcli/etcdcli.go
• sharedingress-config-generator/controller.go
• sharedingress-config-generator/controller_test.go
• sharedingress-config-generator/haproxy_client.go
• support/azureutil/azureutil.go
• support/controlplane-component/controlplane-component.go
• support/controlplane-component/controlplane-component_test.go
• support/controlplane-component/kubeconfig.go
• support/gcpapi/gcs_client.go
• support/konnectivityproxy/dialer.go
• support/konnectivityproxy/proxy_dialer.go
• support/releaseinfo/registryclient/client.go
• support/releaseinfo/releaseinfo.go
• support/supportedversion/version.go
• support/thirdparty/docker/pkg/archive/archive.go
• support/thirdparty/library-go/pkg/image/registryclient/client.go
• support/thirdparty/oc/pkg/cli/image/manifest/manifest.go
• support/util/util.go
• support/validations/authentication.go
• test/e2e/util/aws.go
• test/e2e/util/dump/dump.go
• test/e2e/util/dump/journals.go
• test/e2e/util/external_oidc.go
• test/e2e/util/node.go
• test/e2e/util/oauth.go
• test/e2e/util/reqserving/verifycp.go
• test/e2e/util/reqserving/verifypods.go
• test/e2e/util/reqserving/vpa.go
• test/e2e/util/reqserving/waitfor.go
• test/e2e/util/util.go
• test/e2e/util/version.go
• test/integration/framework/hosted-cluster.go

✅ Files skipped from review due to trivial changes (12)

• support/konnectivityproxy/proxy_dialer.go
• konnectivity-socks5-proxy/http_proxy.go
• control-plane-operator/hostedclusterconfigoperator/operator/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/deployment.go
• control-plane-pki-operator/targetconfigcontroller/targetconfigcontroller.go
• control-plane-pki-operator/topology/detector.go
• test/e2e/util/reqserving/vpa.go
• test/e2e/util/node.go
• hypershift-operator/controllers/platform/aws/controller.go
• test/e2e/util/reqserving/verifycp.go
• test/e2e/util/reqserving/waitfor.go
• cmd/nodepool/core/create.go

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go (1)

1004-1012: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Close the HTTP response body in healthCheckKASEndpoint
httpClient.Do(req) returns a resp.Body that must be closed; otherwise repeated health checks can leak resources.

Suggested fix

	resp, err := httpClient.Do(req)
	if err != nil {
		return err
	}
+defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		return fmt.Errorf("APIServer endpoint %s is not healthy", ingressPoint)
	}
	return nil

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go`
around lines 1004 - 1012, The healthCheckKASEndpoint function currently returns
after httpClient.Do(req) without closing resp.Body, leaking resources on
repeated checks; after ensuring err is nil and resp is non-nil, immediately
schedule resp.Body.Close() (e.g., defer resp.Body.Close()) so the body is always
closed before returning, and keep the existing status check that returns an
error when resp.StatusCode != http.StatusOK; reference resp from the
httpClient.Do(req) call and the resp.Body to apply the fix.

kubernetes-default-proxy/kubernetes_default_proxy.go (1)

70-85: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Close the listener on context cancellation to prevent blocked shutdown.

listener.Accept() can block indefinitely after ctx is canceled because the listener is never closed. That can stall graceful termination.

Suggested fix

 func (s *server) run(ctx context.Context) error {
 	listener, err := (&net.ListenConfig{}).Listen(ctx, "tcp", s.listenAddr)
 	if err != nil {
 		return fmt.Errorf("failed to listen on tcp:%s: %w", s.listenAddr, err)
 	}
+	defer listener.Close()
+	go func() {
+		<-ctx.Done()
+		_ = listener.Close()
+	}()
 	s.log.Info("Starting to listen", "listen-address", s.listenAddr, "version", supportedversion.String())
 
 	for {
 		if ctx.Err() != nil {
 			return ctx.Err()
 		}
 
 		conn, err := listener.Accept()
 		if err != nil {
+			if errors.Is(err, net.ErrClosed) && ctx.Err() != nil {
+				return ctx.Err()
+			}
 			s.log.Error(err, "accepting connection failed")
 			continue
 		}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kubernetes-default-proxy/kubernetes_default_proxy.go` around lines 70 - 85,
The accept loop can block after ctx cancellation because the TCP listener is
never closed; after creating listener (via net.ListenConfig{}.Listen using
s.listenAddr) spawn a goroutine that waits for ctx.Done() and calls
listener.Close(), and update the Accept error handling in the loop (e.g., treat
net.ErrClosed as shutdown and return ctx.Err() or break) so the server stops
promptly and no goroutine remains blocked; reference listener,
net.ListenConfig{}.Listen, s.listenAddr, listener.Accept and ctx in your
changes.

♻️ Duplicate comments (2)

cmd/infra/aws/route53.go (1)

189-191: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Only ignore the explicit “zone not found” case in cleanup.

This currently suppresses all LookupZone errors, which can hide real Route53/API failures.

Suggested fix

 id, err := LookupZone(ctx, client, name, false)
 if err != nil {
-	return nil //nolint:nilerr // zone not found during cleanup is non-fatal
+	if strings.Contains(err.Error(), "not found") {
+		return nil //nolint:nilerr // zone not found during cleanup is non-fatal
+	}
+	return fmt.Errorf("failed to lookup public hosted zone %s: %w", name, err)
 }

As per coding guidelines "Always check errors — don't ignore them".

availability-prober/availability_prober.go (1)

121-129: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Exit the probe loop when ctx is canceled.

This retry loop still continues indefinitely on context cancellation; client.Do(req) can keep returning cancellation errors and the loop never returns.

Suggested fix

 for ; ; time.Sleep(sleepTime) {
+	select {
+	case <-ctx.Done():
+		log.Info("probe canceled, exiting", "reason", ctx.Err())
+		return
+	default:
+	}
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, target.String(), nil)
 	if err != nil {
 		log.Error(err, "Failed to create request, retrying...")
 		continue
 	}
 	response, err := client.Do(req)
 	if err != nil {
+		if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
+			log.Info("probe canceled, exiting", "reason", err)
+			return
+		}
 		log.Error(err, "Request failed, retrying...")
 		continue
 	}

As per coding guidelines "Do not leak goroutines — ensure they exit cleanly".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@availability-prober/availability_prober.go` around lines 121 - 129, The retry
loop around http.NewRequestWithContext and client.Do must exit when the provided
ctx is canceled; detect ctx.Done() (or check ctx.Err()) inside the loop and
return instead of continuing retries so the goroutine doesn't leak. Update the
loop that builds the request and calls client.Do(req) to break/return
immediately when ctx is canceled (e.g., before retrying after an error from
http.NewRequestWithContext or client.Do), ensuring the probe function exits
cleanly on context cancellation.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@control-plane-operator/controllers/hostedcontrolplane/v2/cno/deployment_init_container_test.go`:
- Around line 151-152: Replace the unbounded context creation used for running
the test script with a timeout context to prevent hangs: when constructing ctx
for exec.CommandContext(ctx, "bash", "-c", testScript) use context.WithTimeout
(e.g., a short, test-appropriate duration) and ensure you call the returned
cancel function (defer cancel()) so the command is killed if it exceeds the
timeout; update the code around the ctx variable and exec.CommandContext
invocation accordingly.

In `@test/e2e/util/util.go`:
- Around line 445-451: WaitForGuestKubeconfigHostResolutionUpdate currently
indexes ipAddrs[0] after LookupIPAddr which can panic if ipAddrs is empty; add a
guard checking len(ipAddrs) > 0 (e.g., if len(ipAddrs) == 0 { t.Logf("no IP
addresses returned for host %s", host); return false, nil }) before accessing
ipAddrs[0] so the function handles empty DNS results safely and
returns/continues without panicking.

---

Outside diff comments:
In
`@control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go`:
- Around line 1004-1012: The healthCheckKASEndpoint function currently returns
after httpClient.Do(req) without closing resp.Body, leaking resources on
repeated checks; after ensuring err is nil and resp is non-nil, immediately
schedule resp.Body.Close() (e.g., defer resp.Body.Close()) so the body is always
closed before returning, and keep the existing status check that returns an
error when resp.StatusCode != http.StatusOK; reference resp from the
httpClient.Do(req) call and the resp.Body to apply the fix.

In `@kubernetes-default-proxy/kubernetes_default_proxy.go`:
- Around line 70-85: The accept loop can block after ctx cancellation because
the TCP listener is never closed; after creating listener (via
net.ListenConfig{}.Listen using s.listenAddr) spawn a goroutine that waits for
ctx.Done() and calls listener.Close(), and update the Accept error handling in
the loop (e.g., treat net.ErrClosed as shutdown and return ctx.Err() or break)
so the server stops promptly and no goroutine remains blocked; reference
listener, net.ListenConfig{}.Listen, s.listenAddr, listener.Accept and ctx in
your changes.

---

Duplicate comments:
In `@availability-prober/availability_prober.go`:
- Around line 121-129: The retry loop around http.NewRequestWithContext and
client.Do must exit when the provided ctx is canceled; detect ctx.Done() (or
check ctx.Err()) inside the loop and return instead of continuing retries so the
goroutine doesn't leak. Update the loop that builds the request and calls
client.Do(req) to break/return immediately when ctx is canceled (e.g., before
retrying after an error from http.NewRequestWithContext or client.Do), ensuring
the probe function exits cleanly on context cancellation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: adfa8bc8-944f-4afd-bc85-065370a008ea

📥 Commits

Reviewing files that changed from the base of the PR and between 3726f85 and f605fc2.

📒 Files selected for processing (111)

• .golangci.yml
• availability-prober/availability_prober.go
• cmd/bastion/aws/create.go
• cmd/cluster/core/create.go
• cmd/cluster/powervs/create.go
• cmd/infra/aws/iam.go
• cmd/infra/aws/iam_policies.go
• cmd/infra/aws/route53.go
• cmd/infra/aws/util/errors.go
• cmd/infra/azure/create_iam.go
• cmd/infra/azure/rbac.go
• cmd/infra/powervs/create.go
• cmd/infra/powervs/destroy.go
• cmd/kubeconfig/create.go
• cmd/nodepool/core/create.go
• control-plane-operator/controllers/gcpprivateserviceconnect/dns.go
• control-plane-operator/controllers/gcpprivateserviceconnect/psc_endpoint_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
• control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller_test.go
• control-plane-operator/controllers/hostedcontrolplane/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/kas_pki_setup.go
• control-plane-operator/controllers/hostedcontrolplane/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/assets/assets.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/kubevirt/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cloud_controller_manager/powervs/config.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cno/deployment_init_container_test.go
• control-plane-operator/controllers/hostedcontrolplane/v2/etcd/statefulset.go
• control-plane-operator/controllers/hostedcontrolplane/v2/ignitionserver/pki.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/auth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/oauth.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/secretencryption.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/deployment.go
• control-plane-operator/controllers/hostedcontrolplane/v2/oauth/idp_convert.go
• control-plane-operator/controllers/hostedcontrolplane/v2/olm/catalogs/deployment.go
• control-plane-operator/endpoint-resolver/server_test.go
• control-plane-operator/hostedclusterconfigoperator/cmd.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/ingress/reconcile.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/kas/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/registry/admissionpolicies.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
• control-plane-operator/hostedclusterconfigoperator/operator/config.go
• control-plane-operator/metrics-proxy/proxy_test.go
• control-plane-pki-operator/certificatesigningcontroller/certificatesigningcontroller.go
• control-plane-pki-operator/targetconfigcontroller/targetconfigcontroller.go
• control-plane-pki-operator/topology/detector.go
• etcd-backup/etcdbackup.go
• etcd-recovery/etcdrecovery.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
• hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
• hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
• hypershift-operator/controllers/hostedcluster/internal/proxy/validation.go
• hypershift-operator/controllers/nodepool/apiserver-haproxy/haproxy.go
• hypershift-operator/controllers/nodepool/aws_test.go
• hypershift-operator/controllers/nodepool/conditions.go
• hypershift-operator/controllers/nodepool/config.go
• hypershift-operator/controllers/nodepool/nodepool_controller.go
• hypershift-operator/controllers/nodepool/nto.go
• hypershift-operator/controllers/platform/aws/controller.go
• hypershift-operator/controllers/platform/gcp/privateserviceconnect_controller.go
• hypershift-operator/controllers/uwmtelemetry/uwm_telemetry.go
• ignition-server/cmd/start.go
• ignition-server/controllers/cache.go
• ignition-server/controllers/local_ignitionprovider.go
• ignition-server/controllers/tokensecret_controller.go
• karpenter-operator/controllers/karpenter/machine_approver.go
• karpenter-operator/controllers/nodeclass/ec2_nodeclass_controller.go
• karpenter-operator/main.go
• konnectivity-socks5-proxy/http_proxy.go
• kubernetes-default-proxy/kubernetes_default_proxy.go
• kubevirtexternalinfra/externalinfra.go
• pkg/etcdcli/etcdcli.go
• sharedingress-config-generator/controller.go
• sharedingress-config-generator/controller_test.go
• sharedingress-config-generator/haproxy_client.go
• support/azureutil/azureutil.go
• support/controlplane-component/controlplane-component.go
• support/controlplane-component/controlplane-component_test.go
• support/controlplane-component/kubeconfig.go
• support/controlplane-component/token-minter-container.go
• support/gcpapi/gcs_client.go
• support/globalconfig/proxy.go
• support/konnectivityproxy/dialer.go
• support/konnectivityproxy/proxy_dialer.go
• support/releaseinfo/registryclient/client.go
• support/releaseinfo/releaseinfo.go
• support/supportedversion/version.go
• support/thirdparty/docker/pkg/archive/archive.go
• support/thirdparty/library-go/pkg/image/dockerv1client/types.go
• support/thirdparty/library-go/pkg/image/registryclient/client.go
• support/thirdparty/oc/pkg/cli/image/manifest/manifest.go
• support/util/util.go
• support/validations/authentication.go
• sync-fg-configmap/update.go
• test/e2e/util/aws.go
• test/e2e/util/dump/dump.go
• test/e2e/util/dump/journals.go
• test/e2e/util/external_oidc.go
• test/e2e/util/fixture.go
• test/e2e/util/generate.go
• test/e2e/util/node.go
• test/e2e/util/oauth.go
• test/e2e/util/reqserving/verifycp.go
• test/e2e/util/reqserving/verifypods.go
• test/e2e/util/reqserving/vpa.go
• test/e2e/util/reqserving/waitfor.go
• test/e2e/util/sharedoidc.go
• test/e2e/util/util.go
• test/e2e/util/version.go
• test/integration/framework/hosted-cluster.go

✅ Files skipped from review due to trivial changes (24)

• cmd/bastion/aws/create.go
• cmd/cluster/powervs/create.go
• support/controlplane-component/token-minter-container.go
• support/thirdparty/library-go/pkg/image/dockerv1client/types.go
• test/e2e/util/reqserving/vpa.go
• .golangci.yml
• ignition-server/controllers/cache.go
• test/e2e/util/generate.go
• karpenter-operator/controllers/nodeclass/ec2_nodeclass_controller.go
• hypershift-operator/controllers/uwmtelemetry/uwm_telemetry.go
• support/util/util.go
• test/e2e/util/fixture.go
• support/globalconfig/proxy.go
• control-plane-pki-operator/topology/detector.go
• support/releaseinfo/releaseinfo.go
• cmd/nodepool/core/create.go
• test/e2e/util/node.go
• hypershift-operator/controllers/nodepool/conditions.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
• test/e2e/util/aws.go
• konnectivity-socks5-proxy/http_proxy.go
• cmd/infra/aws/iam.go
• control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
• control-plane-operator/controllers/hostedcontrolplane/v2/kas/auth.go

[openshift-ci-robot]

@bryan-cox: This pull request references CNTRLPLANE-3510 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• Enable errorlint and nilerr golangci-lint linters
• errorlint catches three categories of error handling bugs:
• %v/%s used instead of %w in fmt.Errorf() — breaks errors.Is/errors.As chains
• Direct error comparison (==/!=) instead of errors.Is() — fails on wrapped errors
• Error type assertions instead of errors.As() — fails on wrapped errors
• nilerr catches cases where err != nil but nil is returned instead of the error
• All 18 existing hits are intentional (poll/retry callbacks, best-effort cleanup, graceful degradation) — suppressed with //nolint:nilerr and a reason
• Fix all existing violations across 85 files

Test plan

• make lint passes with 0 issues
• make test passes with no regressions
• CI e2e tests pass

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

• Improved error reporting so underlying causes are preserved, enabling clearer diagnostics, reliable error matching, and more accurate failure classification.

• Refactor

• Made network and long-running operations context-aware and improved detection of wrapped/temporary errors, enhancing retry, not-found, and health-check behavior.

• Chores

• Linter configuration expanded to flag additional error-handling issues.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@bryan-cox: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gke	3907a5c	link	false	/test e2e-gke

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[hypershift-jira-solve-ci]

The background task completed but wasn't needed — the analysis is already complete above. The report has been fully generated with all the evidence gathered from the build log, JUnit XML, and PR diff analysis.

---