tools: add script to upgrade operator-sdk

[ezekiel-alexrod]

Add tool to upgrade operator-sdk projects

Summary

A generic, config-driven tool that automates operator-sdk upgrades by scaffolding
fresh projects and applying customizations via GNU patch files. Designed to be
reusable across repositories.

Closes: MK8S-190

Execution flow

flowchart TD
    A["Load config.yaml"] --> B["Confirm upgrade (--yes to skip)"]
    B --> C["Install operator-sdk (cached)"]
    C --> D["Phase 1: Backup operator/ → operator.bak/"]
    D --> E["Phase 2: Scaffold fresh project"]
    E --> E1["operator-sdk init + create api"]
    E1 --> E2["Delete unwanted files (delete config)"]
    E2 --> F["Phase 2b: Detect latest versions"]
    F --> F1["operator-sdk: GitHub releases/latest"]
    F --> F2["Go toolchain: go.dev latest patch"]
    F --> F3["k8s.io libs: module proxy latest patch"]
    F1 & F2 & F3 --> G["Reconcile: compare detected vs pinned"]
    G --> H["Phase 3: Restore custom code (raw_copy)"]
    H --> I["Phase 4: Apply patch files"]
    I --> J["Substitute __GOTOOLCHAIN__ placeholder"]
    J --> K["Phase 5: go get k8s.io + go mod tidy"]
    K --> L["make manifests generate"]
    L --> M["make fmt vet"]
    M --> N["Extra commands (make metalk8s)"]
    N --> O["Upgrade complete"]

Loading

Usage

python3 tools/upgrade-operator-sdk/upgrade.py \
    --operator-dir operator \
    tools/upgrade-operator-sdk/operator

python3 tools/upgrade-operator-sdk/upgrade.py \
    --operator-dir storage-operator \
    tools/upgrade-operator-sdk/storage-operator

Option	Description
--operator-dir	Path to the operator project directory (required)
--skip-backup	Reuse an existing .bak directory
--clean-tools	Remove tool cache after upgrade
--yes, -y	Skip the confirmation prompt

Env variable	Description
GITHUB_TOKEN	Optional. Raises GitHub API rate limit (60 → 5000 req/hour)

Prerequisites: go, curl, patch, pyyaml

Configuration

Each operator has a config directory with config.yaml and patches/:

tools/upgrade-operator-sdk/
  upgrade.py
  operator/
    config.yaml
    patches/
      Dockerfile.patch          # extra COPY dirs, ldflags, LABEL block
      Makefile.patch            # GOTOOLCHAIN, metalk8s make target
      clusterconfig_types.patch # CRD type definition
      clusterconfig_controller.patch
      virtualippool_types.patch
      virtualippool_controller.patch
  storage-operator/
    config.yaml
    patches/
      Dockerfile.patch
      Makefile.patch
      volume_types.patch
      volume_controller.patch

config.yaml fields

Field	Required	Description
operator_sdk_version	yes	Target operator-sdk release (e.g. v1.42.1)
repo	yes	Go module path for operator-sdk init --repo
domain	yes	CRD domain for operator-sdk init --domain
apis	yes	List of CRDs with group, version, kind, namespaced
go_toolchain	no	Pin Go toolchain (e.g. go1.24.13). If absent, detected from go.dev
k8s_libs	no	Pin k8s.io libs (e.g. v0.33.10). If absent, detected from module proxy
raw_copy	no	Dirs/files to copy from backup (purely custom, no scaffold equivalent)
delete	no	Dirs/files to remove from scaffold after generation
extra_commands	no	Commands to run after make fmt vet (e.g. ["make", "metalk8s"])

Version reconciliation (CI-friendly)

After scaffolding, the tool queries go.dev, the Go module proxy, and GitHub to detect the latest available versions. It compares them with the YAML pins:

Situation	Behavior
No pin in YAML	Use detected version for this run (YAML not modified)
Pin matches detected	All good
Pin is older than detected	Warning with newer version available, keeps pinned value
Pin is newer than detected	Warning, uses detected value

Zero interactive input during reconciliation -- safe for CI.

Design decisions

• Patch files over programmatic modifications: all scaffold customizations are plain diff -u files, readable and editable without understanding the Python code
• raw_copy for purely custom code: only dirs/files with no scaffold equivalent are copied from backup; everything else uses patches
• delete config field: configurable removal of scaffold files (.devcontainer, .github, incompatible test stubs)
• --operator-dir as CLI arg: not in the YAML, so the tool works from any directory
• No auto-pin: the tool warns about newer versions but never modifies the config file
• __GOTOOLCHAIN__ placeholder: only runtime placeholder, detected dynamically (latest Go patch from go.dev) and substituted in the Makefile
• Jinja expressions hardcoded in patches: each operator's Makefile.patch contains its own build_image_name() call directly, no placeholder needed
• --forward flag on patch: prevents false "reversed patch" detection on patches that remove most of a file's content

[bert-e]

Hello ezekiel-alexrod,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

Peer approvals must include at least 1 approval from the following list:

• @JBWatenbergScality

• @g-carre

• @ChengYanJin

• @m4nch0t

• @ezekiel-alexrod

• @eg-ayoub

• @vdaviot

• @anthony-treuillier-scality

• @thomasdanan

• @TeddyAndrieux

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

Peer approvals must include at least 1 approval from the following list:

• @anthony-treuillier-scality

• @JBWatenbergScality

• @thomasdanan

• @ezekiel-alexrod

• @m4nch0t

• @g-carre

• @TeddyAndrieux

• @eg-ayoub

• @vdaviot

• @ChengYanJin

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

Peer approvals must include at least 1 approval from the following list:

• @ChengYanJin

• @m4nch0t

• @JBWatenbergScality

• @g-carre

• @vdaviot

• @anthony-treuillier-scality

• @eg-ayoub

• @thomasdanan

• @ezekiel-alexrod

• @TeddyAndrieux

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

Peer approvals must include at least 1 approval from the following list:

• @thomasdanan

• @ChengYanJin

• @vdaviot

• @ezekiel-alexrod

• @JBWatenbergScality

• @anthony-treuillier-scality

• @m4nch0t

• @TeddyAndrieux

• @eg-ayoub

• @g-carre

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

Peer approvals must include at least 1 approval from the following list:

• @TeddyAndrieux

• @anthony-treuillier-scality

• @ezekiel-alexrod

• @thomasdanan

• @vdaviot

• @g-carre

• @ChengYanJin

• @eg-ayoub

• @JBWatenbergScality

• @m4nch0t

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

Peer approvals must include at least 1 approval from the following list:

• @TeddyAndrieux

• @JBWatenbergScality

• @m4nch0t

• @ChengYanJin

• @eg-ayoub

• @thomasdanan

• @ezekiel-alexrod

• @vdaviot

• @g-carre

• @anthony-treuillier-scality

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

Peer approvals must include at least 1 approval from the following list:

• @eg-ayoub

• @anthony-treuillier-scality

• @ezekiel-alexrod

• @vdaviot

• @m4nch0t

• @TeddyAndrieux

• @g-carre

• @JBWatenbergScality

• @thomasdanan

• @ChengYanJin

[TeddyAndrieux]

I would suggest also to move this to tools it has nothing to do with scripts (this directory is for scripts that will be used by the end user not by the developers)

[ezekiel-alexrod]

/approve

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

Peer approvals must include at least 1 approval from the following list:

• @eg-ayoub

• @anthony-treuillier-scality

• @ezekiel-alexrod

• @vdaviot

• @m4nch0t

• @TeddyAndrieux

• @g-carre

• @JBWatenbergScality

• @thomasdanan

• @ChengYanJin

The following options are set: approve