fix(prowgen): disable sparse checkout when build_if_affected is enabled

[Prucek]

Summary

• Sparse checkout only checks out Dockerfiles for image jobs, but build_if_affected requires the full Go source tree to run packages.Load for tool detection
• This caused packages.Load to fail with "directory not found" errors, silently falling back to building all images — defeating the purpose of build_if_affected
• Fix: disable sparse checkout when images.build_if_affected is true

🤖 Generated with Claude Code

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR extends sparse checkout disabling behavior to include images.BuildIfAffected in addition to explicit DisableSparseCheckout flags. The logic change, unit test with fixture, and integration test outputs are all updated consistently to validate and demonstrate this behavior.

Changes

Sparse checkout disabled for BuildIfAffected

Layer / File(s)	Summary
Logic change and unit validation pkg/prowgen/jobbase.go, pkg/prowgen/jobbase_test.go, pkg/prowgen/testdata/zz_fixture_TestProwJobBaseBuilder_job_with_images_and_build_if_affected_disables_sparse_checkout.yaml	NewProwJobBaseBuilder expands the disableSparseCheckout condition to include configSpec.Images.BuildIfAffected. A new unit test case verifies that jobs built with BuildIfAffected: true generate an empty decoration_config instead of populating sparse checkout files.
Integration test fixture updates test/integration/ci-operator-prowgen/output/jobs/super/duper/super-duper-master-postsubmits.yaml, test/integration/ci-operator-prowgen/output/jobs/super/duper/super-duper-master-presubmits.yaml	Real CI job fixtures for super/duper postsubmits and presubmits are updated to show empty decoration_config objects (removing previous sparse_checkout_files directives) for jobs with BuildIfAffected enabled.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• openshift/ci-tools#5207: Modifies NewProwJobBaseBuilder sparse-checkout behavior with related conditions based on job configuration flags.

Suggested labels

approved, lgtm

Suggested reviewers

• danilo-gemoli
• deepsm007
• droslean

🚥 Pre-merge checks | ✅ 16 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (16 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: disabling sparse checkout when build_if_affected is enabled, which is the core fix demonstrated across all modified files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Go Error Handling	✅ Passed	PR follows proper Go error handling patterns: no errors ignored with _, panic not introduced in changes, nil pointer checks are appropriate, and configSpec.Images access is safe.
Test Coverage For New Features	✅ Passed	Bug fix adds test case to TestProwJobBaseBuilder covering sparse checkout disabling when BuildIfAffected is true, with corresponding fixture file validating the expected behavior.
Stable And Deterministic Test Names	✅ Passed	PR uses table-driven tests with Go's standard testing framework, not Ginkgo. The added test has a static, deterministic name with no dynamic elements.
Test Structure And Quality	✅ Passed	This PR contains standard Go tests with t.Run subtests, not Ginkgo tests. The custom check applies only to Ginkgo test code (It blocks, BeforeEach/AfterEach), which is not present.
Microshift Test Compatibility	✅ Passed	PR adds unit tests using Go's testing package, not Ginkgo e2e tests. Custom check for Ginkgo e2e test MicroShift compatibility is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. Changes are limited to Prow job generation logic and Go unit tests, which are not subject to SNO compatibility checks.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies Prow job config generator (CI tooling), not deployment manifests or operators. No scheduling constraints, affinity rules, or topology-related fields introduced.
Ote Binary Stdout Contract	✅ Passed	PR modifies prowgen utility library (Prow job config generation), not OTE/test binaries. No stdout writes, main functions, or suite setup code present. Changes are pure config logic.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	New e2e test file added (gsm-e2e_test.go) uses standard Go testing, not Ginkgo patterns. Check scope is limited to Ginkgo e2e tests only.
No-Weak-Crypto	✅ Passed	The PR only modifies sparse checkout logic in jobbase.go. No weak cryptographic algorithms, custom crypto implementations, or insecure secret comparisons are introduced.
Container-Privileges	✅ Passed	No privileged container configurations (privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation) detected in any modified YAML manifests or Go code.
No-Sensitive-Data-In-Logs	✅ Passed	No logging statements found exposing passwords, tokens, API keys, or PII. OAuth tokens correctly referenced via Kubernetes secret names without logging actual credentials.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

pkg/prowgen/jobbase.go (1)

100-100: ⚡ Quick win

Add inline comment explaining BuildIfAffected sparse checkout dependency.

The relationship between BuildIfAffected and sparse checkout is non-obvious. Add a brief comment explaining that BuildIfAffected requires the full Go source tree for packages.Load analysis, not just Dockerfiles.

📝 Suggested comment

+	// BuildIfAffected requires full Go source tree for packages.Load, not just Dockerfiles
 	disableSparseCheckout := (configSpec.Prowgen != nil && configSpec.Prowgen.DisableSparseCheckout) || configSpec.Images.BuildIfAffected

As per coding guidelines, "Comment important exported functions with their purpose, parameters, and return values. Do not add inline comments explaining what code does; only why when non-obvious."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/prowgen/jobbase.go` at line 100, The logic setting disableSparseCheckout
combines Prowgen.DisableSparseCheckout and Images.BuildIfAffected but lacks an
inline explanation; add a brief inline comment above the disableSparseCheckout
assignment that explains why Images.BuildIfAffected forces sparse checkout to be
disabled — specifically: BuildIfAffected requires the full Go source tree (not
just Dockerfiles) for packages.Load analysis, so sparse checkout must be
disabled when configSpec.Images.BuildIfAffected is true; reference the
disableSparseCheckout variable, configSpec.Images.BuildIfAffected, and
packages.Load in the comment.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@pkg/prowgen/jobbase.go`:
- Line 100: The logic setting disableSparseCheckout combines
Prowgen.DisableSparseCheckout and Images.BuildIfAffected but lacks an inline
explanation; add a brief inline comment above the disableSparseCheckout
assignment that explains why Images.BuildIfAffected forces sparse checkout to be
disabled — specifically: BuildIfAffected requires the full Go source tree (not
just Dockerfiles) for packages.Load analysis, so sparse checkout must be
disabled when configSpec.Images.BuildIfAffected is true; reference the
disableSparseCheckout variable, configSpec.Images.BuildIfAffected, and
packages.Load in the comment.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 62d90041-1c22-46bb-9c65-ef52bfc2e269

📥 Commits

Reviewing files that changed from the base of the PR and between b35f1f1 and 6822fb6.

📒 Files selected for processing (5)

• pkg/prowgen/jobbase.go
• pkg/prowgen/jobbase_test.go
• pkg/prowgen/testdata/zz_fixture_TestProwJobBaseBuilder_job_with_images_and_build_if_affected_disables_sparse_checkout.yaml
• test/integration/ci-operator-prowgen/output/jobs/super/duper/super-duper-master-postsubmits.yaml
• test/integration/ci-operator-prowgen/output/jobs/super/duper/super-duper-master-presubmits.yaml

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deepsm007, droslean, Prucek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Prucek,deepsm007,droslean]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Prucek]

/test e2e

[openshift-merge-bot]

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

[Prucek]

/override ci/prow/e2e

[openshift-ci]

@Prucek: Overrode contexts on behalf of Prucek: ci/prow/e2e

Details

In response to this:

/override ci/prow/e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@Prucek: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/breaking-changes	6822fb6	link	false	/test breaking-changes

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.