OCPBUGS-61063: pkg/cli/admin/upgrade/recommend: Enable precheck and accept gates

[wking]

To make that functionality generally available. This could be a more thorough overhaul, e.g. I could drop the precheckEnabled knob entirely. But I'm doing the smallest possible pivot now, in case folks want to backport to older 4.y. And I can do the dev-branch polishing later on.

Summary by CodeRabbit

• New Features
  • The upgrade recommendation command now always exposes the quiet and accept options without extra enablement.
  • Prechecks run by default to surface potential issues before proceeding.
  • Acceptance is consistently enforced: the command errors if any issues remain unaccepted; if all issues are accepted, a confirmation is shown (suppressed in quiet mode).

[openshift-ci-robot]

@wking: This pull request references Jira Issue OCPBUGS-61063, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.21.0) matches configured target version for branch (4.21.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira ([email protected]), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

To make that functionality generally available. This could be a more thorough overhaul, e.g. I could drop the precheckEnabled knob entirely. But I'm doing the smallest possible pivot now, in case folks want to backport to older 4.y. And I can do the dev-branch polishing later on.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Removes feature-gate checks from the upgrade recommend command: always registers --quiet/--accept flags, always enables prechecks in Complete, and always enforces acceptance logic in Run. If any issues remain unaccepted, Run returns an error; if none remain and not quiet, it prints the accepted-issues message.

Changes

Cohort / File(s)	Summary
CLI upgrade recommend flow pkg/cli/admin/upgrade/recommend/recommend.go	Removed OC_ENABLE_CMD_UPGRADE_RECOMMEND_ACCEPT and OC_ENABLE_CMD_UPGRADE_RECOMMEND_PRECHECK gates; always register --quiet/--accept; set o.precheckEnabled = true in Complete; always enforce acceptance in Run with error when unaccepted issues exist; print accepted-issues message when not quiet.
Example outputs updated pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-not-recommended.version-4.12.51-output, pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-recommended.version-4.12.51-output, pkg/cli/admin/upgrade/recommend/examples/4.16.27-degraded-monitoring.version-4.16.32-output	Appended an error line reporting unaccepted issues (e.g., error: issues that apply to this cluster but which were not included in --accept: ...) to the example outputs; no other content changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant CLI as upgrade recommend CLI
  participant Complete as Complete()
  participant Run as Run()
  participant Prechecks as Prechecks
  participant Issues as Issues Checker

  Note over CLI: `--quiet` and `--accept` always registered
  User->>CLI: Invoke command
  CLI->>Complete: Parse flags, setup
  Note right of Complete: o.precheckEnabled = true (always)
  Complete-->>CLI: Options ready

  CLI->>Run: Execute
  Run->>Prechecks: Run prechecks (always)
  Prechecks-->>Run: Precheck results
  Run->>Issues: Collect/partition issues
  Issues-->>Run: accepted, unaccepted sets

  alt Unaccepted issues exist
    Run-->>User: Error listing unaccepted issues
  else No unaccepted issues
    opt Not quiet and there are accepted issues
      Run-->>User: Print accepted-issues message
    end
    Run-->>User: Exit success
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• ingvagabund

Poem

I thump my paw: the gates are gone—
Prechecks hop first, then we hop on.
Quiet or not, accept the list,
Unaccepted? We can’t desist.
Carrots aligned, the path is clear— 🥕🐇

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pkg/cli/admin/upgrade/recommend/recommend.go (1)

437-441: Bug: double-length slice with empty entries when collecting risks.

risks := make([]string, len(update.Risks)) followed by append() yields a slice with len=2n, half empty, leading to extra commas in the message.

Apply this diff:

-	risks := make([]string, len(update.Risks))
-	for _, risk := range update.Risks {
-		risks = append(risks, risk.Name)
-	}
+	risks := make([]string, 0, len(update.Risks))
+	for _, risk := range update.Risks {
+		risks = append(risks, risk.Name)
+	}

🧹 Nitpick comments (3)

pkg/cli/admin/upgrade/recommend/recommend.go (3)

65-66: Align flag help with behavior; tighten phrasing.

The current help for --quiet implies name-only output, which the code doesn’t yet do (see comment on Lines 344-348). Independently, the strings can be clearer.

Apply this diff to improve clarity:

-	flags.BoolVar(&o.quiet, "quiet", o.quiet, "When --quiet is true and --version is set, only print unaccepted issue names.")
-	flags.StringSliceVar(&o.accept, "accept", o.accept, "Comma-delimited names for issues that you find acceptable.  With --version, any unaccepted issues will result in a non-zero exit code.")
+	flags.BoolVar(&o.quiet, "quiet", o.quiet, "Only print unaccepted issue names (requires --version).")
+	flags.StringSliceVar(&o.accept, "accept", o.accept, "Names for issues you accept. Comma-delimited or repeat --accept. With --version, any unaccepted issues cause a non-zero exit code.")

---

137-137: The precheckEnabled knob is now vestigial.

Since it’s unconditionally set to true and only used as a gate, consider removing the field and the surrounding branch later. I understand the PR notes favor a minimal pivot/backportable change; treat this as follow-up tech debt.

---

306-311: Redundant nested quiet check.

The inner if !o.quiet is unnecessary because it’s already guarded by the outer condition.

Apply this diff:

-	if err := injectUpgradeableAsCondition(cv.Status.Desired.Version, c, majorMinorBuckets); err != nil && !o.quiet {
-		if !o.quiet {
-			fmt.Fprintf(o.ErrOut, "warning: Cannot inject %s=%s as a conditional update risk: %s\n\nReason: %s\n  Message: %s\n\n", c.Type, c.Status, err, c.Reason, strings.ReplaceAll(c.Message, "\n", "\n  "))
-		}
+	if err := injectUpgradeableAsCondition(cv.Status.Desired.Version, c, majorMinorBuckets); err != nil && !o.quiet {
+		fmt.Fprintf(o.ErrOut, "warning: Cannot inject %s=%s as a conditional update risk: %s\n\nReason: %s\n  Message: %s\n\n", c.Type, c.Status, err, c.Reason, strings.ReplaceAll(c.Message, "\n", "\n  "))
 	}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a434281 and 4060ec8.

📒 Files selected for processing (1)

• pkg/cli/admin/upgrade/recommend/recommend.go (3 hunks)

[wking]

Serial tests are expected to fail until openshift/origin#30113 merges

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-recommended.version-4.12.51-output (1)

19-19: Tiny copyedit for brevity.

Consider tightening “but which were” → “but were” to keep CLI output concise.

-error: issues that apply to this cluster but which were not included in --accept: AlertNoTestData,ConditionalUpdateRisk
+error: issues that apply to this cluster but were not included in --accept: AlertNoTestData,ConditionalUpdateRisk

pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-not-recommended.version-4.12.51-output (2)

19-19: Micro-grammar polish (optional).

Same brevity tweak as the other file.

-error: issues that apply to this cluster but which were not included in --accept: AlertNoTestData,ConditionalUpdateRisk
+error: issues that apply to this cluster but were not included in --accept: AlertNoTestData,ConditionalUpdateRisk

---

19-19: Optional UX hint mirror.

Keep examples consistent by adding the same actionable hint here.

 error: issues that apply to this cluster but which were not included in --accept: AlertNoTestData,ConditionalUpdateRisk
+hint: re-run with --accept=AlertNoTestData,ConditionalUpdateRisk to proceed

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4060ec8 and 8bdac16.

📒 Files selected for processing (4)

• pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-not-recommended.version-4.12.51-output (1 hunks)
• pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-recommended.version-4.12.51-output (1 hunks)
• pkg/cli/admin/upgrade/recommend/examples/4.16.27-degraded-monitoring.version-4.16.32-output (1 hunks)
• pkg/cli/admin/upgrade/recommend/recommend.go (3 hunks)

✅ Files skipped from review due to trivial changes (1)

• pkg/cli/admin/upgrade/recommend/examples/4.16.27-degraded-monitoring.version-4.16.32-output

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/cli/admin/upgrade/recommend/recommend.go

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: wking
PR: openshift/oc#2088
File: pkg/cli/admin/upgrade/recommend/recommend.go:344-348
Timestamp: 2025-09-03T22:29:02.623Z
Learning: In the `oc adm upgrade recommend` command, the --quiet flag behavior intentionally includes descriptive error context rather than just bare issue names, as human consumers benefit from the additional context. Machine consumers are expected to use a future API (referenced in openshift/api#2360) rather than parsing CLI output.

📚 Learning: 2025-09-03T22:29:02.623Z

Learnt from: wking
PR: openshift/oc#2088
File: pkg/cli/admin/upgrade/recommend/recommend.go:344-348
Timestamp: 2025-09-03T22:29:02.623Z
Learning: In the `oc adm upgrade recommend` command, the --quiet flag behavior intentionally includes descriptive error context rather than just bare issue names, as human consumers benefit from the additional context. Machine consumers are expected to use a future API (referenced in openshift/api#2360) rather than parsing CLI output.

Applied to files:

• pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-not-recommended.version-4.12.51-output
• pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-recommended.version-4.12.51-output

🔇 Additional comments (3)

pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-recommended.version-4.12.51-output (2)

18-19: Example updated to reflect new acceptance gating — looks good.

The added error line accurately mirrors the new behavior (error when issues remain unaccepted) and lists issue keys in stable, alphabetical order.

---

19-19: Add optional UX hint
Verified that all example outputs’ issue lists are alphabetical and duplicate-free; the suggested hint to re-run with --accept=… can be applied.

pkg/cli/admin/upgrade/recommend/examples/4.12.16-longest-not-recommended.version-4.12.51-output (1)

18-19: Consistent with enforced acceptance gating.

The appended error line correctly signals unaccepted issues for the not-recommended case; ordering and phrasing match the other example.

[hongkailiu]

/lgtm

Serial tests are expected to fail until openshift/origin#30113 merges

/hold

in case those tests are not required, let us give a chance to exercise them.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hongkailiu, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• pkg/cli/admin/upgrade/OWNERS [wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[petr-muller]

/cc

[openshift-ci]

@wking: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-certrotation	8bdac16	link	false	/test e2e-aws-certrotation
ci/prow/security	8bdac16	link	false	/test security
ci/prow/okd-scos-e2e-aws-ovn	8bdac16	link	false	/test okd-scos-e2e-aws-ovn
ci/prow/e2e-aws-ovn-serial-1of2	8bdac16	link	true	/test e2e-aws-ovn-serial-1of2

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[wking]

e2e-aws-ovn-serial-1of2 failed, as expected, with both no token is currently in use for this session and issues that apply to this cluster but which were not included in --accept. openshift/origin#30113 will address that. Until then, the failing presubmit will keep this pull from merging, because Prow/GitHub lists it as Required, so I'm lifting the hold that was put in place in case there failures didn't materialize, or weren't in a blocking job:

/hold cancel