HYPERFLEET-1058 - feat: Update e2e repo and remove dead code by ma-hill · Pull Request #122 · openshift-hyperfleet/hyperfleet-e2e

ma-hill · 2026-06-10T23:01:01Z

Summary

Removes obsolete local deployment infrastructure and consolidates setup documentation into a single streamlined guide. The legacy deploy-scripts/ directory contained shell scripts for local kind deployments that are now replaced by the centralized hyperfleet-infra Terraform/Helmfile workflow. This cleanup removes unmaintained code and reduces confusion by providing one clear path for developers to set up their E2E testing environment.

HYPERFLEET-1058

Changes

Removed Legacy Deployment Infrastructure

Removed deploy-scripts/ directory (602-line deployment script + library modules for adapter/API/GCP/Helm/Sentinel management)
Removed testdata/adapter-configs/ test fixtures for individual adapters (cl-deployment, cl-job, cl-maestro, cl-namespace, np-configmap)
Removed docs/local-kind-setup.md (106 lines, superseded by new setup guide)

Added Consolidated Documentation

Added docs/setup.md with streamlined setup instructions for both kind and GCP deployments
- Points to hyperfleet-infra/terraform as the source of truth for environment setup
- Covers port-forwarding, environment variables, and verification steps
- Clear decision matrix: kind (local, fast, no cloud deps) vs GCP (cloud, slower, LoadBalancer)
Added env/env.local template with annotated environment variables for local development (image registry, API/Sentinel/Adapter configuration, broker settings)

Updated Cross-References

Updated docs/development.md to reference new setup guide and remove outdated RabbitMQ/custom image deployment instructions
Updated docs/getting-started.md to point to new setup guide
Updated perf/README.md to reference setup guide for prerequisites instead of inline infra setup instructions
Updated README.md to remove inline quick start (now points to setup guide) and expand project structure overview
Updated CONTRIBUTING.md to reference new setup path

Cleaned Up Build Configuration

Removed .env.example (replaced by env/env.local)
Removed obsolete Dockerfile references to deployment scripts
Removed deprecated Makefile targets for local deployment
Cleaned up env/env.ci to remove unused variables

Notes

The hyperfleet-infra repository is now the single source of truth for deploying HyperFleet environments (both kind and GCP). Developers should use that repository's Terraform/Helmfile targets (make local-up-kind, make local-up-gcp) instead of the removed deploy-scripts/.

The adapter config test fixtures in testdata/adapter-configs/ were not used by any active tests and represented outdated adapter configurations.

Test Plan

make test-all passes
make lint passes
Verified documentation links are correct and not broken
Manually validated setup instructions work for both kind and GCP deployments (or: confirmed setup guide matches hyperfleet-infra README)

openshift-ci · 2026-06-10T23:01:05Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

coderabbitai · 2026-06-10T23:01:09Z

📝 Walkthrough

Summary by CodeRabbit

New Features
- Added a clearer setup guide for running end-to-end tests locally or in the cloud.
- Introduced local environment defaults for test configuration and container image settings.
- Added make targets to build and push container images.
Documentation
- Updated onboarding, development, runbook, and performance docs with refreshed test workflows, troubleshooting, and setup steps.
- Expanded repository and test structure overviews.
Bug Fixes
- Simplified environment loading so local test and performance scripts use the newer configuration flow consistently.

Walkthrough

The PR updates E2E setup guidance, adds env/env.local, extends env/env.ci, changes Makefile image targets, removes the Dockerfile deploy-scripts copy, deletes deploy-scripts/ modules and local kind entrypoints, and removes adapter fixture content under testdata/adapter-configs/.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
No Privileged Containers	⚠️ Warning	Both Dockerfiles end with `USER root` in the runtime stage and never drop privileges; no justification is documented. CWE-269.	Remove `USER root` from the final stage, or switch to a non-root UID after package install; if root is unavoidable, document the exception and scope it to build-time only.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title matches the main change: e2e repo cleanup and removal of obsolete deployment code.
Description check	✅ Passed	The description accurately covers the deleted deploy scripts, removed fixtures, and added setup docs.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	No non-test/example slog/logr/zap/fmt.Print* lines with token/password/credential/secret were found; only false positives in Dockerfile/image names and docs text.
No Hardcoded Secrets	✅ Passed	No CWE-798 hardcoded credentials found: scanned changed files found no credentialed URLs, private keys, or secret/token/password literals; env/env.local/docs use placeholders only.
No Weak Cryptography	✅ Passed	No CWE-327/CWE-328/CWE-916 findings: the PR adds docs/config only, and repo search found no md5/des/rc4/ECB/SHA1-security or secret-compare code.
No Injection Vectors	✅ Passed	PR delta only touches docs, shell, env, and deleted fixtures; no changed Go files or sink matches for exec.Command, template.HTML, yaml.Unmarshal, or SQL concat.
No Pii Or Sensitive Data In Logs	✅ Passed	PASS: No CWE-532/CWE-200 logging leaks were introduced; added outputs are limited to benign counts, image refs, and cluster metadata.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

✨ Simplify code

Create PR with simplified code

_{Comment @coderabbitai help to get the list of available commands.}

openshift-ci · 2026-06-11T14:10:53Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign tirthct for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

ma-hill · 2026-06-11T14:12:47Z

@coderabbitai review

coderabbitai · 2026-06-11T14:12:58Z

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

ma-hill · 2026-06-23T16:55:33Z

/test periodic-ci-openshift-hyperfleet-hyperfleet-e2e-main-e2e-tier1-nightly

openshift-ci · 2026-06-23T16:55:36Z

@ma-hill: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test e2e-deployment-validation

/test e2e-images

/test images-images

/test lint

/test rc-e2e-images

Use /test all to run all jobs.

Details

In response to this:

/test periodic-ci-openshift-hyperfleet-hyperfleet-e2e-main-e2e-tier1-nightly

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

coderabbitai

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/runbook.md`:
- Around line 9-13: The Table of Contents entry for the CI section is pointing
to the wrong anchor, so update the item referenced by the runbook TOC to match
the actual section title. Adjust the existing “Test Coverage in CI” link in the
markdown list to target the anchor generated from the “CI Jobs” heading, and
verify any duplicated TOC entry in the same file uses the same corrected anchor
so navigation works consistently.
- Line 233: The markdown in the runbook has an unbalanced bold marker at the
line referencing pkg/labels/labels.go, which breaks formatting. Update the
affected sentence so the emphasis markers are properly balanced or remove the
stray leading markers, and verify the surrounding markdown renders correctly in
docs/runbook.md.

In `@perf/parse-report.sh`:
- Around line 15-17: The CLI filename handling in parse-report.sh is vulnerable
because paths starting with a dash can be treated as flags by downstream
commands. Update the argument handling around the input selection and every
file-consuming command that uses INPUT or REPORT_FILE (including the grep and
tee usage in the affected blocks) to pass filenames after a -- delimiter so they
are always parsed as operands, not options.

In `@perf/run-in-cluster.sh`:
- Around line 13-17: The QUAY_USER check in run-in-cluster.sh is expanding an
unset variable directly while nounset is enabled, so the script can fail before
reaching the explicit error path. Update the QUAY_USER guard to use a
nounset-safe existence check in the same conditional block, preserving the
current error messages and exit behavior in the script’s main setup flow.

In `@perf/seed-clusters.sh`:
- Around line 87-98: The cleanup loop in `perf/seed-clusters.sh` is marking
cluster IDs in `seen` before the DELETE succeeds, which prevents failed
deletions from being retried. Update the logic in the `while IFS= read -r id`
block so an ID is only recorded as seen after a successful `curl` DELETE (HTTP
2xx), or otherwise allow failed IDs to be retried on later passes. Keep the
deduplication behavior intact, but make sure `cleanup`/`reset` can attempt
deletion again when `http_code` is not 2xx.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c9eb58ad-b16b-4597-9d84-8ba01265462b

📥 Commits

Reviewing files that changed from the base of the PR and between 518fba3 and ee9985d.

📒 Files selected for processing (45)

CONTRIBUTING.md
Dockerfile
Makefile
README.md
deploy-scripts/.env.example
deploy-scripts/README.md
deploy-scripts/deploy-clm.sh
deploy-scripts/kind-build-images.sh
deploy-scripts/kind-local.sh
deploy-scripts/lib/adapter.sh
deploy-scripts/lib/api.sh
deploy-scripts/lib/common.sh
deploy-scripts/lib/gcp.sh
deploy-scripts/lib/helm.sh
deploy-scripts/lib/sentinel.sh
docs/development.md
docs/getting-started.md
docs/local-kind-setup.md
docs/runbook.md
docs/setup.md
env/env.ci
env/env.local
perf/README.md
perf/parse-report.sh
perf/run-in-cluster.sh
perf/seed-clusters.sh
testdata/adapter-configs/cl-deployment/adapter-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
testdata/adapter-configs/cl-deployment/values.yaml
testdata/adapter-configs/cl-job/adapter-config.yaml
testdata/adapter-configs/cl-job/adapter-task-config.yaml
testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
testdata/adapter-configs/cl-job/values.yaml
testdata/adapter-configs/cl-maestro/adapter-config.yaml
testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
testdata/adapter-configs/cl-maestro/values.yaml
testdata/adapter-configs/cl-namespace/adapter-config.yaml
testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
testdata/adapter-configs/cl-namespace/values.yaml
testdata/adapter-configs/np-configmap/adapter-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
testdata/adapter-configs/np-configmap/values.yaml

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

openshift-hyperfleet/architecture (manual)
openshift-hyperfleet/hyperfleet-api (manual)
openshift-hyperfleet/hyperfleet-sentinel (manual)
openshift-hyperfleet/hyperfleet-adapter (manual)
openshift-hyperfleet/hyperfleet-broker (manual)

💤 Files with no reviewable changes (33)

deploy-scripts/kind-build-images.sh
testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-config.yaml
testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
testdata/adapter-configs/cl-deployment/adapter-config.yaml
deploy-scripts/lib/api.sh
testdata/adapter-configs/cl-maestro/adapter-config.yaml
testdata/adapter-configs/cl-namespace/values.yaml
testdata/adapter-configs/cl-job/adapter-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
testdata/adapter-configs/cl-deployment/values.yaml
testdata/adapter-configs/cl-job/values.yaml
testdata/adapter-configs/cl-maestro/values.yaml
deploy-scripts/README.md
testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
deploy-scripts/lib/common.sh
testdata/adapter-configs/cl-job/adapter-task-config.yaml
deploy-scripts/deploy-clm.sh
testdata/adapter-configs/cl-deployment/adapter-task-config.yaml
deploy-scripts/.env.example
deploy-scripts/lib/gcp.sh
testdata/adapter-configs/cl-namespace/adapter-config.yaml
deploy-scripts/lib/helm.sh
docs/local-kind-setup.md
deploy-scripts/kind-local.sh
deploy-scripts/lib/adapter.sh
testdata/adapter-configs/np-configmap/values.yaml
testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
deploy-scripts/lib/sentinel.sh
testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
testdata/adapter-configs/np-configmap/adapter-config.yaml
env/env.ci
Makefile

✅ Files skipped from review due to trivial changes (2)

docs/development.md
README.md

🚧 Files skipped from review as they are similar to previous changes (3)

env/env.local
CONTRIBUTING.md
Dockerfile

coderabbitai

Caution

Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/runbook.md`:
- Around line 9-13: The Table of Contents entry for the CI section is pointing
to the wrong anchor, so update the item referenced by the runbook TOC to match
the actual section title. Adjust the existing “Test Coverage in CI” link in the
markdown list to target the anchor generated from the “CI Jobs” heading, and
verify any duplicated TOC entry in the same file uses the same corrected anchor
so navigation works consistently.
- Line 233: The markdown in the runbook has an unbalanced bold marker at the
line referencing pkg/labels/labels.go, which breaks formatting. Update the
affected sentence so the emphasis markers are properly balanced or remove the
stray leading markers, and verify the surrounding markdown renders correctly in
docs/runbook.md.

In `@perf/parse-report.sh`:
- Around line 15-17: The CLI filename handling in parse-report.sh is vulnerable
because paths starting with a dash can be treated as flags by downstream
commands. Update the argument handling around the input selection and every
file-consuming command that uses INPUT or REPORT_FILE (including the grep and
tee usage in the affected blocks) to pass filenames after a -- delimiter so they
are always parsed as operands, not options.

In `@perf/run-in-cluster.sh`:
- Around line 13-17: The QUAY_USER check in run-in-cluster.sh is expanding an
unset variable directly while nounset is enabled, so the script can fail before
reaching the explicit error path. Update the QUAY_USER guard to use a
nounset-safe existence check in the same conditional block, preserving the
current error messages and exit behavior in the script’s main setup flow.

In `@perf/seed-clusters.sh`:
- Around line 87-98: The cleanup loop in `perf/seed-clusters.sh` is marking
cluster IDs in `seen` before the DELETE succeeds, which prevents failed
deletions from being retried. Update the logic in the `while IFS= read -r id`
block so an ID is only recorded as seen after a successful `curl` DELETE (HTTP
2xx), or otherwise allow failed IDs to be retried on later passes. Keep the
deduplication behavior intact, but make sure `cleanup`/`reset` can attempt
deletion again when `http_code` is not 2xx.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c9eb58ad-b16b-4597-9d84-8ba01265462b

📥 Commits

Reviewing files that changed from the base of the PR and between 518fba3 and ee9985d.

📒 Files selected for processing (45)

CONTRIBUTING.md
Dockerfile
Makefile
README.md
deploy-scripts/.env.example
deploy-scripts/README.md
deploy-scripts/deploy-clm.sh
deploy-scripts/kind-build-images.sh
deploy-scripts/kind-local.sh
deploy-scripts/lib/adapter.sh
deploy-scripts/lib/api.sh
deploy-scripts/lib/common.sh
deploy-scripts/lib/gcp.sh
deploy-scripts/lib/helm.sh
deploy-scripts/lib/sentinel.sh
docs/development.md
docs/getting-started.md
docs/local-kind-setup.md
docs/runbook.md
docs/setup.md
env/env.ci
env/env.local
perf/README.md
perf/parse-report.sh
perf/run-in-cluster.sh
perf/seed-clusters.sh
testdata/adapter-configs/cl-deployment/adapter-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
testdata/adapter-configs/cl-deployment/values.yaml
testdata/adapter-configs/cl-job/adapter-config.yaml
testdata/adapter-configs/cl-job/adapter-task-config.yaml
testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
testdata/adapter-configs/cl-job/values.yaml
testdata/adapter-configs/cl-maestro/adapter-config.yaml
testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
testdata/adapter-configs/cl-maestro/values.yaml
testdata/adapter-configs/cl-namespace/adapter-config.yaml
testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
testdata/adapter-configs/cl-namespace/values.yaml
testdata/adapter-configs/np-configmap/adapter-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
testdata/adapter-configs/np-configmap/values.yaml

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

openshift-hyperfleet/architecture (manual)
openshift-hyperfleet/hyperfleet-api (manual)
openshift-hyperfleet/hyperfleet-sentinel (manual)
openshift-hyperfleet/hyperfleet-adapter (manual)
openshift-hyperfleet/hyperfleet-broker (manual)

💤 Files with no reviewable changes (33)

deploy-scripts/kind-build-images.sh
testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-config.yaml
testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
testdata/adapter-configs/cl-deployment/adapter-config.yaml
deploy-scripts/lib/api.sh
testdata/adapter-configs/cl-maestro/adapter-config.yaml
testdata/adapter-configs/cl-namespace/values.yaml
testdata/adapter-configs/cl-job/adapter-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
testdata/adapter-configs/cl-deployment/values.yaml
testdata/adapter-configs/cl-job/values.yaml
testdata/adapter-configs/cl-maestro/values.yaml
deploy-scripts/README.md
testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
deploy-scripts/lib/common.sh
testdata/adapter-configs/cl-job/adapter-task-config.yaml
deploy-scripts/deploy-clm.sh
testdata/adapter-configs/cl-deployment/adapter-task-config.yaml
deploy-scripts/.env.example
deploy-scripts/lib/gcp.sh
testdata/adapter-configs/cl-namespace/adapter-config.yaml
deploy-scripts/lib/helm.sh
docs/local-kind-setup.md
deploy-scripts/kind-local.sh
deploy-scripts/lib/adapter.sh
testdata/adapter-configs/np-configmap/values.yaml
testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
deploy-scripts/lib/sentinel.sh
testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
testdata/adapter-configs/np-configmap/adapter-config.yaml
env/env.ci
Makefile

✅ Files skipped from review due to trivial changes (2)

docs/development.md
README.md

🚧 Files skipped from review as they are similar to previous changes (3)

env/env.local
CONTRIBUTING.md
Dockerfile

🛑 Comments failed to post (5)

docs/runbook.md (2)
9-13: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Fix the broken Table-of-Contents anchor at Line 12.

[Test Coverage in CI](#test-coverage-in-ci) does not resolve because the section is ## CI Jobs (anchor #ci-jobs).
Patch
-- [Test Coverage in CI](`#test-coverage-in-ci`)
+- [CI Jobs](`#ci-jobs`)
Also applies to: 221-221

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 12-12: Link fragments should be valid

(MD051, link-fragments)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/runbook.md` around lines 9 - 13, The Table of Contents entry for the CI
section is pointing to the wrong anchor, so update the item referenced by the
runbook TOC to match the actual section title. Adjust the existing “Test
Coverage in CI” link in the markdown list to target the anchor generated from
the “CI Jobs” heading, and verify any duplicated TOC entry in the same file uses
the same corrected anchor so navigation works consistently.
Source: Linters/SAST tools

233-233: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Fix malformed markdown at Line 233.

The leading ** is unbalanced and breaks formatting.
Patch
-** based on [`pkg/labels/labels.go`](../pkg/labels/labels.go) file tags
+Based on tags defined in [`pkg/labels/labels.go`](../pkg/labels/labels.go).
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Based on tags defined in [`pkg/labels/labels.go`](../pkg/labels/labels.go).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/runbook.md` at line 233, The markdown in the runbook has an unbalanced
bold marker at the line referencing pkg/labels/labels.go, which breaks
formatting. Update the affected sentence so the emphasis markers are properly
balanced or remove the stray leading markers, and verify the surrounding
markdown renders correctly in docs/runbook.md.
perf/parse-report.sh (1)
15-17: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Harden CLI filename handling against argument injection (CWE-88).

$1 can be a valid file beginning with -; current grep ... "$INPUT" / tee "$REPORT_FILE" can parse it as flags. Use -- delimiters on all filename arguments.
Patch
-SUMMARY=$(grep -E "[0-9]+ Passed" "$INPUT" 2>/dev/null | tail -1 || true)
+SUMMARY=$(grep -E "[0-9]+ Passed" -- "$INPUT" 2>/dev/null | tail -1 || true)
@@
-DURATION=$(grep -E "^Ran [0-9]+" "$INPUT" 2>/dev/null | tail -1 || true)
+DURATION=$(grep -E "^Ran [0-9]+" -- "$INPUT" 2>/dev/null | tail -1 || true)
@@
-grep "\[PERF\]" "$INPUT" | sed 's/^[[:space:]]*/  /' || echo "  No latency data found"
+grep "\[PERF\]" -- "$INPUT" | sed 's/^[[:space:]]*/  /' || echo "  No latency data found"
@@
-FAILURES=$(grep -c "\[FAIL\]" "$INPUT" 2>/dev/null || true)
+FAILURES=$(grep -c "\[FAIL\]" -- "$INPUT" 2>/dev/null || true)
@@
-  grep "\[FAIL\]" "$INPUT" | sed 's/^[[:space:]]*/  /'
+  grep "\[FAIL\]" -- "$INPUT" | sed 's/^[[:space:]]*/  /'
@@
-} | tee "$REPORT_FILE"
+} | tee -- "$REPORT_FILE"
As per path instructions, “Validate input at system boundaries (HTTP handlers, CLI parsers, webhook receivers).”

Also applies to: 53-73, 78-78
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@perf/parse-report.sh` around lines 15 - 17, The CLI filename handling in
parse-report.sh is vulnerable because paths starting with a dash can be treated
as flags by downstream commands. Update the argument handling around the input
selection and every file-consuming command that uses INPUT or REPORT_FILE
(including the grep and tee usage in the affected blocks) to pass filenames
after a -- delimiter so they are always parsed as operands, not options.
Source: Path instructions
perf/run-in-cluster.sh (1)
13-17: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Guard QUAY_USER under nounset to avoid premature exit (CWE-703).

Line 13 expands QUAY_USER directly while set -u is active, so the script can terminate with “unbound variable” before your explicit error message path runs.
Proposed fix
-if [[ -z "${QUAY_USER}" ]]; then
+if [[ -z "${QUAY_USER:-}" ]]; then
   echo "ERROR: QUAY_USER is not set"
   echo "Add QUAY_USER=myuser to env/env.local or export it"
   exit 1
 fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
if [[ -z "${QUAY_USER:-}" ]]; then
  echo "ERROR: QUAY_USER is not set"
  echo "Add QUAY_USER=myuser to env/env.local or export it"
  exit 1
fi
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@perf/run-in-cluster.sh` around lines 13 - 17, The QUAY_USER check in
run-in-cluster.sh is expanding an unset variable directly while nounset is
enabled, so the script can fail before reaching the explicit error path. Update
the QUAY_USER guard to use a nounset-safe existence check in the same
conditional block, preserving the current error messages and exit behavior in
the script’s main setup flow.
perf/seed-clusters.sh (1)
87-98: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Retry logic is broken by pre-marking seen IDs (CWE-670).

Line 91 marks IDs as processed before DELETE. When DELETE fails once, that ID is never retried, so cleanup/reset can leave clusters behind.
Proposed fix
-      [[ -n "${seen[$id]:-}" ]] && continue
-      seen[$id]=1
+      [[ -n "${seen[$id]:-}" ]] && continue
       local http_code
       http_code=$(curl -s -o /dev/null -w '%{http_code}' $CURL_OPTS -X DELETE "$API_BASE/clusters/$id" --http1.1)
       if [[ "$http_code" =~ ^2 ]]; then
+        seen[$id]=1
         deleted=$((deleted + 1))
       else
         echo "  WARN: DELETE $id returned HTTP $http_code"
       fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
    while IFS= read -r id; do
      [[ -z "$id" ]] && continue
      [[ "$id" =~ ^[a-zA-Z0-9_-]+$ ]] || continue
      [[ -n "${seen[$id]:-}" ]] && continue
      local http_code
      http_code=$(curl -s -o /dev/null -w '%{http_code}' $CURL_OPTS -X DELETE "$API_BASE/clusters/$id" --http1.1)
      if [[ "$http_code" =~ ^2 ]]; then
        seen[$id]=1
        deleted=$((deleted + 1))
      else
        echo "  WARN: DELETE $id returned HTTP $http_code"
      fi
🧰 Tools

🪛 Shellcheck (0.11.0)

[info] 93-93: Double quote to prevent globbing and word splitting.

(SC2086)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@perf/seed-clusters.sh` around lines 87 - 98, The cleanup loop in
`perf/seed-clusters.sh` is marking cluster IDs in `seen` before the DELETE
succeeds, which prevents failed deletions from being retried. Update the logic
in the `while IFS= read -r id` block so an ID is only recorded as seen after a
successful `curl` DELETE (HTTP 2xx), or otherwise allow failed IDs to be retried
on later passes. Keep the deduplication behavior intact, but make sure
`cleanup`/`reset` can attempt deletion again when `http_code` is not 2xx.

coderabbitai

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/runbook.md`:
- Line 12: The table of contents entry for the Test Coverage section points to
the wrong fragment, so update the markdown link target in the runbook TOC to
match the actual section heading “CI Jobs” and apply the same fix to the other
duplicated TOC entries noted in the comment. Locate the broken anchors near the
“Test Coverage in CI” entries and ensure each link uses the fragment generated
from the real heading text so the jump works correctly.

In `@perf/run-in-cluster.sh`:
- Around line 13-16: The QUAY_USER check in run-in-cluster.sh is unsafe under
nounset mode because direct expansion of an unset variable aborts before the
error handling runs. Update the QUAY_USER validation in the script’s startup
guard to use a safe unset-aware test, then keep the existing error messaging and
exit path so the script reaches the intended failure branch when QUAY_USER is
missing.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: d009a883-82a0-40ed-989d-3513b2c5379e

📥 Commits

Reviewing files that changed from the base of the PR and between ee9985d and c0d093a.

📒 Files selected for processing (46)

.env.example
CONTRIBUTING.md
Dockerfile
Makefile
README.md
deploy-scripts/.env.example
deploy-scripts/README.md
deploy-scripts/deploy-clm.sh
deploy-scripts/kind-build-images.sh
deploy-scripts/kind-local.sh
deploy-scripts/lib/adapter.sh
deploy-scripts/lib/api.sh
deploy-scripts/lib/common.sh
deploy-scripts/lib/gcp.sh
deploy-scripts/lib/helm.sh
deploy-scripts/lib/sentinel.sh
docs/development.md
docs/getting-started.md
docs/local-kind-setup.md
docs/runbook.md
docs/setup.md
env/env.ci
env/env.local
perf/README.md
perf/parse-report.sh
perf/run-in-cluster.sh
perf/seed-clusters.sh
testdata/adapter-configs/cl-deployment/adapter-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
testdata/adapter-configs/cl-deployment/values.yaml
testdata/adapter-configs/cl-job/adapter-config.yaml
testdata/adapter-configs/cl-job/adapter-task-config.yaml
testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
testdata/adapter-configs/cl-job/values.yaml
testdata/adapter-configs/cl-maestro/adapter-config.yaml
testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
testdata/adapter-configs/cl-maestro/values.yaml
testdata/adapter-configs/cl-namespace/adapter-config.yaml
testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
testdata/adapter-configs/cl-namespace/values.yaml
testdata/adapter-configs/np-configmap/adapter-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
testdata/adapter-configs/np-configmap/values.yaml

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

openshift-hyperfleet/architecture (manual)
openshift-hyperfleet/hyperfleet-api (manual)
openshift-hyperfleet/hyperfleet-sentinel (manual)
openshift-hyperfleet/hyperfleet-adapter (manual)
openshift-hyperfleet/hyperfleet-broker (manual)

💤 Files with no reviewable changes (35)

testdata/adapter-configs/cl-deployment/values.yaml
testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
testdata/adapter-configs/np-configmap/values.yaml
testdata/adapter-configs/cl-maestro/values.yaml
docs/local-kind-setup.md
testdata/adapter-configs/cl-deployment/adapter-task-config.yaml
testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
testdata/adapter-configs/cl-namespace/values.yaml
deploy-scripts/kind-build-images.sh
.env.example
testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
deploy-scripts/lib/gcp.sh
deploy-scripts/lib/api.sh
testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
testdata/adapter-configs/cl-job/values.yaml
deploy-scripts/kind-local.sh
testdata/adapter-configs/cl-job/adapter-task-config.yaml
testdata/adapter-configs/cl-namespace/adapter-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-config.yaml
deploy-scripts/lib/common.sh
testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
testdata/adapter-configs/cl-deployment/adapter-config.yaml
testdata/adapter-configs/cl-job/adapter-config.yaml
deploy-scripts/README.md
deploy-scripts/lib/sentinel.sh
testdata/adapter-configs/cl-maestro/adapter-config.yaml
deploy-scripts/lib/helm.sh
testdata/adapter-configs/np-configmap/adapter-config.yaml
Dockerfile
deploy-scripts/lib/adapter.sh
deploy-scripts/.env.example
env/env.ci
deploy-scripts/deploy-clm.sh
Makefile

✅ Files skipped from review due to trivial changes (6)

docs/setup.md
env/env.local
README.md
CONTRIBUTING.md
docs/development.md
perf/README.md

… test configs Removed obsolete local deployment infrastructure and test adapter configurations that are no longer needed for E2E testing workflow. - Removed deploy-scripts/ directory with local kind deployment automation (replaced by hyperfleet-infra terraform) - Removed testdata/adapter-configs/ test fixtures for individual adapters (cl-deployment, cl-job, cl-maestro, cl-namespace, np-configmap) - Removed docs/local-kind-setup.md (consolidated into docs/setup.md) - Added docs/setup.md with streamlined setup instructions for kind and GCP deployments - Added env/env.local template for local environment configuration - Updated perf/README.md to reference new setup guide and configuration verification steps - Updated docs/development.md and docs/getting-started.md to point to new setup guide - Cleaned up .env.example, Dockerfile, and Makefile to remove legacy references

coderabbitai

♻️ Duplicate comments (1)

perf/run-in-cluster.sh (1)
13-16: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Line 13: nounset abort bypasses intended error path (CWE-703).

set -u makes ${QUAY_USER} crash when unset, so the script exits before your custom error/help text runs.
Patch
-if [[ -z "${QUAY_USER}" ]]; then
+if [[ -z "${QUAY_USER:-}" ]]; then
#!/bin/bash
# Verify unsafe nounset expansion is still present
set -euo pipefail
rg -n 'set -euo pipefail|\$\{QUAY_USER\}|\$\{QUAY_USER:-\}' perf/run-in-cluster.sh
As per path instructions, "Prioritize Critical and Major severity issues. Minimize Minor and Trivial findings."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@perf/run-in-cluster.sh` around lines 13 - 16, The QUAY_USER check in
run-in-cluster.sh is using an unguarded nounset expansion, so the script can
abort before reaching the intended error/help branch. Update the QUAY_USER
validation in the top-level shell logic to use a safe parameter check that works
under set -u, and keep the existing error messages and exit path in place. Use
the QUAY_USER test block as the fix point so the custom failure handling still
runs when the variable is unset.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@perf/run-in-cluster.sh`:
- Around line 13-16: The QUAY_USER check in run-in-cluster.sh is using an
unguarded nounset expansion, so the script can abort before reaching the
intended error/help branch. Update the QUAY_USER validation in the top-level
shell logic to use a safe parameter check that works under set -u, and keep the
existing error messages and exit path in place. Use the QUAY_USER test block as
the fix point so the custom failure handling still runs when the variable is
unset.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: de1db2b1-5d7a-4530-8e05-4e034443b2fb

📥 Commits

Reviewing files that changed from the base of the PR and between c0d093a and b13be3a.

📒 Files selected for processing (46)

.env.example
CONTRIBUTING.md
Dockerfile
Makefile
README.md
deploy-scripts/.env.example
deploy-scripts/README.md
deploy-scripts/deploy-clm.sh
deploy-scripts/kind-build-images.sh
deploy-scripts/kind-local.sh
deploy-scripts/lib/adapter.sh
deploy-scripts/lib/api.sh
deploy-scripts/lib/common.sh
deploy-scripts/lib/gcp.sh
deploy-scripts/lib/helm.sh
deploy-scripts/lib/sentinel.sh
docs/development.md
docs/getting-started.md
docs/local-kind-setup.md
docs/runbook.md
docs/setup.md
env/env.ci
env/env.local
perf/README.md
perf/parse-report.sh
perf/run-in-cluster.sh
perf/seed-clusters.sh
testdata/adapter-configs/cl-deployment/adapter-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
testdata/adapter-configs/cl-deployment/values.yaml
testdata/adapter-configs/cl-job/adapter-config.yaml
testdata/adapter-configs/cl-job/adapter-task-config.yaml
testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
testdata/adapter-configs/cl-job/values.yaml
testdata/adapter-configs/cl-maestro/adapter-config.yaml
testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
testdata/adapter-configs/cl-maestro/values.yaml
testdata/adapter-configs/cl-namespace/adapter-config.yaml
testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
testdata/adapter-configs/cl-namespace/values.yaml
testdata/adapter-configs/np-configmap/adapter-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-config.yaml
testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
testdata/adapter-configs/np-configmap/values.yaml

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

openshift-hyperfleet/architecture (manual)
openshift-hyperfleet/hyperfleet-api (manual)
openshift-hyperfleet/hyperfleet-sentinel (manual)
openshift-hyperfleet/hyperfleet-adapter (manual)
openshift-hyperfleet/hyperfleet-broker (manual)

💤 Files with no reviewable changes (35)

testdata/adapter-configs/np-configmap/adapter-config.yaml
testdata/adapter-configs/cl-job/values.yaml
testdata/adapter-configs/cl-deployment/values.yaml
testdata/adapter-configs/np-configmap/values.yaml
testdata/adapter-configs/np-configmap/adapter-task-config.yaml
testdata/adapter-configs/cl-maestro/adapter-config.yaml
testdata/adapter-configs/cl-job/adapter-config.yaml
deploy-scripts/lib/helm.sh
docs/local-kind-setup.md
testdata/adapter-configs/cl-deployment/adapter-config.yaml
Dockerfile
testdata/adapter-configs/cl-namespace/adapter-config.yaml
testdata/adapter-configs/cl-namespace/values.yaml
testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
deploy-scripts/.env.example
testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
testdata/adapter-configs/cl-maestro/values.yaml
deploy-scripts/lib/api.sh
testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
deploy-scripts/README.md
deploy-scripts/lib/adapter.sh
testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
deploy-scripts/kind-local.sh
deploy-scripts/lib/gcp.sh
.env.example
testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
env/env.ci
deploy-scripts/lib/common.sh
deploy-scripts/lib/sentinel.sh
testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
deploy-scripts/deploy-clm.sh
deploy-scripts/kind-build-images.sh
Makefile
testdata/adapter-configs/cl-job/adapter-task-config.yaml
testdata/adapter-configs/cl-deployment/adapter-task-config.yaml

✅ Files skipped from review due to trivial changes (6)

CONTRIBUTING.md
docs/development.md
README.md
perf/README.md
docs/setup.md
docs/runbook.md

🚧 Files skipped from review as they are similar to previous changes (1)

env/env.local

rafabene · 2026-06-24T19:19:27Z

Important

Impact warning — file outside this PR

File: docs/debugging.md (lines 5 and 249)

This PR renamed the heading ## Common Failure Modes and Troubleshooting → ## Troubleshooting in docs/runbook.md, which breaks two anchor links in docs/debugging.md:

Line 5: [runbook.md troubleshooting section](runbook.md#common-failure-modes-and-troubleshooting)
Line 249: [runbook troubleshooting section](runbook.md#common-failure-modes-and-troubleshooting)

Both should be updated to runbook.md#troubleshooting.

openshift-ci Bot added the do-not-merge/work-in-progress label Jun 10, 2026

ma-hill force-pushed the HYPERFLEET-1058 branch from c5780cf to 518fba3 Compare June 11, 2026 14:10

openshift-ci Bot added the needs-rebase label Jun 16, 2026

ma-hill force-pushed the HYPERFLEET-1058 branch from 518fba3 to 52ef8f0 Compare June 16, 2026 19:33

openshift-ci Bot removed the needs-rebase label Jun 16, 2026

openshift-ci Bot added the needs-rebase label Jun 24, 2026

ma-hill force-pushed the HYPERFLEET-1058 branch from bc23603 to 8a72c24 Compare June 24, 2026 16:29

openshift-ci Bot removed the needs-rebase label Jun 24, 2026

ma-hill force-pushed the HYPERFLEET-1058 branch from 8a72c24 to ee9985d Compare June 24, 2026 16:32

ma-hill marked this pull request as ready for review June 24, 2026 16:37

openshift-ci Bot removed the do-not-merge/work-in-progress label Jun 24, 2026

openshift-ci Bot requested review from crizzo71 and mbrudnoy June 24, 2026 16:37

coderabbitai Bot reviewed Jun 24, 2026

View reviewed changes

ma-hill force-pushed the HYPERFLEET-1058 branch from ee9985d to c0d093a Compare June 24, 2026 16:45

coderabbitai Bot reviewed Jun 24, 2026

View reviewed changes

Comment thread docs/runbook.md Outdated

Comment thread perf/run-in-cluster.sh

ma-hill force-pushed the HYPERFLEET-1058 branch from c0d093a to 3186cfa Compare June 24, 2026 17:01

rafabene reviewed Jun 24, 2026

View reviewed changes

Comment thread perf/README.md Outdated

rafabene reviewed Jun 24, 2026

View reviewed changes

Comment thread docs/runbook.md Outdated

ma-hill force-pushed the HYPERFLEET-1058 branch from 3186cfa to b13be3a Compare June 24, 2026 19:12

coderabbitai Bot reviewed Jun 24, 2026

View reviewed changes

Conversation

ma-hill commented Jun 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Changes

Removed Legacy Deployment Infrastructure

Added Consolidated Documentation

Updated Cross-References

Cleaned Up Build Configuration

Notes

Test Plan

Uh oh!

openshift-ci Bot commented Jun 10, 2026

Uh oh!

coderabbitai Bot commented Jun 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Walkthrough

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

openshift-ci Bot commented Jun 11, 2026

Uh oh!

ma-hill commented Jun 11, 2026

Uh oh!

coderabbitai Bot commented Jun 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ma-hill commented Jun 23, 2026

Uh oh!

openshift-ci Bot commented Jun 23, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

rafabene commented Jun 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

ma-hill commented Jun 10, 2026 •

edited

Loading

coderabbitai Bot commented Jun 10, 2026 •

edited

Loading

coderabbitai Bot commented Jun 11, 2026 •

edited

Loading