[SANDBOX-1701] chore: upgrade to OCP 4.21 dependencies

[metlos]

Update openshift/api and openshift/library-go to release-4.21, k8s.io deps to v0.34.1, controller-runtime to v0.22.0.

Adapt test FakeClient to work with real SSA support:

• Remove Apply→Merge workaround (SSA is now natively supported)
• Handle generation bump for SSA-created objects
• Work around controller-runtime fake client bug where Update discards caller-set managedFields (needed for csaupgrade migration)
• Add NewFakeClientWithManagedFields for tests that verify SSA managed fields behavior
• Fix SSA migration test to provide APIVersion in ManagedFieldsEntry and use a non-empty Service spec for proper field tracking

Assisted-by: Claude Code

Summary by CodeRabbit

• Chores

  • Updated many dependencies to newer versions (Kubernetes v0.34.x, OpenShift release-4.21, Prometheus, protobuf, testing and utility libraries).
  • Added a module replace directive to point to an alternate API module.

• Tests

  • Enhanced tests to validate managed-fields behavior during server-side apply scenarios.
  • Improved fake client test utilities to simulate and preserve managed fields for more realistic SSA testing.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8e46d81d-a2fe-44cc-bdbc-9b922f9f7e33

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

Updates Go module dependencies to newer versions across OpenShift, Kubernetes, Prometheus, and related packages. Adds a replace directive for the codeready-toolchain API module. Adds managed-fields support to the test fake client and expands SSA-related tests to validate managed fields behavior.

Changes

Cohort / File(s)	Summary
Dependency Management go.mod	Bumped many dependencies (k8s APIs/controller-runtime, OpenShift libs, Prometheus, ginkgo/gomega, protobuf, yaml, semver, fsnotify, oauth2, etc.). Added replace github.com/codeready-toolchain/api => github.com/metlos/api ....
Test Fake Client pkg/test/client.go	Added NewFakeClientWithManagedFields. Refactored fake client construction to accept managed-fields mode, preserve caller-set managedFields on Update by re-applying via MergePatch, and adjusted Patch/Apply handling for generation initialization.
SSA Migration Tests pkg/client/ssa_client_test.go	Updated tests to use NewFakeClientWithManagedFields. Expanded assertions to include ManagedFields entries (Apply entry for field owner, potential Update entries for old owner) and conditional expectations based on migration flags.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 22.22% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main change: upgrading OpenShift 4.20 dependencies to 4.21, along with related Kubernetes and other dependency updates, plus SSA-related test framework adaptations.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Around line 126-127: The go.mod contains a replace directive "replace
github.com/codeready-toolchain/api => github.com/metlos/api
v0.0.0-20260311111036-f94bc6f41690" that points to a personal fork; either
remove this replace or replace it with the official module, and if keeping it
temporarily, add an inline comment and a linked issue/PR that documents why the
fork is required and the plan to revert (e.g., add a TODO with issue/PR number
and an expiration rationale next to the replace directive), and update the
commit message to explain the temporary nature and timeline for removal.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ef7f35c2-5aec-455e-9990-5b5b276c6e61

📥 Commits

Reviewing files that changed from the base of the PR and between 52d9242 and bbfe574.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• go.mod
• pkg/client/ssa_client_test.go
• pkg/test/client.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if there's an open PR in the codeready-toolchain/api repo that this fork might be based on
echo "Checking the fork commit referenced in the replace directive..."
echo "Fork: github.com/metlos/api @ v0.0.0-20260311111036-f94bc6f41690"
echo ""
echo "This appears to be a personal fork. Verify that:"
echo "1. The required API changes are being upstreamed"
echo "2. This replace directive will be removed before merge or shortly after"
echo ""
# Check if the main API repo has recent activity that might include these changes
gh api repos/codeready-toolchain/api/pulls --jq '.[0:5] | .[] | {number, title, state, user: .user.login}' 2>/dev/null || echo "Could not fetch PR info"

Repository: codeready-toolchain/toolchain-common

Length of output: 516

---

🏁 Script executed:

# Check the actual content of go.mod at the specified lines
cat -n go.mod | sed -n '120,135p'

Repository: codeready-toolchain/toolchain-common

Length of output: 502

---

🏁 Script executed:

# Check git history for this change
git log --oneline -20 -- go.mod

Repository: codeready-toolchain/toolchain-common

Length of output: 127

---

🏁 Script executed:

# Look for any recent commits that added this replace directive
git log -p -S "metlos/api" -- go.mod | head -100

Repository: codeready-toolchain/toolchain-common

Length of output: 62

---

🏁 Script executed:

# Get the full commit message and diff context
git show bbfe574 --stat | head -50

Repository: codeready-toolchain/toolchain-common

Length of output: 2799

---

🏁 Script executed:

# Check if there's any branch information or PR context
git log bbfe574 -1 --format=fuller

Repository: codeready-toolchain/toolchain-common

Length of output: 1104

---

🏁 Script executed:

# Check if there are any CHANGELOG, PR templates, or issue references
git log bbfe574 -1 --format=%B

Repository: codeready-toolchain/toolchain-common

Length of output: 814

---

🏁 Script executed:

# Check if the replace directive is still in the current HEAD
git rev-parse HEAD

Repository: codeready-toolchain/toolchain-common

Length of output: 120

---

🏁 Script executed:

# Verify this is the actual current state
cat go.mod | grep -A 2 -B 2 "replace github.com/codeready-toolchain/api"

Repository: codeready-toolchain/toolchain-common

Length of output: 185

---

🏁 Script executed:

# Check if there are any recent commits after this that might address it
git log --oneline -10 -- go.mod

Repository: codeready-toolchain/toolchain-common

Length of output: 127

---

Remove or document the replace directive for the personal fork of codeready-toolchain/api.

The replace directive points to a personal fork (github.com/metlos/api) instead of the official repository. While this was included in the OCP 4.21 dependency upgrade commit, there is no explanation in the commit message for why this fork is necessary. This creates maintenance and security risks:

• Personal forks can be deleted, archived, or diverge from the official repo
• It creates an undocumented dependency that complicates dependency management
• It may cause resolution issues in CI/CD pipelines or for downstream consumers

Either document the temporary nature of this fork and the plan to remove it, or replace it with the official github.com/codeready-toolchain/api repository.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 126 - 127, The go.mod contains a replace directive
"replace github.com/codeready-toolchain/api => github.com/metlos/api
v0.0.0-20260311111036-f94bc6f41690" that points to a personal fork; either
remove this replace or replace it with the official module, and if keeping it
temporarily, add an inline comment and a linked issue/PR that documents why the
fork is required and the plan to revert (e.g., add a TODO with issue/PR number
and an expiration rationale next to the replace directive), and update the
commit message to explain the temporary nature and timeline for removal.

[coderabbitai]

♻️ Duplicate comments (1)

go.mod (1)

126-127: ⚠️ Potential issue | 🟠 Major

The personal fork replace directive persists.

The replace directive still points to a personal fork (github.com/metlos/api), though updated to a newer commit. The concerns raised in the previous review comment regarding maintainability, security, and dependency resolution remain applicable.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 126 - 127, Remove the personal-fork replace directive
that references "github.com/metlos/api" in go.mod and instead point the module
to the official upstream module (restore or add a versioned requirement for
"github.com/codeready-toolchain/api" with a proper semantic version or a vetted
commit pseudo-version); if a forked module is absolutely required for a
temporary fix, replace it with an organizationally-approved fork and document
the reason in a comment, and ensure the replace line referencing
"github.com/metlos/api" is deleted or replaced accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@go.mod`:
- Around line 126-127: Remove the personal-fork replace directive that
references "github.com/metlos/api" in go.mod and instead point the module to the
official upstream module (restore or add a versioned requirement for
"github.com/codeready-toolchain/api" with a proper semantic version or a vetted
commit pseudo-version); if a forked module is absolutely required for a
temporary fix, replace it with an organizationally-approved fork and document
the reason in a comment, and ensure the replace line referencing
"github.com/metlos/api" is deleted or replaced accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fc918ed0-04a8-425d-8a72-c1b9acbe4598

📥 Commits

Reviewing files that changed from the base of the PR and between bbfe574 and f8505ba.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[MatousJobanek]

interesting, is there a ling to an issue we could track?