fix: correct bundle generation

[SequeI]

Summary by Sourcery

Refine build-bundle.sh to improve robustness, enable dynamic overlay support, and correct generated CSV metadata.

Bug Fixes:

• Fix incorrect deploymentName references in the generated CSV and ensure the webhook serviceName is properly injected

Enhancements:

• Switch to a portable bash shebang with strict error handling (set -euo pipefail) and consistent variable quoting
• Invoke "operator-sdk generate kustomize manifests" before applying overlay edits
• Use a configurable bundle overlay path for Kustomize build
• Automate post-processing of the generated CSV to patch deployment and service names

[sourcery-ai]

Reviewer's Guide

This PR refines the bundle generation script by hardening the shell environment, standardizing tool extraction and path handling, introducing overlay-driven kustomize invocation, and applying post-build CSV adjustments to ensure correct deployment and service naming.

Class diagram for script variables and their usage

classDiagram
    class build_bundle_sh {
      +TOOLS: string
      +KUSTOMIZE: string
      +IMG: string (optional)
      +BUNDLE_OVERLAY: string
      +BUNDLE_GEN_FLAGS: string
      +CSV: string
      +Methods:
      +ExtractKustomize()
      +DownloadKustomize()
      +EditImage()
      +BuildManifests()
      +GenerateBundle()
      +AdjustCSV()
      +ValidateBundle()
    }
    build_bundle_sh --> TOOLS
    build_bundle_sh --> KUSTOMIZE
    build_bundle_sh --> IMG
    build_bundle_sh --> BUNDLE_OVERLAY
    build_bundle_sh --> BUNDLE_GEN_FLAGS
    build_bundle_sh --> CSV

Loading

Flow diagram for the updated bundle generation process

flowchart TD
    A["Start build-bundle.sh"] --> B["Set TOOLS=/tmp"]
    B --> C{Is /cachi2 present?}
    C -- Yes --> D["Extract kustomize from /cachi2"]
    C -- No --> E["Download kustomize from GitHub"]
    D --> F["Set KUSTOMIZE path"]
    E --> F
    F --> G["Make kustomize executable"]
    G --> H["operator-sdk generate kustomize manifests -q"]
    H --> I{Is IMG set?}
    I -- Yes --> J["Edit image in config/overlays/${BUNDLE_OVERLAY}"]
    I -- No --> K["Skip image edit"]
    J --> L["Build manifests with kustomize (using overlay)"]
    K --> L
    L --> M["Pipe manifests to operator-sdk generate bundle"]
    M --> N{Is CSV file present?}
    N -- Yes --> O["Apply sed replacements for deploymentName and serviceName"]
    N -- No --> P["Skip CSV adjustments"]
    O --> Q["Remove backup files"]
    P --> Q
    Q --> R["operator-sdk bundle validate ./bundle"]

Loading

File-Level Changes

Change	Details	Files
Enhanced shell invocation and error handling	Switched shebang to use /usr/bin/env bash Enabled strict modes: -euo pipefail	hack/build-bundle.sh
Standardized tool extraction logic and quoting	Uniformly quoted variables (TOOLS, KUSTOMIZE, IMG, overlays) Refactored tar and curl commands for consistency and safety	hack/build-bundle.sh
Introduced overlay-driven kustomize invocation	Added operator-sdk generate kustomize manifests -q Replaced manifest path with config/overlays/${BUNDLE_OVERLAY} Silenced pushd/popd output	hack/build-bundle.sh
Added post-build CSV corrections	Conditional sed to update deploymentName and inject serviceName Cleaned up .bak files after sed operations	hack/build-bundle.sh

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Supply chain integrity: The script downloads a binary over HTTPS without verifying checksum or signature. Add a pinned checksum (e.g., sha256sum) and verify before use to mitigate tampering risks.

⚡ Recommended focus areas for review Portability The sed command inserts a newline and indented text; BSD/macOS sed behaves differently than GNU sed. Verify the in-place edits and newline escape work reliably across build environments or pin GNU sed in the image. if [[ -f "${CSV}" ]]; then sed -i.bak 's/deploymentName: webhook/deploymentName: model-validation-controller-manager/' "${CSV}" sed -i.bak2 's/deploymentName: model-validation-controller-manager/deploymentName: model-validation-controller-manager\ serviceName: model-validation-webhook/' "${CSV}" rm -f "${CSV}.bak" "${CSV}.bak2" Missing default Script assumes BUNDLE_OVERLAY is set when building and editing overlays. Consider providing a default or validating it early with a clear error message. if [[ -n "${IMG:-}" ]]; then pushd "config/overlays/${BUNDLE_OVERLAY}" >/dev/null "${KUSTOMIZE}" edit set image "controller=${IMG}" popd >/dev/null fi "${KUSTOMIZE}" build "config/overlays/${BUNDLE_OVERLAY}" \ | operator-sdk generate bundle ${BUNDLE_GEN_FLAGS} Network dependency Fallback path downloads kustomize from GitHub at build time. Ensure build environment allows this or add retries/checksums to improve reliability and integrity verification. curl -Lo "${TOOLS}/kustomize.tar.gz" "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.6.0/kustomize_v5.6.0_linux_amd64.tar.gz" tar -xzf "${TOOLS}/kustomize.tar.gz" -C "${TOOLS}" rm "${TOOLS}/kustomize.tar.gz" KUSTOMIZE="${TOOLS}/kustomize"

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Consider parameterizing the kustomize version (e.g. via an environment variable) instead of hard-coding 5.6.0 in multiple places to simplify future upgrades.
• It would be safer to validate or default BUNDLE_OVERLAY at the top of the script to avoid errors when that variable is not set.
• The sed-based CSV edits are brittle—using a kustomize patch or a dedicated overlay to inject the serviceName and adjust deploymentName would be more maintainable.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider parameterizing the kustomize version (e.g. via an environment variable) instead of hard-coding 5.6.0 in multiple places to simplify future upgrades.
- It would be safer to validate or default BUNDLE_OVERLAY at the top of the script to avoid errors when that variable is not set.
- The sed-based CSV edits are brittle—using a kustomize patch or a dedicated overlay to inject the serviceName and adjust deploymentName would be more maintainable.

## Individual Comments

### Comment 1
<location> `hack/build-bundle.sh:2` </location>
<code_context>
-#!/bin/bash
-set -e
+#!/usr/bin/env bash
+set -euo pipefail

 TOOLS="/tmp"
</code_context>

<issue_to_address>
**issue:** Using 'set -euo pipefail' increases script safety but may break on unset variables.

Ensure all required variables are set or have default values to prevent unexpected script exits due to unset variables.
</issue_to_address>

### Comment 2
<location> `hack/build-bundle.sh:20-22` </location>
<code_context>
+operator-sdk generate kustomize manifests -q
+
+if [[ -n "${IMG:-}" ]]; then
+  pushd "config/overlays/${BUNDLE_OVERLAY}" >/dev/null
+  "${KUSTOMIZE}" edit set image "controller=${IMG}"
+  popd >/dev/null
 fi

</code_context>

<issue_to_address>
**issue (bug_risk):** Script assumes BUNDLE_OVERLAY is set and valid, which may cause failures if not.

Validate BUNDLE_OVERLAY before use or set a default to prevent errors if it's unset or invalid.
</issue_to_address>

### Comment 3
<location> `hack/build-bundle.sh:28-33` </location>
<code_context>
+"${KUSTOMIZE}" build "config/overlays/${BUNDLE_OVERLAY}" \
+  | operator-sdk generate bundle ${BUNDLE_GEN_FLAGS}
+
+CSV="bundle/manifests/model-validation-operator.clusterserviceversion.yaml"
+if [[ -f "${CSV}" ]]; then
+  sed -i.bak  's/deploymentName: webhook/deploymentName: model-validation-controller-manager/' "${CSV}"
+  sed -i.bak2 's/deploymentName: model-validation-controller-manager/deploymentName: model-validation-controller-manager\
+    serviceName: model-validation-webhook/' "${CSV}"
+  rm -f "${CSV}.bak" "${CSV}.bak2"
+fi

</code_context>

<issue_to_address>
**suggestion:** Multiple in-place sed operations may be fragile if file contents change.

Consolidating the sed commands or switching to a dedicated YAML processor would improve reliability if the file format changes.

Suggested implementation:

```
CSV="bundle/manifests/model-validation-operator.clusterserviceversion.yaml"
if [[ -f "${CSV}" ]]; then
  # Use yq to update deploymentName and add serviceName under the correct path
  yq -i '
    (.spec.install.spec.deployments[] | select(.name == "model-validation-controller-manager") .spec.template.spec.containers[] | select(.name == "manager") .deploymentName) = "model-validation-controller-manager" |
    (.spec.install.spec.deployments[] | select(.name == "model-validation-controller-manager") .spec.template.spec.containers[] | select(.name == "manager") .serviceName) = "model-validation-webhook"
  ' "${CSV}"
fi

```

- Ensure `yq` is installed and available in your build environment. If not, add installation steps for `yq` before this block.
- The exact YAML path may need adjustment depending on the CSV structure. If the path is different, update the `yq` query accordingly.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue: Using 'set -euo pipefail' increases script safety but may break on unset variables.

Ensure all required variables are set or have default values to prevent unexpected script exits due to unset variables.

[sourcery-ai]

issue (bug_risk): Script assumes BUNDLE_OVERLAY is set and valid, which may cause failures if not.

Validate BUNDLE_OVERLAY before use or set a default to prevent errors if it's unset or invalid.

[sourcery-ai]

suggestion: Multiple in-place sed operations may be fragile if file contents change.

Consolidating the sed commands or switching to a dedicated YAML processor would improve reliability if the file format changes.

Suggested implementation:

CSV="bundle/manifests/model-validation-operator.clusterserviceversion.yaml"
if [[ -f "${CSV}" ]]; then
  # Use yq to update deploymentName and add serviceName under the correct path
  yq -i '
    (.spec.install.spec.deployments[] | select(.name == "model-validation-controller-manager") .spec.template.spec.containers[] | select(.name == "manager") .deploymentName) = "model-validation-controller-manager" |
    (.spec.install.spec.deployments[] | select(.name == "model-validation-controller-manager") .spec.template.spec.containers[] | select(.name == "manager") .serviceName) = "model-validation-webhook"
  ' "${CSV}"
fi

• Ensure yq is installed and available in your build environment. If not, add installation steps for yq before this block.
• The exact YAML path may need adjustment depending on the CSV structure. If the path is different, update the yq query accordingly.

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Avoid using sed to modify YAML Replace the use of sed for modifying the generated CSV YAML file with a more robust, structure-aware tool like yq or kustomize patches. This will make the build process more reliable against formatting changes. Examples: hack/build-bundle.sh [28-34] CSV="bundle/manifests/model-validation-operator.clusterserviceversion.yaml" if [[ -f "${CSV}" ]]; then sed -i.bak 's/deploymentName: webhook/deploymentName: model-validation-controller-manager/' "${CSV}" sed -i.bak2 's/deploymentName: model-validation-controller-manager/deploymentName: model-validation-controller-manager\ serviceName: model-validation-webhook/' "${CSV}" rm -f "${CSV}.bak" "${CSV}.bak2" fi Solution Walkthrough: Before: # hack/build-bundle.sh CSV="bundle/manifests/model-validation-operator.clusterserviceversion.yaml" if [[ -f "${CSV}" ]]; then sed -i.bak 's/deploymentName: webhook/deploymentName: model-validation-controller-manager/' "${CSV}" sed -i.bak2 's/deploymentName: model-validation-controller-manager/deploymentName: model-validation-controller-manager\ serviceName: model-validation-webhook/' "${CSV}" rm -f "${CSV}.bak" "${CSV}.bak2" fi After: # hack/build-bundle.sh CSV="bundle/manifests/model-validation-operator.clusterserviceversion.yaml" if [[ -f "${CSV}" ]]; then # Use a YAML-aware tool like yq, which is more robust # The exact paths depend on the CSV structure yq -i '(.spec.install.spec.deployments[] | select(.name == "webhook")).name = "model-validation-controller-manager"' "${CSV}" yq -i '... add serviceName: model-validation-webhook ...' "${CSV}" # An even better approach would be to use kustomize patches # which would be applied during the build process. fi Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies that using sed to modify the YAML file is brittle and proposes a robust, standard practice alternative, significantly improving the build script's reliability.	Medium
Possible issue	Combine sed commands for atomicity Combine the two consecutive sed commands into a single, atomic operation to ensure changes are applied correctly and only to the intended configuration block. hack/build-bundle.sh [30-33] -sed -i.bak 's/deploymentName: webhook/deploymentName: model-validation-controller-manager/' "${CSV}" -sed -i.bak2 's/deploymentName: model-validation-controller-manager/deploymentName: model-validation-controller-manager\ - serviceName: model-validation-webhook/' "${CSV}" -rm -f "${CSV}.bak" "${CSV}.bak2" +sed -i.bak -e ' + /deploymentName: webhook/ { + s/webhook/model-validation-controller-manager/ + a\ + serviceName: model-validation-webhook + } +' "${CSV}" +rm -f "${CSV}.bak" Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies a potential race condition where the second sed command could modify an incorrect line if the first one fails, and provides a more robust, atomic solution.	Medium
Update