NO-ISSUE: Synchronize From Upstream Repositories

[openshift-bot]

The staging/ and vendor/ directories have been synchronized from the upstream repositories, pulling in the following commits:

Date	Commit	Author	Message
2026-06-04 13:49:04	operator-framework/operator-lifecycle-manager@f9e42f3	dependabot[bot]	🌱 Bump github.com/prometheus/common from 0.67.5 to 0.68.1 (#3843)
2026-06-05 08:18:47	operator-framework/operator-lifecycle-manager@614fad4	Todd Short	Update to golang-1.26.3 (#3844)
2026-06-05 16:28:54	operator-framework/operator-lifecycle-manager@72750c8	Todd Short	Update api and operator-registry dependencies (#3845)
2026-06-04 10:33:06	operator-framework/operator-registry@b1c9736	dependabot[bot]	Bump github.com/grpc-ecosystem/grpc-health-probe from 0.4.50 to 0.4.52 (#1998)
2026-06-04 10:38:45	operator-framework/operator-registry@2e03f89	dependabot[bot]	Bump github.com/docker/cli (#1999)
2026-06-05 08:13:15	operator-framework/operator-registry@9c948cd	Todd Short	Update to golang-1.26.3 (#2001)
2026-06-05 15:40:31	operator-framework/operator-registry@e9534a9	Todd Short	Update to operator-framework/api@v0.43.0 (#2003)
2026-03-31 20:35:11	operator-framework/api@d6b839a	Francesco Giudici	Add fgiudici as reviewer (#483)
2026-04-03 15:59:10	operator-framework/api@8ad4692	dependabot[bot]	Bump codecov/codecov-action from 5 to 6 (#484)
2026-04-13 11:32:03	operator-framework/api@3ee3c44	dependabot[bot]	Bump go.podman.io/image/v5 from 5.39.1 to 5.39.2 (#485)
2026-04-13 11:35:08	operator-framework/api@a88e830	dependabot[bot]	Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#486)
2026-04-14 06:45:57	operator-framework/api@3bd6129	Jordan Keister	remove idle maintainers (#487)
2026-04-14 06:48:45	operator-framework/api@ee38ad0	dependabot[bot]	Bump github.com/google/cel-go from 0.27.0 to 0.28.0 (#488)
2026-04-22 20:27:35	operator-framework/api@b530c5b	dependabot[bot]	Bump the k8s-dependencies group with 4 updates (#489)
2026-05-19 09:45:59	operator-framework/api@3acdcf5	dependabot[bot]	Bump github.com/google/cel-go from 0.28.0 to 0.28.1 (#492)
2026-05-26 07:45:09	operator-framework/api@755d5d1	dependabot[bot]	Bump go.podman.io/image/v5 from 5.39.2 to 5.40.0 (#494)
2026-06-02 19:47:00	operator-framework/api@da918bd	Lars Lehtonen	fix(pkg/validation/internal): check nil pointers before dereference (#493)
2026-06-05 07:14:47	operator-framework/api@b1290de	Todd Short	Update to golang-1.26.3 (#497)
2026-06-05 14:17:52	operator-framework/api@86d7ced	Sebastien Tardif	fix: stop emitting false-positive deprecated-API warnings for RBAC rules (#496)

This pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.

/assign @openshift/openshift-team-operator-runtime

Summary by CodeRabbit

• Chores

  • Upgraded Go toolchain to version 1.26.3
  • Updated operator framework, Kubernetes, and other key dependencies to latest patch versions

• Bug Fixes

  • Fixed potential nil reference errors in bundle validation functions
  • Refined Kubernetes API removal detection to accurately identify only fully removed resources, improving validation accuracy

[openshift-ci-robot]

@openshift-bot: This pull request explicitly references no jira issue.

Details

In response to this:

The staging/ and vendor/ directories have been synchronized from the upstream repositories, pulling in the following commits:

Date	Commit	Author	Message
2026-06-04 13:49:04	operator-framework/operator-lifecycle-manager@f9e42f3	dependabot[bot]	🌱 Bump github.com/prometheus/common from 0.67.5 to 0.68.1 (#3843)

This pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.

/assign @openshift/openshift-team-operator-runtime

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f66b7a42-6499-486a-9821-e2b1cf02eed6

📥 Commits

Reviewing files that changed from the base of the PR and between 89e4524 and dbd1a2a.

⛔ Files ignored due to path filters (54)

• go.sum is excluded by !**/*.sum
• staging/api/go.sum is excluded by !**/*.sum
• staging/operator-lifecycle-manager/go.sum is excluded by !**/*.sum
• staging/operator-registry/go.sum is excluded by !**/*.sum
• vendor/github.com/google/cel-go/cel/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/fieldpaths.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/inlining.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/library.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/program.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/prompt.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/cel/templates/authoring.tmpl is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/checker/checker.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/checker/cost.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/checker/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/checker/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/ast/ast.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/ast/conversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/decls/decls.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/env/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/env/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/env/io.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/overloads/overloads.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/stdlib/standard.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/err.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/list.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/object.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/optional.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/pb/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/pb/pb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/pb/type.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/common/types/ref/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/costs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/formatting.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/formatting_v2.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/lists.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/native.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/regex.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/sets.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/strings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/interpreter/attributes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/interpreter/interpretable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/parser/parser.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/operator-framework/api/pkg/validation/internal/community.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/operator-framework/api/pkg/validation/internal/operatorhub.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/operator-framework/api/pkg/validation/internal/operatorhubv2.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/operator-framework/api/pkg/validation/internal/removed_apis.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/prometheus/common/expfmt/openmetrics_create.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/prometheus/common/model/metric.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (11)

• go.mod
• staging/api/.github/workflows/go.yaml
• staging/api/OWNERS
• staging/api/go.mod
• staging/api/pkg/validation/internal/community.go
• staging/api/pkg/validation/internal/operatorhub.go
• staging/api/pkg/validation/internal/operatorhubv2.go
• staging/api/pkg/validation/internal/removed_apis.go
• staging/api/pkg/validation/internal/removed_apis_test.go
• staging/operator-lifecycle-manager/go.mod
• staging/operator-registry/go.mod

🚧 Files skipped from review as they are similar to previous changes (10)

• staging/api/pkg/validation/internal/community.go
• staging/api/.github/workflows/go.yaml
• staging/api/pkg/validation/internal/operatorhubv2.go
• staging/api/pkg/validation/internal/operatorhub.go
• staging/api/OWNERS
• staging/api/go.mod
• go.mod
• staging/operator-lifecycle-manager/go.mod
• staging/operator-registry/go.mod
• staging/api/pkg/validation/internal/removed_apis.go

---

Walkthrough

This PR aligns the operator-framework-olm repository with ART (AppStudio Red Team) metadata by upgrading Go from 1.25.7 to 1.26.3 across all modules and synchronizing dependency versions. Additionally, it fixes nil dereference bugs in bundle validation, refines removed Kubernetes API warnings to focus on fully deprecated resources, and updates CI tooling.

Changes

Go Toolchain Alignment and Code Validation Fixes

Layer / File(s)	Summary
Nil dereference fixes in bundle validation staging/api/pkg/validation/internal/community.go, staging/api/pkg/validation/internal/operatorhub.go, staging/api/pkg/validation/internal/operatorhubv2.go	Three bundle validation functions fixed to initialize ManifestResult empty and defer bundle.Name assignment until after nil checks, preventing nil dereference when bundle is nil.
Narrowed removed APIs warning scope for v1.25 staging/api/pkg/validation/internal/removed_apis.go, staging/api/pkg/validation/internal/removed_apis_test.go	Removed APIs warning logic refined to focus only on Kubernetes resources fully removed from their API group with no stable replacement; deprecatedGroupResource replaced with narrowed removedGroupResource set; test expectations updated to expect warning only for podsecuritypolicies.
Root module Go version and dependencies go.mod	Root go.mod Go toolchain updated from 1.25.7 to 1.26.3; direct dependencies grpc-health-probe, operator-framework/api, and operator-framework/operator-registry bumped; indirect dependencies updated for docker/cli, google/cel-go, prometheus/common, and yaml/v2.
OLM staging module Go version and dependencies staging/operator-lifecycle-manager/go.mod	staging/operator-lifecycle-manager/go.mod Go toolchain updated to 1.26.3; direct dependencies for operator-framework/api, operator-framework/operator-registry, and prometheus/common bumped; indirect dependencies updated.
API staging module Go version and Kubernetes dependencies staging/api/go.mod	staging/api/go.mod Go toolchain updated to 1.26.3; direct Podman, genproto, and Kubernetes module dependencies bumped; indirect dependencies updated for OpenTelemetry and other modules.
Operator-registry staging module dependencies staging/operator-registry/go.mod	Direct dependencies updated for docker/cli, grpc-health-probe, and operator-framework/api; indirect dependencies for google/cel-go and golang.org/x/net bumped.
CI workflow and team configuration updates staging/api/.github/workflows/go.yaml, staging/api/OWNERS	Codecov GitHub Action updated from v5 to v6; staging/api/OWNERS reviewers list updated by removing anik120 and exdx and adding fgiudici.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested labels

lgtm, verified

🚥 Pre-merge checks | ✅ 13 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 37.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Microshift Test Compatibility	⚠️ Warning	New Ginkgo tests use configv1.ClusterOperator (unavailable on MicroShift) without [Skipped:MicroShift] or [apigroup:...] protection labels.	Add [apigroup:config.openshift.io] tags or [Skipped:MicroShift] labels to incompatible tests in staging/operator-lifecycle-manager/pkg/controller/operators/openshift/.

✅ Passed checks (13 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change—synchronizing staging and vendor directories from upstream repositories with dependency updates and bug fixes.
Linked Issues check	✅ Passed	The PR successfully addresses issue #493 by synchronizing Go toolchain to 1.26.3 and updating dependencies to align with ART's metadata, ensuring CI testing reflects production builds.
Out of Scope Changes check	✅ Passed	All changes are directly related to upstream synchronization: dependency updates, Go version bump to 1.26.3, nil-pointer fixes, and maintainer list updates align with the stated PR objectives.
Stable And Deterministic Test Names	✅ Passed	No Ginkgo test files were modified in this PR. The only modified test file uses standard Go testing with static, deterministic test names.
Test Structure And Quality	✅ Passed	This PR contains no Ginkgo tests; the codebase uses only standard Go testing with table-driven test patterns. The check is inapplicable as the PR does not introduce or modify Ginkgo test code.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR synchronizes existing tests from upstream operator-framework repositories. The tests are pre-existing, not newly developed in this PR, so the SNO compatibility check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR contains only dependency updates, CI changes, metadata updates, and validation fixes. No deployment manifests, operator code, or controllers with scheduling constraints are added.
Ote Binary Stdout Contract	✅ Passed	PR contains dependency updates and validator fixes with no modifications to process-level code (main, init, TestMain, suite setup, or top-level initializers) that would violate OTE stdout contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. The only test file modified (removed_apis_test.go) is a standard Go unit test using the testing package, not Ginkgo. The check does not apply.
No-Weak-Crypto	✅ Passed	No weak cryptography patterns detected. PR contains only dependency bumps, nil-check safety improvements, and validation logic updates with no crypto-related code changes.
Container-Privileges	✅ Passed	PR updates dependencies and validation code, not container manifests. All 6 deployments have allowPrivilegeEscalation: false; no privileged/hostPID/hostNetwork/hostIPC settings found.
No-Sensitive-Data-In-Logs	✅ Passed	PR changes include dependency updates and bug fixes. No logging exposes sensitive data: fmt.Println logs type-conversion errors; fmt.Sprintf builds Kubernetes API messages only.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: openshift-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: openshift-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

New changes are detected. LGTM label has been removed.

[openshift-ci]

New changes are detected. LGTM label has been removed.

[openshift-ci]

@openshift-bot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-images	dbd1a2a	link	true	/test okd-scos-images
ci/prow/images	dbd1a2a	link	true	/test images
ci/prow/periodics-images	dbd1a2a	link	true	/test periodics-images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.