Add weekly periodic for art-konflux-delivery-repo-check across all versions

[joepvd]

Summary

• Add __periodics.yaml configs for openshift-eng/ocp-build-data branches 4.12 through 5.0, scheduling the art-konflux-delivery-repo-check test weekly (Mondays 08:00 UTC)
• Add .config.prowgen to report failures and errors to #art-release via Slack
• Generated Prow job YAML not included yet — expecting Prow to run make update and flag any issues

Test plan

• Prow CI validates the configs (ci-operator-checkconfig)
• make update generates the periodic job YAML (will be added via /update or follow-up commit)
• Verify generated jobs include reporter_config.slack targeting #art-release

Made with Cursor

[coderabbitai]

Walkthrough

Added a Slack reporter entry and new periodic CI configurations plus corresponding Prow periodic job definitions for ocp-build-data across OpenShift versions 4.12–5.0; each periodic defines a build_root, resource defaults, and a weekly art-konflux-delivery-repo-check invocation with a version-specific OCP_VERSION.

Changes

Cohort / File(s)	Summary
Slack reporter ci-operator/config/openshift-eng/ocp-build-data/.config.prowgen	Added slack_reporter that posts failure/error notifications to #art-release scoped to the art-konflux-delivery-repo-check job, with a templated message including job name, state, and logs URL; excludes jobs matching ^pull-.
Periodic config files (ci-operator/config) ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-{4.12,4.13,4.14,4.15,4.16,4.17,4.18,4.19,4.20,4.21,4.22,4.23,5.0}__periodics.yaml	Added new periodic CI configs for each listed version. Each file defines build_root.image_stream_tag, global resources['*'] defaults (cpu/memory requests and memory limit), a weekly tests entry as: art-konflux-delivery-repo-check running workflow: ocp-art with environment OCP_VERSION set per version, and zz_generated_metadata.
Prow job definitions (ci-operator/jobs) ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-{4.12..4.23,5.0}-periodics.yaml	Added periodic Prow job YAMLs for the same versions. Each job schedules a weekly run (cron 0 8 * * 2), uses the kubernetes agent on build clusters, enables decoration with skip_cloning: true, references the matching base_ref via extra_refs, runs ci-operator --target=art-konflux-delivery-repo-check --variant=periodics in a single container, mounts required secrets/volumes, sets HTTP_SERVER_IP from pod IP, and configures Slack reporting to #art-release for failure/error.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.15__periodics.yaml`:
- Line 5: The tag line uses a pinned build_root value
("rhel-9-release-golang-1.23-openshift-4.20") for 4.15 (and matches 4.12–4.14)
which differs from the version-matched tags used for 4.16–4.20; update the
configuration to document this as intentional (or correct it if it was a
mistake) by adding a clear comment adjacent to the tag/build_root entry that
states: which versions are intentionally pinned to
"rhel-9-release-golang-1.23-openshift-4.20" (4.12–4.15), which versions use
self-matched tags (4.16–4.20), and that 4.21+ reverts to the 4.20 tag—use the
exact tag string and the identifier build_root in the comment so future
reviewers can see the policy or take action to align tags if this was
unintended.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5f39929c-380c-4e20-8d33-0da7802beec9

📥 Commits

Reviewing files that changed from the base of the PR and between af5b7a9 and e2375ae.

📒 Files selected for processing (14)

• ci-operator/config/openshift-eng/ocp-build-data/.config.prowgen
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.12__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.13__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.14__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.15__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.16__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.17__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.18__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.19__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.20__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.22__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-5.0__periodics.yaml

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: joepvd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift-eng/ocp-build-data/OWNERS [joepvd]
• ci-operator/jobs/openshift-eng/ocp-build-data/OWNERS [joepvd]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[joepvd]

/pj-rehearse periodic-ci-openshift-eng-ocp-build-data-openshift-4.22-periodics-art-konflux-delivery-repo-check

[openshift-merge-bot]

@joepvd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[joepvd]

/pj-rehearse periodic-ci-openshift-eng-ocp-build-data-openshift-4.14-periodics-art-konflux-delivery-repo-check

[openshift-merge-bot]

@joepvd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 13

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.12-periodics.yaml`:
- Around line 55-57: The pod spec references a volumeMount named
"gcs-credentials" (mountPath "/secrets/gcs") but no corresponding volume named
"gcs-credentials" is defined in the volumes section, making the manifest
invalid; either add a volume entry named "gcs-credentials" (e.g., a secret or
projected volume) to the pod spec's volumes list or remove/rename the
volumeMount to match an existing volume name — search for "gcs-credentials" and
"/secrets/gcs" and update the volumes block to include a volume with that exact
name (or change the mount to an existing volume) so the mount and volume names
match.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.13-periodics.yaml`:
- Around line 55-57: The job's volumeMounts reference the volume name
gcs-credentials but no matching spec.volumes entry exists, causing pod creation
to fail; add a spec.volumes entry that defines a volume named "gcs-credentials"
(e.g., a secret or projected volume) and ensure it corresponds to the secret
used for GCS credentials, and apply the same addition for the other job block
referenced (lines 68-83) so both volumeMounts and spec.volumes include the
matching "gcs-credentials" volume name.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.14-periodics.yaml`:
- Around line 55-57: The pod spec's volumeMounts reference a non-existent volume
called "gcs-credentials", causing an invalid spec; add a matching entry under
spec.volumes named "gcs-credentials" (e.g., a secret or projected volume) so the
mount has a backing volume. Locate the container's volumeMounts block where
name: gcs-credentials is used and insert a corresponding spec.volumes entry
named "gcs-credentials" with the appropriate secret/key (also apply the same fix
for the other periodic block around lines 68-83 that uses the same mount).
Ensure the volume name exactly matches "gcs-credentials" and includes the
correct secretReference or items for the GCS credentials.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.15-periodics.yaml`:
- Around line 55-57: The pod spec mounts a volume named "gcs-credentials"
(mountPath /secrets/gcs) but there is no corresponding entry in spec.volumes;
add a volume with name "gcs-credentials" to the pod spec(s) that reference this
mount (e.g., the job(s) containing the container with mountPath /secrets/gcs)
and point it to the correct source (likely a secret via secret.secretName:
<the-secret-name> or a projected volume if intended). Ensure the volume name
matches "gcs-credentials" exactly and keep the mount's readOnly: true; apply the
same fix for the other occurrences that reference the same mount.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.16-periodics.yaml`:
- Around line 55-57: The pod spec is mounting name: gcs-credentials at
mountPath: /secrets/gcs but spec.volumes lacks a matching volume, which prevents
pod creation; add a volume entry under the pod template spec.volumes with name:
gcs-credentials and appropriate source (e.g., secret: { secretName:
<actual-gcs-secret-name> }) so the existing volumeMount (mountPath:
/secrets/gcs) can be satisfied; update the job YAML's podTemplate spec.volumes
where the container uses the gcs-credentials mount.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.17-periodics.yaml`:
- Around line 55-57: The pod spec mounts a volume with name: gcs-credentials at
mountPath /secrets/gcs but spec.volumes has no corresponding volume entry,
causing admission failures; add a spec.volumes entry named gcs-credentials that
references the GCS secret (e.g., type secret with secretName set to the
Kubernetes secret holding GCS credentials) so the mount resolves, and apply the
same fix for the other job blocks that mount /secrets/gcs (the occurrences that
reference name: gcs-credentials).

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.18-periodics.yaml`:
- Around line 55-57: The pod spec mounts /secrets/gcs with name: gcs-credentials
but there is no corresponding volume declared in spec.volumes; add a volume
entry named gcs-credentials (e.g., a secret or projected GCS credentials volume)
to spec.volumes so the mount has a matching source, ensuring the volume type and
secret/key names match the cluster secret used for GCS credentials and that any
readOnly or permissions align with the container mount.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.19-periodics.yaml`:
- Around line 55-57: The pod spec references a volumeMount named
"gcs-credentials" but there is no matching entry in spec.volumes, causing the
job to fail; fix by adding a spec.volumes entry with name: "gcs-credentials"
that points to the correct secret (e.g., secretName: "gcs-credentials") or the
appropriate volume source used in this repo, or remove the volumeMount if the
secret is not needed—ensure the volume name exactly matches the volumeMount name
and update other identical blocks (the same issue appears in the second
container block around lines 68–83).

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.20-periodics.yaml`:
- Around line 55-57: The job mounts a volume named "gcs-credentials" at
/secrets/gcs but there is no corresponding entry in spec.volumes; add a
secret-backed volume entry to spec.volumes with name: "gcs-credentials" and
secret: { secretName: <appropriate-secret-name> } (or use secretRef field as per
cluster conventions) so the mountPath /secrets/gcs has a declared source; update
the Job/Pod spec that contains the container which references mountPath
"/secrets/gcs" (the container using volumeMount name "gcs-credentials") to
include this volume.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21-periodics.yaml`:
- Around line 55-57: The pod spec mounts a volume named "gcs-credentials"
(mountPath: /secrets/gcs) but there is no corresponding volume entry in the
job's volumes list; add a volume entry named "gcs-credentials" under the
spec.template.spec.volumes (e.g., a secret or projected volume appropriate for
GCS credentials) or remove the mount if not needed, ensuring the volume.name
matches "gcs-credentials" exactly so the container mount and the volumes list
(spec.template.spec.volumes) are consistent.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.22-periodics.yaml`:
- Around line 55-57: The job mounts "gcs-credentials" at mountPath /secrets/gcs
but spec.volumes does not define a volume named "gcs-credentials", causing an
invalid job spec; add a volume entry under spec.volumes named "gcs-credentials"
that references the correct secret/credential source (e.g., secretName matching
your GCS credentials) so the volume name "gcs-credentials" matches the mount,
and apply the same fix for the other job block that mounts /secrets/gcs (lines
referenced around the second occurrence).

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23-periodics.yaml`:
- Around line 55-57: The pod spec mounts a volume named "gcs-credentials" at
/secrets/gcs (mountPath/name: gcs-credentials) but no corresponding volume is
defined, making the job invalid; fix by adding a volumes entry in the
PodTemplate (spec.template.spec.volumes) that defines a volume named
"gcs-credentials" (e.g., a secret or projected volume) so the mount has a
matching volume declaration and the pod can start.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-5.0-periodics.yaml`:
- Around line 55-57: The pod spec mounts a volume named gcs-credentials in the
container's volumeMounts but spec.volumes does not define a volume with that
name; add a corresponding volume entry under spec.volumes that supplies the GCS
credentials (e.g., a secretVolume referencing the Secret containing the GCS key)
so the mount name gcs-credentials resolves; update both occurrences noted
(around the first mount at lines ~55-57 and the second block around 68-83) to
reference the same secret volume name.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bfa201c9-2668-4327-b985-5e5f169f75a4

📥 Commits

Reviewing files that changed from the base of the PR and between e2375ae and d61c5fd.

📒 Files selected for processing (14)

• ci-operator/config/openshift-eng/ocp-build-data/.config.prowgen
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.12-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.13-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.14-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.15-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.16-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.17-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.18-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.19-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.20-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.22-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-5.0-periodics.yaml

✅ Files skipped from review due to trivial changes (1)

• ci-operator/config/openshift-eng/ocp-build-data/.config.prowgen

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Undefined volume mount (gcs-credentials)

Line 56 references a gcs-credentials mount, but no matching volume exists in Lines 68-83. The periodic pod spec is invalid in this state.

As per coding guidelines, "**: Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.12-periodics.yaml`
around lines 55 - 57, The pod spec references a volumeMount named
"gcs-credentials" (mountPath "/secrets/gcs") but no corresponding volume named
"gcs-credentials" is defined in the volumes section, making the manifest
invalid; either add a volume entry named "gcs-credentials" (e.g., a secret or
projected volume) to the pod spec's volumes list or remove/rename the
volumeMount to match an existing volume name — search for "gcs-credentials" and
"/secrets/gcs" and update the volumes block to include a volume with that exact
name (or change the mount to an existing volume) so the mount and volume names
match.

[joepvd]

False positive. The gcs-credentials volume is injected at runtime by Prow's decoration infrastructure (decorate: true). This is the standard pattern across all generated ci-operator jobs in this repository — the existing presubmit files have the exact same volumeMount without an explicit volume definition.

[coderabbitai]

@joepvd, thanks for the clarification — you're right, this is a false positive on my part.

(´• ω •`) 🐇 sorry for the noise!

---

📝 Learnings were identified and not saved (knowledge base disabled). Enable

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix missing volume declaration for gcs-credentials.

volumeMounts references gcs-credentials (Line 56), but there is no matching spec.volumes entry. The job pod cannot be created as-is.

Suggested fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.13-periodics.yaml`
around lines 55 - 57, The job's volumeMounts reference the volume name
gcs-credentials but no matching spec.volumes entry exists, causing pod creation
to fail; add a spec.volumes entry that defines a volume named "gcs-credentials"
(e.g., a secret or projected volume) and ensure it corresponds to the secret
used for GCS credentials, and apply the same addition for the other job block
referenced (lines 68-83) so both volumeMounts and spec.volumes include the
matching "gcs-credentials" volume name.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Add missing gcs-credentials volume to match the mount.

volumeMounts uses name: gcs-credentials (Line 56), but there is no corresponding entry in spec.volumes. This makes the pod spec invalid and the periodic job won’t start.

Suggested fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.14-periodics.yaml`
around lines 55 - 57, The pod spec's volumeMounts reference a non-existent
volume called "gcs-credentials", causing an invalid spec; add a matching entry
under spec.volumes named "gcs-credentials" (e.g., a secret or projected volume)
so the mount has a backing volume. Locate the container's volumeMounts block
where name: gcs-credentials is used and insert a corresponding spec.volumes
entry named "gcs-credentials" with the appropriate secret/key (also apply the
same fix for the other periodic block around lines 68-83 that uses the same
mount). Ensure the volume name exactly matches "gcs-credentials" and includes
the correct secretReference or items for the GCS credentials.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

gcs-credentials is mounted but not declared as a volume.

There is a mount at Line 56 for gcs-credentials, but no matching spec.volumes entry. Kubernetes will reject this pod spec.

Suggested fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.15-periodics.yaml`
around lines 55 - 57, The pod spec mounts a volume named "gcs-credentials"
(mountPath /secrets/gcs) but there is no corresponding entry in spec.volumes;
add a volume with name "gcs-credentials" to the pod spec(s) that reference this
mount (e.g., the job(s) containing the container with mountPath /secrets/gcs)
and point it to the correct source (likely a secret via secret.secretName:
<the-secret-name> or a projected volume if intended). Ensure the volume name
matches "gcs-credentials" exactly and keep the mount's readOnly: true; apply the
same fix for the other occurrences that reference the same mount.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Missing gcs-credentials volume will break pod creation.

Line 56 mounts gcs-credentials, but spec.volumes does not define that volume. This periodic cannot run until the missing volume is added.

Suggested fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.16-periodics.yaml`
around lines 55 - 57, The pod spec is mounting name: gcs-credentials at
mountPath: /secrets/gcs but spec.volumes lacks a matching volume, which prevents
pod creation; add a volume entry under the pod template spec.volumes with name:
gcs-credentials and appropriate source (e.g., secret: { secretName:
<actual-gcs-secret-name> }) so the existing volumeMount (mountPath:
/secrets/gcs) can be satisfied; update the job YAML's podTemplate spec.volumes
where the container uses the gcs-credentials mount.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Add the missing gcs-credentials volume declaration

This job mounts gcs-credentials (Line 56) but never declares it in spec.volumes (Lines 68-83). Please add the corresponding secret-backed volume to make the job runnable.

As per coding guidelines, "**: Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.20-periodics.yaml`
around lines 55 - 57, The job mounts a volume named "gcs-credentials" at
/secrets/gcs but there is no corresponding entry in spec.volumes; add a
secret-backed volume entry to spec.volumes with name: "gcs-credentials" and
secret: { secretName: <appropriate-secret-name> } (or use secretRef field as per
cluster conventions) so the mountPath /secrets/gcs has a declared source; update
the Job/Pod spec that contains the container which references mountPath
"/secrets/gcs" (the container using volumeMount name "gcs-credentials") to
include this volume.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical config mismatch: mounted volume is not defined

Line 56 mounts gcs-credentials, but there is no gcs-credentials entry in the volumes list (Lines 68-83). This needs to be added or the mount removed; otherwise the job fails.

As per coding guidelines, "**: Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21-periodics.yaml`
around lines 55 - 57, The pod spec mounts a volume named "gcs-credentials"
(mountPath: /secrets/gcs) but there is no corresponding volume entry in the
job's volumes list; add a volume entry named "gcs-credentials" under the
spec.template.spec.volumes (e.g., a secret or projected volume appropriate for
GCS credentials) or remove the mount if not needed, ensuring the volume.name
matches "gcs-credentials" exactly so the container mount and the volumes list
(spec.template.spec.volumes) are consistent.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Job spec is invalid due to missing gcs-credentials volume.

Line 56 mounts gcs-credentials, but spec.volumes doesn’t define it. This is a blocking runtime issue for the periodic job.

Suggested fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.22-periodics.yaml`
around lines 55 - 57, The job mounts "gcs-credentials" at mountPath /secrets/gcs
but spec.volumes does not define a volume named "gcs-credentials", causing an
invalid job spec; add a volume entry under spec.volumes named "gcs-credentials"
that references the correct secret/credential source (e.g., secretName matching
your GCS credentials) so the volume name "gcs-credentials" matches the mount,
and apply the same fix for the other job block that mounts /secrets/gcs (lines
referenced around the second occurrence).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Missing gcs-credentials volume breaks this periodic job

Line 56 mounts gcs-credentials, but Lines 68-83 never define that volume. This makes the pod spec invalid and the job will fail before execution.

Suggested fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

As per coding guidelines, "**: Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23-periodics.yaml`
around lines 55 - 57, The pod spec mounts a volume named "gcs-credentials" at
/secrets/gcs (mountPath/name: gcs-credentials) but no corresponding volume is
defined, making the job invalid; fix by adding a volumes entry in the
PodTemplate (spec.template.spec.volumes) that defines a volume named
"gcs-credentials" (e.g., a secret or projected volume) so the mount has a
matching volume declaration and the pod can start.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

gcs-credentials volume mount has no backing volume definition.

The container mounts gcs-credentials (Line 56), but spec.volumes does not define it. This invalidates the pod spec and prevents job execution.

Suggested fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-5.0-periodics.yaml`
around lines 55 - 57, The pod spec mounts a volume named gcs-credentials in the
container's volumeMounts but spec.volumes does not define a volume with that
name; add a corresponding volume entry under spec.volumes that supplies the GCS
credentials (e.g., a secretVolume referencing the Secret containing the GCS key)
so the mount name gcs-credentials resolves; update both occurrences noted
(around the first mount at lines ~55-57 and the second block around 68-83) to
reference the same secret volume name.

[joepvd]

/pj-rehearse ack

Slack notifications are broken in pj-rehearse by design: https://github.com/openshift/ci-tools/blob/main/pkg/rehearse/jobs.go#L188-L189

[openshift-merge-bot]

@joepvd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[joepvd]

/label tide/merge-method-squash

[coderabbitai]

♻️ Duplicate comments (3)

ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.17-periodics.yaml (1)

55-57: ⚠️ Potential issue | 🔴 Critical

Add the missing gcs-credentials volume definition.

Line 56 mounts gcs-credentials, but spec.volumes (Line 68 onward) does not define that volume. This causes pod admission failure (volumeMount cannot be resolved), so the periodic will not start.

Suggested fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.17-periodics.yaml`
around lines 55 - 57, The manifest mounts a volume named "gcs-credentials"
(volumeMount with mountPath /secrets/gcs) but no corresponding entry exists
under spec.volumes; add a volume object to spec.volumes with name:
gcs-credentials and the appropriate source (e.g., secret: { secretName:
<gcs-secret-name> } or projected config) so the volumeMount in the container can
be resolved; ensure the volume name exactly matches "gcs-credentials" and follow
the pattern used by the other volumes in the spec.

ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21-periodics.yaml (1)

55-57: ⚠️ Potential issue | 🔴 Critical

Add the missing gcs-credentials volume; current pod spec is invalid.

Line 55 mounts gcs-credentials, but there is no matching spec.volumes entry in Lines 68-83. This causes the pod spec to fail validation and the periodic won’t start.

Proposed fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        # Use the same secret name used by sibling ci-operator periodics in this repo.
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21-periodics.yaml`
around lines 55 - 57, The pod spec mounts /secrets/gcs with name gcs-credentials
but no matching spec.volumes entry exists; add a volume entry named
"gcs-credentials" under spec.volumes for the job so the mount is valid (e.g., a
secret or projected volume depending on how credentials are provided). Locate
the job's PodSpec where mountPath "/secrets/gcs" and volumeMount name
"gcs-credentials" are used and add a corresponding volumes: - name:
gcs-credentials ... (secret or appropriate source) to match the mount.

ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23-periodics.yaml (1)

55-57: ⚠️ Potential issue | 🔴 Critical

Define gcs-credentials under spec.volumes or this periodic cannot start.

Line 55 mounts gcs-credentials, but there is no matching volume declared in Lines 68-83. Kubernetes will reject the pod spec before execution.

Suggested fix

     volumes:
     - name: boskos
       secret:
         items:
         - key: credentials
           path: credentials
         secretName: boskos-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Run this read-only check to verify all mounted volumes are declared:

#!/bin/bash
set -euo pipefail

FILE="ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23-periodics.yaml"

python - <<'PY'
import re
from pathlib import Path

file = Path("ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23-periodics.yaml")
text = file.read_text()

mount_names = set(re.findall(r'^\s*-\s*mountPath:\s*[^\n]+\n\s*name:\s*([a-z0-9-]+)', text, flags=re.M))
volume_names = set(re.findall(r'^\s*-\s*name:\s*([a-z0-9-]+)\n\s*secret:', text, flags=re.M))

missing = sorted(mount_names - volume_names)
print("Mounted volumes:", sorted(mount_names))
print("Declared volumes:", sorted(volume_names))
if missing:
    print("Missing declarations:", missing)
    raise SystemExit(1)
print("All mounted volumes are declared.")
PY

Also applies to: 68-83

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23-periodics.yaml`
around lines 55 - 57, The pod spec mounts a volume named "gcs-credentials"
(mountPath: /secrets/gcs) but there is no corresponding volume declared under
spec.volumes; add a volume entry with name: gcs-credentials and a secret (or
appropriate volume source) pointing to the GCS credentials secret so Kubernetes
can bind the mount (update the job's spec.volumes to include a volume with name
"gcs-credentials" and the correct secret.name/key fields to match the cluster
secret used for GCS credentials).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.17-periodics.yaml`:
- Around line 55-57: The manifest mounts a volume named "gcs-credentials"
(volumeMount with mountPath /secrets/gcs) but no corresponding entry exists
under spec.volumes; add a volume object to spec.volumes with name:
gcs-credentials and the appropriate source (e.g., secret: { secretName:
<gcs-secret-name> } or projected config) so the volumeMount in the container can
be resolved; ensure the volume name exactly matches "gcs-credentials" and follow
the pattern used by the other volumes in the spec.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21-periodics.yaml`:
- Around line 55-57: The pod spec mounts /secrets/gcs with name gcs-credentials
but no matching spec.volumes entry exists; add a volume entry named
"gcs-credentials" under spec.volumes for the job so the mount is valid (e.g., a
secret or projected volume depending on how credentials are provided). Locate
the job's PodSpec where mountPath "/secrets/gcs" and volumeMount name
"gcs-credentials" are used and add a corresponding volumes: - name:
gcs-credentials ... (secret or appropriate source) to match the mount.

In
`@ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23-periodics.yaml`:
- Around line 55-57: The pod spec mounts a volume named "gcs-credentials"
(mountPath: /secrets/gcs) but there is no corresponding volume declared under
spec.volumes; add a volume entry with name: gcs-credentials and a secret (or
appropriate volume source) pointing to the GCS credentials secret so Kubernetes
can bind the mount (update the job's spec.volumes to include a volume with name
"gcs-credentials" and the correct secret.name/key fields to match the cluster
secret used for GCS credentials).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a24b3c54-fc59-4e4e-bb21-23fceaf6f812

📥 Commits

Reviewing files that changed from the base of the PR and between d61c5fd and e05a5c0.

📒 Files selected for processing (26)

• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.12__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.13__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.14__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.15__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.16__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.17__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.18__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.19__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.20__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.22__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-5.0__periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.12-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.13-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.14-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.15-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.16-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.17-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.18-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.19-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.20-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.22-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-5.0-periodics.yaml

✅ Files skipped from review due to trivial changes (11)

• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.23__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.21__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.15__periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-5.0-periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.13__periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.22-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.13-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.15-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.18-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.16-periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.16__periodics.yaml

🚧 Files skipped from review as they are similar to previous changes (10)

• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-5.0__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.22__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.20__periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.18__periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.19-periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.19__periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.14-periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.20-periodics.yaml
• ci-operator/config/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.17__periodics.yaml
• ci-operator/jobs/openshift-eng/ocp-build-data/openshift-eng-ocp-build-data-openshift-4.12-periodics.yaml

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@joepvd: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
periodic-ci-openshift-eng-ocp-build-data-openshift-4.13-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.16-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.21-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.15-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.12-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.20-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.18-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.19-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.23-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.17-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-5.0-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.22-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed
periodic-ci-openshift-eng-ocp-build-data-openshift-4.14-periodics-art-konflux-delivery-repo-check	N/A	periodic	Periodic changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[joepvd]

/pj-rehearse ack

[openshift-merge-bot]

@joepvd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@joepvd: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.