local-deploy does not properly report uninstallable provider packages

[ulucinar]

What happened?

As exemplified in crossplane-contrib/provider-upjet-azuread#46, we may not be able to detect an uninstallable provider package with the local-deploy job. If we solely relied on local-deploy we could merge crossplane-contrib/provider-upjet-azuread#46, which could have resulted in a release with an uninstallable package.

How can we reproduce it?

up@v0.16.0 has this issue. I have not fully understood why local-deploy cannot catch this as I assume we still unpack the xpkg archive built by the up tooling to populate the Crossplane package manager cache. We may need to further investigate this.

We first need to understand why by prepopulating the cache, we could not reproduce this issue in the official-provider CI pipelines. We may prefer to deploy the built provider package to a local Docker registry but Crossplane package manager will refuse to talk to an insecure registry or a registry that presents a self-signed certificate I guess.

What environment did it happen in?

• Up Dependency: v0.16.0
• provider-azuread: v0.6.0
• UXP: 1.11.3-up.1