[DNM] Add support for CAPI bootimage updates on AWS

[djoshy]

[DNM]

Summary by CodeRabbit

• New Features

  • Boot image controller can optionally reconcile Cluster API MachineSets and MachineDeployments (feature-gated), with dynamic watching and per-platform template updates for AWS, Azure, GCP (vSphere stub).

• Bug Fixes

  • Fixed vSphere template import parameter handling to avoid import-spec issues.

• Documentation

  • Added a comprehensive design doc describing Cluster API integration and reconciliation behavior.

• Chores

  • Updated module dependencies and expanded controller RBAC for Cluster API and provider machine templates.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds an optional Cluster API (CAPI) reconciliation path to the boot-image controller: dynamic client creation and wiring, filtered dynamic informers for MachineSets/MachineDeployments, platform-specific infra-template reconciliation (AWS/Azure/GCP; vSphere stub), RBAC updates, dependency bumps, MAPI migration handling, and a design document.

Changes

CAPI Boot Image Controller Extension

Layer / File(s)	Summary
Dependency updates & dynamic client go.mod, internal/clients/builder.go	Upgrade dependency graph and add Builder.DynamicClientOrDie() to create dynamic clients.
Client wiring at startup & RBAC cmd/machine-config-controller/start.go, manifests/machineconfigcontroller/clusterrole.yaml	Pass a dynamic client into bootimagecontroller.New(...) via ClientBuilder.DynamicClientOrDie(...) and add ClusterRole permissions for cluster.x-k8s.io and infrastructure.cluster.x-k8s.io resources.
Controller struct, lifecycle, and event wiring pkg/controller/bootimage/boot_image_controller.go	Add dynamic client/informer fields, CAPI GVRs and CAPINamespace, two-phase cache sync, lazy platform-specific template informer wiring, and unstructured event handlers; gate CAPI reconciliation behind feature flag.
CAPI MachineSet & MachineDeployment reconciliation pkg/controller/bootimage/capi_helpers.go	Implement syncCAPIMachineSets/syncCAPIMachineDeployments, per-resource reconcile logic, hot-loop protection, deterministic infra-template naming, and merge-patch updates of infrastructureRef.name.
Platform-specific CAPI reconciliation pkg/controller/bootimage/capi_platform_helpers.go	Implement AWS/Azure/GCP reconciler functions that compute target images and produce updated unstructured infra templates; include vSphere stub.
MAPI migration handling & small fixes pkg/controller/bootimage/ms_helpers.go, pkg/controller/bootimage/platform_helpers.go, pkg/controller/bootimage/vsphere_helpers.go	Feature-gated early-exit for CAPI-authoritative MachineSets in MAPI path, clarify patchSkipped semantics, and fix OVF import param passing.
Design documentation docs/BootImageCAPIDesign.md	New design doc detailing enrollment, immutable template update model, controller architecture, skew enforcement, platform mappings, RBAC, and feature-gate strategy.

Sequence Diagram(s)

(omitted — changes are primarily controller internals and libraries; no multi-actor runtime sequence diagram generated)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Suggested reviewers

• pablintino
• sergiordlr
• RishabhSaini

🚥 Pre-merge checks | ✅ 5 | ❌ 7

❌ Failed checks (7 inconclusive)

Check name	Status	Explanation	Resolution
Stable And Deterministic Test Names	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Test Structure And Quality	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Microshift Test Compatibility	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Single Node Openshift (Sno) Test Compatibility	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Topology-Aware Scheduling Compatibility	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Ote Binary Stdout Contract	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Ipv6 And Disconnected Network Test Compatibility	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title '[DNM] Add support for CAPI bootimage updates on AWS' accurately reflects the primary changes: adding CAPI support to the boot image controller with AWS-specific implementations, though it doesn't capture the full scope (Azure, GCP, vSphere support also added).
Docstring Coverage	✅ Passed	Docstring coverage is 87.50% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: djoshy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [djoshy]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 8

🧹 Nitpick comments (1)

pkg/controller/bootimage/capi_helpers.go (1)

43-78: ⚡ Quick win

Clean up or restore the commented-out selector logic.

The commented-out block (lines 43-65) appears to be the intended implementation for selector-based filtering. Currently listing all MachineSets with labels.Everything() may not be the desired behavior. For a draft PR this is understandable, but before merge this should be resolved.

Additionally, the state cleanup at lines 73-78 only runs when len(objs) == 0. This means if individual MachineSets are deleted, their entries in ctrl.capiBootImageState will persist indefinitely, causing a gradual memory leak.

💡 Suggested fix for state cleanup

After iterating through all objects, remove stale entries from the state map:

// After the for loop ends (after line 108), add:
currentMSNames := sets.New[string]()
for _, obj := range objs {
    currentMSNames.Insert(obj.GetName())
}
for k := range ctrl.capiBootImageState {
    if !currentMSNames.Has(k) {
        delete(ctrl.capiBootImageState, k)
    }
}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_helpers.go` around lines 43 - 78, The current
code bypasses the commented selector logic (the mcop fetch and
getMachineResourceSelectorFromMachineManagers call) and lists all MachineSets
with ctrl.capiMachineSetLister.List(labels.Everything()), and it only clears
ctrl.capiBootImageState when no objs exist which leaves stale entries when
individual MachineSets are removed. Restore the selector-based filtering by
reintroducing the mcop lookup and use
getMachineResourceSelectorFromMachineManagers (as in the commented block) to
build a selector for ctrl.capiMachineSetLister.List; additionally, after
processing the returned objs compute the current set of MachineSet names and
remove any keys from ctrl.capiBootImageState that are not present (or if you
keep the global listing approach, at minimum add this stale-entry cleanup),
referencing ctrl.capiBootImageState, ctrl.capiMachineSetLister.List, and
getMachineResourceSelectorFromMachineManagers so deletions do not leak state.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/BootImageCAPIDesign.md`:
- Around line 61-67: The fenced code block containing the snippet with
"MachineDeployment", "MachineSet", "spec.template.spec.infrastructureRef" and
"AWSMachineTemplate" needs a language tag to satisfy Markdown linting (MD040);
edit the fence opening from ``` to include a tag such as "text" (e.g., ```text)
so the block becomes a labeled code fence.

In `@go.mod`:
- Line 189: Replace the vulnerable indirect module versions in go.mod by bumping
github.com/sigstore/fulcio and github.com/docker/docker to patched releases
(upgrade the fulcio entry and the docker entry to the latest secure versions),
then update any affected transitive dependencies: run `go get
github.com/sigstore/fulcio@<patched-version>` and `go get
github.com/docker/docker@<patched-version>` (use the vendor/registry to pick
appropriate patched tags), run `go mod tidy` to prune and regenerate go.sum, and
run the test suite/build to verify no breakage; ensure the go.mod entry for
github.com/sigstore/fulcio and github.com/docker/docker reflect the new versions
before committing.

In `@pkg/controller/bootimage/boot_image_controller.go`:
- Line 330: Guard against a nil PlatformStatus before dereferencing: update the
code that reads platform := infra.Status.PlatformStatus.Type to first check that
infra.Status.PlatformStatus is non-nil (and infra.Status if necessary) and
handle the nil case by using a safe default (e.g., empty string or explicit
default platform) or returning early; ensure the check occurs in the same
function where platform is read so any downstream logic that expects platform
handles the default consistently.
- Around line 518-521: The delete handlers deleteCAPIMachineSet and
deleteCAPIMachineDeployment must guard against informer tombstones: check if obj
is a cache.DeletedFinalStateUnknown and, if so, extract the tombstone.Obj before
asserting its type; otherwise handle obj directly. Only proceed to cast to
*unstructured.Unstructured if the extracted value is of that type, otherwise
log/return silently. After safely obtaining the *unstructured.Unstructured,
continue with the existing logic (e.g., klog.Infof and
ctrl.enqueueEvent("CAPIMachineSetDeleted") / appropriate event).

In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 307-344: The patchCAPIMachineSet function currently fails
unrecoverably when creating newTemplate succeeds but the subsequent MachineSet
patch fails; modify the create call handling in patchCAPIMachineSet so that if
ctrl.dynamicClient.Resource(...).Create(...) returns an "AlreadyExists" error
(use apierrors "k8s.io/apimachinery/pkg/api/errors"), treat it as non-fatal and
continue to the patch step (optionally log that the template already exists),
while other create errors still return; ensure you import apierrors and keep the
rest of the function flow (json.Marshal patch, Patch call on capiMachineSetGVR,
logging) unchanged so retries can succeed without manual cleanup.

In `@pkg/controller/bootimage/capi_platform_helpers.go`:
- Around line 278-284: The vSphere branch in
reconcileVSphereCAPIMachineInfraTemplate currently returns (false, false, nil,
nil) which signals "no-op / healthy" even though it's unimplemented; change the
final return to indicate the patch was skipped (set the patchSkipped boolean to
true) — e.g. return false, true, nil, nil — or alternatively return a clear
error (fmt.Errorf("vSphere machine template reconciliation not implemented for
%s", currentTemplate.GetName())) until support is implemented; update the return
at the end of reconcileVSphereCAPIMachineInfraTemplate (after converting into
vsphereTemplate) to use one of these two options.
- Around line 50-63: In checkCAPIMachineSet, avoid dereferencing
infra.Status.PlatformStatus.Type when PlatformStatus may be nil: add a guard
that checks infra != nil and infra.Status.PlatformStatus != nil before the
switch, and if nil log/return early (same semantics as the existing default
case) — return false, false, nil, nil and a log like "Skipping CAPI MachineSet
%s, missing PlatformStatus" using msName so the controller doesn't panic; then
proceed to the existing switch that uses infra.Status.PlatformStatus.Type to
dispatch to reconcileAWSCAPIMachineInfraTemplate,
reconcileAzureCAPIMachineInfraTemplate, reconcileGCPCAPIMachineInfraTemplate,
and reconcileVSphereCAPIMachineInfraTemplate.
- Around line 238-240: The code builds newBootImage by indexing
streamData.Architectures[arch].Images.Gcp directly, which can cause a
nil-pointer panic if the architecture key or Images/Gcp block is missing; update
the code around newBootImage (where fmt.Sprintf is called) to first validate
that streamData.Architectures contains the arch key and that .Images and
.Images.Gcp are non-nil (or have required fields) before accessing Project/Name,
and if missing gracefully skip this arch or return an error/log message instead
of dereferencing a nil pointer.

---

Nitpick comments:
In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 43-78: The current code bypasses the commented selector logic (the
mcop fetch and getMachineResourceSelectorFromMachineManagers call) and lists all
MachineSets with ctrl.capiMachineSetLister.List(labels.Everything()), and it
only clears ctrl.capiBootImageState when no objs exist which leaves stale
entries when individual MachineSets are removed. Restore the selector-based
filtering by reintroducing the mcop lookup and use
getMachineResourceSelectorFromMachineManagers (as in the commented block) to
build a selector for ctrl.capiMachineSetLister.List; additionally, after
processing the returned objs compute the current set of MachineSet names and
remove any keys from ctrl.capiBootImageState that are not present (or if you
keep the global listing approach, at minimum add this stale-entry cleanup),
referencing ctrl.capiBootImageState, ctrl.capiMachineSetLister.List, and
getMachineResourceSelectorFromMachineManagers so deletions do not leak state.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 96c04bd2-59ba-4898-ba0d-51d5b6b350cd

📥 Commits

Reviewing files that changed from the base of the PR and between 9bd4e4f and 725623d.

⛔ Files ignored due to path filters (289)

• go.sum is excluded by !**/*.sum
• vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/rand/rand.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/identity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/scheme_id.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/changelog-template.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/context/suppress_expired.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/local-mod-replace.sh is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/logging/logger.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/ordered_group.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack_values.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_finalize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_initialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/modman.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/gen_scalars.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/time/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/tracing.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth_schemes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/checksum_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/headerlist.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/internal/io/safe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/md5_checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_close_response_body.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_content_length.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_headers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_http_logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_min_proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/response.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/user_agent.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/validation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/tries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/backoff.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/ticker.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/timer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/ed25519/point.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/sign.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/methods.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/translate/translate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/validate/validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/docker/api/types/versions/compare.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/certpool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.editorconfig is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/decode_hooks.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.lock is excluded by !**/*.lock, !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.nix is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/mapstructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/golangci/plugin-module-register/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/folding.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/program.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/templates/authoring.tmpl is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/validator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/pb/type.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/native.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2_protoopaque.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_appengine.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_others.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/builder.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/cat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/concat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/sql.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/chain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/helper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/inspect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/multi_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_above_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_below_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/conditional.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/field.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/global.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/inspector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/buffered.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/memory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/multi.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/slog.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/text.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/ll.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/lx.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/ns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/MIGRATION.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README_LEGACY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/csv.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwarp/wrap.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwidth/width.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/blueprint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/html.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/junction.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/markdown.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/ocean.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/svg.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table_with_color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tablewriter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/cell.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/mapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/preset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/renderer.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (11)

• cmd/machine-config-controller/start.go
• docs/BootImageCAPIDesign.md
• go.mod
• internal/clients/builder.go
• manifests/machineconfigcontroller/clusterrole.yaml
• pkg/controller/bootimage/boot_image_controller.go
• pkg/controller/bootimage/capi_helpers.go
• pkg/controller/bootimage/capi_platform_helpers.go
• pkg/controller/bootimage/ms_helpers.go
• pkg/controller/bootimage/platform_helpers.go
• pkg/controller/bootimage/vsphere_helpers.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language tag to the fenced code block.

Line 61 uses an unlabeled fence; this typically fails MD040. Please use something like ```text for that snippet.

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 61-61: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/BootImageCAPIDesign.md` around lines 61 - 67, The fenced code block
containing the snippet with "MachineDeployment", "MachineSet",
"spec.template.spec.infrastructureRef" and "AWSMachineTemplate" needs a language
tag to satisfy Markdown linting (MD040); edit the fence opening from ``` to
include a tag such as "text" (e.g., ```text) so the block becomes a labeled code
fence.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify the exact versions currently pinned
rg -n 'github.com/sigstore/fulcio|github.com/docker/docker' go.mod

# Query OSV for known vulns on pinned versions
cat <<'JSON' | curl -s https://api.osv.dev/v1/querybatch -d `@-` | jq .
{
  "queries": [
    {
      "package": {"ecosystem":"Go","name":"github.com/sigstore/fulcio"},
      "version":"v1.6.6"
    },
    {
      "package": {"ecosystem":"Go","name":"github.com/docker/docker"},
      "version":"v28.3.3+incompatible"
    }
  ]
}
JSON

Repository: openshift/machine-config-operator

Length of output: 1559

---

Update vulnerable dependencies in go.mod before merge.

go.mod pins vulnerable versions (both indirect):

• github.com/sigstore/fulcio v1.6.6 (line 189): GHSA-59jp-pj84-45mr, GHSA-f83f-xpx7-ffpw, GO-2025-4193, GO-2026-4311
• github.com/docker/docker v28.3.3+incompatible (line 279): GHSA-pxq6-2prw-chj9, GHSA-rg2x-37c3-w2rh, GHSA-vp62-88p7-qqf5, GHSA-x744-4wpc-v9h2, GHSA-x86f-5xw2-fm2r, GO-2026-4883, GO-2026-4887

Bump these modules (and any affected transitive deps) to patched versions and re-run go mod tidy as needed.

🧰 Tools

🪛 OSV Scanner (2.3.8)

[HIGH] 189-189: github.com/sigstore/fulcio 1.6.6: Fulcio allocates excessive memory during token parsing in github.com/sigstore/fulcio

(GO-2025-4193)

---

[HIGH] 189-189: github.com/sigstore/fulcio 1.6.6: Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass in github.com/sigstore/fulcio

(GO-2026-4311)

---

[HIGH] 189-189: github.com/sigstore/fulcio 1.6.6: Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

(GHSA-59jp-pj84-45mr)

---

[HIGH] 189-189: github.com/sigstore/fulcio 1.6.6: Fulcio allocates excessive memory during token parsing

(GHSA-f83f-xpx7-ffpw)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 189, Replace the vulnerable indirect module versions in
go.mod by bumping github.com/sigstore/fulcio and github.com/docker/docker to
patched releases (upgrade the fulcio entry and the docker entry to the latest
secure versions), then update any affected transitive dependencies: run `go get
github.com/sigstore/fulcio@<patched-version>` and `go get
github.com/docker/docker@<patched-version>` (use the vendor/registry to pick
appropriate patched tags), run `go mod tidy` to prune and regenerate go.sum, and
run the test suite/build to verify no breakage; ensure the go.mod entry for
github.com/sigstore/fulcio and github.com/docker/docker reflect the new versions
before committing.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Guard against nil PlatformStatus before dereferencing.

Line 330 can panic if infra.Status.PlatformStatus is nil during early cluster bring-up or transient cache states.

Suggested fix

-	platform := infra.Status.PlatformStatus.Type
+	if infra.Status.PlatformStatus == nil {
+		return fmt.Errorf("infrastructure status.platformStatus is nil")
+	}
+	platform := infra.Status.PlatformStatus.Type

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/boot_image_controller.go` at line 330, Guard against
a nil PlatformStatus before dereferencing: update the code that reads platform
:= infra.Status.PlatformStatus.Type to first check that
infra.Status.PlatformStatus is non-nil (and infra.Status if necessary) and
handle the nil case by using a safe default (e.g., empty string or explicit
default platform) or returning early; ensure the check occurs in the same
function where platform is read so any downstream logic that expects platform
handles the default consistently.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Confirm delete handlers currently assume direct unstructured assertions
rg -n -C3 'func \(ctrl \*Controller\) deleteCAPI(MachineSet|MachineDeployment)\(' pkg/controller/bootimage/boot_image_controller.go

# Confirm tombstone handling is currently absent in this file
rg -n 'DeletedFinalStateUnknown' pkg/controller/bootimage/boot_image_controller.go

Repository: openshift/machine-config-operator

Length of output: 936

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file="pkg/controller/bootimage/boot_image_controller.go"

# Show the full delete handlers around the referenced lines
sed -n '500,575p' "$file" | nl -ba

# Check for any tombstone handling in this file (don't fail if not found)
rg -n 'DeletedFinalStateUnknown' "$file" || true
rg -n 'tombstone|DeletedFinalState|cache\.Deleted' "$file" || true

# Ensure we see any DeleteFunc registrations nearby (helps confirm obj type assumptions)
rg -n 'DeleteFunc' "$file" || true

Repository: openshift/machine-config-operator

Length of output: 120

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file="pkg/controller/bootimage/boot_image_controller.go"

# Print the relevant section with line numbers via cat -n (nl isn't available)
sed -n '500,575p' "$file" | cat -n

# Tombstone handling checks
rg -n 'DeletedFinalStateUnknown' "$file" || true
rg -n 'tombstone|DeletedFinalState|cache\.Deleted' "$file" || true

# Check delete handler registrations / signatures nearby
rg -n 'DeleteFunc' "$file" || true

Repository: openshift/machine-config-operator

Length of output: 4411

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
file="pkg/controller/bootimage/boot_image_controller.go"

# Check whether client-go cache is already imported/used
rg -n 'k8s\.io/client-go/tools/cache' "$file" || true
rg -n '\bcache\.' "$file" || true

Repository: openshift/machine-config-operator

Length of output: 1477

---

Handle informer tombstones in deleteCAPIMachineSet/deleteCAPIMachineDeployment delete handlers.

Both handlers directly cast obj to *unstructured.Unstructured; shared informer DeleteFunc can deliver cache.DeletedFinalStateUnknown, which would panic on the type assertion.

Suggested fix

 func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {
-	ms := obj.(*unstructured.Unstructured)
+	ms, ok := obj.(*unstructured.Unstructured)
+	if !ok {
+		tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			klog.V(4).Infof("Unexpected object type in deleteCAPIMachineSet: %T", obj)
+			return
+		}
+		var castOK bool
+		ms, castOK = tombstone.Obj.(*unstructured.Unstructured)
+		if !castOK {
+			klog.V(4).Infof("Unexpected tombstone object type in deleteCAPIMachineSet: %T", tombstone.Obj)
+			return
+		}
+	}
 	klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())
 	ctrl.enqueueEvent("CAPIMachineSetDeleted")
 }

 func (ctrl *Controller) deleteCAPIMachineDeployment(obj interface{}) {
-	md := obj.(*unstructured.Unstructured)
+	md, ok := obj.(*unstructured.Unstructured)
+	if !ok {
+		tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			klog.V(4).Infof("Unexpected object type in deleteCAPIMachineDeployment: %T", obj)
+			return
+		}
+		var castOK bool
+		md, castOK = tombstone.Obj.(*unstructured.Unstructured)
+		if !castOK {
+			klog.V(4).Infof("Unexpected tombstone object type in deleteCAPIMachineDeployment: %T", tombstone.Obj)
+			return
+		}
+	}
 	klog.Infof("CAPI MachineDeployment %s deleted, reconciling enrolled machine resources", md.GetName())
 	ctrl.enqueueEvent("CAPIMachineDeploymentDeleted")
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {
	ms := obj.(*unstructured.Unstructured)
	klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())
	ctrl.enqueueEvent("CAPIMachineSetDeleted")
	func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {
	ms, ok := obj.(*unstructured.Unstructured)
	if !ok {
	tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
	if !ok {
	klog.V(4).Infof("Unexpected object type in deleteCAPIMachineSet: %T", obj)
	return
	}
	var castOK bool
	ms, castOK = tombstone.Obj.(*unstructured.Unstructured)
	if !castOK {
	klog.V(4).Infof("Unexpected tombstone object type in deleteCAPIMachineSet: %T", tombstone.Obj)
	return
	}
	}
	klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())
	ctrl.enqueueEvent("CAPIMachineSetDeleted")
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/boot_image_controller.go` around lines 518 - 521,
The delete handlers deleteCAPIMachineSet and deleteCAPIMachineDeployment must
guard against informer tombstones: check if obj is a
cache.DeletedFinalStateUnknown and, if so, extract the tombstone.Obj before
asserting its type; otherwise handle obj directly. Only proceed to cast to
*unstructured.Unstructured if the extracted value is of that type, otherwise
log/return silently. After safely obtaining the *unstructured.Unstructured,
continue with the existing logic (e.g., klog.Infof and
ctrl.enqueueEvent("CAPIMachineSetDeleted") / appropriate event).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Guard PlatformStatus before dispatching.

checkCAPIMachineSet dereferences infra.Status.PlatformStatus.Type unconditionally. If the Infrastructure status is still incomplete, this panics the controller before the AWS-specific nil check at Line 76 can run.

Proposed fix

 func checkCAPIMachineSet(infra *osconfigv1.Infrastructure, msName string, currentTemplate *unstructured.Unstructured, configMap *corev1.ConfigMap, arch string) (bool, bool, *unstructured.Unstructured, error) {
+	if infra == nil || infra.Status.PlatformStatus == nil {
+		return false, false, nil, fmt.Errorf("infrastructure platform status is nil")
+	}
+
 	switch infra.Status.PlatformStatus.Type {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 50 - 63, In
checkCAPIMachineSet, avoid dereferencing infra.Status.PlatformStatus.Type when
PlatformStatus may be nil: add a guard that checks infra != nil and
infra.Status.PlatformStatus != nil before the switch, and if nil log/return
early (same semantics as the existing default case) — return false, false, nil,
nil and a log like "Skipping CAPI MachineSet %s, missing PlatformStatus" using
msName so the controller doesn't panic; then proceed to the existing switch that
uses infra.Status.PlatformStatus.Type to dispatch to
reconcileAWSCAPIMachineInfraTemplate, reconcileAzureCAPIMachineInfraTemplate,
reconcileGCPCAPIMachineInfraTemplate, and
reconcileVSphereCAPIMachineInfraTemplate.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Validate the stream architecture entry before building the GCP image path.

This indexes streamData.Architectures[arch].Images.Gcp directly. A missing arch entry or missing GCP image block turns this into a nil-pointer panic instead of a clean skip/error.

Proposed fix

-	newBootImage := fmt.Sprintf("projects/%s/global/images/%s",
-		streamData.Architectures[arch].Images.Gcp.Project,
-		streamData.Architectures[arch].Images.Gcp.Name)
+	streamArch, err := streamData.GetArchitecture(arch)
+	if err != nil {
+		return false, false, nil, err
+	}
+	if streamArch.Images.Gcp == nil {
+		klog.Infof("Skipping CAPI MachineSet %s, GCP stream image is not available for arch %s", msName, arch)
+		return false, true, nil, nil
+	}
+	newBootImage := fmt.Sprintf("projects/%s/global/images/%s",
+		streamArch.Images.Gcp.Project,
+		streamArch.Images.Gcp.Name)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 238 - 240,
The code builds newBootImage by indexing
streamData.Architectures[arch].Images.Gcp directly, which can cause a
nil-pointer panic if the architecture key or Images/Gcp block is missing; update
the code around newBootImage (where fmt.Sprintf is called) to first validate
that streamData.Architectures contains the arch key and that .Images and
.Images.Gcp are non-nil (or have required fields) before accessing Project/Name,
and if missing gracefully skip this arch or return an error/log message instead
of dereferencing a nil pointer.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Don't treat the vSphere path as reconciled while it's unimplemented.

Returning (false, false, nil, nil) here tells the caller there's nothing to do, so migrated vSphere MachineSets will appear healthy even though this path never updates them. Return patchSkipped=true or a clear error until support lands.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 278 - 284,
The vSphere branch in reconcileVSphereCAPIMachineInfraTemplate currently returns
(false, false, nil, nil) which signals "no-op / healthy" even though it's
unimplemented; change the final return to indicate the patch was skipped (set
the patchSkipped boolean to true) — e.g. return false, true, nil, nil — or
alternatively return a clear error (fmt.Errorf("vSphere machine template
reconciliation not implemented for %s", currentTemplate.GetName())) until
support is implemented; update the return at the end of
reconcileVSphereCAPIMachineInfraTemplate (after converting into vsphereTemplate)
to use one of these two options.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

docs/BootImageCAPIDesign.md (1)

61-67: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language tag to the fenced code block.

The fenced code block at line 61 lacks a language specifier, which violates MD040 linting rules. Since this block shows CAPI resource structure (not executable code), use ```yaml or ```text as appropriate.

📝 Proposed fix

-```
+```text
 MachineDeployment
   spec.template.spec.infrastructureRef → AWSMachineTemplate (contains AMI ID)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/BootImageCAPIDesign.md` around lines 61 - 67, The fenced code block
showing CAPI resource structure (MachineDeployment, MachineSet,
spec.template.spec.infrastructureRef → AWSMachineTemplate) needs a language tag
to satisfy MD040; update the block to use a non-executable tag such as ```text
(or ```yaml) so the block becomes e.g. ```text followed by the existing lines
referencing MachineDeployment, spec.template.spec.infrastructureRef →
AWSMachineTemplate and MachineSet, then close the fence.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/BootImageCAPIDesign.md`:
- Around line 79-91: The doc currently claims provider template types
(AWSMachineTemplate, AzureMachineTemplate, GCPMachineTemplate,
VSphereMachineTemplate and sigs.k8s.io/cluster-api/api/v1beta1
MachineSet/MachineDeployment) are vendored and accessed via typed
informers/listers, but the implementation uses the dynamic client and
unstructured->typed conversions; update the design to be consistent by removing
the vendor list and replacing the "Vendored API Types" section with a clear
description of the dynamic client approach (reading GVRs at runtime, using
dynamic.Interface, converting unstructured to typed structs), and then edit the
other mentions of "typed lister" / "typed client" (the references around the
template operations) so they describe using the dynamic client and conversion
flow instead of typed informers/clients so all mentions (including the sentence
that currently states templates are not vendored) match the implemented
dynamic-client approach.

In `@go.mod`:
- Around line 67-72: The go.mod lists cluster-api v1.13.2 and controller-runtime
v0.23.3 which expect k8s.io/* v0.35.x (CAPI release pins v0.35.3) but this repo
uses k8s.io/* v0.35.4; run a full local CI check (go mod tidy, go build ./...,
go test ./..., and your project's CI) to confirm nothing breaks with k8s.io/*
v0.35.4, and if tests fail update go.mod to pin k8s.io/* to v0.35.3 (or add a
replace) or bump controller-runtime/cluster-api to compatible versions; check
modules named cluster-api, controller-runtime and k8s.io/* in go.mod when making
the change.

---

Duplicate comments:
In `@docs/BootImageCAPIDesign.md`:
- Around line 61-67: The fenced code block showing CAPI resource structure
(MachineDeployment, MachineSet, spec.template.spec.infrastructureRef →
AWSMachineTemplate) needs a language tag to satisfy MD040; update the block to
use a non-executable tag such as ```text (or ```yaml) so the block becomes e.g.
```text followed by the existing lines referencing MachineDeployment,
spec.template.spec.infrastructureRef → AWSMachineTemplate and MachineSet, then
close the fence.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9b2e2215-a703-4243-a18b-7b4c8baf93ec

📥 Commits

Reviewing files that changed from the base of the PR and between 725623d and e2bb05b.

⛔ Files ignored due to path filters (289)

• go.sum is excluded by !**/*.sum
• vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/rand/rand.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/identity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/scheme_id.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/changelog-template.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/context/suppress_expired.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/local-mod-replace.sh is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/logging/logger.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/ordered_group.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack_values.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_finalize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_initialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/modman.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/gen_scalars.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/time/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/tracing.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth_schemes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/checksum_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/headerlist.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/internal/io/safe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/md5_checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_close_response_body.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_content_length.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_headers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_http_logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_min_proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/response.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/user_agent.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/validation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/tries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/backoff.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/ticker.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/timer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/ed25519/point.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/sign.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/methods.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/translate/translate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/validate/validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/docker/api/types/versions/compare.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/certpool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.editorconfig is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/decode_hooks.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.lock is excluded by !**/*.lock, !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.nix is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/mapstructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/golangci/plugin-module-register/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/folding.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/program.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/templates/authoring.tmpl is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/validator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/pb/type.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/native.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2_protoopaque.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_appengine.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_others.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/builder.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/cat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/concat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/sql.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/chain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/helper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/inspect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/multi_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_above_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_below_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/conditional.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/field.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/global.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/inspector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/buffered.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/memory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/multi.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/slog.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/text.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/ll.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/lx.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/ns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/MIGRATION.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README_LEGACY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/csv.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwarp/wrap.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwidth/width.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/blueprint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/html.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/junction.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/markdown.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/ocean.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/svg.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table_with_color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tablewriter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/cell.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/mapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/preset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/renderer.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (7)

• docs/BootImageCAPIDesign.md
• go.mod
• manifests/machineconfigcontroller/clusterrole.yaml
• pkg/controller/bootimage/boot_image_controller.go
• pkg/controller/bootimage/capi_helpers.go
• pkg/controller/bootimage/capi_platform_helpers.go
• pkg/controller/bootimage/vsphere_helpers.go

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (5)

docs/BootImageCAPIDesign.md (1)

64-70: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language tag to the fenced code block.

The code fence at line 64 lacks a language specifier, triggering markdown linting rule MD040. Please add a language tag such as ```text or ```yaml.

📝 Proposed fix

-```
+```text
 MachineDeployment
   spec.template.spec.infrastructureRef → AWSMachineTemplate (contains AMI ID)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/BootImageCAPIDesign.md` around lines 64 - 70, The fenced code block
showing "MachineDeployment" and "MachineSet" lacks a language tag and violates
MD040; update the code fence opening (the triple backticks above the block
containing "MachineDeployment" / "MachineSet" /
"spec.template.spec.infrastructureRef → AWSMachineTemplate") to include a
language identifier such as ```text or ```yaml so the markdown linter accepts
it, leaving the block contents unchanged.

pkg/controller/bootimage/capi_helpers.go (1)

340-342: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle AlreadyExists here so retries can recover after a partial success.

If the template create succeeds and the subsequent MachineSet patch fails, the retry uses the same deterministic template name and gets stuck failing on create forever. Treat IsAlreadyExists as non-fatal and continue to the patch step.

Minimal fix

 	_, err = ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create(context.TODO(), newTemplate, metav1.CreateOptions{})
 	if err != nil {
+		if !kubeApiErrors.IsAlreadyExists(err) {
+			return fmt.Errorf("failed to create new infrastructure template %s: %w", newTemplateName, err)
+		}
+		klog.V(4).Infof("Infrastructure template %s already exists, continuing with MachineSet patch", newTemplateName)
-		return fmt.Errorf("failed to create new infrastructure template %s: %w", newTemplateName, err)
 	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_helpers.go` around lines 340 - 342, The create
call to ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create
can block retries when the deterministic newTemplateName already exists; update
the error handling after Create to treat apierrors.IsAlreadyExists(err) as
non-fatal (i.e., log/ignore and continue to the MachineSet patch step) while
returning other errors as before so retries can recover after a partial success.

pkg/controller/bootimage/capi_platform_helpers.go (3)

50-63: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Guard PlatformStatus before dispatch.

infra.Status.PlatformStatus.Type is dereferenced unconditionally here, so an incomplete Infrastructure status will panic the controller before any provider-specific nil checks can run.

Proposed fix

 func checkCAPIMachineSet(infra *osconfigv1.Infrastructure, msName string, currentTemplate *unstructured.Unstructured, configMap *corev1.ConfigMap, arch string) (bool, bool, *unstructured.Unstructured, error) {
+	if infra == nil || infra.Status.PlatformStatus == nil {
+		klog.Infof("Skipping CAPI MachineSet %s, missing PlatformStatus", msName)
+		return false, false, nil, nil
+	}
+
 	switch infra.Status.PlatformStatus.Type {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 50 - 63, The
code unconditionally accesses infra.Status.PlatformStatus.Type in
checkCAPIMachineSet which can panic if PlatformStatus is nil; add a nil guard at
the start of checkCAPIMachineSet to check if infra == nil or
infra.Status.PlatformStatus == nil (or infra.Status.PlatformStatus.Type is
empty) and in that case log/handle gracefully and return the same zero-value
tuple (false, false, nil, nil) before the switch, then proceed to the existing
platform-specific dispatch (reconcileAWSCAPIMachineInfraTemplate,
reconcileAzureCAPIMachineInfraTemplate, reconcileGCPCAPIMachineInfraTemplate,
reconcileVSphereCAPIMachineInfraTemplate) only when PlatformStatus is present.

---

238-240: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Validate the GCP stream entry before building the image path.

This directly indexes streamData.Architectures[arch].Images.Gcp. If the arch is missing or the GCP image block is absent, the controller panics instead of skipping cleanly.

Proposed fix

-	newBootImage := fmt.Sprintf("projects/%s/global/images/%s",
-		streamData.Architectures[arch].Images.Gcp.Project,
-		streamData.Architectures[arch].Images.Gcp.Name)
+	streamArch, err := streamData.GetArchitecture(arch)
+	if err != nil {
+		return false, false, nil, err
+	}
+	if streamArch.Images.Gcp == nil {
+		klog.Infof("Skipping CAPI MachineSet %s, GCP stream image is not available for arch %s", msName, arch)
+		return false, true, nil, nil
+	}
+	newBootImage := fmt.Sprintf("projects/%s/global/images/%s",
+		streamArch.Images.Gcp.Project,
+		streamArch.Images.Gcp.Name)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 238 - 240,
The code directly indexes streamData.Architectures[arch].Images.Gcp to build
newBootImage which will panic if the arch entry or the GCP image block is
missing; update the logic around the newBootImage construction to first validate
that streamData.Architectures is non-nil and contains the key arch, that the
entry's Images and Images.Gcp are present, and that Gcp.Project and Gcp.Name are
non-empty, and if any check fails, skip building the path (e.g. return early or
continue) instead of indexing into nil fields; locate the construction of
newBootImage to add these nil/empty checks around streamData,
Architectures[arch], Images and Gcp before formatting the
"projects/%s/global/images/%s" string.

---

278-284: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Report the vSphere stub as skipped until it's implemented.

Returning (false, false, nil, nil) makes this look fully reconciled even though the vSphere path is still intentionally unimplemented.

Proposed fix

 	klog.V(4).Infof("CAPI MachineSet %s: vSphere boot image reconciliation not yet implemented", msName)
-	return false, false, nil, nil
+	return false, true, nil, nil
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 278 - 284,
The VSphere implementation currently returns (false, false, nil, nil) which
signals full reconciliation; change reconcileVSphereCAPIMachineInfraTemplate to
explicitly report the path as skipped until implemented by returning the
"skipped" boolean (e.g., return false, true, nil, nil) and add a clear log via
klog (e.g., klog.Infof/klog.V) that the vSphere CAPI Machine infra template is
skipped/unimplemented; update the function body around the klog.V(4).Infof call
and the final return to reflect this.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pkg/controller/bootimage/boot_image_controller.go`:
- Around line 287-290: The Phase‑1 informer sync slice omits the CPMS informer,
so when CPMS handling is enabled the controller may start reconciling before
that cache is warm; update the synced slice (the variable named synced in
boot_image_controller.go) to include ctrl.cpmsListerSynced (or conditionally
push ctrl.cpmsListerSynced when CPMS handling is enabled) alongside
ctrl.mcoCmListerSynced, ctrl.mapiMachineSetListerSynced, ctrl.infraListerSynced,
ctrl.mcopListerSynced and ctrl.clusterVersionListerSynced so the CPMS informer
is waited on before proceeding.

In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 284-287: syncCAPIMachineDeployment currently returns (false, nil)
which the caller treats as progress; change it to return a non-nil error or a
distinct "skip" error so the caller won't count this as successful
reconciliation. Update the function syncCAPIMachineDeployment to return an
explicit error (for example an errors.New("CAPI MachineDeployment boot image
reconciliation not implemented") or a package-level sentinel like
ErrNotImplemented) and keep the klog message; ensure the caller will see a
non-nil error and not mark progress until real reconciliation is implemented.
- Around line 45-68: The current code always calls
ctrl.capiMachineSetLister.List(labels.Everything()), bypassing the
MachineManager filtering and state cleanup; restore the earlier logic: fetch the
MCOP object (mcop) using ctrl.mcopLister.Get, call
getMachineResourceSelectorFromMachineManagers(mcop.Status.ManagedBootImagesStatus.MachineManagers,
capiAPIGroup, opv1.MachineSets) to obtain machineManagerFound and
machineResourceSelector, if machineManagerFound is false clear
ctrl.capiBootImageState (delete all keys) and return, otherwise call
ctrl.capiMachineSetLister.List(machineResourceSelector) and handle errors via
ctrl.updateConditions as before so only enrolled CAPI MachineSets are reconciled
and state cleanup runs when the manager is removed.

---

Duplicate comments:
In `@docs/BootImageCAPIDesign.md`:
- Around line 64-70: The fenced code block showing "MachineDeployment" and
"MachineSet" lacks a language tag and violates MD040; update the code fence
opening (the triple backticks above the block containing "MachineDeployment" /
"MachineSet" / "spec.template.spec.infrastructureRef → AWSMachineTemplate") to
include a language identifier such as ```text or ```yaml so the markdown linter
accepts it, leaving the block contents unchanged.

In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 340-342: The create call to
ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create can
block retries when the deterministic newTemplateName already exists; update the
error handling after Create to treat apierrors.IsAlreadyExists(err) as non-fatal
(i.e., log/ignore and continue to the MachineSet patch step) while returning
other errors as before so retries can recover after a partial success.

In `@pkg/controller/bootimage/capi_platform_helpers.go`:
- Around line 50-63: The code unconditionally accesses
infra.Status.PlatformStatus.Type in checkCAPIMachineSet which can panic if
PlatformStatus is nil; add a nil guard at the start of checkCAPIMachineSet to
check if infra == nil or infra.Status.PlatformStatus == nil (or
infra.Status.PlatformStatus.Type is empty) and in that case log/handle
gracefully and return the same zero-value tuple (false, false, nil, nil) before
the switch, then proceed to the existing platform-specific dispatch
(reconcileAWSCAPIMachineInfraTemplate, reconcileAzureCAPIMachineInfraTemplate,
reconcileGCPCAPIMachineInfraTemplate, reconcileVSphereCAPIMachineInfraTemplate)
only when PlatformStatus is present.
- Around line 238-240: The code directly indexes
streamData.Architectures[arch].Images.Gcp to build newBootImage which will panic
if the arch entry or the GCP image block is missing; update the logic around the
newBootImage construction to first validate that streamData.Architectures is
non-nil and contains the key arch, that the entry's Images and Images.Gcp are
present, and that Gcp.Project and Gcp.Name are non-empty, and if any check
fails, skip building the path (e.g. return early or continue) instead of
indexing into nil fields; locate the construction of newBootImage to add these
nil/empty checks around streamData, Architectures[arch], Images and Gcp before
formatting the "projects/%s/global/images/%s" string.
- Around line 278-284: The VSphere implementation currently returns (false,
false, nil, nil) which signals full reconciliation; change
reconcileVSphereCAPIMachineInfraTemplate to explicitly report the path as
skipped until implemented by returning the "skipped" boolean (e.g., return
false, true, nil, nil) and add a clear log via klog (e.g., klog.Infof/klog.V)
that the vSphere CAPI Machine infra template is skipped/unimplemented; update
the function body around the klog.V(4).Infof call and the final return to
reflect this.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 87576584-f421-4791-9f5a-9a3a431fcee9

📥 Commits

Reviewing files that changed from the base of the PR and between e2bb05b and e2cba35.

⛔ Files ignored due to path filters (289)

• go.sum is excluded by !**/*.sum
• vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/rand/rand.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/identity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/scheme_id.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/changelog-template.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/context/suppress_expired.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/local-mod-replace.sh is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/logging/logger.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/ordered_group.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack_values.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_finalize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_initialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/modman.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/gen_scalars.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/time/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/tracing.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth_schemes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/checksum_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/headerlist.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/internal/io/safe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/md5_checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_close_response_body.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_content_length.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_headers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_http_logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_min_proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/response.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/user_agent.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/validation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/tries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/backoff.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/ticker.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/timer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/ed25519/point.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/sign.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/methods.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/translate/translate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/validate/validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/docker/api/types/versions/compare.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/certpool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.editorconfig is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/decode_hooks.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.lock is excluded by !**/*.lock, !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.nix is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/mapstructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/golangci/plugin-module-register/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/folding.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/program.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/templates/authoring.tmpl is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/validator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/pb/type.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/native.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2_protoopaque.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_appengine.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_others.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/builder.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/cat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/concat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/sql.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/chain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/helper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/inspect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/multi_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_above_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_below_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/conditional.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/field.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/global.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/inspector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/buffered.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/memory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/multi.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/slog.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/text.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/ll.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/lx.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/ns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/MIGRATION.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README_LEGACY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/csv.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwarp/wrap.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwidth/width.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/blueprint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/html.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/junction.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/markdown.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/ocean.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/svg.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table_with_color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tablewriter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/cell.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/mapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/preset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/renderer.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

• cmd/machine-config-controller/start.go
• docs/BootImageCAPIDesign.md
• go.mod
• internal/clients/builder.go
• manifests/machineconfigcontroller/clusterrole.yaml
• pkg/controller/bootimage/boot_image_controller.go
• pkg/controller/bootimage/capi_helpers.go
• pkg/controller/bootimage/capi_platform_helpers.go
• pkg/controller/bootimage/vsphere_helpers.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Include CPMS informer in Phase-1 cache sync.

When CPMS handling is enabled, Line 289 omits ctrl.cpmsListerSynced, so reconciliation can start before CPMS cache is warm.

Suggested fix

  synced := []cache.InformerSynced{ctrl.mcoCmListerSynced, ctrl.mapiMachineSetListerSynced, ctrl.infraListerSynced, ctrl.mcopListerSynced, ctrl.clusterVersionListerSynced}
+ if ctrl.fgHandler.Enabled(features.FeatureGateManagedBootImagesCPMS) {
+ 	synced = append(synced, ctrl.cpmsListerSynced)
+ }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/boot_image_controller.go` around lines 287 - 290,
The Phase‑1 informer sync slice omits the CPMS informer, so when CPMS handling
is enabled the controller may start reconciling before that cache is warm;
update the synced slice (the variable named synced in boot_image_controller.go)
to include ctrl.cpmsListerSynced (or conditionally push ctrl.cpmsListerSynced
when CPMS handling is enabled) alongside ctrl.mcoCmListerSynced,
ctrl.mapiMachineSetListerSynced, ctrl.infraListerSynced, ctrl.mcopListerSynced
and ctrl.clusterVersionListerSynced so the CPMS informer is waited on before
proceeding.

[coderabbitai]

♻️ Duplicate comments (9)

pkg/controller/bootimage/capi_platform_helpers.go (3)

50-63: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Guard PlatformStatus before dispatching in checkCAPIMachineSet.

Line 51 dereferences infra.Status.PlatformStatus.Type without checking if PlatformStatus is nil. This can panic during early cluster bring-up.

Suggested fix

 func checkCAPIMachineSet(infra *osconfigv1.Infrastructure, msName string, currentTemplate *unstructured.Unstructured, configMap *corev1.ConfigMap, arch string) (bool, bool, *unstructured.Unstructured, error) {
+	if infra == nil || infra.Status.PlatformStatus == nil {
+		return false, false, nil, fmt.Errorf("infrastructure platform status is nil")
+	}
+
 	switch infra.Status.PlatformStatus.Type {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 50 - 63,
checkCAPIMachineSet dereferences infra.Status.PlatformStatus.Type without
nil-check which can panic; add a guard at the top of checkCAPIMachineSet to
verify infra.Status.PlatformStatus != nil (and optionally
infra.Status.PlatformStatus.Type is non-empty) and handle the nil case by
logging/returning the same fallback values (false, false, nil, nil) before the
switch; update references in the AWS/Azure/GCP/VSphere dispatch to remain
unchanged so callers like reconcileAWSCAPIMachineInfraTemplate,
reconcileAzureCAPIMachineInfraTemplate, reconcileGCPCAPIMachineInfraTemplate,
and reconcileVSphereCAPIMachineInfraTemplate are only invoked when
PlatformStatus is present.

---

238-240: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Validate the stream architecture entry before building the GCP image path.

Lines 238-240 directly index streamData.Architectures[arch].Images.Gcp without checking if the arch key exists or if Images.Gcp is non-nil. A missing entry causes a nil-pointer panic.

Suggested fix

+	streamArch, err := streamData.GetArchitecture(arch)
+	if err != nil {
+		return false, false, nil, err
+	}
+	if streamArch.Images.Gcp == nil {
+		klog.Infof("Skipping CAPI MachineSet %s, GCP stream image is not available for arch %s", msName, arch)
+		return false, true, nil, nil
+	}
 	newBootImage := fmt.Sprintf("projects/%s/global/images/%s",
-		streamData.Architectures[arch].Images.Gcp.Project,
-		streamData.Architectures[arch].Images.Gcp.Name)
+		streamArch.Images.Gcp.Project,
+		streamArch.Images.Gcp.Name)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 238 - 240,
Before constructing newBootImage, validate that streamData.Architectures
contains the requested arch and that Images and Images.Gcp are non-nil: retrieve
the architecture entry (e.g., archEntry, ok := streamData.Architectures[arch])
and check ok && archEntry.Images != nil && archEntry.Images.Gcp != nil; if any
check fails, return or propagate a clear error (or skip/handle fallback) instead
of indexing into a nil pointer so the code that sets newBootImage won't panic.

---

278-284: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Don't report vSphere path as reconciled while unimplemented.

Returning (false, false, nil, nil) tells the caller there's nothing to do. Enrolled vSphere CAPI MachineSets will appear healthy even though nothing happened. Return patchSkipped=true until support lands.

Suggested fix

 func reconcileVSphereCAPIMachineInfraTemplate(msName string, currentTemplate *unstructured.Unstructured, configMap *corev1.ConfigMap, arch string) (bool, bool, *unstructured.Unstructured, error) {
 	vsphereTemplate := &capvv1beta1.VSphereMachineTemplate{}
 	if err := kruntime.DefaultUnstructuredConverter.FromUnstructured(currentTemplate.Object, vsphereTemplate); err != nil {
 		return false, false, nil, fmt.Errorf("failed to convert VSphereMachineTemplate %s: %w", currentTemplate.GetName(), err)
 	}
 	klog.V(4).Infof("CAPI MachineSet %s: vSphere boot image reconciliation not yet implemented", msName)
-	return false, false, nil, nil
+	return false, true, nil, nil
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 278 - 284,
The vSphere path currently returns (false, false, nil, nil) which makes the
caller think reconciliation succeeded; update
reconcileVSphereCAPIMachineInfraTemplate to indicate the patch was skipped by
returning (false, true, nil, nil) instead (i.e., set patchSkipped=true), and add
a brief comment or klog.V(4) message in reconcileVSphereCAPIMachineInfraTemplate
explaining support is unimplemented so the patch is intentionally skipped.

pkg/controller/bootimage/boot_image_controller.go (3)

518-522: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle informer tombstones in CAPI delete handlers.

Both deleteCAPIMachineSet and deleteCAPIMachineDeployment directly cast obj to *unstructured.Unstructured. When the informer delivers a cache.DeletedFinalStateUnknown (tombstone), this will panic.

Suggested fix for deleteCAPIMachineSet

 func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {
-	ms := obj.(*unstructured.Unstructured)
+	ms, ok := obj.(*unstructured.Unstructured)
+	if !ok {
+		tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			klog.V(4).Infof("Unexpected object type in deleteCAPIMachineSet: %T", obj)
+			return
+		}
+		ms, ok = tombstone.Obj.(*unstructured.Unstructured)
+		if !ok {
+			klog.V(4).Infof("Unexpected tombstone object type: %T", tombstone.Obj)
+			return
+		}
+	}
 	klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())

Apply the same pattern to deleteCAPIMachineDeployment.

Also applies to: 554-558

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/boot_image_controller.go` around lines 518 - 522,
The delete handlers (deleteCAPIMachineSet and deleteCAPIMachineDeployment)
currently cast obj directly to *unstructured.Unstructured which panics on
informer tombstones; update both functions to detect
cache.DeletedFinalStateUnknown, extract the object from the tombstone
(type-assert to cache.DeletedFinalStateUnknown and then to
*unstructured.Unstructured), and fall back to a normal
*unstructured.Unstructured assertion if not a tombstone; if extraction fails,
log a warning and return, otherwise proceed to use ms.GetName() / md.GetName()
and enqueue the event as before.

---

330-330: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Guard against nil PlatformStatus before dereferencing.

Line 330 can panic if infra.Status.PlatformStatus is nil during early cluster bring-up or transient cache states.

Suggested fix

 func (ctrl *Controller) wireCAPITemplateInformer() error {
 	infra, err := ctrl.infraLister.Get("cluster")
 	if err != nil {
 		return fmt.Errorf("failed to get infrastructure object: %w", err)
 	}
+	if infra.Status.PlatformStatus == nil {
+		return fmt.Errorf("infrastructure status.platformStatus is nil")
+	}
 	platform := infra.Status.PlatformStatus.Type

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/boot_image_controller.go` at line 330, The code
dereferences infra.Status.PlatformStatus without a nil check; update the
reconcile logic around the assignment to first verify infra.Status and
infra.Status.PlatformStatus are non-nil (e.g., if infra.Status == nil ||
infra.Status.PlatformStatus == nil) and handle that case gracefully
(return/requeue, or set a safe default for platform) before using
PlatformStatus.Type; look for the line with "platform :=
infra.Status.PlatformStatus.Type" to apply the guard and ensure downstream uses
of platform handle the default or early-return path.

---

287-294: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Include CPMS informer in Phase-1 cache sync when enabled.

When ManagedBootImagesCPMS feature gate is enabled, ctrl.cpmsListerSynced should be included in the synced slice. Otherwise reconciliation can start before the CPMS cache is warm.

Suggested fix

 	synced := []cache.InformerSynced{ctrl.mcoCmListerSynced, ctrl.mapiMachineSetListerSynced, ctrl.infraListerSynced, ctrl.mcopListerSynced, ctrl.clusterVersionListerSynced}
+	if ctrl.fgHandler.Enabled(features.FeatureGateManagedBootImagesCPMS) {
+		synced = append(synced, ctrl.cpmsListerSynced)
+	}

 	if ctrl.capiInformerFactory != nil {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/boot_image_controller.go` around lines 287 - 294,
When the ManagedBootImagesCPMS feature gate is enabled, add
ctrl.cpmsListerSynced to the Phase-1 synced slice so reconciliation waits for
the CPMS cache; specifically, update the initialization of synced (the slice
containing ctrl.mcoCmListerSynced, ctrl.mapiMachineSetListerSynced,
ctrl.infraListerSynced, ctrl.mcopListerSynced, ctrl.clusterVersionListerSynced)
to append ctrl.cpmsListerSynced when feature gate ManagedBootImagesCPMS is true
(and ensure any CPMS informer factory is started earlier if applicable) so the
CPMS informer is included in the core informer sync.

pkg/controller/bootimage/capi_helpers.go (2)

417-420: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle "AlreadyExists" error on template create to avoid stuck reconciliation.

If template creation succeeds but the subsequent MachineSet/MachineDeployment patch fails, on retry the deterministic template name will cause Create to fail with "AlreadyExists", leaving reconciliation stuck.

Suggested fix for patchCAPIMachineSet

 	_, err = ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create(context.TODO(), newTemplate, metav1.CreateOptions{})
 	if err != nil {
+		if !kubeApiErrors.IsAlreadyExists(err) {
+			return fmt.Errorf("failed to create new infrastructure template %s: %w", newTemplateName, err)
+		}
+		klog.V(4).Infof("Infrastructure template %s already exists, proceeding with MachineSet patch", newTemplateName)
-		return fmt.Errorf("failed to create new infrastructure template %s: %w", newTemplateName, err)
 	}

Apply the same pattern to patchCAPIMachineDeployment.

Also applies to: 462-465

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_helpers.go` around lines 417 - 420, The create
call using
ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create(...
newTemplate ...) should treat an AlreadyExists error as non-fatal to avoid stuck
reconciliation: update the error handling after Create to check
apierrors.IsAlreadyExists(err) (from k8s.io/apimachinery/pkg/api/errors) and if
true, ignore the error and continue; otherwise return the wrapped fmt.Errorf as
currently done. Apply this same change for the analogous create site at the
other block (the one around lines 462-465) and the similar code paths in
patchCAPIMachineSet and patchCAPIMachineDeployment so deterministic template
names do not block retries.

---

45-68: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Re-enable MachineManager filtering for CAPI MachineSets.

Lines 45-67 have the MachineManager selector logic commented out, and line 68 uses labels.Everything(). This means the controller will reconcile all CAPI MachineSets regardless of enrollment status, bypassing opt-in semantics.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_helpers.go` around lines 45 - 68, Re-enable the
MachineManager-based selector instead of listing all CAPI MachineSets: call
ctrl.mcopLister.Get(ctrlcommon.MCOOperatorKnobsObjectName), pass
mcop.Status.ManagedBootImagesStatus.MachineManagers into
getMachineResourceSelectorFromMachineManagers(capiAPIGroup, opv1.MachineSets)
and preserve the existing error handling (klog.Errorf + ctrl.updateConditions)
and the machineManagerFound==false branch that clears ctrl.capiBootImageState.
Finally, replace the call to ctrl.capiMachineSetLister.List(labels.Everything())
with ctrl.capiMachineSetLister.List(machineResourceSelector) so only
enrolled/opted-in MachineSets are reconciled.

go.mod (1)

189-189: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Update vulnerable indirect dependencies before merge.

OSV Scanner flags HIGH-severity vulnerabilities:

• github.com/sigstore/fulcio v1.6.6 (line 189): Memory exhaustion (GO-2025-4193) and SSRF (GO-2026-4311)
• github.com/docker/docker v28.3.3+incompatible (line 279): Multiple issues including AuthZ bypass, race conditions, and plugin privilege vulnerabilities

These are indirect dependencies. Bump them to patched versions or coordinate with upstream packages that pull them in.

Also applies to: 279-279

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 189, Update the vulnerable indirect modules by bumping
github.com/sigstore/fulcio and github.com/docker/docker to known patched
versions: run module upgrades (e.g., use `go get
github.com/sigstore/fulcio@<patched-version>` and `go get
github.com/docker/docker@<patched-version>`) or update the upstream dependencies
that pull them in so go.mod reflects the newer versions; then run `go mod tidy`
and re-run the OSV scanner to confirm GO-2025-4193 and GO-2026-4311 (fulcio) and
the docker vulnerabilities are resolved. Ensure you reference the modules
exactly as github.com/sigstore/fulcio and github.com/docker/docker when making
the changes.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@go.mod`:
- Line 189: Update the vulnerable indirect modules by bumping
github.com/sigstore/fulcio and github.com/docker/docker to known patched
versions: run module upgrades (e.g., use `go get
github.com/sigstore/fulcio@<patched-version>` and `go get
github.com/docker/docker@<patched-version>`) or update the upstream dependencies
that pull them in so go.mod reflects the newer versions; then run `go mod tidy`
and re-run the OSV scanner to confirm GO-2025-4193 and GO-2026-4311 (fulcio) and
the docker vulnerabilities are resolved. Ensure you reference the modules
exactly as github.com/sigstore/fulcio and github.com/docker/docker when making
the changes.

In `@pkg/controller/bootimage/boot_image_controller.go`:
- Around line 518-522: The delete handlers (deleteCAPIMachineSet and
deleteCAPIMachineDeployment) currently cast obj directly to
*unstructured.Unstructured which panics on informer tombstones; update both
functions to detect cache.DeletedFinalStateUnknown, extract the object from the
tombstone (type-assert to cache.DeletedFinalStateUnknown and then to
*unstructured.Unstructured), and fall back to a normal
*unstructured.Unstructured assertion if not a tombstone; if extraction fails,
log a warning and return, otherwise proceed to use ms.GetName() / md.GetName()
and enqueue the event as before.
- Line 330: The code dereferences infra.Status.PlatformStatus without a nil
check; update the reconcile logic around the assignment to first verify
infra.Status and infra.Status.PlatformStatus are non-nil (e.g., if infra.Status
== nil || infra.Status.PlatformStatus == nil) and handle that case gracefully
(return/requeue, or set a safe default for platform) before using
PlatformStatus.Type; look for the line with "platform :=
infra.Status.PlatformStatus.Type" to apply the guard and ensure downstream uses
of platform handle the default or early-return path.
- Around line 287-294: When the ManagedBootImagesCPMS feature gate is enabled,
add ctrl.cpmsListerSynced to the Phase-1 synced slice so reconciliation waits
for the CPMS cache; specifically, update the initialization of synced (the slice
containing ctrl.mcoCmListerSynced, ctrl.mapiMachineSetListerSynced,
ctrl.infraListerSynced, ctrl.mcopListerSynced, ctrl.clusterVersionListerSynced)
to append ctrl.cpmsListerSynced when feature gate ManagedBootImagesCPMS is true
(and ensure any CPMS informer factory is started earlier if applicable) so the
CPMS informer is included in the core informer sync.

In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 417-420: The create call using
ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create(...
newTemplate ...) should treat an AlreadyExists error as non-fatal to avoid stuck
reconciliation: update the error handling after Create to check
apierrors.IsAlreadyExists(err) (from k8s.io/apimachinery/pkg/api/errors) and if
true, ignore the error and continue; otherwise return the wrapped fmt.Errorf as
currently done. Apply this same change for the analogous create site at the
other block (the one around lines 462-465) and the similar code paths in
patchCAPIMachineSet and patchCAPIMachineDeployment so deterministic template
names do not block retries.
- Around line 45-68: Re-enable the MachineManager-based selector instead of
listing all CAPI MachineSets: call
ctrl.mcopLister.Get(ctrlcommon.MCOOperatorKnobsObjectName), pass
mcop.Status.ManagedBootImagesStatus.MachineManagers into
getMachineResourceSelectorFromMachineManagers(capiAPIGroup, opv1.MachineSets)
and preserve the existing error handling (klog.Errorf + ctrl.updateConditions)
and the machineManagerFound==false branch that clears ctrl.capiBootImageState.
Finally, replace the call to ctrl.capiMachineSetLister.List(labels.Everything())
with ctrl.capiMachineSetLister.List(machineResourceSelector) so only
enrolled/opted-in MachineSets are reconciled.

In `@pkg/controller/bootimage/capi_platform_helpers.go`:
- Around line 50-63: checkCAPIMachineSet dereferences
infra.Status.PlatformStatus.Type without nil-check which can panic; add a guard
at the top of checkCAPIMachineSet to verify infra.Status.PlatformStatus != nil
(and optionally infra.Status.PlatformStatus.Type is non-empty) and handle the
nil case by logging/returning the same fallback values (false, false, nil, nil)
before the switch; update references in the AWS/Azure/GCP/VSphere dispatch to
remain unchanged so callers like reconcileAWSCAPIMachineInfraTemplate,
reconcileAzureCAPIMachineInfraTemplate, reconcileGCPCAPIMachineInfraTemplate,
and reconcileVSphereCAPIMachineInfraTemplate are only invoked when
PlatformStatus is present.
- Around line 238-240: Before constructing newBootImage, validate that
streamData.Architectures contains the requested arch and that Images and
Images.Gcp are non-nil: retrieve the architecture entry (e.g., archEntry, ok :=
streamData.Architectures[arch]) and check ok && archEntry.Images != nil &&
archEntry.Images.Gcp != nil; if any check fails, return or propagate a clear
error (or skip/handle fallback) instead of indexing into a nil pointer so the
code that sets newBootImage won't panic.
- Around line 278-284: The vSphere path currently returns (false, false, nil,
nil) which makes the caller think reconciliation succeeded; update
reconcileVSphereCAPIMachineInfraTemplate to indicate the patch was skipped by
returning (false, true, nil, nil) instead (i.e., set patchSkipped=true), and add
a brief comment or klog.V(4) message in reconcileVSphereCAPIMachineInfraTemplate
explaining support is unimplemented so the patch is intentionally skipped.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 90a06c51-8493-42bd-b520-f9ca4e605e28

📥 Commits

Reviewing files that changed from the base of the PR and between e2cba35 and 5c928f3.

⛔ Files ignored due to path filters (289)

• go.sum is excluded by !**/*.sum
• vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/rand/rand.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/identity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/scheme_id.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/changelog-template.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/context/suppress_expired.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/local-mod-replace.sh is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/logging/logger.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/ordered_group.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack_values.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_finalize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_initialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/modman.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/gen_scalars.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/time/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/tracing.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth_schemes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/checksum_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/headerlist.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/internal/io/safe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/md5_checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_close_response_body.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_content_length.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_headers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_http_logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_min_proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/response.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/user_agent.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/validation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/tries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/backoff.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/ticker.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/timer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/ed25519/point.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/sign.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/methods.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/translate/translate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/validate/validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/docker/api/types/versions/compare.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/certpool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.editorconfig is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/decode_hooks.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.lock is excluded by !**/*.lock, !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.nix is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/mapstructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/golangci/plugin-module-register/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/folding.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/program.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/templates/authoring.tmpl is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/validator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/pb/type.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/native.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2_protoopaque.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_appengine.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_others.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/builder.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/cat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/concat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/sql.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/chain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/helper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/inspect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/multi_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_above_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_below_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/conditional.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/field.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/global.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/inspector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/buffered.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/memory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/multi.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/slog.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/text.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/ll.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/lx.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/ns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/MIGRATION.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README_LEGACY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/csv.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwarp/wrap.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwidth/width.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/blueprint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/html.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/junction.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/markdown.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/ocean.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/svg.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table_with_color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tablewriter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/cell.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/mapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/preset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/renderer.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

• cmd/machine-config-controller/start.go
• docs/BootImageCAPIDesign.md
• go.mod
• internal/clients/builder.go
• manifests/machineconfigcontroller/clusterrole.yaml
• pkg/controller/bootimage/boot_image_controller.go
• pkg/controller/bootimage/capi_helpers.go
• pkg/controller/bootimage/capi_platform_helpers.go
• pkg/controller/bootimage/vsphere_helpers.go

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (4)

pkg/controller/bootimage/boot_image_controller.go (3)

518-522: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle informer tombstones in CAPI delete handlers.

Both deleteCAPIMachineSet and deleteCAPIMachineDeployment directly cast obj to *unstructured.Unstructured. The shared informer's DeleteFunc can deliver cache.DeletedFinalStateUnknown when the watch disconnects and reconnects, which would cause a panic on the type assertion.

Suggested fix for deleteCAPIMachineSet

 func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {
-	ms := obj.(*unstructured.Unstructured)
+	ms, ok := obj.(*unstructured.Unstructured)
+	if !ok {
+		tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			klog.V(4).Infof("Unexpected object type in deleteCAPIMachineSet: %T", obj)
+			return
+		}
+		ms, ok = tombstone.Obj.(*unstructured.Unstructured)
+		if !ok {
+			klog.V(4).Infof("Unexpected tombstone object type in deleteCAPIMachineSet: %T", tombstone.Obj)
+			return
+		}
+	}
 	klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())
 	ctrl.enqueueEvent("CAPIMachineSetDeleted")
 }

Apply the same pattern to deleteCAPIMachineDeployment.

Also applies to: 554-558

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/boot_image_controller.go` around lines 518 - 522,
The delete handlers deleteCAPIMachineSet and deleteCAPIMachineDeployment must
handle informer tombstones: instead of directly type-asserting
obj.(*unstructured.Unstructured), detect if obj is
cache.DeletedFinalStateUnknown, extract the underlying tombstone.Obj and then
assert that to *unstructured.Unstructured (falling back or logging and returning
if that fails); update both functions to first switch on the concrete type,
handle the tombstone case, and only then call
ctrl.enqueueEvent("CAPIMachineSetDeleted") / the corresponding event for
MachineDeployment.

---

287-294: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Include CPMS informer in Phase-1 cache sync when the feature is enabled.

When FeatureGateManagedBootImagesCPMS is enabled (line 219), the CPMS event handlers are registered, but ctrl.cpmsListerSynced is not added to the Phase-1 synced slice. Reconciliation can start before the CPMS cache is warm.

Suggested fix

 	synced := []cache.InformerSynced{ctrl.mcoCmListerSynced, ctrl.mapiMachineSetListerSynced, ctrl.infraListerSynced, ctrl.mcopListerSynced, ctrl.clusterVersionListerSynced}
+	if ctrl.fgHandler.Enabled(features.FeatureGateManagedBootImagesCPMS) {
+		synced = append(synced, ctrl.cpmsListerSynced)
+	}

 	if ctrl.capiInformerFactory != nil {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/boot_image_controller.go` around lines 287 - 294,
The Phase-1 informer sync misses adding ctrl.cpmsListerSynced when
FeatureGateManagedBootImagesCPMS is enabled, so update the startup logic to
append ctrl.cpmsListerSynced to the synced slice whenever the CPMS feature gate
is active and its informer/handlers are registered (mirror the pattern used for
ctrl.capiInformerFactory); ensure the CPMS informer is started before waiting on
sync and include ctrl.cpmsListerSynced in the synced slice so reconciliation
waits for the CPMS cache to be warm.

---

325-334: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Guard against nil PlatformStatus before dereferencing.

Line 330 dereferences infra.Status.PlatformStatus.Type without checking if PlatformStatus is nil. This can panic during early cluster bring-up or transient cache states.

Suggested fix

 	infra, err := ctrl.infraLister.Get("cluster")
 	if err != nil {
 		return fmt.Errorf("failed to get infrastructure object: %w", err)
 	}
+	if infra.Status.PlatformStatus == nil {
+		return fmt.Errorf("infrastructure status.platformStatus is nil")
+	}
 	platform := infra.Status.PlatformStatus.Type

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/boot_image_controller.go` around lines 325 - 334, In
wireCAPITemplateInformer, guard against a nil PlatformStatus before
dereferencing infra.Status.PlatformStatus.Type: after fetching infra via
ctrl.infraLister.Get("cluster"), check if infra.Status.PlatformStatus == nil and
return a clear error (or handle the nil case) instead of proceeding to call
capiInfraTemplateGVR; reference the infra variable and the
wireCAPITemplateInformer function so the check happens immediately before
reading PlatformStatus.Type.

pkg/controller/bootimage/capi_helpers.go (1)

417-420: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle "already exists" error on template creation to prevent stuck reconciliation.

If template creation succeeds but the subsequent MachineSet/MachineDeployment patch fails, the new template is orphaned. On retry, newInfraTemplateName generates the same deterministic name, and the Create call fails with "already exists", leaving reconciliation stuck.

Suggested fix for patchCAPIMachineSet

 	_, err = ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create(context.TODO(), newTemplate, metav1.CreateOptions{})
 	if err != nil {
+		if !kubeApiErrors.IsAlreadyExists(err) {
+			return fmt.Errorf("failed to create new infrastructure template %s: %w", newTemplateName, err)
+		}
+		klog.V(4).Infof("Infrastructure template %s already exists, proceeding with MachineSet patch", newTemplateName)
-		return fmt.Errorf("failed to create new infrastructure template %s: %w", newTemplateName, err)
 	}

Apply the same pattern in patchCAPIMachineDeployment.

Also applies to: 462-465

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_helpers.go` around lines 417 - 420, When
creating the new infra template in patchCAPIMachineDeployment (and similarly in
patchCAPIMachineSet), handle the "already exists" case: after the Create call on
ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create(...), if
err != nil and apierrors.IsAlreadyExists(err) then call Get(...) to fetch the
existing template object and use that instead of failing; only return an error
for other error types. Apply the same idempotent pattern to the other create
site around the second Create (the similar block at the 462-465 region) so
reconciliation can proceed when a prior run already created the
deterministic-named template.

🧹 Nitpick comments (2)

pkg/controller/bootimage/capi_helpers.go (2)

229-235: ⚡ Quick win

Consider using sentinel errors instead of string matching.

Error detection via strings.Contains(err.Error(), "no architecture annotation found") is fragile. If the error message changes, this check silently breaks. Consider defining a package-level sentinel error:

var errNoArchAnnotation = errors.New("no architecture annotation found")

Then return it from getArchFromCAPIMachineSet/getArchFromCAPIMachineDeployment and check with errors.Is(err, errNoArchAnnotation).

Also applies to: 313-319

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_helpers.go` around lines 229 - 235, Replace the
fragile string-match error check with a package-level sentinel error: declare
var errNoArchAnnotation = errors.New("no architecture annotation found"), have
getArchFromCAPIMachineSet and getArchFromCAPIMachineDeployment return that
sentinel when the annotation is missing, and in the caller (the block checking
arch, err) change the strings.Contains(err.Error(), ...) branch to use
errors.Is(err, errNoArchAnnotation) to detect the missing-annotation case;
update both occurrences (around the arch handling and the similar block at
313-319) to use the sentinel.

---

75-80: 💤 Low value

Inconsistent state cleanup between MachineSets and MachineDeployments.

syncCAPIMachineSets clears capiBootImageState when no objects are found (lines 75-80), but syncCAPIMachineDeployments does not clear state when the manager is not found or when the list is empty. This could leave stale hot-loop detection entries.

Once the MachineManager filtering is re-enabled for MachineSets (currently commented out), consider aligning the cleanup patterns.

Also applies to: 134-144

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_helpers.go` around lines 75 - 80, The
syncCAPIMachineSets branch currently clears the shared map
ctrl.capiBootImageState when objs is empty, but syncCAPIMachineDeployments does
not, leaving stale entries; update syncCAPIMachineDeployments to mirror the
cleanup: when no MachineDeployments are returned or when the MachineManager
filter yields no manager (the same conditions used in syncCAPIMachineSets),
iterate over ctrl.capiBootImageState and delete keys to clear state; ensure both
syncCAPIMachineSets and syncCAPIMachineDeployments consistently perform this
cleanup (also apply the same fix to the code paths noted around the other block
at lines ~134-144) so hot-loop detection entries are removed when there are no
relevant objects or no manager.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 36: The go.mod currently requires github.com/onsi/ginkgo/v2 v2.28.3 but a
replace directive rewrites github.com/onsi/ginkgo/v2 to
github.com/openshift/onsi-ginkgo/v2 v2.6.1-..., masking the intended upgrade;
fix by making the replace target/version consistent with the require (either
remove the replace entirely if you want the upstream v2.28.3, or update the
replace to point to a fork tag/version that corresponds to v2.28.3, e.g. change
the replace RHS to github.com/openshift/onsi-ginkgo/v2
<matching-version-or-commit> so the required module and the replace align).

In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 45-68: The code currently bypasses MachineManager filtering by
calling ctrl.capiMachineSetLister.List(labels.Everything()) because the block
that uses getMachineResourceSelectorFromMachineManagers, checks
machineManagerFound, deletes ctrl.capiBootImageState when absent, and calls
ctrl.updateConditions is commented out; restore that logic (or port the same
pattern from syncCAPIMachineDeployments) so syncCAPIMachineSets uses the
selector returned by getMachineResourceSelectorFromMachineManagers instead of
labels.Everything(), handles the error paths with ctrl.updateConditions, and
performs the ctrl.capiBootImageState cleanup when no manager is found.

---

Duplicate comments:
In `@pkg/controller/bootimage/boot_image_controller.go`:
- Around line 518-522: The delete handlers deleteCAPIMachineSet and
deleteCAPIMachineDeployment must handle informer tombstones: instead of directly
type-asserting obj.(*unstructured.Unstructured), detect if obj is
cache.DeletedFinalStateUnknown, extract the underlying tombstone.Obj and then
assert that to *unstructured.Unstructured (falling back or logging and returning
if that fails); update both functions to first switch on the concrete type,
handle the tombstone case, and only then call
ctrl.enqueueEvent("CAPIMachineSetDeleted") / the corresponding event for
MachineDeployment.
- Around line 287-294: The Phase-1 informer sync misses adding
ctrl.cpmsListerSynced when FeatureGateManagedBootImagesCPMS is enabled, so
update the startup logic to append ctrl.cpmsListerSynced to the synced slice
whenever the CPMS feature gate is active and its informer/handlers are
registered (mirror the pattern used for ctrl.capiInformerFactory); ensure the
CPMS informer is started before waiting on sync and include
ctrl.cpmsListerSynced in the synced slice so reconciliation waits for the CPMS
cache to be warm.
- Around line 325-334: In wireCAPITemplateInformer, guard against a nil
PlatformStatus before dereferencing infra.Status.PlatformStatus.Type: after
fetching infra via ctrl.infraLister.Get("cluster"), check if
infra.Status.PlatformStatus == nil and return a clear error (or handle the nil
case) instead of proceeding to call capiInfraTemplateGVR; reference the infra
variable and the wireCAPITemplateInformer function so the check happens
immediately before reading PlatformStatus.Type.

In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 417-420: When creating the new infra template in
patchCAPIMachineDeployment (and similarly in patchCAPIMachineSet), handle the
"already exists" case: after the Create call on
ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create(...), if
err != nil and apierrors.IsAlreadyExists(err) then call Get(...) to fetch the
existing template object and use that instead of failing; only return an error
for other error types. Apply the same idempotent pattern to the other create
site around the second Create (the similar block at the 462-465 region) so
reconciliation can proceed when a prior run already created the
deterministic-named template.

---

Nitpick comments:
In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 229-235: Replace the fragile string-match error check with a
package-level sentinel error: declare var errNoArchAnnotation = errors.New("no
architecture annotation found"), have getArchFromCAPIMachineSet and
getArchFromCAPIMachineDeployment return that sentinel when the annotation is
missing, and in the caller (the block checking arch, err) change the
strings.Contains(err.Error(), ...) branch to use errors.Is(err,
errNoArchAnnotation) to detect the missing-annotation case; update both
occurrences (around the arch handling and the similar block at 313-319) to use
the sentinel.
- Around line 75-80: The syncCAPIMachineSets branch currently clears the shared
map ctrl.capiBootImageState when objs is empty, but syncCAPIMachineDeployments
does not, leaving stale entries; update syncCAPIMachineDeployments to mirror the
cleanup: when no MachineDeployments are returned or when the MachineManager
filter yields no manager (the same conditions used in syncCAPIMachineSets),
iterate over ctrl.capiBootImageState and delete keys to clear state; ensure both
syncCAPIMachineSets and syncCAPIMachineDeployments consistently perform this
cleanup (also apply the same fix to the code paths noted around the other block
at lines ~134-144) so hot-loop detection entries are removed when there are no
relevant objects or no manager.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: db0dbeac-12e7-4b63-af24-add5c0194b92

📥 Commits

Reviewing files that changed from the base of the PR and between 5c928f3 and a29f0e9.

⛔ Files ignored due to path filters (289)

• go.sum is excluded by !**/*.sum
• vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/rand/rand.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/bearer/token_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/identity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/auth/scheme_id.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/changelog-template.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/context/suppress_expired.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/document.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/document/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/local-mod-replace.sh is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/logging/logger.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/ordered_group.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/stack_values.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_finalize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_initialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/modman.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/gen_scalars.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/ptr/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/time/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/tracing/tracing.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/auth_schemes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/checksum_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/headerlist.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/internal/io/safe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/md5_checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_close_response_body.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_content_length.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_headers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_http_logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/middleware_min_proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/response.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/user_agent.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/validation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/tries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/backoff.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/ticker.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v5/timer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/ed25519/point.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cloudflare/circl/sign/sign.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/methods.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/go-systemd/v22/unit/serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/translate/translate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_4/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/directory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/v3_5/types/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/coreos/ignition/v2/config/validate/validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/docker/api/types/versions/compare.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/certpool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.editorconfig is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/decode_hooks.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.lock is excluded by !**/*.lock, !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/flake.nix is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-viper/mapstructure/v2/mapstructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/golangci/plugin-module-register/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/folding.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/program.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/templates/authoring.tmpl is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/validator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/pb/type.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/native.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2_protoopaque.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_appengine.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_others.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/builder.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/cat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/concat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/cat/sql.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/chain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/helper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/inspect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/multi_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_above_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/pool_below_1_24.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/errors/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/conditional.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/field.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/global.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/inspector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/buffered.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/memory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/multi.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/slog.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lh/text.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/ll.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/lx.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/lx/ns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/ll/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/MIGRATION.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/README_LEGACY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/csv.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/option.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwarp/wrap.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/pkg/twwidth/width.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/blueprint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/colorized.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/html.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/junction.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/markdown.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/ocean.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/renderer/svg.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/table_with_color.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tablewriter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/cell.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/fn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/mapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/preset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/olekukonko/tablewriter/tw/renderer.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

• cmd/machine-config-controller/start.go
• docs/BootImageCAPIDesign.md
• go.mod
• internal/clients/builder.go
• manifests/machineconfigcontroller/clusterrole.yaml
• pkg/controller/bootimage/boot_image_controller.go
• pkg/controller/bootimage/capi_helpers.go
• pkg/controller/bootimage/capi_platform_helpers.go
• pkg/controller/bootimage/vsphere_helpers.go

✅ Files skipped from review due to trivial changes (2)

• cmd/machine-config-controller/start.go
• docs/BootImageCAPIDesign.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify required version
rg -n '^\s*github.com/onsi/ginkgo/v2\s+v' go.mod

# Verify replace target that overrides it
rg -n 'github.com/onsi/ginkgo/v2\s*=>\s*github.com/openshift/onsi-ginkgo/v2' go.mod

Repository: openshift/machine-config-operator

Length of output: 2007

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
rg -n '^\s*github.com/onsi/ginkgo/v2\s+v' go.mod
rg -n 'github.com/onsi/ginkgo/v2\s*=>\s*github.com/openshift/onsi-ginkgo/v2' go.mod

Repository: openshift/machine-config-operator

Length of output: 1988

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
rg -n '^\s*github.com/onsi/ginkgo/v2\s+v' go.mod
rg -n 'github.com/onsi/ginkgo/v2\s*=>\s*github.com/openshift/onsi-ginkgo/v2' go.mod

Repository: openshift/machine-config-operator

Length of output: 1988

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
rg -n '^\s*github.com/onsi/ginkgo/v2\s+v' go.mod
rg -n 'github.com/onsi/ginkgo/v2\s*=>\s*github.com/openshift/onsi-ginkgo/v2' go.mod

Repository: openshift/machine-config-operator

Length of output: 1988

---

Fix go.mod so ginkgo/v2 v2.28.3 isn’t masked by the replace

go.mod requires github.com/onsi/ginkgo/v2 v2.28.3 (line 36), but also replaces github.com/onsi/ginkgo/v2 with github.com/openshift/onsi-ginkgo/v2 v2.6.1-... (line 433). This means the upstream v2.28.3 bump won’t be what’s actually used; align the replace target/version with the intended upgrade (or update the require to match the fork).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 36, The go.mod currently requires github.com/onsi/ginkgo/v2
v2.28.3 but a replace directive rewrites github.com/onsi/ginkgo/v2 to
github.com/openshift/onsi-ginkgo/v2 v2.6.1-..., masking the intended upgrade;
fix by making the replace target/version consistent with the require (either
remove the replace entirely if you want the upstream v2.28.3, or update the
replace to point to a fork tag/version that corresponds to v2.28.3, e.g. change
the replace RHS to github.com/openshift/onsi-ginkgo/v2
<matching-version-or-commit> so the required module and the replace align).

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Commented-out MachineManager filtering bypasses opt-in semantics.

The MachineManager filtering logic for CAPI MachineSets is commented out (lines 45-67), so syncCAPIMachineSets lists all MachineSets via labels.Everything() instead of only the enrolled ones from ManagedBootImagesStatus. This bypasses the opt-in/selector semantics and also skips state cleanup when the CAPI manager is removed.

In contrast, syncCAPIMachineDeployments (lines 121-137) correctly implements this filtering.

Uncomment the filtering logic or port the equivalent pattern from syncCAPIMachineDeployments.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_helpers.go` around lines 45 - 68, The code
currently bypasses MachineManager filtering by calling
ctrl.capiMachineSetLister.List(labels.Everything()) because the block that uses
getMachineResourceSelectorFromMachineManagers, checks machineManagerFound,
deletes ctrl.capiBootImageState when absent, and calls ctrl.updateConditions is
commented out; restore that logic (or port the same pattern from
syncCAPIMachineDeployments) so syncCAPIMachineSets uses the selector returned by
getMachineResourceSelectorFromMachineManagers instead of labels.Everything(),
handles the error paths with ctrl.updateConditions, and performs the
ctrl.capiBootImageState cleanup when no manager is found.