fix(test): prevent global BeforeEach/AfterEach registration and add detection

[stbenjam]

When exutil.FixturePath() or exutil.NewCLI*() is called at package level (in a var declaration outside any function), it registers BeforeEach/AfterEach hooks at the root of the Ginkgo tree. This causes these hooks to run for EVERY SINGLE TEST in the suite, even when not needed, wasting CI resources and adding unnecessary test execution time.

This PR fixes the remaining cases of package-level FixturePath() calls by converting them to lazy functions.

Additionally, this PR adds runtime detection that creates flaky JUnit test cases when global nodes are detected. This allows CI to track future violations without blocking test runs. The detection:

• Groups tests by image and binary
• Identifies code locations appearing in 100% of tests for each binary
• Reports violations as [sig-ci] flaky tests with detailed fix instructions
• Skips binaries with <25 tests to avoid false positives
• Supports an allowlist for temporary exceptions

🤖 Generated with Claude Code

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: stbenjam

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [stbenjam]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-gcp-ovn-image-ecosystem

[stbenjam]

/pipeline required

[openshift-ci-robot]

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-gcp-ovn-image-ecosystem

[openshift-ci]

@stbenjam: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-serial-1of2	0c1aeb6	link	true	/test e2e-aws-ovn-serial-1of2
ci/prow/okd-scos-images	0c1aeb6	link	true	/test okd-scos-images
ci/prow/e2e-aws-csi	0c1aeb6	link	true	/test e2e-aws-csi
ci/prow/e2e-gcp-csi	0c1aeb6	link	true	/test e2e-gcp-csi

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-trt]

Job Failure Risk Analysis for sha: 0c1aeb6

Job Name	Failure Risk
pull-ci-openshift-origin-main-e2e-aws-csi	IncompleteTests Tests for this run (76) are below the historical average (1935): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)
pull-ci-openshift-origin-main-e2e-gcp-csi	IncompleteTests Tests for this run (77) are below the historical average (1951): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: 0c1aeb6

Job Name	New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-upgrade	Medium - "[sig-ci] image should not have global BeforeEach/AfterEach nodes" is a new test, and was only seen in one job.

New tests seen in this PR at sha: 0c1aeb6

• "[sig-ci] image should not have global BeforeEach/AfterEach nodes" [Total: 1, Pass: 1, Fail: 0, Flake: 1]
• "[sig-ci] image hyperkube should not have global BeforeEach/AfterEach nodes" [Total: 2, Pass: 2, Fail: 0, Flake: 2]
• "[sig-ci] image machine-config-operator should not have global BeforeEach/AfterEach nodes" [Total: 10, Pass: 10, Fail: 0, Flake: 10]

[openshift-merge-robot]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.