Problem
PR #498 (infra triple-shipper) introduced .github/actions/kind-cluster-setup/action.yml which runs:
kubectl apply -f <servicemonitor-crd-url>
kubectl wait --for=condition=established --timeout=60s crd/servicemonitors.monitoring.coreos.com
Fresh CRD has nil .status.conditions for ~1-3s. kubectl wait errors immediately:
error: .status.conditions accessor error: <nil> is of the type <nil>, expected []interface{}
This regresses policy-matrix gates (gatekeeper-restricted / default + production, mutation / psa + gatekeeper) on every chart-touching PR. PR #498 merged with these failures because they weren't required-status-checks.
Fix
Replace single kubectl wait with retry-loop:
for i in {1..30}; do
if kubectl wait --for=condition=established --timeout=2s crd/servicemonitors.monitoring.coreos.com 2>/dev/null; then
break
fi
sleep 1
doneOr use kubectl wait --for=jsonpath='{.status.conditions[?(@.type=="Established")].status}'=True (kubectl ≥1.23).
Acceptance
- policy-matrix workflow jobs all pass on chart-touching PRs.
- No
accessor error: <nil> in CI logs.
- Mutation tests on intentional CRD-URL break still uniformly fail all 3 workflows.
Refs
PR #498 (regression source), kind-cluster-setup composite action.
Problem
PR #498 (infra triple-shipper) introduced
.github/actions/kind-cluster-setup/action.ymlwhich runs:Fresh CRD has nil
.status.conditionsfor ~1-3s.kubectl waiterrors immediately:This regresses policy-matrix gates (gatekeeper-restricted / default + production, mutation / psa + gatekeeper) on every chart-touching PR. PR #498 merged with these failures because they weren't required-status-checks.
Fix
Replace single
kubectl waitwith retry-loop:Or use
kubectl wait --for=jsonpath='{.status.conditions[?(@.type=="Established")].status}'=True(kubectl ≥1.23).Acceptance
accessor error: <nil>in CI logs.Refs
PR #498 (regression source), kind-cluster-setup composite action.