Add rolling-updates feature flag and compatibility framework

[ShashankFC]

User description

Test 4

Summary by CodeRabbit

• New Features

  • Introduced Rolling Updates as a new preview feature for server maintenance operations.

• Documentation

  • Added configuration instructions for enabling Rolling Updates in operator and server environments.
  • Added caution notices indicating the Rolling Updates feature must be enabled for upgrade operations to proceed.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

---

Replicated from ai-code-review-evaluation/keycloak-coderabbit#4

---

CodeAnt-AI Description

Require and document preview 'rolling-updates' feature for update-compatibility commands

What Changed

• Update compatibility commands (metadata and check) now refuse to run unless the preview feature "rolling-updates" is enabled and print a clear error; the CLI exits with a specific exit code when the feature is disabled.
• Integration tests and distribution tests were updated to pass the --features=rolling-updates flag where needed and to assert the new disabled-feature message.
• Documentation, operator examples, and the operator Dockerfile were updated to instruct enabling the rolling-updates preview feature (including a sample Keycloak CR snippet).
• Exit codes for the compatibility tool were adjusted so recreate-upgrade and feature-disabled outcomes use distinct numeric codes.

Impact

✅ Prevent accidental update-compatibility runs without enabling rolling-updates
✅ Clearer error and distinct exit code when preview feature is disabled
✅ Operator docs and examples show how to enable rolling-updates

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[ShashankFC]

@CodeAnt-AI: review

[codeant-ai]

CodeAnt AI is running the review.

[codeant-ai]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review Possible Bug The new feature-gate branch exits by calling picocli.exit(CompatibilityResult.FEATURE_DISABLED). picocli.exit(...) expects an integer exit code (or the proper type returned by your API). Passing a CompatibilityResult object/enum constant is likely incorrect — the command path for the feature-disabled case should pass the numeric exit code (e.g. FEATURE_DISABLED.exitCode()), or otherwise ensure the value passed is an int. Verify the intended overload and ensure consistent use with other codepaths (other code uses result.exitCode()). Possible Bug Same as above: the code calls picocli.exit(CompatibilityResult.FEATURE_DISABLED) when the rolling-updates feature is disabled. This should pass an int exit code (for example CompatibilityResult.FEATURE_DISABLED.exitCode()) consistent with other usage. Confirm picocli.exit(...) overload used here and make it consistent. Exit code consistency The PR adds and reassigns numeric exit codes (introduces RECREATE_UPGRADE_EXIT_CODE = 3 and FEATURE_DISABLED = 4). Verify these values are consistent across the entire codebase (other modules, scripts, tests, and any external tooling that relies on specific exit codes). Confirm there's no collision with other exit code usages and that the semantics match picocli and downstream consumers. Feature Availability The new ROLLING_UPDATES feature is added as a preview feature but has no availability guard or explicit dependencies. Confirm whether this feature should only be enabled when running in a Kubernetes environment (or when certain cluster capabilities exist) and add an availability BooleanSupplier or explicit dependencies to prevent misconfiguration/runtime errors. Operator Failure Risk The docs now state the Operator will fail if rolling-updates preview feature is not enabled. Verify the Operator performs a user-friendly validation (error message + remediation) instead of hard-failing, and ensure the docs instruct how to enable the feature for both the Operator and the server images.

[codeant-ai]

CodeAnt AI finished running the review.