feat(KFLUXVNGD-1022): add operator changelog workflow and placeholder comment

[kelchen123]

Adds the changelog-generator workflow and a minimal binary that posts a placeholder comment on any PR that bumps the operator SHA, proving the trigger-to-comment pipeline before changelog logic is added in subsequent PRs.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kelchen123
Once this PR has been reviewed and has the lgtm label, please assign filariow for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

Kustomize Render Diff

Comparing a169b9c2f → 90c32ebe1

No render differences detected.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.45%. Comparing base (a169b9c) to head (05a8d6f).

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12030      +/-   ##
==========================================
+ Coverage   52.37%   52.45%   +0.07%     
==========================================
  Files          19       19              
  Lines        1283     1285       +2     
==========================================
+ Hits          672      674       +2     
  Misses        539      539              
  Partials       72       72              

Flag	Coverage Δ
go	52.45% <100.00%> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[qodo-for-redhat-appstudio]

Review Summary by Qodo

Add operator changelog workflow with placeholder comment generator

✨ Enhancement

Walkthroughs

Description

• Add changelog-generator binary to post placeholder comments on operator SHA bump PRs
• Implement operator-changelog GitHub workflow triggered on kustomization.yaml changes
• Refactor GitHub comment client to support custom markers for multiple tools
• Update Makefile to build new changelog-generator binary

Diagram

flowchart LR
  PR["PR bumps operator SHA"] -->|Triggers workflow| WF["operator-changelog.yaml"]
  WF -->|Builds & runs| CG["changelog-generator"]
  CG -->|Posts comment| GH["GitHub PR"]
  CC["CommentClient refactored"] -->|Supports custom markers| CG

Loading

File Changes

1. infra-tools/cmd/changelog-generator/main.go ✨ Enhancement +71/-0

Create changelog-generator binary with placeholder logic

• New binary that posts placeholder changelog comments on PRs bumping operator SHA
• Reads GitHub token, repository, and PR number from environment variables
• Implements dry-run mode for testing and fallback to stdout on errors
• Uses custom comment marker for idempotent updates

infra-tools/cmd/changelog-generator/main.go

---

2. .github/workflows/operator-changelog.yaml ⚙️ Configuration changes +36/-0

Add operator changelog GitHub workflow trigger

• New workflow triggered on pull_request_target for kustomization.yaml changes
• Checks out base branch to prevent fork code execution
• Builds changelog-generator binary and runs it with GitHub token
• Configured with minimal permissions (pull-requests write, contents read)

.github/workflows/operator-changelog.yaml

---

3. infra-tools/internal/github/comments.go ✨ Enhancement +13/-7

Refactor comment client for custom markers

• Refactor UpsertComment to delegate to new UpsertCommentByMarker method
• Add UpsertCommentByMarker to support custom marker strings for multiple tools
• Rename findMarkedComment to findCommentByMarker with marker parameter
• Update logging to be tool-agnostic and include marker information

infra-tools/internal/github/comments.go

---

View more (1)

4. infra-tools/Makefile ⚙️ Configuration changes +1/-0

Add changelog-generator to build targets

• Add changelog-generator to build targets
• Binary built alongside existing env-detector and render-diff tools

infra-tools/Makefile

---

[qodo-for-redhat-appstudio]

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (0)

Context used

✅ Compliance rules (platform): 2 rules

1. Comment failures hidden 🐞 Bug ☼ Reliability

Description

changelog-generator logs and prints the comment on GitHub API/client failures but still exits
successfully, so the workflow can go green without ever posting/updating the PR comment. This
undermines the stated goal of proving the trigger-to-comment pipeline and makes breakage hard to
notice.

Code

infra-tools/cmd/changelog-generator/main.go[R47-70]

Relevance

⭐⭐ Medium

Mixed precedent: render-diff propagates comment errors (#10652) but also treats some comment updates
best-effort (#10813).

PR-#10652
PR-#10813

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The tool currently prints the body and returns on errors, never propagating a failure exit code;
render-diff in the same repo fails the run on post errors, showing the intended CI behavior pattern.

infra-tools/cmd/changelog-generator/main.go[45-71]
infra-tools/cmd/render-diff/ci.go[121-155]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`postOrPrint` swallows failures when creating the GitHub client or upserting the PR comment and returns success after printing to stdout. In CI mode (i.e., when `GITHUB_TOKEN`, `GITHUB_REPOSITORY`, and `PR_NUMBER` are set and `--dry-run` is not used), failures should cause a non-zero exit so the workflow run clearly indicates the pipeline is broken.

## Issue Context
This tool is run from a `pull_request_target` workflow to validate end-to-end commenting. A “successful” run that only prints to logs defeats the purpose.

## Fix Focus Areas
- infra-tools/cmd/changelog-generator/main.go[28-71]

## Suggested change
- Change `postOrPrint` to return an `error`.
- In `main()`, if `postOrPrint` returns error, log it and `os.Exit(1)`.
- Keep stdout printing only for true dry-run mode or when required identifiers are missing (explicitly treat that as non-CI mode).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Duplicate comments race 🐞 Bug ☼ Reliability

Description

The operator-changelog workflow can execute multiple runs for the same PR
(opened/synchronize/reopened) with no concurrency guard, and the upsert implementation is a
non-atomic list-then-create sequence. Two overlapping runs can both fail to find an existing marker
and both create comments, leaving duplicates that future runs may only update one of.

Code

.github/workflows/operator-changelog.yaml[R3-15]

Relevance

⭐⭐ Medium

No prior reviews found about adding workflow concurrency or fixing comment upsert races/duplicate
comments.

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The workflow is configured to run on multiple PR events without any concurrency control, and the
comment upsert is implemented via a list-then-create flow that can race under overlapping
executions.

.github/workflows/operator-changelog.yaml[1-36]
infra-tools/internal/github/comments.go[50-77]
infra-tools/internal/github/comments.go[80-101]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Concurrent workflow runs for the same PR can race in `UpsertCommentByMarker` (find comment -> create comment), resulting in duplicate placeholder comments.

## Issue Context
The workflow triggers on multiple PR events and has no `concurrency:` configuration. The upsert logic calls `ListComments` and then `CreateComment`, which is not atomic.

## Fix Focus Areas
- .github/workflows/operator-changelog.yaml[1-36]
- infra-tools/internal/github/comments.go[50-101]

## Suggested change
- Add a `concurrency` block to the workflow to ensure only one run per PR is active, e.g.:
 ```yaml
 concurrency:
   group: operator-changelog-${{ github.event.pull_request.number }}
   cancel-in-progress: true
 ```
- (Optional hardening) In `findCommentByMarker`, return all matching comment IDs and update the most recent, or detect duplicates and update the newest to reduce impact if duplicates already exist.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Empty marker matches all 🐞 Bug ≡ Correctness

Description

UpsertCommentByMarker accepts any marker string and findCommentByMarker uses strings.Contains(body,
marker); if a caller accidentally passes an empty/whitespace marker, it will match the first PR
comment and overwrite unrelated discussion. This is not triggered by the current changelog-generator
(hardcoded marker), but it makes the new exported API easy to misuse.

Code

infra-tools/internal/github/comments.go[R80-84]

Relevance

⭐⭐ Medium

No evidence of validating non-empty markers; earlier upsert used strings.Contains without guard
(#10652).

PR-#10652

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The marker is passed through without validation and is directly used in strings.Contains, which
would match every comment if the marker were empty; this makes the new API a correctness footgun for
future call sites.

infra-tools/internal/github/comments.go[50-57]
infra-tools/internal/github/comments.go[80-92]
infra-tools/cmd/changelog-generator/main.go[22-43]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`UpsertCommentByMarker`/`findCommentByMarker` do not validate the `marker` input. In Go, `strings.Contains(s, "")` is always true, so an empty marker would cause unintended comment updates.

## Issue Context
This is a new exported method intended for multiple tools. Guardrails here prevent accidental misuse and hard-to-debug PR comment corruption.

## Fix Focus Areas
- infra-tools/internal/github/comments.go[50-101]

## Suggested change
- Add validation at the start of `UpsertCommentByMarker` (preferred) or `findCommentByMarker`:
 - `marker = strings.TrimSpace(marker)`
 - if `marker == ""` return an error.
 - (Optional) if `!strings.Contains(body, marker)` return an error to prevent callers from forgetting to embed the marker, which would otherwise create a new comment each run.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[qodo-for-redhat-appstudio]

1. Comment failures hidden 🐞 Bug ☼ Reliability

changelog-generator logs and prints the comment on GitHub API/client failures but still exits
successfully, so the workflow can go green without ever posting/updating the PR comment. This
undermines the stated goal of proving the trigger-to-comment pipeline and makes breakage hard to
notice.

Agent Prompt

## Issue description
`postOrPrint` swallows failures when creating the GitHub client or upserting the PR comment and returns success after printing to stdout. In CI mode (i.e., when `GITHUB_TOKEN`, `GITHUB_REPOSITORY`, and `PR_NUMBER` are set and `--dry-run` is not used), failures should cause a non-zero exit so the workflow run clearly indicates the pipeline is broken.

## Issue Context
This tool is run from a `pull_request_target` workflow to validate end-to-end commenting. A “successful” run that only prints to logs defeats the purpose.

## Fix Focus Areas
- infra-tools/cmd/changelog-generator/main.go[28-71]

## Suggested change
- Change `postOrPrint` to return an `error`.
- In `main()`, if `postOrPrint` returns error, log it and `os.Exit(1)`.
- Keep stdout printing only for true dry-run mode or when required identifiers are missing (explicitly treat that as non-CI mode).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools