NO-JIRA: Fix docs deploy preview by replacing gh CLI with curl

[bryan-cox]

Summary

• The docs deploy preview workflow fails on arc-runner-set runners because gh CLI is not installed
• Replaces gh api calls with equivalent curl + jq calls which are available on all runners
• This fixes the missing docs preview link on PRs that change docs (e.g. OCPSTRAT-1677: Add Spot instances documentation #8485)

Test plan

• Verify the docs deploy preview workflow succeeds on a PR that changes docs files
• Verify the preview URL deployment status appears on the PR

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Improved documentation preview deployments: previews now trigger on docs pull requests, validate PR context to avoid invalid previews, and publish preview URLs with clearer success status updates.
• Documentation
  • Capitalized the "Project Goals" heading for consistency.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@bryan-cox: This pull request explicitly references no jira issue.

Details

In response to this:

Summary

• The docs deploy preview workflow fails on arc-runner-set runners because gh CLI is not installed
• Replaces gh api calls with equivalent curl + jq calls which are available on all runners
• This fixes the missing docs preview link on PRs that change docs (e.g. OCPSTRAT-1677: Add Spot instances documentation #8485)

Test plan

• Verify the docs deploy preview workflow succeeds on a PR that changes docs files
• Verify the preview URL deployment status appears on the PR

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

📝 Walkthrough

Walkthrough

The docs deployment workflow was changed to trigger on pull requests to main limited to docs/**. The “Create PR deployment status” step in the deploy job now uses GITHUB_TOKEN and event data (pull_request.number, head.sha, repository) and replaces gh api with direct GitHub REST calls via curl. The step POSTs to /repos/{repo}/deployments, parses and validates the returned deployment id, then POSTs a success status including the computed environment_url and PR-specific description.

Sequence Diagram(s)

sequenceDiagram
    participant Runner as GitHub Actions runner
    participant Repo as Repository / PR
    participant API as GitHub REST API
    participant Pages as GitHub Pages preview

    Runner->>Repo: pull_request event (PR number, head SHA, repo)
    Runner->>Runner: construct environment name and environment_url
    Runner->>API: POST /repos/{repo}/deployments (ref=head_sha, environment=docs-preview/pr-<N>) with GITHUB_TOKEN
    API-->>Runner: 201 Created (response contains deployment.id)
    Runner->>Runner: parse deployment.id with jq and validate numeric
    Runner->>API: POST /repos/{repo}/deployments/{deployment_id}/statuses (state=success, environment_url, description)
    API-->>Runner: 201 Created (status)
    API-->>Repo: associate deployment & status with PR
    Runner->>Pages: environment_url (preview) advertised in deployment status

Loading

Suggested reviewers

• sjenning
• jparrill

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: fixing the docs deploy preview workflow by replacing gh CLI with curl.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The custom check for stable and deterministic Ginkgo test names is not applicable. The PR modifies only a GitHub Actions workflow and documentation file, with no Ginkgo test files present.
Test Structure And Quality	✅ Passed	This PR contains no Ginkgo test code. Changes are a GitHub Actions workflow and markdown documentation. The test quality check is not applicable.
Microshift Test Compatibility	✅ Passed	This PR does not add new Ginkgo e2e tests. Changes are only to a GitHub Actions workflow and documentation, making the MicroShift compatibility check not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. It only modifies a GitHub Actions workflow file and a documentation markdown file. The SNO compatibility check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR only modifies a GitHub Actions workflow and documentation. The topology-aware scheduling check applies to deployment manifests, operator code, and controllers, which this PR does not touch.
Ote Binary Stdout Contract	✅ Passed	Custom check is not applicable. PR changes only affect a GitHub Actions workflow YAML file and a documentation markdown file. Neither are OTE binaries or test code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. Changes are limited to GitHub Actions workflow and documentation, which fall outside the scope of this IPv6/disconnected network compatibility check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [bryan-cox]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/docs-deploy.yaml:
- Around line 8-13: Remove the temporary manual test path that allows writing
deployment statuses: delete the workflow_dispatch inputs.block for test_pr
(inputs.test_pr) and remove the corresponding job/steps that perform the manual
status write (look for the test-curl job and any steps invoking curl or writing
deployment statuses), or gate them behind a non-merged/test-only branch so they
are not present in the final merge; ensure no remaining references to test_pr or
test-curl exist in the workflow (also check the remainder of the file around the
20-58 region).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e498cdef-1cd5-4fe4-bc1c-243c7bb1f68f

📥 Commits

Reviewing files that changed from the base of the PR and between 5084d23 and 0bd26fb.

📒 Files selected for processing (1)

• .github/workflows/docs-deploy.yaml

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/docs-deploy.yaml (1)

38-44: 💤 Low value

Consider using jq for safer JSON construction.

While the current string interpolation is safe due to prior validation of PR_NUMBER (and HEAD_SHA being a hex SHA), using jq -n for JSON construction is more robust and prevents potential issues if validation logic changes in the future.

♻️ Optional: Use jq for JSON construction

-          DEPLOY_ID=$(curl -fsSL \
-            -X POST \
-            -H "Authorization: Bearer ${GITHUB_TOKEN}" \
-            -H "Accept: application/vnd.github+json" \
-            "https://api.github.com/repos/${REPO}/deployments" \
-            -d '{"ref":"'"${HEAD_SHA}"'","environment":"'"${DEPLOY_ENV}"'","auto_merge":false,"required_contexts":[]}' \
-            | jq -r '.id')
+          DEPLOY_PAYLOAD=$(jq -n \
+            --arg ref "${HEAD_SHA}" \
+            --arg env "${DEPLOY_ENV}" \
+            '{"ref":$ref,"environment":$env,"auto_merge":false,"required_contexts":[]}')
+          DEPLOY_ID=$(curl -fsSL \
+            -X POST \
+            -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+            -H "Accept: application/vnd.github+json" \
+            "https://api.github.com/repos/${REPO}/deployments" \
+            -d "${DEPLOY_PAYLOAD}" \
+            | jq -r '.id')

Same pattern can be applied to the status creation curl on lines 50-55.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docs-deploy.yaml around lines 38 - 44, The deployment curl
that builds the JSON payload into DEPLOY_ID currently uses string interpolation
of HEAD_SHA/DEPLOY_ENV/REPO; replace that inline JSON construction with a safer
jq-based payload using jq -n --arg HEAD_SHA "$HEAD_SHA" --arg DEPLOY_ENV
"$DEPLOY_ENV" --argjson auto_merge false
'{ref:$HEAD_SHA,environment:$DEPLOY_ENV,auto_merge:$auto_merge,required_contexts:[]}'
(or equivalent) and pipe that to curl's -d `@-` to avoid fragile string
concatenation; apply the same jq -n approach to the subsequent status-creation
curl (the block around lines creating deployment status) so both payloads are
built robustly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/docs-deploy.yaml:
- Around line 38-44: The deployment curl that builds the JSON payload into
DEPLOY_ID currently uses string interpolation of HEAD_SHA/DEPLOY_ENV/REPO;
replace that inline JSON construction with a safer jq-based payload using jq -n
--arg HEAD_SHA "$HEAD_SHA" --arg DEPLOY_ENV "$DEPLOY_ENV" --argjson auto_merge
false
'{ref:$HEAD_SHA,environment:$DEPLOY_ENV,auto_merge:$auto_merge,required_contexts:[]}'
(or equivalent) and pipe that to curl's -d `@-` to avoid fragile string
concatenation; apply the same jq -n approach to the subsequent status-creation
curl (the block around lines creating deployment status) so both payloads are
built robustly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c5f00e36-2cb3-4de9-8b1a-fc3bd0d2702f

📥 Commits

Reviewing files that changed from the base of the PR and between 0bd26fb and 31879e0.

📒 Files selected for processing (2)

• .github/workflows/docs-deploy.yaml
• docs/content/reference/goals-and-design-invariants.md

✅ Files skipped from review due to trivial changes (1)

• docs/content/reference/goals-and-design-invariants.md

[openshift-ci]

@bryan-cox: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-azure-v2-self-managed	5084d23	link	false	/test e2e-azure-v2-self-managed

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[hypershift-jira-solve-ci]

Now I have the complete picture. Let me compile the final report:

Test Failure Analysis Complete

Job Information

• Prow Job: pull-ci-openshift-hypershift-main-e2e-azure-v2-self-managed
• Build ID: 2054152817072934912
• Target: e2e-azure-v2-self-managed
• Type: presubmit (PR NO-JIRA: Fix docs deploy preview by replacing gh CLI with curl #8488)
• Build Cluster: build01
• Started: 2026-05-12T10:52:50Z
• Completed: 2026-05-12T12:45:38Z

Test Failure Analysis

Error

failed to create or restart e2e-azure-v2-self-managed-hypershift-k8sgpt pod: unable to create pod:
Internal error occurred: failed calling webhook "gpu-scheduling.ci.openshift.io": failed to call
webhook: Post "https://gpu-scheduling-webhook.gpu-scheduling-webhook.svc:443/mutate--v1-pod?timeout=10s":
context deadline exceeded

Summary

All actual e2e tests passed successfully (8 of 8 specs across 3 test suites — public, private, and OAuth LB). The job was marked as failed solely because a post-phase CI infrastructure step (hypershift-k8sgpt) could not create its pod. The pod creation was blocked by a mutating admission webhook (gpu-scheduling.ci.openshift.io) on the build01 CI cluster that timed out (10s context deadline exceeded). This is a CI infrastructure issue completely unrelated to PR #8488 or the HyperShift codebase.

Root Cause

The root cause is a transient CI infrastructure failure on the build01 build cluster. Specifically:

1. The gpu-scheduling.ci.openshift.io mutating admission webhook is configured on the build01 cluster to intercept pod creation requests. This webhook runs in the gpu-scheduling-webhook namespace and is used to manage GPU node scheduling in the CI infrastructure.

2. When ci-operator attempted to create the e2e-azure-v2-self-managed-hypershift-k8sgpt pod during the post phase (a diagnostic/gather step, not a test step), the webhook endpoint at https://gpu-scheduling-webhook.gpu-scheduling-webhook.svc:443/mutate--v1-pod failed to respond within its 10-second timeout.

3. This caused the pod creation to fail with context deadline exceeded, which ci-operator treated as a step failure, causing the entire post phase to be marked failed, which in turn caused the overall job to be reported as failure.

4. All actual tests passed. The pre phase (cluster setup, HyperShift install, guest creation) completed successfully in 38m16s. The test phase completed successfully in 16s, with all 8 test specs passing across public, private, and OAuth LB test suites. Only the post phase failed, and only because of this one infrastructure step (hypershift-k8sgpt) that couldn't create its pod due to the webhook timeout.

5. The hypershift-k8sgpt step is a diagnostic post step that runs k8sgpt analysis after tests complete — it has no bearing on test results and its failure does not indicate any product issue.

Recommendations

1. Retest the PR — This failure is unrelated to the code changes in PR NO-JIRA: Fix docs deploy preview by replacing gh CLI with curl #8488. A /retest command should produce a clean result.

2. No code changes needed — The PR (fixing docs deploy preview by replacing gh CLI with curl) has no connection to this infrastructure failure. All product tests passed.

3. CI infrastructure note — The gpu-scheduling.ci.openshift.io webhook on build01 experienced a transient timeout. If this recurs frequently, the CI platform team should investigate the health/availability of the gpu-scheduling-webhook deployment in the gpu-scheduling-webhook namespace on build01, or consider setting the webhook's failurePolicy to Ignore for non-GPU workloads.

Evidence

Evidence	Detail
Failed Step	e2e-azure-v2-self-managed-hypershift-k8sgpt (post phase)
Failure Phase	Post (gather/cleanup) — not pre (install) or test
Pre Phase Result	✅ Succeeded in 38m16s (5 steps all passed)
Test Phase Result	✅ Succeeded in 16s (all 8/8 test specs passed)
Post Phase Result	❌ Failed after 56m48s (only due to k8sgpt pod creation)
Public Tests	4 of 695 specs ran — 4 Passed, 0 Failed
Private Tests	2 of 695 specs ran — 2 Passed, 0 Failed
OAuth LB Tests	2 of 695 specs ran — 2 Passed, 0 Failed
Webhook	gpu-scheduling.ci.openshift.io on build01 cluster
Webhook Endpoint	gpu-scheduling-webhook.gpu-scheduling-webhook.svc:443
Webhook Error	context deadline exceeded (10s timeout)
Build Cluster	build01
Failure Reason	executing_graph:step_failed:...executing_multi_stage_test

---

[jparrill]

/lgtm

[openshift-merge-bot]

Pipeline controller notification

No second-stage tests were triggered for this PR.

This can happen when:

• The changed files don't match any pipeline_run_if_changed patterns
• All files match pipeline_skip_if_only_changed patterns
• No pipeline-controlled jobs are defined for the main branch

Use /test ? to see all available tests.

[jparrill]

/verified by pre-submits

[openshift-ci-robot]

@jparrill: This PR has been marked as verified by pre-submits.

Details

In response to this:

/verified by pre-submits

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.