Sync main

.github/workflows/olm-stable.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     environment: quay
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

.github/workflows/package-operator-stable.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     environment: quay
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

.github/workflows/pr-checks.yaml

@@ -8,7 +8,7 @@ jobs:
     name: Lint the commit messages
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - uses: wagoid/commitlint-github-action@v6
@@ -17,14 +17,14 @@ jobs:
     name: Lint Github Action
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: reviewdog/action-actionlint@v1
 
   lint:
     name: Lint code
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - uses: actions/setup-go@v6
         with:
@@ -50,7 +50,7 @@ jobs:
     name: Verify generated code
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - uses: actions/setup-go@v6
         with:
@@ -63,7 +63,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Validate tools cache
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - uses: actions/setup-go@v6
         with:
@@ -79,7 +79,7 @@ jobs:
     name: Build bundle image
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - name: Setup Go environment
         uses: actions/setup-go@v6
@@ -98,7 +98,7 @@ jobs:
     name: Run end-to-end tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - name: e2e tests through OLM
         uses: ./.github/e2e-tests-olm

.github/workflows/release.yaml

@@ -4,11 +4,14 @@
   push:
     branches: [main]
 
+permissions:
+  contents: write
+
 jobs:
   e2e-tests-olm:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - name: e2e tests through OLM
         uses: ./.github/e2e-tests-olm
@@ -20,7 +23,7 @@
     needs:
       - e2e-tests-olm
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
@@ -36,7 +39,7 @@
 
       - name: Set version
         id: version
         run: |
           npx standard-version --skip.commit --skip.tag --skip.changelog
           version="$(cat VERSION)-$(date +%y%m%d%H%M%S)"
           echo "version=$version" >> $GITHUB_OUTPUT
@@ -83,7 +86,7 @@
     if: "startsWith(github.event.head_commit.message, 'chore(release):')"
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           token: ${{ secrets.REPOSITORY_PUSH_TOKEN }}
@@ -99,7 +102,7 @@
           check-latest: true
 
       - name: Generate release notes
         run: |
           # Create the release notes for the Github release
           git config user.name rhobs-release-bot
           git config user.email release-bot@monitoring.rhobs.io
@@ -109,7 +112,7 @@
 
       - name: Publish tag
         id: publish_tag
         run: |
           # NOTE tag is created by standard-version and points to the
           # chore(release): commit
           git push --follow-tags
@@ -130,7 +133,7 @@
     environment: quay
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           token: ${{ secrets.REPOSITORY_PUSH_TOKEN }}

AGENTS.md

@@ -0,0 +1,176 @@
+## AGENTS GUIDE
+
+This document is for **AI/code assistants and other automation** contributing changes to this repository.
+
+The primary goal is to keep generated assets, CRDs, OLM bundles, and deployment manifests **consistent and reproducible** while making safe, reviewable edits.
+
+---
+
+## Project Overview
+
+- **Name**: Observability Operator (`observability-operator`)
+- **Type**: Kubernetes operator (Go, controller-runtime) plus Kustomize/OLM packaging
+- **Purpose**: Manage monitoring/alerting stacks (and related observability components) via CRDs.
+
+Key entry points:
+
+- `cmd/operator/main.go` – operator binary entrypoint.
+- `pkg/apis/...` – API types and CRDs definitions.
+- `pkg/controllers/...` – reconcilers/controllers.
+- `deploy/...` – Kustomize bases for CRDs, operator deployment, OLM, package-operator, etc.
+- `bundle/...` – Generated OLM bundle (do not hand-edit).
+
+For human-focused docs, see `README.md` and `docs/developer.md`.
+
+---
+
+## Conventions & Tooling
+
+- **Language**: Go (see Go version in root `go.mod`).
+- **Build & generation**: GNU Make, controller-gen, kustomize, operator-sdk.
+- **Commit messages**: Follow **Conventional Commits** (see `docs/developer.md`).
+- **Versioning**: SemVer, automated via `make initiate-release`.
+
+Important make targets:
+
+- `make generate` – regenerate CRDs, RBAC, deepcopy, Kustomize outputs, and API docs.
+- `make test-unit` – run Go unit tests.
+- `make test-e2e` – run Go-based e2e tests (alternative to `./test/run-e2e.sh`).
+- `make operator` / `make build` – build the operator binary into `tmp/operator`.
+
+Only **invoke** these commands in suggestions; do **not assume** they have been run.
+
+---
+
+## Repository Layout (for Agents)
+
+- `cmd/` – CLI/entrypoint code.
+- `pkg/apis/` – custom resource APIs; changes here require `make generate`.
+- `pkg/controllers/` – controller logic; generally safe for targeted edits.
+- `deploy/`:
+  - `crds/` – generated CRDs (kubernetes + common).
+  - `dependencies/` – Kustomize config for dependent operators (e.g. obo-prometheus-operator).
+  - `monitoring/`, `operator/`, `olm/`, `package-operator/` – operator deployment and packaging.
+- `bundle/` – **generated** OLM bundle content.
+- `jsonnet/`, `dashboards/`, `must-gather/` – ancillary assets.
+- `tmp/` – build/test artifacts; never commit changes from here.
+
+Prefer editing **sources** (Go, Kustomize bases, templates) rather than generated artifacts.
+
+---
+
+## Safe vs Unsafe Edits
+
+**Prefer to edit**
+
+- Go code in:
+  - `pkg/controllers/...`
+  - `pkg/operator/...`
+  - `pkg/reconciler/...`
+  - `cmd/operator/...`
+- API types in `pkg/apis/...` (but remember to run `make generate` afterwards).
+- Kustomize bases under `deploy/...`:
+  - `deploy/dependencies/...`
+  - `deploy/monitoring/...`
+  - `deploy/olm/...`
+  - `deploy/package-operator/...`
+- Documentation in `docs/` and `README.md`.
+
+**Avoid hand-editing**
+
+- `bundle/...` – OLM bundle content is generated via `make bundle`.
+- Generated CRDs/RBAC in:
+  - `deploy/crds/common/...`
+  - `deploy/crds/kubernetes/...`
+  - `deploy/operator/observability-operator-cluster-role.yaml`
+- Files under `tmp/`.
+
+When in doubt, look for a related **Makefile target** or a comment indicating files are generated.
+
+---
+
+## Common Change Patterns
+
+### 1. Updating or Adding API Fields / CRDs
+
+1. Modify Go API types under `pkg/apis/...`.
+2. Update any validation/defaulting or controller logic in `pkg/controllers/...` as needed.
+3. Regenerate artifacts:
+
+   ```sh
+   make generate
+   ```
+
+4. Ensure CRDs and RBAC changes are committed alongside the Go changes.
+
+### 2. Bumping the forked Prometheus Operator (obo-prometheus-operator)
+
+As described in `docs/developer.md`:
+
+1. Update the dependency version in:
+   - `go.mod`
+   - `deploy/dependencies/kustomization.yaml`
+2. Regenerate manifests:
+
+   ```sh
+   make generate
+   ```
+
+3. Commit Go module + dependency + generated manifest changes together.
+
+### 3. Adjusting Operator / OLM Manifests
+
+- For operator deployment changes (env vars, args, resources, etc.):
+  - Prefer editing the relevant **Kustomize bases** under `deploy/operator/`, `deploy/monitoring/`, or `deploy/dependencies/`.
+- For OLM bundle / CSV adjustments:
+  - Edit Kustomize configs in `deploy/olm/` rather than direct edits in `bundle/`.
+  - Recreate the bundle as needed with:
+
+    ```sh
+    make bundle
+    ```
+
+  - Be aware that `make bundle` may reset uncommitted changes in `bundle/` (see `Makefile`).
+
+### 4. Tests & Linting
+
+To keep suggestions consistent with local workflows, assume the following are used:
+
+- Unit tests:
+
+  ```sh
+  make test-unit
+  ```
+
+- End-to-end tests:
+
+  ```sh
+  ./test/run-e2e.sh
+  ```
+
+- Linting:
+
+  ```sh
+  make lint
+  ```
+
+Proposed changes should be structured so they can pass these commands.
+
+---
+
+## Style & Quality Notes for Agents
+
+- Follow existing **Go style** and `controller-runtime` patterns; avoid introducing new frameworks.
+- Keep reconciliation logic **idempotent** and resilient to partial failures.
+- When editing YAML, preserve:
+  - Resource kinds, API versions, and labels/annotations used by operators/OLM.
+  - Existing indentation and ordering where practical.
+- For breaking or behavioural changes, ensure commit messages (authored by humans) can use
+  `feat:`, `fix:`, or `BREAKING CHANGE:` consistently.
+
+If a change appears to impact release automation, image tags, or OLM packaging, prefer to
+suggest **small, focused diffs** and explicitly call out the potential impact in comments
+or PR descriptions for human reviewers.
+
+
+

build/Dockerfile

@@ -5,6 +5,7 @@ WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
+COPY pkg/apis/ pkg/apis/
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download

bundle/manifests/monitoring.rhobs_alertmanagerconfigs.yaml

@@ -4,7 +4,7 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.19.0
     observability.openshift.io/api-support: TechPreview
-    operator.prometheus.io/version: 0.86.2-rhobs1
+    operator.prometheus.io/version: 0.87.0-rhobs1
   creationTimestamp: null
   labels:
     app.kubernetes.io/part-of: observability-operator
@@ -5297,6 +5297,11 @@ spec:
                               message defines the notification message content.
                               This is the main body text of the Pushover notification.
                             type: string
+                          monospace:
+                            description: |-
+                              monospace optional HTML/monospace formatting for the message, see https://pushover.net/api#html
+                              html and monospace formatting are mutually exclusive.
+                            type: boolean
                           priority:
                             description: |-
                               priority defines the notification priority level.
@@ -8051,7 +8056,7 @@ spec:
                                 x-kubernetes-map-type: atomic
                               useFIPSSTSEndpoint:
                                 description: |-
-                                  useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint.
+                                  useFIPSSTSEndpoint defines the FIPS mode for the AWS STS endpoint.
                                   It requires Prometheus >= v2.54.0.
                                 type: boolean
                             type: object

bundle/manifests/monitoring.rhobs_alertmanagers.yaml

@@ -4,7 +4,7 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.19.0
     observability.openshift.io/api-support: Experimental-SSA
-    operator.prometheus.io/version: 0.86.2-rhobs1
+    operator.prometheus.io/version: 0.87.0-rhobs1
   creationTimestamp: null
   labels:
     app.kubernetes.io/part-of: observability-operator

bundle/manifests/monitoring.rhobs_monitoringstacks.yaml

@@ -50,6 +50,12 @@ spec:
                     default: false
                     description: Disables the deployment of Alertmanager.
                     type: boolean
+                  replicas:
+                    default: 2
+                    description: Number of replicas/pods to deploy for Alertmanager.
+                    format: int32
+                    minimum: 0
+                    type: integer
                   webTLSConfig:
                     description: Configure TLS options for the Alertmanager web server.
                     properties:
@@ -1709,10 +1715,23 @@ spec:
               retention:
                 default: 120h
                 description: |-
-                  Time duration to retain data for. Default is '120h',
-                  and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).
+                  Time duration to retain data for. Default is '120h', and the value must
+                  match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds
+                  seconds minutes hours days weeks years).
+
+                  When both retention and retentionSize are defined, whichever triggers
+                  first will be applied.
                 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
                 type: string
+              retentionSize:
+                description: |-
+                  retentionSize defines the maximum number of bytes used by the Prometheus
+                  data. By default the size is unlimited.
+
+                  When both retention and retentionSize are defined, whichever triggers
+                  first will be applied.
+                pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$
+                type: string
               tolerations:
                 description: Define tolerations for Monitoring Stack Pods.
                 items: