stacklok / toolhive

47%

LAST BUILD ON BRANCH main

branch: main

CHANGE BRANCH

x

Reset

• main
• 2012-respect-x-forwarded
• 2023-inbound-network-permissions
• 2160-podman-mac
• accessor-helper-package
• add-claude-agents
• add-ginkgolinter
• add-grafana-cli-example
• add-groups
• add-insecure-http-oidc-support
• add-k8s-export-format
• add-mcp-meta-field-support
• add-mcpgroup-proposal
• add-netwok-isolation-examples
• add-oidc-resolver
• add-proxy-logs-endpoint
• add-registry-groups-cli-support
• add-stackers
• adds-auth-runconfig
• adds-codecov-exclusions
• adds-global-config-otel
• adds-missing-tests
• adds-tests
• alternative-workaround
• api-proxy-port
• auth-refactored
• auto-add-remote-server-to-clients
• bad_example
• change-codecov
• change-otel-metric-defaults
• chore/change-renovate-commit-msg
• chore/ci-task-ensure-docs-proposal-names-format
• chore/e2e-labels-matrix
• chore/move-testkit-under-test
• chore/refactor-runconfig-builder-into-options
• chore/refactor-runconfigbuilder-to-option
• chore/rename-design-docs
• chore/use-testkit-client
• ci-tidy-names
• ci/add-renovate-config-validation
• claude-commands_2025-10-21
• claude/issue-1452-20250827-1021
• claude/issue-2119-20251008-1230
• claude_skills
• concurrent-restart-keyring-race-condition
• configure-telemetry-namespace
• consistent-workload-naming
• corrects-errors
• cosign_bundle_signing
• coveralls
• decouple-configmap-operator
• default-callback-port
• dependabot/github_actions/github/codeql-action-4
• dependabot/go_modules/github.com/lestrrat-go/jwx/v3-3.0.11
• dependabot/go_modules/github.com/olekukonko/tablewriter-1.1.0
• dependabot/go_modules/sigs.k8s.io/controller-runtime-0.22.1
• deprecated-fields
• disable-selinux-labeling
• docs-update-remote-auth
• docs/arch
• docs/operator-e2e-tests-and-task-improvements
• docs/runconfig-proposal
• docs/runtime-authoring-guide
• docs/update-go-version
• docs/update-middleware-documentation
• domain-model-diagram
• downgrade-go-1.24
• drop-test-silent
• enable-configmap
• enforce-structured-logs-k8s
• ensure-version-output
• envtest_pin
• exclude-mocks
• export-detail-api-inconsistencies
• external-auth-controller-impl
• feat/add-continue-client
• feat/add-e2e-tests-for-tool-override-1515
• feat/add-proxy-mode-to-workload-api
• feat/add-tool-middleware-config-to-cli
• feat/add-tool-middleware-config-to-http-api
• feat/improve-client-config-file-logic
• feat/issue-1638-configmap
• feat/issue-1638-state-storage
• feat/k8s-configmap-runconfig-1638
• feat/mcp-server-secrets-management
• feat/operator-audit-config
• feat/operator-authz-configmap
• feat/private-package-registries-proposal
• feat/restart-mcpserver-annotation-1880
• feat/session-storage-http-streaming
• feat/session-storage-interface-phase2
• feat/session-storage-pluggable
• feat/telemetry-tool-error-capture
• feat/token-exchange-env-var
• feat/update-mcp-parser-latest-spec
• feature/add-mcpremoteproxy-crd
• feature/docker-workload-tests
• feature/increase-session-ttl
• feature/mcpremoteproxy-implementation
• feature/remove-info-logger
• feature/telemetry-configmap-support
• feature/toolconfig-crd
• fix--registry-remote-server-running
• fix-api-timeout-large-images
• fix-atlassian-issuer-mismatch
• fix-auditor-middleware-transport
• fix-auth-flags-for-registry
• fix-chainsaw-install_2025-10-21
• fix-dashboard-uid
• fix-double-pod
• fix-duplicate-listing
• fix-duplicate-operator-e2e-runs
• fix-duplicate-workload
• fix-flacky-tests
• fix-goreleaser
• fix-group-case-insensitive
• fix-info-output
• fix-inspector
• fix-issuer
• fix-linter-cyclomatic-complexity
• fix-mkp-example
• fix-oauth-issuer-discovery
• fix-operator-datarace-logger
• fix-releaser-warns
• fix-remote-servers-tests
• fix-renovate-kindest-node-patch-only
• fix-runconfig-save-race-condition-on-workload-edit
• fix-scopes-type
• fix-serviceaccount-configmap-mode
• fix-silent
• fix-staticcheck-nil-pointer
• fix-stdio-tests
• fix-thvignore-tmpcopyup
• fix-warns
• fix/ci-security-scan-workflow
• fix/egress-proxy-arm64-build
• fix/env-var-nil-pointer-1469
• fix/fix-authz-middleware-tools-list
• fix/fix-authz-tools-list
• fix/flaky-registry-api-image-test
• fix/issue-1874-proxy-mode
• fix/issue-1957-oidc-issuer-mismatch
• fix/jsonschema-v6-upgrade
• fix/log-middleware-names
• fix/mcpserver-auth-audit-persistence
• fix/mcpserver-crd-size-reduction
• fix/mcpserver-remote-path
• fix/operator-context-aware-logging
• fix/otel-insecure-config
• fix/proxyrunner-tools-override-middleware
• fix/remove-pointer-to-interface-2169
• fix/renovate-kindest-node-patch-only
• fix/set-correct-content-length
• fix_git_clone
• fix_registy_api
• fix_used_port
• fixes-flaky-order-assertion
• fixes-flaky-test
• fixes-mocks
• fixes-release
• go-24-dev-guide
• go-mod-tidy
• google-oauth
• goose
• groups-registry-alt
• groups-registry-proposal
• helm-chart-contributing
• ignore-coverage
• implements-providers-strategies
• improve-test-coverage-and-fix-label-validation
• inherit-secret-codecov
• int-tests
• integration-tests-fix
• issue-1638-add-configmap-flag
• issue-1638-add-proxymode
• issue-1638-configmap-add-audit
• issue-1638-configmap-add-authn
• issue-1638-configmap-add-authz
• issue-1638-configmap-use
• issue-1638-use-configmap
• issue-1696-v1
• issue-1700
• issue-1717
• issue-1871
• issue-1873
• issue-1873-v1
• issue-1898
• issue-1941
• issue-1947
• issue-2114
• issue-2114-telemetry
• issue-2117
• issue-2166
• issuer-mistmatch
• jesseo.colima-runtime-support
• k8s-groups_2025-10-15
• k8s_and
• k8s_registry
• kill-patch-coverage
• lock-file-cleanup
• maintainers
• mcp-optimizer-hide
• merge-integration-tests
• meta-mcp-in-registry
• migrate-pid-files
• migrate-pid-files-iii
• migrate_oauth_config
• missed-main-test
• move-crds-to-crds-directory
• move-workload-update-logic-into-manager
• moves-configmap-retrieval
• multiple-rm-arguments
• multiple-rm-stop-arguments
• network-isolation-e2e
• optimize-e2e-workflow-binary-build
• otel-custom-attributes
• otel-defaults
• otel-example
• pid-in-state-file
• pid-in-state-file-ii
• pins-envtest
• prm_discovery
• prm_with_path
• proposal-mcp-registry-upstream-support
• proposal/deployment-architecture-k8s
• proposal/operator-valkey-integration
• proposal/remote-mcp-proxy
• proposal/virtual-mcp-server
• refactor-rbac-operator
• refactor-status-collector
• refactor-telemetry
• refactor/docker-api-adapter-tests
• refactor/extract-common-controller-helpers
• refactor/phase1-extract-common-helpers
• refactor/use-defaultAuthzKey-constant
• registry-docs
• registry-groups-updated
• registry_apisource
• registry_cm
• registry_crds
• registry_filter
• registry_fix_sync
• registry_githandler
• registry_no_serverCount
• registry_promote
• registry_sync
• registry_tests
• reinstate-stale-config-fix
• remote-mcp-server-restart-fix
• remote-server-apis
• remote-server-proxy-url-in-list
• remote-workload-spurious-warning
• remove-flag-driven-oidc
• remove-old-status-methods
• remove-registry-api
• remove-secret-provider-depdendency
• removes-binary
• removes-flag-driven-config-more
• removes-flag-driven-config-patch
• removes-not-allowed-item
• renovate/actions-download-artifact-digest
• renovate/actions-setup-go-6.x
• renovate/actions-setup-python-6.x
• renovate/add-kindest-node-patch-updates
• renovate/alpine-3.x
• renovate/anchore-sbom-action-0.x
• renovate/anthropics-claude-code-action-digest
• renovate/docker-login-action-3.x
• renovate/dockerfile-template-base-images
• renovate/github-codeql-action-4.x
• renovate/github.com-cedar-policy-cedar-go-1.x
• renovate/github.com-charmbracelet-bubbletea-1.x
• renovate/github.com-docker-docker-28.x
• renovate/github.com-go-git-go-git-v5-5.x
• renovate/github.com-gofrs-flock-0.x
• renovate/github.com-lestrrat-go-jwx-v3-3.x
• renovate/github.com-mark3labs-mcp-go-0.x
• renovate/github.com-olekukonko-tablewriter-1.x
• renovate/github.com-onsi-ginkgo-v2-2.x
• renovate/github.com-prometheus-client_golang-1.x
• renovate/github.com-santhosh-tekuri-jsonschema-v5-6.x
• renovate/github.com-sigstore-sigstore-go-1.x
• renovate/github.com-sigstore-sigstore-go-digest
• renovate/github.com-spf13-pflag-1.x
• renovate/github.com-spf13-viper-1.x
• renovate/golang.org-x-exp-jsonrpc2-digest
• renovate/golang.org-x-mod-0.x
• renovate/golang.org-x-oauth2-0.x
• renovate/golang.org-x-sync-0.x
• renovate/golang.org-x-sys-0.x
• renovate/golang.org-x-term-0.x
• renovate/helm-kind-action-digest
• renovate/k8s.io-utils-digest
• renovate/kindest-node-1.x
• renovate/kubernetes-go
• renovate/major-github-artifact-actions
• renovate/python-3.x
• renovate/sigs.k8s.io-controller-runtime-0.x
• renovate/sigstore-cosign-installer-3.x
• renovate/sigstore-cosign-installer-4.x
• research-67
• revert-accidental-merge
• revert_py3.14
• reverts-cosign-installer-bump
• reverts-mocks
• rm-dependabot
• spec-generation
• state-management-bug
• stop-reading-pid-files-tests
• support-colima
• task-test-fail-only
• telemetry-providers
• telemetry-refactor
• test/add-testkit
• test/docker-high-roi
• test/token-exchange-integration
• tests/docker-runtime-query-coverage
• thv-proxy-swap
• thv-registry-api
• thv-registry-api-file
• thv-registry-deploy-from-controller
• thv-registry-enforce
• thv-te-cli
• thv-te-iface
• thv-te-mware
• thv-te-proposal
• tracing-operatpr
• trae-ide-client
• transport-mock
• typo
• update-claude-code-action
• update-docs-workflow
• update-inspector
• update-k8s-examples
• update-k8s-test-versions
• update-maintainers
• update-task-helm-deployment
• update-upstream-registry-schema
• upgrade-go
• use-new-update-url
• use-status-file-for-pids
• use_thv_client_secret
• vault-annotations
• work-around-stale-config
• workload-manager-tests
• wrong-place

Build # 18731984782

Build Type

push

github

Committed by web-flow

Commit Message

Reduce MCPServer CRD size by using runtime.RawExtension for PodTemplateSpec (#2015)

* Reduce MCPServer CRD size by using runtime.RawExtension for PodTemplateSpec

The MCPServer CRD was too large (~9500 lines) to apply without server-side
apply due to the embedded PodTemplateSpec taking up ~8500 lines. This was
causing issues as reported in GitHub issue #2013.

Changed the PodTemplateSpec field from a strongly-typed corev1.PodTemplateSpec
to runtime.RawExtension, which stores the raw JSON without schema validation
at the CRD level. This reduces the CRD size from ~9500 lines to 651 lines
(93% reduction).

The solution maintains full backwards compatibility - users can still use
the same YAML structure. Validation now happens at runtime in the operator,
with proper error handling via Kubernetes events and status conditions to
notify users when invalid PodTemplateSpec data is provided.

Key changes:
- Modified MCPServer type to use runtime.RawExtension for PodTemplateSpec
- Updated PodTemplateSpecBuilder to unmarshal and validate at runtime
- Added event recording and status conditions for validation errors
- Added comprehensive tests for invalid PodTemplateSpec scenarios
- Fixed race conditions in parallel tests

Fixes #2013

* Bump operator-crds chart version to 0.0.40

The CRD has been modified (MCPServer.spec.podTemplateSpec changed to
runtime.RawExtension), so the chart version needs to be bumped per
CI requirements.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Address PR feedback from code review

Fixes based on Copilot and reviewer feedback:
- Fix DeepCopy call to use pointer: (&userTemplate).DeepCopy()
- Remove duplicate test assertions in pod template tests
- Remove redundant PodTemplateSpec check in deploymentNeedsUpdate
- Remove ~200 lines of dead code (non-ConfigMap mode paths)
- Remove 5 unused functions (getProxyHost, generateOIDCArgs, etc.)
- Improve isEmpty() to check a... (continued)

Run Details

141 of 168 new or added lines in 5 files covered. (83.93%)

1 existing line in 1 file now uncovered.

18673 of 39644 relevant lines covered (47.1%)

15.63 hits per line