From b849b14b447e49097f85bde245d3da47bcfbfeb4 Mon Sep 17 00:00:00 2001
From: Kamil Sambor <kamil.sambor@gmail.com>
Date: Wed, 27 Nov 2024 15:07:37 +0100
Subject: [PATCH] [make][pre-commit]Check CRD schema to avoid update issues The
 new crd-schema-check make target compares the CRD schema of the patch with
 the schema on the tip of main and report errors on non backward compatible
 changes.

This make target now also run in pre-commit both locally and in CI.

This make target uses https://github.com/openshift/crd-schema-checker
to do the actual checking.

Related: OSPRH-11833
---
 .pre-commit-config.yaml          |  6 ++++++
 Makefile                         |  8 ++++++++
 hack/build-crd-schema-checker.sh | 15 +++++++++++++++
 hack/crd-schema-checker.sh       | 21 +++++++++++++++++++++
 4 files changed, 50 insertions(+)
 create mode 100755 hack/build-crd-schema-checker.sh
 create mode 100755 hack/crd-schema-checker.sh

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a35666c..5be67de 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -19,6 +19,12 @@ repos:
       entry: make
       args: ['operator-lint']
       pass_filenames: false
+    - id: make-crd-schema-check
+      name: make-crd-schema-check
+      language: system
+      entry: make
+      args: ['crd-schema-check']
+      pass_filenames: false
 
 - repo: https://github.com/dnephin/pre-commit-golang
   rev: v0.5.1
diff --git a/Makefile b/Makefile
index 744ab61..79166a9 100644
--- a/Makefile
+++ b/Makefile
@@ -365,3 +365,11 @@ run-with-webhook: export METRICS_PORT?=8080
 run-with-webhook: export HEALTH_PORT?=8081
 run-with-webhook: manifests generate fmt vet ## Run a controller from your host.
 	/bin/bash hack/run_with_local_webhook.sh
+
+CRD_SCHEMA_CHECKER_VERSION ?= release-4.16
+
+PHONY: crd-schema-check
+crd-schema-check: manifests
+	INSTALL_DIR=$(LOCALBIN) CRD_SCHEMA_CHECKER_VERSION=$(CRD_SCHEMA_CHECKER_VERSION) hack/build-crd-schema-checker.sh
+	INSTALL_DIR=$(LOCALBIN) BASE_REF="$${PULL_BASE_SHA:-$(BRANCH)}" hack/crd-schema-checker.sh
+
diff --git a/hack/build-crd-schema-checker.sh b/hack/build-crd-schema-checker.sh
new file mode 100755
index 0000000..12bf3be
--- /dev/null
+++ b/hack/build-crd-schema-checker.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -euxo pipefail
+
+if [ -f "$INSTALL_DIR/crd-schema-checker" ]; then
+    exit 0
+fi
+
+mkdir -p "$INSTALL_DIR/git-tmp"
+git clone https://github.com/openshift/crd-schema-checker.git \
+    -b "$CRD_SCHEMA_CHECKER_VERSION" "$INSTALL_DIR/git-tmp"
+pushd "$INSTALL_DIR/git-tmp"
+GOWORK=off make
+cp crd-schema-checker "$INSTALL_DIR/"
+popd
+rm -rf "$INSTALL_DIR/git-tmp"
diff --git a/hack/crd-schema-checker.sh b/hack/crd-schema-checker.sh
new file mode 100755
index 0000000..c431ae5
--- /dev/null
+++ b/hack/crd-schema-checker.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -euxo pipefail
+
+CHECKER=$INSTALL_DIR/crd-schema-checker
+
+TMP_DIR=$(mktemp -d)
+
+function cleanup {
+    rm -rf "$TMP_DIR"
+}
+
+trap cleanup EXIT
+
+
+for crd in config/crd/bases/*.yaml; do
+    mkdir -p "$(dirname "$TMP_DIR/$crd")"
+    git show "$BASE_REF:$crd" > "$TMP_DIR/$crd"
+    $CHECKER check-manifests \
+        --existing-crd-filename="$TMP_DIR/$crd" \
+        --new-crd-filename="$crd"
+done