opendefensecloud / solution-arsenal / 25494381042
71%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 31
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 71.355% (+0.6%) from 70.732%
25494381042

push

github

web-flow 
feat(controller): implement release resolver in Target controller (#246) (#494)

## What

Adds a deterministic release resolver to the Target controller that runs
after binding collection and before RenderTask creation. Implements
uniqueName-based deduplication (priority wins; bindingKey tiebreaker)
and bidirectional anti-affinity enforcement.

Also makes `spec.uniqueName` optional on Release: when not set, the
effective unique name falls back to the parent Component name from the
referenced ComponentVersion, written to `status.effectiveUniqueName` for
operator visibility.

## Why
Without conflict resolution, two Profiles can bind the same Target to
two versions of the same component (e.g., kyverno v3.2 and v3.3),
resulting in duplicate RenderTasks and unpredictable deployments. The
resolver enforces that only one Release per logical component reaches
the render stage, with the selection governed by explicit priority and
anti-affinity rules.

`UniqueName` being optional reduces friction for simple single-profile
setups — the system derives a sensible default automatically and exposes
it in `status.effectiveUniqueName` so operators can verify without
reading docs.

## Testing
- **Unit tests** (`resolveReleaseConflicts`): priority selection,
bindingKey tiebreaker, bidirectional anti-affinity, invalid selector,
component-name fallback for empty UniqueName.
- **Integration tests** (envtest): higher-priority wins on conflict,
alphabetical tiebreaker, anti-affinity blocking, NoConflicts path,
optional UniqueName + status.effectiveUniqueName fallback.

Adding e2e scenarios for the resolver was considered but skipped: the
resolver is a pure in-process filter with no external I/O. Setting up
multiple OCI-registered components, Profiles, and Releases in a live
Kind cluster just to test a sort/filter function would add significant
fixture overhead for no additional coverage beyond what the envtest
integration tests already provide.

## Notes for reviewers
**New ... (continued)

99 of 108 new or added lines in 2 files covered. (91.67%)

2 existing lines in 1 file now uncovered.

2354 of 3299 relevant lines covered (71.35%)

18.12 hits per line

Uncovered Changes

Lines Coverage File
9
67.77
 3.6% pkg/controller/target_controller.go

Coverage Regressions

Lines Coverage File
2
67.77
 3.6% pkg/controller/target_controller.go
Jobs
ID Job ID Ran Files Coverage
1 25494381042.1 31
71.35
 GitHub Action Run
Source Files on build 25494381042