Add a delay and check to ensure that SPOD patch is rolled out

Author: ngopalak-redhat

hack/ci/install-spo.sh

@@ -101,7 +101,23 @@ install_operator() {
   k_wait pod -l name=spod
 
   wait_for spod spod
+  INITIAL_SPOD_DS_VERSION=$(k get controllerrevision -l name=spod --sort-by=.revision -o=jsonpath='{.items[-1].revision}' 2>/dev/null)
+
+  if [[ -z "$INITIAL_SPOD_DS_VERSION" ]]; then
+      echo "Error: DaemonSet 'spod' not found or could not get its status."
+      exit 1
+  fi
   k patch spod spod --type=merge -p '{"spec":{"enableBpfRecorder":true}}'
+  # Wait for security profiles operator to modify the spod daemonset
+  sleep 5
   k rollout status ds spod --timeout 360s
+  PATCHED_SPOD_DS_VERSION=$(k get controllerrevision -l name=spod --sort-by=.revision -o=jsonpath='{.items[-1].revision}' 2>/dev/null)
+
+  if [ "$PATCHED_SPOD_DS_VERSION" -gt "$INITIAL_SPOD_DS_VERSION" ]; then
+      echo "Success! The DaemonSet version has been updated from $INITIAL_SPOD_DS_VERSION to $PATCHED_SPOD_DS_VERSION."
+  else
+      echo "Failure. The DaemonSet version did not change. It is still $PATCHED_SPOD_DS_VERSION."
+      exit 1
+  fi
   k_wait spod spod
 }

hacking.md

@@ -185,7 +185,7 @@ OpenShift cluster's configuration file, and you need to be successfully logged i
 
 For convenience, the `Makefile` contains a target called `deploy-openshift-dev` which
 deploys SPO in an OpenShift cluster with the appropriate defaults (SELinux is on by default)
-and the appropriate settings (no cert-manager needed). It should be noted that `deploy-openshit-dev`
+and the appropriate settings (no cert-manager needed). It should be noted that `deploy-openshift-dev`
 will not enable eBPF and app-armor capabilities (APPARMOR_ENABLED=0, BPF_ENABLED=0).
 
 If you modify the code and need to push the images to the cluster again, use the