From 55591ac0fcb4d36fd217ead020b9f12adbe0f134 Mon Sep 17 00:00:00 2001
From: Kamil Sambor <kamil.sambor@gmail.com>
Date: Wed, 27 Nov 2024 15:21:40 +0100
Subject: [PATCH] [make][pre-commit]Check CRD schema to avoid update issues The
 new crd-schema-check make target compares the CRD schema of the patch with
 the schema on the tip of main and report errors on non backward compatible
 changes.

This make target now also run in pre-commit both locally and in CI.

This make target uses https://github.com/openshift/crd-schema-checker
to do the actual checking.

Related: OSPRH-11833
---
 .pre-commit-config.yaml          |  6 ++++++
 Makefile                         |  8 ++++++++
 hack/build-crd-schema-checker.sh | 15 +++++++++++++++
 hack/crd-schema-checker.sh       | 21 +++++++++++++++++++++
 4 files changed, 50 insertions(+)
 create mode 100755 hack/build-crd-schema-checker.sh
 create mode 100755 hack/crd-schema-checker.sh

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 40a306c2..4a7aa53a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -31,6 +31,12 @@ repos:
       entry: make
       args: ['operator-lint']
       pass_filenames: false
+    - id: make-crd-schema-check
+      name: make-crd-schema-check
+      language: system
+      entry: make
+      args: ['crd-schema-check']
+      pass_filenames: false
 
 - repo: https://github.com/pre-commit/pre-commit-hooks
   rev: v4.4.0
diff --git a/Makefile b/Makefile
index cbcf891c..d4ffe12e 100644
--- a/Makefile
+++ b/Makefile
@@ -401,3 +401,11 @@ run-with-webhook: export METRICS_PORT?=8080
 run-with-webhook: export HEALTH_PORT?=8081
 run-with-webhook: manifests generate fmt vet ## Run a controller from your host.
 	/bin/bash hack/run_with_local_webhook.sh
+
+CRD_SCHEMA_CHECKER_VERSION ?= release-4.16
+BRANCH=main
+
+PHONY: crd-schema-check
+crd-schema-check: manifests
+	INSTALL_DIR=$(LOCALBIN) CRD_SCHEMA_CHECKER_VERSION=$(CRD_SCHEMA_CHECKER_VERSION) hack/build-crd-schema-checker.sh
+	INSTALL_DIR=$(LOCALBIN) BASE_REF="$${PULL_BASE_SHA:-$(BRANCH)}" hack/crd-schema-checker.sh
diff --git a/hack/build-crd-schema-checker.sh b/hack/build-crd-schema-checker.sh
new file mode 100755
index 00000000..12bf3be9
--- /dev/null
+++ b/hack/build-crd-schema-checker.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -euxo pipefail
+
+if [ -f "$INSTALL_DIR/crd-schema-checker" ]; then
+    exit 0
+fi
+
+mkdir -p "$INSTALL_DIR/git-tmp"
+git clone https://github.com/openshift/crd-schema-checker.git \
+    -b "$CRD_SCHEMA_CHECKER_VERSION" "$INSTALL_DIR/git-tmp"
+pushd "$INSTALL_DIR/git-tmp"
+GOWORK=off make
+cp crd-schema-checker "$INSTALL_DIR/"
+popd
+rm -rf "$INSTALL_DIR/git-tmp"
diff --git a/hack/crd-schema-checker.sh b/hack/crd-schema-checker.sh
new file mode 100755
index 00000000..c431ae50
--- /dev/null
+++ b/hack/crd-schema-checker.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -euxo pipefail
+
+CHECKER=$INSTALL_DIR/crd-schema-checker
+
+TMP_DIR=$(mktemp -d)
+
+function cleanup {
+    rm -rf "$TMP_DIR"
+}
+
+trap cleanup EXIT
+
+
+for crd in config/crd/bases/*.yaml; do
+    mkdir -p "$(dirname "$TMP_DIR/$crd")"
+    git show "$BASE_REF:$crd" > "$TMP_DIR/$crd"
+    $CHECKER check-manifests \
+        --existing-crd-filename="$TMP_DIR/$crd" \
+        --new-crd-filename="$crd"
+done