AI: Adds a new /generate-tests Claude command that automates the generation of integration tests

[chiragkyal]

Summary

• Adds a new /generate-tests Claude command that automates the generation of comprehensive .testsuite.yaml integration test files for OpenShift API type definitions

Description

This PR introduces a Claude command for generating integration tests for any API group/version in the repository. The command:

1. Analyzes API types - Reads Go type definitions, extracts validation markers, CEL rules, kubebuilder annotations, enum types, and discriminated unions
2. Reads CRD manifests - Examines zz_generated.featuregated-crd-manifests/ to understand CRD variants, defaults, and OpenAPI v3 schemas
3. Preserves existing tests - Checks existing test coverage and only adds tests for new or modified fields
4. Generates comprehensive test suites covering:
   • Minimal valid create tests
   • Valid/invalid field value tests
   • Enum validation tests
   • Pattern and constraint validation
   • Feature-gated field tests
   • Update and immutability tests
   • Validation ratcheting tests
5. Validates output - Ensures generated YAML is syntactically correct

Usage

/generate-tests <path-to-types-file-or-api-directory>

Examples:

/generate-tests config/v1/types_infrastructure.go
/generate-tests operator/v1

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[qodo-code-review]

Review Summary by Qodo

Add /generate-tests Claude command for API integration test generation

✨ Enhancement

Walkthroughs

Description

• Adds /generate-tests Claude command for automated integration test generation
• Analyzes Go types, validation markers, CRD manifests, and CEL rules
• Generates comprehensive .testsuite.yaml test suites for API variants
• Covers minimal valid creates, field validation, updates, immutability, and feature gates
• Preserves existing tests and only adds tests for new or modified fields

Diagram

flowchart LR
  A["API Types & CRD Manifests"] -->|Extract validation rules| B["Analyze Types"]
  B -->|Read existing tests| C["Check Coverage"]
  C -->|Generate test suites| D["Create .testsuite.yaml"]
  D -->|Validate YAML| E["Output Test Files"]

Loading

File Changes

1. .claude/commands/generate-tests.md ✨ Enhancement +398/-0

New generate-tests command with comprehensive test generation logic

• New Claude command definition for generating integration test suites
• Implements 7-step workflow: prechecks, identify types, understand existing tests, generate suites,
 write files, verify, and summarize
• Defines test categories covering minimal valid creates, field validation, updates, immutability,
 singletons, discriminated unions, feature gates, status subresources, and validation ratcheting
• Includes behavioral rules for deriving test values from source, matching existing style, including
 defaults, and preserving existing tests

.claude/commands/generate-tests.md

---

2. AGENTS.md 📝 Documentation +14/-0

Document generate-tests command usage and examples

• Adds documentation for the new /generate-tests command in the Custom Claude Code Commands
 section
• Includes command syntax, description of functionality, and usage examples

AGENTS.md

---

[coderabbitai]

📝 Walkthrough

Walkthrough

Added a new documentation file .claude/commands/generate-tests.md that documents a generate-tests command to produce .testsuite.yaml integration test suites for OpenShift API types. The document specifies usage, prechecks, discovery of target types/CRDs, extraction of CRD variants from zz_generated.featuregated-crd-manifests, test generation across variants, a strict YAML test format (feature gates, onCreate/onUpdate blocks, expected/default handling, ratcheting via initialCRDPatches), preservation/appending rules, output locations, and verification steps. AGENTS.md was updated to list the command and usage examples.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly describes the primary change: a new /generate-tests Claude command for automating integration test generation. It is clear, specific, and accurately reflects the main contribution.
Description check	✅ Passed	The description is well-related to the changeset, clearly explaining the command's purpose, functionality, and usage with concrete examples matching the documentation additions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hello @chiragkyal! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@AGENTS.md`:
- Around line 129-140: The fenced code blocks in the AGENTS.md snippet (the
usage line "/generate-tests <path-to-types-file-or-api-directory>" and the
example lines "/generate-tests config/v1/types_infrastructure.go" and
"/generate-tests operator/v1") are missing language identifiers and trigger
MD040; update each triple-backtick fence around these blocks to include a
language token like "text" (i.e., change the opening ``` to ```text for the
three code fences that surround the usage line and the example block) so the
markdown linter no longer flags them.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add language identifiers to fenced code blocks.

Markdownlint MD040 is triggered because these fences omit a language; add one (e.g., text) to keep lint clean.

🛠️ Proposed fix

-```
+```text
 /generate-tests <path-to-types-file-or-api-directory>
-```
+```
 ...
-```
+```text
 /generate-tests config/v1/types_infrastructure.go
 /generate-tests operator/v1
-```
+```

🧰 Tools

🪛 markdownlint-cli2 (0.20.0)

[warning] 129-129: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 137-137: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

In `@AGENTS.md` around lines 129 - 140, The fenced code blocks in the AGENTS.md
snippet (the usage line "/generate-tests <path-to-types-file-or-api-directory>"
and the example lines "/generate-tests config/v1/types_infrastructure.go" and
"/generate-tests operator/v1") are missing language identifiers and trigger
MD040; update each triple-backtick fence around these blocks to include a
language token like "text" (i.e., change the opening ``` to ```text for the
three code fences that surround the usage line and the example block) so the
markdown linter no longer flags them.

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (2) 📘 Rule violations (2) 📎 Requirement gaps (0)

1. TARGET_PATH lacks validation 📘 Rule violation ⛨ Security

Description

The command uses user-provided TARGET_PATH to derive API_DIR without verifying the path exists
or is within the repo root, which can lead to unintended file reads/scans outside the repository.
This violates the requirement to validate and sanitize external inputs.

Code

.claude/commands/generate-tests.md[R18-40]

+REPO_ROOT=$(git rev-parse --show-toplevel)
+TARGET_PATH="$ARGUMENTS"
+if [ -z "$TARGET_PATH" ]; then
+  echo "PRECHECK FAILED: No target path provided."
+  echo "Usage: /generate-tests <path-to-types-file-or-api-directory>"
+  echo "Examples:"
+  echo "  /generate-tests config/v1/types_infrastructure.go"
+  echo "  /generate-tests operator/v1"
+  echo "  /generate-tests route/v1/types_route.go"
+  exit 1
+fi
+
+echo "Repository root: $REPO_ROOT"
+echo "Target: $TARGET_PATH"
+```
+
+```bash
+if [ -d "$TARGET_PATH" ]; then
+  API_DIR="$TARGET_PATH"
+else
+  API_DIR=$(dirname "$TARGET_PATH")
+fi
+```

Evidence

PR Compliance ID 6 requires validating/sanitizing external inputs; the added command accepts
arbitrary TARGET_PATH from ARGUMENTS and derives API_DIR via dirname with no
existence/repo-boundary checks before later filesystem operations use it.

Rule 6: Generic: Security-First Input Validation and Data Handling
.claude/commands/generate-tests.md[18-40]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The `/generate-tests` command consumes user-provided `TARGET_PATH` without validating existence or constraining it to the git repository root, enabling accidental or malicious reads/scans outside the repo.

## Issue Context
`TARGET_PATH` is derived from `ARGUMENTS` and then used to compute `API_DIR` with `dirname`, but there are no checks like `test -e`, `realpath`, or prefix checks against `$REPO_ROOT`.

## Fix Focus Areas
- .claude/commands/generate-tests.md[18-40]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. featureGate key ignored 🐞 Bug ✓ Correctness

Description

The command instructs using featureGate: for single-gate variants, but the test suite loader only
reads featureGates (slice). Generated gated suites will be treated as ungated and run against all
CRD variants, causing incorrect coverage and potential false failures.

Code

.claude/commands/generate-tests.md[R115-129]

+For feature-gated variants, add the gate(s):
+
+```yaml
+# Single feature gate:
+featureGate: <FeatureGateName>
+
+# Multiple feature gates:
+featureGates:
+- <FeatureGate1>
+- <FeatureGate2>
+
+# Negative gates (enabled in ungated but not when this gate is active):
+featureGates:
+- -<FeatureGateName>
+```

Evidence

SuiteSpec only has FeatureGates []string with JSON/YAML key featureGates; YAML is unmarshaled
directly into this struct, so featureGate is ignored. When FeatureGates is empty,
perTestRuntimeInfo treats the test as ungated and includes all CRD files for that CRD name.

.claude/commands/generate-tests.md[115-129]
tests/types.go[4-15]
tests/generator.go[61-70]
tests/crd_filter.go[48-52]
image/v1/tests/ImageStreamImportMode.yaml[1-5]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`/generate-tests` currently instructs generating `featureGate: <name>` for single-gated variants, but the test runner’s `SuiteSpec` only consumes `featureGates` (slice). As a result, single-gated suites generated from these instructions will be treated as ungated.

### Issue Context
The YAML loader unmarshals directly into `SuiteSpec` and filtering logic checks `len(featureGates)==0` to decide whether a suite is ungated.

### Fix Focus Areas
- .claude/commands/generate-tests.md[115-129]
- .claude/commands/generate-tests.md[392-394]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Incorrect manifest/output paths 🐞 Bug ✓ Correctness

Description

The command references zz_generated.featuregated-crd-manifests/<plural>.<group>/ and outputs to
<group>/<version>/tests/..., but in-repo featuregated manifests and suites are located under the
API directory (e.g., security/v1/zz_generated.featuregated-crd-manifests/... and
security/v1/tests/...). Following the doc literally can cause “not found” variant discovery and
tests written to paths the runner won’t load.

Code

.claude/commands/generate-tests.md[R70-104]

+Read the types file(s) and extract all information. Also read the corresponding CRD manifests
+from `zz_generated.featuregated-crd-manifests/<plural>.<group>/` to get:
+- The list of CRD variants (ungated, per-featureGate, compound)
+- The full CRD name
+- Default values applied by the schema
+- The full OpenAPI v3 validation tree
+
+## Step 3: Understand Existing Tests
+
+Check the `tests/` directory for existing test suites:
+
+```bash
+# List existing test files for this CRD
+TEST_DIR="$API_DIR/tests"
+if [ -d "$TEST_DIR" ]; then
+  echo "=== Existing test directories ==="
+  ls -la "$TEST_DIR/"
+fi
+```
+
+If test files already exist for this CRD, read them to understand existing coverage.
+Do NOT duplicate tests that already exist. Only add tests for NEW or MODIFIED fields/types.
+
+## Step 4: Generate Test Suites
+
+For each CRD variant found in `zz_generated.featuregated-crd-manifests/<plural>.<group>/`,
+generate a corresponding test file at:
+
+```text
+<group>/<version>/tests/<plural>.<group>/<VariantName>.yaml
+```
+
+Where `<VariantName>` matches the CRD manifest filename (e.g., `AAA_ungated.yaml`,
+`OnPremDNSRecords.yaml`, `FeatureA+FeatureB.yaml`).
+

Evidence

Repo tooling iterates featuregated CRD manifests under
${FOLDER}/zz_generated.featuregated-crd-manifests (where FOLDER is an API dir like security/v1)
and writes suites under ${FOLDER}/tests/.... A concrete example exists under
security/v1/zz_generated.featuregated-crd-manifests/... and corresponding security/v1/tests/....

.claude/commands/generate-tests.md[70-100]
tests/hack/gen-minimal-test.sh[23-46]
security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/AAA_ungated.yaml[1-14]
security/v1/tests/securitycontextconstraints.security.openshift.io/AAA_ungated.yaml[1-4]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The command’s documented paths are ambiguous/wrong relative to this repo’s layout: featuregated CRD manifests and generated suites live under the specific API directory (like `security/v1/...`), not at repo root, and `<group>` is overloaded (API group domain vs directory name).

### Issue Context
Existing repo tooling (`tests/hack/gen-minimal-test.sh`) demonstrates the expected layout and will be what developers mirror.

### Fix Focus Areas
- .claude/commands/generate-tests.md[70-76]
- .claude/commands/generate-tests.md[93-104]
- .claude/commands/generate-tests.md[301-309]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

4. python YAML check hides errors 📘 Rule violation ⛯ Reliability

Description

The YAML verification loop suppresses Python/YAML parsing errors (2>/dev/null) and uses `for f in
$(find ...)`, which can break on whitespace and makes failures harder to diagnose. This reduces
robustness and weakens edge case handling for verification.

Code

.claude/commands/generate-tests.md[R317-321]

+for f in $(find "$API_DIR/tests" -name '*.yaml' -type f); do
+  if ! python3 -c "import yaml; yaml.safe_load(open('$f'))" 2>/dev/null; then
+    echo "WARNING: Invalid YAML in $f"
+  fi
+done

Evidence

PR Compliance ID 3 requires robust error handling and explicit edge case management; the added
verification snippet both suppresses the underlying error output and uses a whitespace-splitting
loop construct that is fragile for filenames.

Rule 3: Generic: Robust Error Handling and Edge Case Management
.claude/commands/generate-tests.md[317-321]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The YAML verification loop is fragile for filenames and suppresses error details needed to understand why verification failed.

## Issue Context
The snippet uses `for f in $(find ...)` (word-splitting) and redirects Python stderr to `/dev/null`, which can mask missing dependencies (e.g., PyYAML) and actual parse errors.

## Fix Focus Areas
- .claude/commands/generate-tests.md[317-321]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[qodo-code-review]

1. target_path lacks validation 📘 Rule violation ⛨ Security

The command uses user-provided TARGET_PATH to derive API_DIR without verifying the path exists
or is within the repo root, which can lead to unintended file reads/scans outside the repository.
This violates the requirement to validate and sanitize external inputs.

Agent Prompt

## Issue description
The `/generate-tests` command consumes user-provided `TARGET_PATH` without validating existence or constraining it to the git repository root, enabling accidental or malicious reads/scans outside the repo.

## Issue Context
`TARGET_PATH` is derived from `ARGUMENTS` and then used to compute `API_DIR` with `dirname`, but there are no checks like `test -e`, `realpath`, or prefix checks against `$REPO_ROOT`.

## Fix Focus Areas
- .claude/commands/generate-tests.md[18-40]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

[qodo-code-review]

2. Featuregate key ignored 🐞 Bug ✓ Correctness

The command instructs using featureGate: for single-gate variants, but the test suite loader only
reads featureGates (slice). Generated gated suites will be treated as ungated and run against all
CRD variants, causing incorrect coverage and potential false failures.

Agent Prompt

### Issue description
`/generate-tests` currently instructs generating `featureGate: <name>` for single-gated variants, but the test runner’s `SuiteSpec` only consumes `featureGates` (slice). As a result, single-gated suites generated from these instructions will be treated as ungated.

### Issue Context
The YAML loader unmarshals directly into `SuiteSpec` and filtering logic checks `len(featureGates)==0` to decide whether a suite is ungated.

### Fix Focus Areas
- .claude/commands/generate-tests.md[115-129]
- .claude/commands/generate-tests.md[392-394]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

[qodo-code-review]

3. Incorrect manifest/output paths 🐞 Bug ✓ Correctness

The command references zz_generated.featuregated-crd-manifests/<plural>.<group>/ and outputs to
<group>/<version>/tests/..., but in-repo featuregated manifests and suites are located under the
API directory (e.g., security/v1/zz_generated.featuregated-crd-manifests/... and
security/v1/tests/...). Following the doc literally can cause “not found” variant discovery and
tests written to paths the runner won’t load.

Agent Prompt

### Issue description
The command’s documented paths are ambiguous/wrong relative to this repo’s layout: featuregated CRD manifests and generated suites live under the specific API directory (like `security/v1/...`), not at repo root, and `<group>` is overloaded (API group domain vs directory name).

### Issue Context
Existing repo tooling (`tests/hack/gen-minimal-test.sh`) demonstrates the expected layout and will be what developers mirror.

### Fix Focus Areas
- .claude/commands/generate-tests.md[70-76]
- .claude/commands/generate-tests.md[93-104]
- .claude/commands/generate-tests.md[301-309]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

[chiragkyal]

Testing

Route v1 test generation

Exported on 13/02/2026 at 0:03:44 GMT+5:30 from Cursor (2.4.28)

---

User

/generate-tests routes/v1

---

Cursor

I'll generate tests for the routes/v1 API directory. Let me start by exploring the directory structure and understanding the types defined there.

Let me look at example test files from other APIs to understand the full test pattern better, and then I'll generate comprehensive tests.

Now I have a comprehensive understanding of the test format. Let me create comprehensive test files for the Route API. I'll update both the AAA_ungated.yaml and RouteExternalCertificate.yaml files with additional tests covering all validation rules.

Now let me update the RouteExternalCertificate.yaml with more comprehensive tests for that feature gate.

Now let me run the tests to verify they work correctly.

The tests require network access to start a local Kubernetes control plane. Let me verify the YAML syntax of the test files instead.

Let me verify the full content of the test files.

I have successfully generated comprehensive integration tests for the route/v1 API. Here's a summary of what was added:

Summary of Generated Tests

AAA_ungated.yaml (59 tests total)

Extended from the original tests with new test cases covering:

New Field Validation Tests:

• Host field: Valid hosts, single-label hosts, invalid characters, hyphen prefix/suffix validation
• Subdomain field: Valid subdomains, multi-part subdomains, invalid patterns
• Path field: Valid paths, root path, paths without leading slash
• to.kind: Service enum validation, empty kind default, invalid kind rejection
• to.name: Empty name validation (MinLength=1)
• to.weight: Boundary testing (0, 256), out-of-range values (257, -1)
• alternateBackends: Max 3 backends, weight validation, empty name validation
• wildcardPolicy: None, Subdomain, empty (default), invalid values
• TLS termination: edge, reencrypt, passthrough, invalid types
• insecureEdgeTerminationPolicy: Allow, Redirect, None, invalid values
• Port: Integer and string targetPort support

Preserved Existing Tests:

• TLS passthrough + insecureEdgeTerminationPolicy combinations
• HTTP header actions validation
• Reserved header restrictions (HSTS, Proxy, Cookie, Set-Cookie)
• Dynamic header value format validation (HAProxy format strings)
• Sample fetcher/converter restrictions for request/response headers

RouteExternalCertificate.yaml (12 tests total)

Extended from the original tests with new test cases for the RouteExternalCertificate feature gate:

• Basic route creation (minimal Route)
• TLS passthrough + insecureEdgeTerminationPolicy combinations
• externalCertificate only (edge and reencrypt termination)
• externalCertificate + destinationCACertificate
• externalCertificate + caCertificate
• Traditional certificate + key (no externalCertificate)
• externalCertificate + insecureEdgeTerminationPolicy Redirect
• Mutual exclusion: Cannot have both certificate and externalCertificate

---

• Newly added tests: claude: "/generate-test": additional tests for routes/v1 #2707

[everettraven]

Aside from a couple very minor tweaks, this LGTM.

[everettraven]

It doesn't hurt to have this, but this is probably unnecessary. Trusting that the OpenAPI schema correctly enforces this seems reasonable to me.

[chiragkyal]

Thanks for the suggestion. I've removed the generation of common OpenAPI validations in the latest commit. Please have a look.

[everettraven]

Similar to my comment above, this seems a bit unnecessary. The only case where I think this might make sense is when the min/max constraints are a part of a CEL / format validation but those cases should fall under the appropriate cases you have below.

[chiragkyal]

Thanks! This section is also remove/updated in the latest commit. The focus would be more on custom CEL validations and other related validations.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.claude/commands/generate-tests.md (1)

323-327: Use null-delimited iteration for file-safe YAML checks.

for f in $(find ...) is fragile and will mis-handle filenames containing spaces or newlines. Use -print0 with read -d '' to safely handle any filename.

Suggested diff

-# Quick syntax check — ensure test files are valid YAML
-for f in $(find "$API_DIR/tests" -name '*.yaml' -type f); do
-  if ! python3 -c "import yaml; yaml.safe_load(open('$f'))" 2>/dev/null; then
-    echo "WARNING: Invalid YAML in $f"
-  fi
-done
+# Quick syntax check — ensure test files are valid YAML
+find "$API_DIR/tests" -name '*.yaml' -type f -print0 | while IFS= read -r -d '' f; do
+  if ! python3 -c "import yaml, pathlib; yaml.safe_load(pathlib.Path('$f').read_text())" 2>/dev/null; then
+    echo "WARNING: Invalid YAML in $f"
+  fi
+done

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/commands/generate-tests.md around lines 323 - 327, The loop using
for f in $(find "$API_DIR/tests" -name '*.yaml' -type f); do is unsafe for
filenames with spaces or newlines; change the iteration to use find ... -print0
and a null-delimited read (read -d '' -r f) so each filename from find is
handled atomically, then feed each file into the same python3 -c "import yaml;
yaml.safe_load(open('$f'))" check and preserve the existing warning path (echo
"WARNING: Invalid YAML in $f") when the python check fails; locate and update
the shell loop around the variables/API_DIR and the test YAML validation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.claude/commands/generate-tests.md:
- Around line 324-326: Add an explicit PyYAML availability check before the YAML
validation loop: run a quick python3 -c "import yaml" test (the same module
referenced in the existing python3 -c "import yaml; yaml.safe_load(open('$f'))"
check) and, if it fails, print a clear error about missing PyYAML and exit
non‑zero so the loop does not misreport missing module as "Invalid YAML"; place
this check immediately before the validation loop that iterates over $f.

---

Nitpick comments:
In @.claude/commands/generate-tests.md:
- Around line 323-327: The loop using for f in $(find "$API_DIR/tests" -name
'*.yaml' -type f); do is unsafe for filenames with spaces or newlines; change
the iteration to use find ... -print0 and a null-delimited read (read -d '' -r
f) so each filename from find is handled atomically, then feed each file into
the same python3 -c "import yaml; yaml.safe_load(open('$f'))" check and preserve
the existing warning path (echo "WARNING: Invalid YAML in $f") when the python
check fails; locate and update the shell loop around the variables/API_DIR and
the test YAML validation.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 3d04680 and 91c9cba.

📒 Files selected for processing (2)

• .claude/commands/generate-tests.md
• AGENTS.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

find . -path "*/.claude/commands/generate-tests.md" -type f

Repository: openshift/api

Length of output: 93

---

🏁 Script executed:

cat -n ./.claude/commands/generate-tests.md | sed -n '310,340p'

Repository: openshift/api

Length of output: 1187

---

Add upfront PyYAML dependency check to avoid conflating missing module with invalid YAML.

The validation loop currently masks missing PyYAML as "Invalid YAML" since both produce a failed python3 command. Add an explicit check for the yaml module before the loop to fail fast with a clear error message if the dependency is unavailable.

Suggested diff

+if ! python3 -c "import yaml" >/dev/null 2>&1; then
+  echo "PRECHECK FAILED: python3 package 'PyYAML' is required for YAML validation."
+  exit 1
+fi
+
 for f in $(find "$API_DIR/tests" -name '*.yaml' -type f); do
   if ! python3 -c "import yaml; yaml.safe_load(open('$f'))" 2>/dev/null; then
     echo "WARNING: Invalid YAML in $f"
   fi
 done

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/commands/generate-tests.md around lines 324 - 326, Add an explicit
PyYAML availability check before the YAML validation loop: run a quick python3
-c "import yaml" test (the same module referenced in the existing python3 -c
"import yaml; yaml.safe_load(open('$f'))" check) and, if it fails, print a clear
error about missing PyYAML and exit non‑zero so the loop does not misreport
missing module as "Invalid YAML"; place this check immediately before the
validation loop that iterates over $f.

[everettraven]

Looks good to me as a baseline. As with all of the AI assisted workflows, I'm sure we will find things to tweak/improve over time.

/lgtm

[openshift-ci-robot]

Pipeline controller notification

No second-stage tests were triggered for this PR.

This can happen when:

• The changed files don't match any pipeline_run_if_changed patterns
• All files match pipeline_skip_if_only_changed patterns
• No pipeline-controlled jobs are defined for the master branch

Use /test ? to see all available tests.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: everettraven

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [everettraven]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[everettraven]

/retest-required

[chiragkyal]

/retest-required

[chiragkyal]

Looks like we're hitting this issue for the images job.

[everettraven]

Thanks for the reference @chiragkyal - This change isn't something critical IMO so lets just keep an eye on that issue getting resolved and then kick the tests again when it has been resolved.

[everettraven]

/retest-required

[everettraven]

Dev tooling and no impact to product, skipping verification.

/verified skip

[openshift-ci-robot]

@everettraven: The /verified command must be used with one of the following actions: by, later, remove, or bypass. See https://docs.ci.openshift.org/docs/architecture/jira/#premerge-verification for more information.

Details

In response to this:

Dev tooling and no impact to product, skipping verification.

/verified skip

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[everettraven]

/verified bypass

[openshift-ci-robot]

@everettraven: The verified label has been added.

Details

In response to this:

/verified bypass

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@chiragkyal: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.