operator-framework · pedjak · Dec 22, 2025
@@ -125,10 +125,10 @@ lint: lint-custom $(GOLANGCI_LINT) #HELP Run golangci linter.
 lint-helm: $(HELM) $(CONFTEST) #HELP Run helm linter
 	helm lint helm/olmv1
 	helm lint helm/prometheus
-	(helm template olmv1 helm/olmv1; helm template prometheus helm/prometheus) | $(CONFTEST) test --policy hack/conftest/policy/ --combine -n main -n prometheus -
+	(set -euo pipefail; helm template olmv1 helm/olmv1; helm template prometheus helm/prometheus) | $(CONFTEST) test --policy hack/conftest/policy/ --combine -n main -n prometheus -
 
 .PHONY: lint-deployed-resources
-lint-deployed-resources: $(KUBE_SCORE) #HELP Lint deployed resources.
+lint-deployed-resources: $(KUBE_SCORE) #EXHELP Lint deployed resources.
 	(for ns in $$(printf "olmv1-system\n%s\n" "$(CATD_NAMESPACE)" | uniq); do \
 		for resource in $$(kubectl api-resources --verbs=list --namespaced -o name); do \
 			kubectl get $$resource -n $$ns -o yaml ; \

@@ -41,7 +41,7 @@ These policies are automatically run as part of:
 
 ```bash
 # Run all policies (main + prometheus namespaces)
-helm template olmv1 helm/olmv1 | conftest test --policy hack/conftest/policy/ --combine -n main -n prometheus -
+(helm template olmv1 helm/olmv1; helm template prometheus helm/prometheus) | conftest test --policy hack/conftest/policy/ --combine -n main -n prometheus -
 
 # Run only OLM policies
 helm template olmv1 helm/olmv1 | conftest test --policy hack/conftest/policy/ --combine -n main -

@@ -101,7 +101,7 @@ deny contains msg if {
 deny contains msg if {
 	count(catalogd_policies) == 1
 	not catalogd_has_egress
-	msg := "Missing egress rules in catalogd-controller-manager NetworkPolicy. General egress is required to enables operator-controller to pull bundle images from arbitrary image registries, connect to catalogd's HTTPS server for metadata, and interact with the Kubernetes API server."
+	msg := "Missing egress rules in catalogd-controller-manager NetworkPolicy. General egress is required to enable catalogd-controller to pull bundle images from arbitrary image registries, and interact with the Kubernetes API server."
 }
 
 # Check that a NetworkPolicy exists for operator-controller-controller-manager that:
@@ -156,5 +156,5 @@ deny contains msg if {
 deny contains msg if {
 	count(operator_controller_policies) == 1
 	not operator_controller_has_egress
-	msg := "Missing egress rules in operator-controller-controller-manager NetworkPolicy. General egress is required to enables operator-controller to pull bundle images from arbitrary image registries, connect to catalogd's HTTPS server for metadata, and interact with the Kubernetes API server."
+	msg := "Missing egress rules in operator-controller-controller-manager NetworkPolicy. General egress is required to enable operator-controller to pull bundle images from arbitrary image registries, connect to catalogd's HTTPS server for metadata, and interact with the Kubernetes API server."
 }