Migrate PCO FBC to per-version component pattern

[osmman]

Summary

• Restructures PCO FBC Konflux CAC to match RHTAS FBC build process
• Replaces unified PCO OCP component with per-version patches (v4.16–v4.22)
• Replaces multiple per-OCP-version streams (main + tech-preview) with single release stream
• Adds branch-sync integration test and v4.22 release plan overlay

Details

Project template (pco-fbc/template.yaml): removed ocpVersion variable, fixed application to pco-fbc, aligned nameSuffix with RHTAS pattern.

OCP components (base/ocp/pco/v4.{16-22}/): each version has its own Component, IntegrationTestScenario (e2e + upgrade), and ImageRepository — preserving PCO's existing test set.

Stream (policy-controller/overlay/fbc/): single pco-fbc-release stream replacing 6 main + 6 tech-preview per-version streams.

Release plan: added v4-22 overlay.

Companion PR in fbc repo updates .tekton/ pipelines and catalog sync workflow.

SECURESIGN-4332

🤖 Generated with Claude Code

[github-actions]

Configuration Diff

19 document(s) impacted:

+ 2 added
- 12 removed
! 5 modified

Diff

@@ spec.resources @@
# projctl.konflux.dev/v1beta1/ProjectDevelopmentStreamTemplate/rhtas-tenant/pco-fbc-template
! - four list entries removed:
- - apiVersion: appstudio.redhat.com/v1alpha1
-   kind: Component
-   metadata:
-     name: {{.application}}{{.nameSuffix}}
-     annotations:
-       build.appstudio.openshift.io/pipeline: "{\"name\":\"fbc-builder\",\"bundle\":\"latest\"}"
-       build.appstudio.openshift.io/status: "{\"pac\":{\"state\":\"enabled\",\"merge-url\":\"https://github.com/securesign/fbc/pull/97\",\"configuration-time\":\"Thu,27 Mar 2025 12:35:34 UTC\"},\"message\":\"done\"}"
-       mintmaker.appstudio.redhat.com/disabled: {{.mintmakerDisabled}}
-   spec:
-     source:
-       git:
-         url: "https://github.com/securesign/fbc"
-         context: v{{.ocpVersion}}/{{.operator}}
-         dockerfileUrl: catalog.Dockerfile
-         revision: {{.branch}}
-     application: {{.application}}{{.nameSuffix}}
-     componentName: {{.application}}{{.nameSuffix}}
- - apiVersion: appstudio.redhat.com/v1beta2
-   kind: IntegrationTestScenario
-   metadata:
-     name: {{.application}}{{.nameSuffix}}-e2e
-     labels:
-       test.appstudio.openshift.io/optional: "false"
-   spec:
-     application: {{.application}}{{.nameSuffix}}
-     contexts:
-     - name: component_{{.application}}{{.nameSuffix}}
-       description: "execute the integration test when component {{.application}}{{.nameSuffix}} updates"
-     params:
-     - name: OCP_VERSION
-       value: {{.ocpVersion}}
-     - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
-       value: {{.policyControllerOperatorGitRevision}}
-     - name: POLICY_CONTROLLER_OPERATOR_INSTALL_CHANNEL
-       value: {{.installChannel}}
-     - name: POLICY_CONTROLLER_OPERATOR_DEPLOYMENT_NAME
-       value: {{.policyControllerOperatorDeploymentName}}
-     resolverRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines.git"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/integration-test/policy-controller-fbc-e2e.yaml
-       resolver: git
-       resourceKind: pipelinerun
- - apiVersion: appstudio.redhat.com/v1beta2
-   kind: IntegrationTestScenario
-   metadata:
-     name: {{.application}}{{.nameSuffix}}-upgrade
-     labels:
-       test.appstudio.openshift.io/optional: "false"
-   spec:
-     application: {{.application}}{{.nameSuffix}}
-     contexts:
-     - name: component_{{.application}}{{.nameSuffix}}
-       description: "execute the upgrade integration test when component {{.application}}{{.nameSuffix}} updates"
-     params:
-     - name: OCP_VERSION
-       value: {{.ocpVersion}}
-     - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
-       value: {{.policyControllerOperatorGitRevision}}
-     - name: UPGRADE_FROM_CHANNEL
-       value: tech-preview
-     - name: UPGRADE_TO_CHANNEL
-       value: {{.installChannel}}
-     resolverRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines.git"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/integration-test/pco-operator-upgrade.yaml
-       resolver: git
-       resourceKind: pipelinerun
- - apiVersion: appstudio.redhat.com/v1alpha1
-   kind: ImageRepository
-   metadata:
-     name: {{.application}}{{.nameSuffix}}
-     annotations:
-       image-controller.appstudio.redhat.com/update-component-image: "true"
-     labels:
-       appstudio.redhat.com/application: {{.application}}{{.nameSuffix}}
-       appstudio.redhat.com/component: {{.application}}{{.nameSuffix}}
-   spec:
-     image:
-       name: rhtas-tenant/{{.application}}
-       visibility: public
-     notifications:
-     - config:
-         url: "https://bombino.api.redhat.com/v1/sbom/quay/push"
-       event: repo_push
-       method: webhook
-       title: SBOM-event-to-Bombino
! + 29 list entries added:
+   - apiVersion: appstudio.redhat.com/v1beta2
+     kind: IntegrationTestScenario
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-branch-sync-check
+       labels:
+         test.appstudio.openshift.io/optional: "false"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       contexts:
+       - name: component
+         description: "execute the integration test in all cases - this would be the default state"
+       params:
+       - name: TARGET_BRANCH
+         value: {{.branch}}
+       resolverRef:
+         params:
+         - name: url
+           value: "https://github.com/securesign/pipelines.git"
+         - name: revision
+           value: main
+         - name: pathInRepo
+           value: pipelines/branch-sync-check.yaml
+         resolver: git
+         resourceKind: pipeline
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: Component
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-16
+       annotations:
+         build.appstudio.openshift.io/pipeline: "{\"name\":\"fbc-builder\",\"bundle\":\"latest\"}"
+         build.appstudio.openshift.io/status: "{\"pac\":{\"state\":\"enabled\",\"merge-url\":\"https://github.com/securesign/fbc/pull/97\",\"configuration-time\":\"Thu,27 Mar 2025 12:35:34 UTC\"},\"message\":\"done\"}"
+         mintmaker.appstudio.redhat.com/disabled: {{.mintmakerDisabled}}
+     spec:
+       source:
+         git:
+           url: "https://github.com/securesign/fbc"
+           context: v4.16/{{.operator}}
+           dockerfileUrl: catalog.Dockerfile
+           revision: {{.branch}}
+       application: {{.application}}{{.nameSuffix}}
+       componentName: {{.application}}{{.nameSuffix}}-v4-16
+   - apiVersion: appstudio.redhat.com/v1beta2
+     kind: IntegrationTestScenario
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-16-e2e
+       labels:
+         test.appstudio.openshift.io/optional: "false"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       contexts:
+       - name: component_{{.application}}{{.nameSuffix}}-v4-16
+         description: "execute the integration test when component {{.application}}{{.nameSuffix}}-v4-16 updates"
+       params:
+       - name: OCP_VERSION
+         value: 4.16
+       - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
+         value: {{.policyControllerOperatorGitRevision}}
+       - name: POLICY_CONTROLLER_OPERATOR_INSTALL_CHANNEL
+         value: {{.installChannel}}
+       - name: POLICY_CONTROLLER_OPERATOR_DEPLOYMENT_NAME
+         value: {{.policyControllerOperatorDeploymentName}}
+       resolverRef:
+         params:
+         - name: url
+           value: "https://github.com/securesign/pipelines.git"
+         - name: revision
+           value: main
+         - name: pathInRepo
+           value: pipelines/integration-test/policy-controller-fbc-e2e.yaml
+         resolver: git
+         resourceKind: pipelinerun
+   - apiVersion: appstudio.redhat.com/v1beta2
+     kind: IntegrationTestScenario
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-16-upgrade
+       labels:
+         test.appstudio.openshift.io/optional: "false"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       contexts:
+       - name: component_{{.application}}{{.nameSuffix}}-v4-16
+         description: "execute the upgrade integration test when component {{.application}}{{.nameSuffix}}-v4-16 updates"
+       params:
+       - name: OCP_VERSION
+         value: 4.16
+       - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
+         value: {{.policyControllerOperatorGitRevision}}
+       - name: UPGRADE_FROM_CHANNEL
+         value: tech-preview
+       - name: UPGRADE_TO_CHANNEL
+         value: {{.installChannel}}
+       resolverRef:
+         params:
+         - name: url
+           value: "https://github.com/securesign/pipelines.git"
+         - name: revision
+           value: main
+         - name: pathInRepo
+           value: pipelines/integration-test/pco-operator-upgrade.yaml
+         resolver: git
+         resourceKind: pipelinerun
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: ImageRepository
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-16
+       annotations:
+         image-controller.appstudio.redhat.com/update-component-image: "true"
+       labels:
+         appstudio.redhat.com/application: {{.application}}{{.nameSuffix}}
+         appstudio.redhat.com/component: {{.application}}{{.nameSuffix}}-v4-16
+     spec:
+       image:
+         name: rhtas-tenant/{{.application}}-v4-16
+         visibility: public
+       notifications:
+       - config:
+           url: "https://bombino.api.redhat.com/v1/sbom/quay/push"
+         event: repo_push
+         method: webhook
+         title: SBOM-event-to-Bombino
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: Component
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-17
+       annotations:
+         build.appstudio.openshift.io/pipeline: "{\"name\":\"fbc-builder\",\"bundle\":\"latest\"}"
+         build.appstudio.openshift.io/status: "{\"pac\":{\"state\":\"enabled\",\"merge-url\":\"https://github.com/securesign/fbc/pull/97\",\"configuration-time\":\"Thu,27 Mar 2025 12:35:34 UTC\"},\"message\":\"done\"}"
+         mintmaker.appstudio.redhat.com/disabled: {{.mintmakerDisabled}}
+     spec:
+       source:
+         git:
+           url: "https://github.com/securesign/fbc"
+           context: v4.17/{{.operator}}
+           dockerfileUrl: catalog.Dockerfile
+           revision: {{.branch}}
+       application: {{.application}}{{.nameSuffix}}
+       componentName: {{.application}}{{.nameSuffix}}-v4-17
+   - apiVersion: appstudio.redhat.com/v1beta2
+     kind: IntegrationTestScenario
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-17-e2e
+       labels:
+         test.appstudio.openshift.io/optional: "false"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       contexts:
+       - name: component_{{.application}}{{.nameSuffix}}-v4-17
+         description: "execute the integration test when component {{.application}}{{.nameSuffix}}-v4-17 updates"
+       params:
+       - name: OCP_VERSION
+         value: 4.17
+       - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
+         value: {{.policyControllerOperatorGitRevision}}
+       - name: POLICY_CONTROLLER_OPERATOR_INSTALL_CHANNEL
+         value: {{.installChannel}}
+       - name: POLICY_CONTROLLER_OPERATOR_DEPLOYMENT_NAME
+         value: {{.policyControllerOperatorDeploymentName}}
+       resolverRef:
+         params:
+         - name: url
+           value: "https://github.com/securesign/pipelines.git"
+         - name: revision
+           value: main
+         - name: pathInRepo
+           value: pipelines/integration-test/policy-controller-fbc-e2e.yaml
+         resolver: git
+         resourceKind: pipelinerun
+   - apiVersion: appstudio.redhat.com/v1beta2
+     kind: IntegrationTestScenario
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-17-upgrade
+       labels:
+         test.appstudio.openshift.io/optional: "false"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       contexts:
+       - name: component_{{.application}}{{.nameSuffix}}-v4-17
+         description: "execute the upgrade integration test when component {{.application}}{{.nameSuffix}}-v4-17 updates"
+       params:
+       - name: OCP_VERSION
+         value: 4.17
+       - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
+         value: {{.policyControllerOperatorGitRevision}}
+       - name: UPGRADE_FROM_CHANNEL
+         value: tech-preview
+       - name: UPGRADE_TO_CHANNEL
+         value: {{.installChannel}}
+       resolverRef:
+         params:
+         - name: url
+           value: "https://github.com/securesign/pipelines.git"
+         - name: revision
+           value: main
+         - name: pathInRepo
+           value: pipelines/integration-test/pco-operator-upgrade.yaml
+         resolver: git
+         resourceKind: pipelinerun
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: ImageRepository
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-17
+       annotations:
+         image-controller.appstudio.redhat.com/update-component-image: "true"
+       labels:
+         appstudio.redhat.com/application: {{.application}}{{.nameSuffix}}
+         appstudio.redhat.com/component: {{.application}}{{.nameSuffix}}-v4-17
+     spec:
+       image:
+         name: rhtas-tenant/{{.application}}-v4-17
+         visibility: public
+       notifications:
+       - config:
+           url: "https://bombino.api.redhat.com/v1/sbom/quay/push"
+         event: repo_push
+         method: webhook
+         title: SBOM-event-to-Bombino
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: Component
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-18
+       annotations:
+         build.appstudio.openshift.io/pipeline: "{\"name\":\"fbc-builder\",\"bundle\":\"latest\"}"
+         build.appstudio.openshift.io/status: "{\"pac\":{\"state\":\"enabled\",\"merge-url\":\"https://github.com/securesign/fbc/pull/97\",\"configuration-time\":\"Thu,27 Mar 2025 12:35:34 UTC\"},\"message\":\"done\"}"
+         mintmaker.appstudio.redhat.com/disabled: {{.mintmakerDisabled}}
+     spec:
+       source:
+         git:
+           url: "https://github.com/securesign/fbc"
+           context: v4.18/{{.operator}}
+           dockerfileUrl: catalog.Dockerfile
+           revision: {{.branch}}
+       application: {{.application}}{{.nameSuffix}}
+       componentName: {{.application}}{{.nameSuffix}}-v4-18
+   - apiVersion: appstudio.redhat.com/v1beta2
+     kind: IntegrationTestScenario
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-18-e2e
+       labels:
+         test.appstudio.openshift.io/optional: "false"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       contexts:
+       - name: component_{{.application}}{{.nameSuffix}}-v4-18
+         description: "execute the integration test when component {{.application}}{{.nameSuffix}}-v4-18 updates"
+       params:
+       - name: OCP_VERSION
+         value: 4.18
+       - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
+         value: {{.policyControllerOperatorGitRevision}}
+       - name: POLICY_CONTROLLER_OPERATOR_INSTALL_CHANNEL
+         value: {{.installChannel}}
+       - name: POLICY_CONTROLLER_OPERATOR_DEPLOYMENT_NAME
+         value: {{.policyControllerOperatorDeploymentName}}
+       resolverRef:
+         params:
+         - name: url
+           value: "https://github.com/securesign/pipelines.git"
+         - name: revision
+           value: main
+         - name: pathInRepo
+           value: pipelines/integration-test/policy-controller-fbc-e2e.yaml
+         resolver: git
+         resourceKind: pipelinerun
+   - apiVersion: appstudio.redhat.com/v1beta2
+     kind: IntegrationTestScenario
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-18-upgrade
+       labels:
+         test.appstudio.openshift.io/optional: "false"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       contexts:
+       - name: component_{{.application}}{{.nameSuffix}}-v4-18
+         description: "execute the upgrade integration test when component {{.application}}{{.nameSuffix}}-v4-18 updates"
+       params:
+       - name: OCP_VERSION
+         value: 4.18
+       - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
+         value: {{.policyControllerOperatorGitRevision}}
+       - name: UPGRADE_FROM_CHANNEL
+         value: tech-preview
+       - name: UPGRADE_TO_CHANNEL
+         value: {{.installChannel}}
+       resolverRef:
+         params:
+         - name: url
+           value: "https://github.com/securesign/pipelines.git"
+         - name: revision
+           value: main
+         - name: pathInRepo
+           value: pipelines/integration-test/pco-operator-upgrade.yaml
+         resolver: git
+         resourceKind: pipelinerun
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: ImageRepository
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-18
+       annotations:
+         image-controller.appstudio.redhat.com/update-component-image: "true"
+       labels:
+         appstudio.redhat.com/application: {{.application}}{{.nameSuffix}}
+         appstudio.redhat.com/component: {{.application}}{{.nameSuffix}}-v4-18
+     spec:
+       image:
+         name: rhtas-tenant/{{.application}}-v4-18
+         visibility: public
+       notifications:
+       - config:
+           url: "https://bombino.api.redhat.com/v1/sbom/quay/push"
+         event: repo_push
+         method: webhook
+         title: SBOM-event-to-Bombino
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: Component
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-19
+       annotations:
+         build.appstudio.openshift.io/pipeline: "{\"name\":\"fbc-builder\",\"bundle\":\"latest\"}"
+         build.appstudio.openshift.io/status: "{\"pac\":{\"state\":\"enabled\",\"merge-url\":\"https://github.com/securesign/fbc/pull/97\",\"configuration-time\":\"Thu,27 Mar 2025 12:35:34 UTC\"},\"message\":\"done\"}"
+         mintmaker.appstudio.redhat.com/disabled: {{.mintmakerDisabled}}
+     spec:
+       source:
+         git:
+           url: "https://github.com/securesign/fbc"
+           context: v4.19/{{.operator}}
+           dockerfileUrl: catalog.Dockerfile
+           revision: {{.branch}}
+       application: {{.application}}{{.nameSuffix}}
+       componentName: {{.application}}{{.nameSuffix}}-v4-19
+   - apiVersion: appstudio.redhat.com/v1beta2
+     kind: IntegrationTestScenario
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-19-e2e
+       labels:
+         test.appstudio.openshift.io/optional: "false"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       contexts:
+       - name: component_{{.application}}{{.nameSuffix}}-v4-19
+         description: "execute the integration test when component {{.application}}{{.nameSuffix}}-v4-19 updates"
+       params:
+       - name: OCP_VERSION
+         value: 4.19
+       - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
+         value: {{.policyControllerOperatorGitRevision}}
+       - name: POLICY_CONTROLLER_OPERATOR_INSTALL_CHANNEL
+         value: {{.installChannel}}
+       - name: POLICY_CONTROLLER_OPERATOR_DEPLOYMENT_NAME
+         value: {{.policyControllerOperatorDeploymentName}}
+       resolverRef:
+         params:
+         - name: url
+           value: "https://github.com/securesign/pipelines.git"
+         - name: revision
+           value: main
+         - name: pathInRepo
+           value: pipelines/integration-test/policy-controller-fbc-e2e.yaml
+         resolver: git
+         resourceKind: pipelinerun
+   - apiVersion: appstudio.redhat.com/v1beta2
+     kind: IntegrationTestScenario
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-19-upgrade
+       labels:
+         test.appstudio.openshift.io/optional: "false"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       contexts:
+       - name: component_{{.application}}{{.nameSuffix}}-v4-19
+         description: "execute the upgrade integration test when component {{.application}}{{.nameSuffix}}-v4-19 updates"
+       params:
+       - name: OCP_VERSION
+         value: 4.19
+       - name: POLICY_CONTROLLER_OPERATOR_GIT_REVISION
+         value: {{.policyControllerOperatorGitRevision}}
+       - name: UPGRADE_FROM_CHANNEL
+         value: tech-preview
+       - name: UPGRADE_TO_CHANNEL
+         value: {{.installChannel}}
+       resolverRef:
+         params:
+         - name: url
+           value: "https://github.com/securesign/pipelines.git"
+         - name: revision
+           value: main
+         - name: pathInRepo
+           value: pipelines/integration-test/pco-operator-upgrade.yaml
+         resolver: git
+         resourceKind: pipelinerun
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: ImageRepository
+     metadata:
+       name: {{.application}}{{.nameSuffix}}-v4-19
+       annotations:
+         image-controller.appstudio.redhat.com/update-component-image: "true"
+       labels:
+         appstudio.redhat.com/application: {{.application}}{{.nameSuffix}}
+         appstudio.redhat.com/component: {{.application}}{{.nameSuffix}}-v4-19
+     spec:
... (diff truncated, showing first 500 lines)

---

_{📦 Artifacts: base-output.yaml, head-output.yaml, dyff-output.txt}

[qodo-for-securesign]

Code Review by Qodo

Sorry, something went wrong

We weren't able to complete the code review on our side. Please try again

[qodo-for-securesign]

PR Summary by Qodo

Migrate PCO FBC to per-OCP-version components and single release stream
⚙️ Configuration changes ✨ Enhancement 🕐 40+ Minutes

Description

• Split PCO FBC Konflux configuration into per-OCP-version components (4.16–4.22).
• Replace per-version main/tech-preview streams with a single pco-fbc-release stream.
• Align project template naming/variables and add a v4.22 promote-to-candidate overlay.

Diagram

graph TD
  A["ProjectDevelopmentStream\n\"pco-fbc-release\""] --> B["Stream template\n\"pco-fbc/template.yaml\""] --> C["Per-version overlays\n\"base/ocp/pco/v4.16–v4.22\""] --> D( "Konflux resources\nComponent + ITS + ImageRepo" )
  E["Release plan overlay\n\"promote-to-candidate/pco-fbc-v4-22\""] --> F( "ReleasePlan\n\"promote-to-candidate\"" )
  G["Project overlay\n\"overlay/pco-fbc\""] --> C

Loading

High-Level Assessment

The following are alternative approaches to this PR:

1. Keep ocpVersion templating and generate per-version streams

• ➕ Less duplicated YAML across v4.16–v4.22
• ➕ Clearer mapping between stream values and rendered resources
• ➖ Retains the older per-version stream sprawl (main + tech-preview) this PR is removing
• ➖ Does not align with the per-version component pattern used by RHTAS FBC

2. Use Kustomize generators/common patch to parameterize version

• ➕ Reduces copy/paste by sharing a single patch with version substitution
• ➕ Easier to add/remove supported OCP versions
• ➖ Adds indirection/templating complexity to Kustomize overlays
• ➖ May diverge from established repo conventions/patterns reviewers expect

Recommendation: The PR’s approach (explicit per-version components + a single release stream) is the better operational fit if the goal is to mirror the RHTAS FBC build model and reduce stream proliferation. Consider a follow-up to de-duplicate the highly repetitive per-version patch content (e.g., via shared bases) once the migration is stable.

Files changed (23) +841 / -22

Other (23) +841 / -22

kustomization.yamlWire v4.16 overlay to apply ProjectDevelopmentStreamTemplate patch +0/-0

Wire v4.16 overlay to apply ProjectDevelopmentStreamTemplate patch

• Defines the Kustomize component for OCP 4.16 to apply the version-specific patch against the FBC stream template resources.

konflux-configs/base/project/base/ocp/pco/v4.16/kustomization.yaml

patch.yamlRename v4.16 resources and hardcode OCP context/version +16/-14

Rename v4.16 resources and hardcode OCP context/version

• Updates the v4.16 patch to use version-suffixed Component/ITS/ImageRepository names (e.g., '-v4-16'). Replaces template-driven 'ocpVersion'/git context usage with fixed '4.16' values and disables component-triggered test contexts.

konflux-configs/base/project/base/ocp/pco/v4.16/patch.yaml

kustomization.yamlAdd Kustomize component for OCP 4.17 patching +8/-0

Add Kustomize component for OCP 4.17 patching

• Introduces a Kustomize component that applies the v4.17 patch to 'ProjectDevelopmentStreamTemplate' resources labeled as FBC.

konflux-configs/base/project/base/ocp/pco/v4.17/kustomization.yaml

patch.yamlDefine v4.17 Component, test scenarios, and image repo +117/-0

Define v4.17 Component, test scenarios, and image repo

• Adds a v4.17-specific Component pointing at 'v4.17/{{.operator}}', along with e2e + upgrade IntegrationTestScenarios and an ImageRepository named/suffixed for v4.17.

konflux-configs/base/project/base/ocp/pco/v4.17/patch.yaml

kustomization.yamlAdd Kustomize component for OCP 4.18 patching +8/-0

Add Kustomize component for OCP 4.18 patching

• Introduces a Kustomize component that applies the v4.18 patch to FBC stream template resources.

konflux-configs/base/project/base/ocp/pco/v4.18/kustomization.yaml

patch.yamlDefine v4.18 Component, test scenarios, and image repo +117/-0

Define v4.18 Component, test scenarios, and image repo

• Adds a v4.18-specific Component, e2e + upgrade IntegrationTestScenarios, and ImageRepository with version-suffixed naming for v4.18.

konflux-configs/base/project/base/ocp/pco/v4.18/patch.yaml

kustomization.yamlAdd Kustomize component for OCP 4.19 patching +8/-0

Add Kustomize component for OCP 4.19 patching

• Introduces a Kustomize component that applies the v4.19 patch to FBC stream template resources.

konflux-configs/base/project/base/ocp/pco/v4.19/kustomization.yaml

patch.yamlDefine v4.19 Component, test scenarios, and image repo +117/-0

Define v4.19 Component, test scenarios, and image repo

• Adds a v4.19-specific Component, e2e + upgrade IntegrationTestScenarios, and ImageRepository with version-suffixed naming for v4.19.

konflux-configs/base/project/base/ocp/pco/v4.19/patch.yaml

kustomization.yamlAdd Kustomize component for OCP 4.20 patching +8/-0

Add Kustomize component for OCP 4.20 patching

• Introduces a Kustomize component that applies the v4.20 patch to FBC stream template resources.

konflux-configs/base/project/base/ocp/pco/v4.20/kustomization.yaml

patch.yamlDefine v4.20 Component, test scenarios, and image repo +117/-0

Define v4.20 Component, test scenarios, and image repo

• Adds a v4.20-specific Component, e2e + upgrade IntegrationTestScenarios, and ImageRepository with version-suffixed naming for v4.20.

konflux-configs/base/project/base/ocp/pco/v4.20/patch.yaml

kustomization.yamlAdd Kustomize component for OCP 4.21 patching +8/-0

Add Kustomize component for OCP 4.21 patching

• Introduces a Kustomize component that applies the v4.21 patch to FBC stream template resources.

konflux-configs/base/project/base/ocp/pco/v4.21/kustomization.yaml

patch.yamlDefine v4.21 Component, test scenarios, and image repo +117/-0

Define v4.21 Component, test scenarios, and image repo

• Adds a v4.21-specific Component, e2e + upgrade IntegrationTestScenarios, and ImageRepository with version-suffixed naming for v4.21.

konflux-configs/base/project/base/ocp/pco/v4.21/patch.yaml

kustomization.yamlAdd Kustomize component for OCP 4.22 patching +8/-0

Add Kustomize component for OCP 4.22 patching

• Introduces a Kustomize component that applies the v4.22 patch to FBC stream template resources.

konflux-configs/base/project/base/ocp/pco/v4.22/kustomization.yaml

patch.yamlDefine v4.22 Component, test scenarios, and image repo +117/-0

Define v4.22 Component, test scenarios, and image repo

• Adds a v4.22-specific Component, e2e + upgrade IntegrationTestScenarios, and ImageRepository with version-suffixed naming for v4.22.

konflux-configs/base/project/base/ocp/pco/v4.22/patch.yaml

kustomization.yamlSwitch project overlay to per-version PCO components and branch-sync +8/-1

Switch project overlay to per-version PCO components and branch-sync

• Replaces the single 'base/ocp/pco' component include with explicit per-version components (v4.16–v4.22). Adds the 'base/branch-sync' component to the overlay.

konflux-configs/base/project/overlay/pco-fbc/kustomization.yaml

template.yamlAlign PCO FBC stream template variables and naming +2/-5

Align PCO FBC stream template variables and naming

• Removes the 'ocpVersion' variable and standardizes 'application' to 'pco-fbc'. Updates 'nameSuffix' default to be derived from the 'version' variable (RHTAS-aligned).

konflux-configs/base/project/overlay/pco-fbc/template.yaml

kustomization.yamlInclude v4.22 promote-to-candidate overlay +1/-0

Include v4.22 promote-to-candidate overlay

• Adds the 'pco-fbc-v4-22' overlay to the promote-to-candidate release-plan overlays list.

konflux-configs/base/release-plan/promote-to-candidate/pco-fbc/overlays/kustomization.yaml

kustomization.yamlAdd Kustomize overlay for v4.22 promote-to-candidate +9/-0

Add Kustomize overlay for v4.22 promote-to-candidate

• Introduces a dedicated overlay that applies a v4.22-specific patch on top of the shared pco-fbc release plan base.

konflux-configs/base/release-plan/promote-to-candidate/pco-fbc/overlays/pco-fbc-v4-22/kustomization.yaml

patch.yamlCreate v4.22 ReleasePlan patch for promote-to-candidate +10/-0

Create v4.22 ReleasePlan patch for promote-to-candidate

• Adds a ReleasePlan patch that sets 'spec.application: pco-fbc-v4-22' and enables auto-release/standing attribution labels.

konflux-configs/base/release-plan/promote-to-candidate/pco-fbc/overlays/pco-fbc-v4-22/patch.yaml

kustomization.yamlAdd unified FBC stream overlay kustomization +8/-0

Add unified FBC stream overlay kustomization

• Creates a new 'fbc' overlay that renders the consolidated release stream resources and applies name reference configuration.

konflux-configs/base/stream/policy-controller/overlay/fbc/kustomization.yaml

kustomizeconfig.yamlConfigure nameReference for stream/template linkage +21/-0

Configure nameReference for stream/template linkage

• Adds Kustomize nameReference rules so 'ProjectDevelopmentStream' and 'ProjectDevelopmentStreamTemplate' references to 'Project' and templates are updated correctly during rendering.

konflux-configs/base/stream/policy-controller/overlay/fbc/kustomizeconfig.yaml

release-stream.yamlDefine single 'pco-fbc-release' development stream +15/-0

Define single 'pco-fbc-release' development stream

• Introduces a consolidated 'ProjectDevelopmentStream' named 'pco-fbc-release' that uses the 'pco-fbc-template' with 'version=release' and 'branch=main'. Removes the need for per-OCP-version and tech-preview stream resources.

konflux-configs/base/stream/policy-controller/overlay/fbc/release-stream.yaml

kustomization.yamlPoint policy-controller overlay to new unified FBC overlay +1/-2

Point policy-controller overlay to new unified FBC overlay

• Replaces the previous 'main/fbc' and 'tech-preview/fbc' resource includes with a single 'fbc' overlay include.

konflux-configs/base/stream/policy-controller/overlay/kustomization.yaml

[tommyd450]

Do we have e2e suites in place for pco?

[osmman]

yes there is suite for e2e and upgrade tests

[osmman]

I discovered that AI all of them dissabled without any reason I fixed it in new version

[JasonPowr]

LGTM!, thanks for doing this