[SREP-940] Add rollout blocking feature

[bergmannf]

This feature allows blocking a rollout for single or all components of a service.

Summary by CodeRabbit

• New Features

  • Added osdctl promote block to append a git SHA to a component’s blockedVersions (per-component or all components).
  • --list mode shows available services and components.
  • Enforces required flags, mutual exclusivity between --all and --component, and rejects running on repos with uncommitted changes.
  • Automatically creates a branch and commits the blocking change; prevents adding duplicate blocked entries.

• Documentation

  • New docs and manpage entries for the promote block command and usage examples.

[coderabbitai]

Warning

Rate limit exceeded

@bergmannf has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 41 minutes and 47 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 45970250-dd60-4925-96c6-b2f89a51260d

📥 Commits

Reviewing files that changed from the base of the PR and between 3d8fa40 and 159aae4.

📒 Files selected for processing (20)

• cmd/promote/blocked/blocked.go
• cmd/promote/cmd.go
• cmd/promote/dynatrace/dt_utils.go
• cmd/promote/dynatrace/dynatrace.go
• cmd/promote/managedscripts/managed_scripts.go
• cmd/promote/managedscripts/managed_scripts_test.go
• cmd/promote/saas/saas.go
• cmd/promote/saas/saas_test.go
• docs/README.md
• docs/osdctl_promote.md
• docs/osdctl_promote_block.md
• pkg/promote/app_interface_clone.go
• pkg/promote/app_interface_clone_test.go
• pkg/promote/git_repo.go
• pkg/promote/service.go
• pkg/promote/service_test.go
• pkg/promote/services_registry.go
• pkg/promote/services_registry_test.go
• pkg/promote/test_tools.go
• pkg/promote/utils_test.go

Walkthrough

This PR refactors promote utilities into pkg/promote, adds component lookup and blocked-version APIs, implements a new osdctl promote block command (with docs), and migrates existing promote commands/tests to use the shared package.

Changes

Package Reorganization and Blocked Version Support

Layer / File(s)	Summary
Shared package foundation pkg/promote/app_interface_clone.go, pkg/promote/app_interface_clone_test.go, pkg/promote/git_repo.go, pkg/promote/services_registry.go, pkg/promote/services_registry_test.go, cmd/promote/cmd.go, .ci-operator.yaml	Moved command-local utilities into pkg/promote package and updated command registration; CI image tag bumped.
Service data model & tests pkg/promote/service.go, pkg/promote/service_test.go	Added CodeComponent.AddBlockedVersion() and new Application methods GetComponentNames(), GetAllComponents(), GetComponentByName() with tests covering lookup and blockedVersions behavior.
Test utilities/templates pkg/promote/test_tools.go	Moved test utilities into promote package and added AppFileContentTemplateWithBlockedVersion / AppFileContentTemplateWithBlockedVersions for fixtures.
New blocked command and docs cmd/promote/blocked/blocked.go, docs/osdctl_promote_block.md, docs/README.md, docs/osdctl_promote.md	Implements NewCmdBlock to append a provided git SHA to codeComponents[].blockedVersions (create field if absent, reject duplicates), offers --list, --all/--component selection, and commits changes on a new branch; documentation and README updated.
Promote commands & tests migration cmd/promote/saas/saas.go, cmd/promote/saas/saas_test.go, cmd/promote/dynatrace/*, cmd/promote/managedscripts/*, cmd/promote/managedscripts/managed_scripts_test.go	Updated imports and types to use github.com/openshift/osdctl/pkg/promote, switched callbacks to promote.DefaultPromoteCallbacks, and updated tests to use promote test helpers and templates.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 46.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	⚠️ Warning	Assertion messages lacking context (54 bare HaveOccurred assertions). New blocked command (215 lines) has no unit tests for CLI logic.	Add meaningful messages to assertions. Create blocked command test suite for validation, list mode, component/all modes, error cases.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly summarizes the main feature added: a rollout blocking capability for service components, which aligns with the primary changes (new block command, blockedVersions support, and supporting infrastructure).
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All Ginkgo test names are stable and deterministic. Test titles use static, descriptive strings with no dynamic values like timestamps, UUIDs, or pod names.
Microshift Test Compatibility	✅ Passed	This PR adds unit tests for a CLI tool, not e2e tests against Kubernetes clusters. Tests are local file/git operations with no cluster API interactions.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds unit tests using Ginkgo for domain logic. Tests use local git repos and YAML parsing, not OpenShift clusters. Custom check applies to e2e tests; these are unit tests.
Topology-Aware Scheduling Compatibility	✅ Passed	Check not applicable. PR modifies only CLI tool code (osdctl promote block command) and utility functions. No deployment manifests, operator code, or Kubernetes controllers are added/modified.
Ote Binary Stdout Contract	✅ Passed	osdctl is a regular CLI tool, not an OTE binary. The check applies only to OpenShift Tests Extension binaries; fmt.Print* output in CLI commands is appropriate.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR adds unit tests (not e2e tests). Tests are in unit directories with no e2e build tags. No IPv4 hardcoded addresses or external connectivity requirements found. Tests use local files/git repos only.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cmd/promote/blocked/blocked.go`:
- Around line 150-160: The code saves application changes before creating the
new git branch, which can leave uncommitted changes on the wrong branch if
CheckoutNewBranch fails; fix by generating branchName (using ops.serviceId and
ops.gitHash) and calling appInterfaceClone.CheckoutNewBranch(branchName) before
calling application.Save(), then proceed to persist changes (application.Save())
and any subsequent commit/operations; ensure errors from CheckoutNewBranch are
handled and reported just as currently done for Save().

In `@pkg/promote/service.go`:
- Around line 80-108: The loop in CodeComponent.AddBlockedVersion uses
elem.MustString(), which can panic on malformed YAML; replace this with
elem.String() and handle the returned (string, error), validating that the node
is a scalar string and returning a clear error (including c.filePath and the
offending value/index) if conversion fails or yields an empty/invalid value,
before comparing to blockedVersion and proceeding to append; ensure you update
the error messages where applicable so malformed YAML does not cause a crash.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 09c1b1d6-6dd1-485f-968b-6d5946fac99c

📥 Commits

Reviewing files that changed from the base of the PR and between 393bd82 and 6d580f5.

📒 Files selected for processing (17)

• cmd/promote/blocked/blocked.go
• cmd/promote/cmd.go
• cmd/promote/dynatrace/dt_utils.go
• cmd/promote/dynatrace/dynatrace.go
• cmd/promote/managedscripts/managed_scripts.go
• cmd/promote/managedscripts/managed_scripts_test.go
• cmd/promote/saas/saas.go
• cmd/promote/saas/saas_test.go
• pkg/promote/app_interface_clone.go
• pkg/promote/app_interface_clone_test.go
• pkg/promote/git_repo.go
• pkg/promote/service.go
• pkg/promote/service_test.go
• pkg/promote/services_registry.go
• pkg/promote/services_registry_test.go
• pkg/promote/test_tools.go
• pkg/promote/utils_test.go

[MateSaary]

/label tide/merge-method-squash
/lgtm

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 5b99f69 and 2 for PR HEAD 5e258bd in total

[bergmannf]

/retest

[openshift-ci]

@bergmannf: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[MateSaary]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bergmannf, MateSaary

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [MateSaary,bergmannf]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment