prowgen: deprecate prowgen config

[Prucek]

This PR adds new fields to the ci-operator configuration to replace the .config.prowgen file, as a first step toward deprecating it.

New fields:

• prowgen.private / prowgen.expose / prowgen.disable_rehearsals / prowgen.enable_secrets_store_csi_driver — top-level prowgen extras
• tests[].slack_reporter — per-test Slack reporting config (with defaults for job_states_to_report and report_template)
• tests[].disable_rehearsal — per-test rehearsal disable
• tests[].max_concurrency — per-test max concurrency override
• operator.skip_presubmits — skip operator bundle presubmit generation
• openshift-priv org defaults to private: true automatically

Else:

• CI-operator config fields take precedence over .config.prowgen
• .config.prowgen fallback is fully preserved — no behavior change for unmigrated repos
• TODO: Migration in o/release, then we can delete the code related

Summary by CodeRabbit

• New Features
  • Introduced Slack reporting configuration for tests with customizable notification channels and job state filters
  • Added per-test max concurrency limits for controlling parallel job execution
  • Added ability to disable test rehearsals on a per-test or global basis
  • Added option to skip operator presubmit generation
  • Extended Prow configuration with private job and organizational secrets store support

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

Walkthrough

The changes introduce Slack reporting capabilities and per-test configuration options for Prow job generation. New API types encapsulate SlackReporter configuration, ProwgenExtras settings, and extend existing configuration types with optional fields for disabling rehearsals, setting max concurrency, and controlling operator presubmits. Prowgen job generation logic is refactored to apply these configurations with explicit precedence rules.

Changes

Cohort / File(s)	Summary
API Type Definitions pkg/api/types.go	Introduces SlackReporter and ProwgenExtras structs with constants/variables for defaults. Extends ReleaseBuildConfiguration, TestStepConfiguration, and OperatorStepConfiguration with new optional fields for Slack reporting, rehearsal control, concurrency limits, and operator-specific flags.
Prowgen Helpers pkg/prowgen/jobbase.go	Adds internal helper functions (isPrivate, isExposed, isSecretsStoreCSIDriverEnabled) to centralize configuration checks. Refactors multiple code paths to use these helpers instead of direct conditionals, centralizing precedence logic between ci-operator config and ProwgenInfo.
Prowgen Job Generation pkg/prowgen/prowgen.go	Introduces maxConcurrency helper and extends option types (GeneratePresubmitOptions, GeneratePostsubmitOptions, GeneratePeriodicOptions) with SlackReporter and MaxConcurrency fields. Refactors addSlackReporterConfig to accept per-test reporter with precedence over global config. Adds logic for operator presubmit skipping and per-test rehearsal disabling.
Unit Tests pkg/prowgen/prowgen_test.go	Adds comprehensive test scenarios covering SlackReporter configuration sourcing and precedence, rehearsal control (per-test and global), operator presubmit skipping, private/expose settings, openshift-priv defaulting, and max concurrency for postsubmits and periodics.
Test Fixtures - Rehearsal & Operators pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_disable_all_rehearsals_from_ci_operator_prowgen_config.yaml, zz_fixture_TestGenerateJobs_disable_rehearsal_from_ci_operator_config_per_test.yaml, zz_fixture_TestGenerateJobs_openshift_priv_org_defaults_to_private.yaml, zz_fixture_TestGenerateJobs_skip_operator_presubmits_from_ci_operator_config.yaml	Fixture files validating rehearsal disabling behavior, openshift-priv organization defaults, and operator presubmit skipping configurations.
Test Fixtures - Slack Reporter pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_slack_reporter_from_ci_operator_config_with_defaults.yaml, zz_fixture_TestGenerateJobs_slack_reporter_from_ci_operator_config_with_explicit_values.yaml, zz_fixture_TestGenerateJobs_slack_reporter_from_ci_operator_config_takes_precedence_over_prowgen_config.yaml	Fixture files validating Slack reporter configuration sourcing, default values, and precedence of ci-operator config over prowgen config.
Test Fixtures - Concurrency pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_postsubmit_with_custom_max_concurrency.yaml, zz_fixture_TestGenerateJobs_periodic_with_custom_max_concurrency.yaml	Fixture files validating max concurrency settings for postsubmit and periodic job generation.
Test Fixtures - Privacy Settings pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_private_from_ci_operator_prowgen_config.yaml, zz_fixture_TestGenerateJobs_private_with_expose_from_ci_operator_prowgen_config.yaml	Fixture files validating private and expose settings from ci-operator prowgen configuration.
Integration Tests test/integration/ci-operator-prowgen/input/config/prowgen-config/duper/prowgen-config-duper-master.yaml, test/integration/ci-operator-prowgen/output/jobs/prowgen-config/duper/prowgen-config-duper-master-presubmits.yaml, prowgen-config-duper-master-postsubmits.yaml, prowgen-config-duper-master-periodics.yaml	Integration test data demonstrating prowgen configuration with multiple test variants including Slack reporters, max concurrency settings, postsubmit enablement, and rehearsal control across presubmits, postsubmits, and periodic jobs.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

🚥 Pre-merge checks | ✅ 7 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (7 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'prowgen: deprecate prowgen config' accurately captures the main objective of the PR, which is to introduce new ci-operator configuration fields as a deprecation path for the standalone .config.prowgen file.
Stable And Deterministic Test Names	✅ Passed	This pull request does not use the Ginkgo testing framework; it uses standard Go testing with table-driven tests and t.Run() for subtest organization.
Test Structure And Quality	✅ Passed	11-12 new test cases added to TestGenerateJobs follow Go testing best practices, use table-driven testing with descriptive IDs, include proper error handling, employ fixture-based assertions, and match established codebase conventions.
Microshift Test Compatibility	✅ Passed	This pull request does not introduce any Ginkgo e2e tests. The test changes consist exclusively of standard Go unit tests and test data files. Since the MicroShift compatibility check applies only to Ginkgo e2e tests, it is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	The test file uses standard Go testing (testing.T), not Ginkgo e2e tests. Changes are configuration utilities, not e2e tests.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR does not introduce any new Ginkgo e2e tests. Test changes consist of unit tests using Go's standard testing package, test fixture YAML files, and integration test configuration files. Since no Ginkgo e2e tests are present, the check is not applicable and passes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Prucek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Prucek]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/api/types.go`:
- Around line 52-64: The ProwgenExtras boolean toggles (Private, Expose,
DisableRehearsals, EnableSecretsStoreCSIDriver) and
OperatorStepConfiguration.SkipPresubmits must be made tri-state so omitted vs
explicit-false can be distinguished; change their types from bool to *bool
(e.g., Private *bool) and update downstream checks in isPrivate(), isExposed(),
isSecretsStoreCSIDriverEnabled() and any logic using SkipPresubmits to test for
nil before dereferencing (treat nil as “unset” and only honor explicit
true/false when pointer is non-nil), keeping existing fallback behavior to
legacy checks.

In
`@test/integration/ci-operator-prowgen/input/config/prowgen-config/duper/prowgen-config-duper-master.yaml`:
- Around line 16-19: Update the CPU quantity units for the YAML fixture: replace
limits.cpu value "500Mi" with "500m" and requests.cpu value "10Mi" with "10m" so
CPU uses millicores; locate the entries under the limits and requests keys
(limits.cpu, requests.cpu) and change the unit suffix from "Mi" to "m".

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8a423303-e44b-4b84-9d62-5200cef147ca

📥 Commits

Reviewing files that changed from the base of the PR and between 2b0ca42 and d3f4082.

📒 Files selected for processing (19)

• pkg/api/types.go
• pkg/prowgen/jobbase.go
• pkg/prowgen/prowgen.go
• pkg/prowgen/prowgen_test.go
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_disable_all_rehearsals_from_ci_operator_prowgen_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_disable_rehearsal_from_ci_operator_config_per_test.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_openshift_priv_org_defaults_to_private.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_periodic_with_custom_max_concurrency.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_postsubmit_with_custom_max_concurrency.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_private_from_ci_operator_prowgen_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_private_with_expose_from_ci_operator_prowgen_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_skip_operator_presubmits_from_ci_operator_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_slack_reporter_from_ci_operator_config_takes_precedence_over_prowgen_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_slack_reporter_from_ci_operator_config_with_defaults.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_slack_reporter_from_ci_operator_config_with_explicit_values.yaml
• test/integration/ci-operator-prowgen/input/config/prowgen-config/duper/prowgen-config-duper-master.yaml
• test/integration/ci-operator-prowgen/output/jobs/prowgen-config/duper/prowgen-config-duper-master-periodics.yaml
• test/integration/ci-operator-prowgen/output/jobs/prowgen-config/duper/prowgen-config-duper-master-postsubmits.yaml
• test/integration/ci-operator-prowgen/output/jobs/prowgen-config/duper/prowgen-config-duper-master-presubmits.yaml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

In Go, when unmarshalling JSON/YAML into a bool field tagged with omitempty, can code distinguish an omitted field from an explicit falsewithout using*bool or a custom type?

💡 Result:

No—not when you unmarshal directly into a struct field of type bool.

• omitempty affects marshaling only; it “has no effect when unmarshaling.” [1] (Same idea in gopkg.in/yaml.v3: the omitempty flag is described as a marshaling control.) [2]
• When a field is omitted in the input, Go’s unmarshaler simply doesn’t assign it, so it stays at the Go zero value; for bool that’s false, which is indistinguishable from an explicitly provided false. [3]

If you can’t use *bool or a custom type, the remaining option is an out-of-band presence check, e.g. unmarshal into a map[string]json.RawMessage / map[string]any (or yaml.Node) to see whether the key exists, then decode into your struct.

Sources: [1] encoding/json/v2 docs on struct tags (omitempty has no effect when unmarshaling) https://pkg.go.dev/encoding/json/v2, [2] yaml.v3 docs (omitempty flag described under Marshal/tag behavior) https://pkg.go.dev/gopkg.in/yaml.v3, [3] Eli Bendersky on missing fields keeping Go zero values during json.Unmarshal https://eli.thegreenplace.net/2020/optional-json-fields-in-go/

---

🏁 Script executed:

# Locate and inspect the exact field locations mentioned
echo "=== Checking ProwgenExtras in pkg/api/types.go ==="
rg -n "type ProwgenExtras" pkg/api/types.go -A 15

echo -e "\n=== Checking lines 2759-2760 in pkg/api/types.go ==="
sed -n '2755,2765p' pkg/api/types.go

echo -e "\n=== Checking if *bool is already used in types.go ==="
rg "\*bool" pkg/api/types.go | head -20

echo -e "\n=== Checking downstream helpers in jobbase.go ==="
rg -n "isPrivate|isExposed|isSecretsStoreCSIDriverEnabled" pkg/prowgen/jobbase.go -A 3

Repository: openshift/ci-tools

Length of output: 3903

---

🏁 Script executed:

# Check how ProwgenExtras fields are accessed in pkg/prowgen/prowgen.go
echo "=== Checking GenerateJobs usage of Prowgen fields ==="
rg -n "\.Private|\.Expose|\.DisableRehearsals|\.EnableSecretsStoreCSIDriver" pkg/prowgen/ -B 2 -A 2

Repository: openshift/ci-tools

Length of output: 1751

---

🏁 Script executed:

# Verify the OperatorStepConfiguration struct location
echo "=== Checking OperatorStepConfiguration and SkipPresubmits ==="
rg -n "type OperatorStepConfiguration" pkg/api/types.go -A 30 | grep -i "skip"

Repository: openshift/ci-tools

Length of output: 317

---

Use tri-state booleans for the migrated prowgen toggles.

These fields need "set vs unset" semantics. Plain bool cannot distinguish between omitted and explicit false during JSON/YAML unmarshal—both result in false. This breaks fallback behavior: an openshift-priv repo migrating only prowgen.expose: true will unmarshal private as false, and the helper logic in pkg/prowgen/jobbase.go will return false instead of falling back to the legacy check. The same issue affects all four ProwgenExtras fields and OperatorStepConfiguration.SkipPresubmits.

Use *bool instead. The codebase already follows this pattern for optional booleans (AlwaysRun, RestrictNetworkAccess, etc.). Downstream code in isPrivate(), isExposed(), and isSecretsStoreCSIDriverEnabled() will need to check for nil before dereferencing, which enables correct fallback semantics.

Suggested direction

 type ProwgenExtras struct {
-	Private bool `json:"private,omitempty"`
-	Expose bool `json:"expose,omitempty"`
-	DisableRehearsals bool `json:"disable_rehearsals,omitempty"`
-	EnableSecretsStoreCSIDriver bool `json:"enable_secrets_store_csi_driver,omitempty"`
+	Private *bool `json:"private,omitempty"`
+	Expose *bool `json:"expose,omitempty"`
+	DisableRehearsals *bool `json:"disable_rehearsals,omitempty"`
+	EnableSecretsStoreCSIDriver *bool `json:"enable_secrets_store_csi_driver,omitempty"`
 }
 ...
-	SkipPresubmits bool `json:"skip_presubmits,omitempty"`
+	SkipPresubmits *bool `json:"skip_presubmits,omitempty"`

Also applies to: 2760

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/api/types.go` around lines 52 - 64, The ProwgenExtras boolean toggles
(Private, Expose, DisableRehearsals, EnableSecretsStoreCSIDriver) and
OperatorStepConfiguration.SkipPresubmits must be made tri-state so omitted vs
explicit-false can be distinguished; change their types from bool to *bool
(e.g., Private *bool) and update downstream checks in isPrivate(), isExposed(),
isSecretsStoreCSIDriverEnabled() and any logic using SkipPresubmits to test for
nil before dereferencing (treat nil as “unset” and only honor explicit
true/false when pointer is non-nil), keeping existing fallback behavior to
legacy checks.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

In Kubernetes resource requests/limits, is Mia valid unit for CPU, and should millicores be expressed withm instead?

💡 Result:

No—Mi should not be used for CPU requests/limits. In Kubernetes, CPU is expressed in CPU units (cores), and fractional CPU is typically written as millicpu / millicores using the m suffix (e.g., 100m = 0.1 CPU). Kubernetes’ own docs describe CPU this way and use m for milli-CPU. [1]

Mi is an IEC binary prefix (“mebi”, 2²⁰) that belongs to the generic Kubernetes Quantity syntax (used commonly for bytes like memory), alongside Ki, Gi, etc. [2] For CPU, the correct milli-unit is m, not Mi. [1]

Examples

• CPU: cpu: "250m" or cpu: "0.25" [1]
• Memory: memory: "128Mi" [1]

Sources: [1], [2]

---

Fix the CPU quantity units in this fixture.

cpu: 500Mi and cpu: 10Mi use a binary memory suffix (Mi = mebi, 2²⁰), which is invalid for CPU. CPU quantities should use the m suffix for millicores. Change these to cpu: 500m and cpu: 10m respectively.

Suggested fix

 resources:
   '*':
     limits:
-      cpu: 500Mi
+      cpu: 500m
     requests:
-      cpu: 10Mi
+      cpu: 10m

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	limits:
	cpu: 500Mi
	requests:
	cpu: 10Mi
	limits:
	cpu: 500m
	requests:
	cpu: 10m

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@test/integration/ci-operator-prowgen/input/config/prowgen-config/duper/prowgen-config-duper-master.yaml`
around lines 16 - 19, Update the CPU quantity units for the YAML fixture:
replace limits.cpu value "500Mi" with "500m" and requests.cpu value "10Mi" with
"10m" so CPU uses millicores; locate the entries under the limits and requests
keys (limits.cpu, requests.cpu) and change the unit suffix from "Mi" to "m".

[openshift-ci]

@Prucek: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/integration	d3f4082	link	true	/test integration
ci/prow/unit	d3f4082	link	true	/test unit
ci/prow/codegen	d3f4082	link	true	/test codegen
ci/prow/breaking-changes	d3f4082	link	false	/test breaking-changes
ci/prow/images	d3f4082	link	true	/test images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.