OTA-1991: feat(cincinnati): Use upstream Dockerfile for testing

[DavidHurta]

This PR updates the CI configuration for the openshift/cincinnati repository's master branch to use Cincinnati's upstream Dockerfile for testing and to simplify image handling in the pipeline.

What changed practically

• Affected CI config: ci-operator/config/openshift/cincinnati/openshift-cincinnati-master.yaml (the cincinnati master pipeline).
• Deploy image: the pipeline no longer uses an inline UBI-based dockerfile_literal for the deploy image. It now references the upstream Dockerfile at dist/Dockerfile.deploy/Dockerfile via dockerfile_path, so the deployment container built in CI matches the Cincinnati project's own Dockerfile.
• Build images/workflow:
  • The pipeline still builds Rust artifacts via a rustup-build image (dockerfile_literal remains for the build stage that runs just build --release).
  • The final e2e/test image continues to be assembled as before, but the separate downstream-deploy image entry has been removed from the images list and promotion config.
• Promotion: promotion config was simplified — only the intermediate rustup-build image remains excluded from promotion (no downstream-deploy to promote).
• Tests: test_binary_build_commands are present (just build_e2e) and existing tests reference the deploy image via the CINCINNATI_IMAGE dependency, unchanged in behavior except that the deploy image now comes from the upstream Dockerfile.

Why this matters

• Reduces divergence and maintenance overhead by building the deploy image from Cincinnati's authoritative Dockerfile instead of maintaining an inline copy in the release repo, ensuring CI tests exercise the same container image developers deploy.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[DavidHurta]

/test all

[coderabbitai]

Walkthrough

Externalizes the deploy Dockerfile to dist/Dockerfile.deploy/Dockerfile, removes the binary_build_commands block, and drops downstream-deploy from the promotion excluded images list.

Changes

Deploy Image Dockerfile Migration

Layer / File(s)	Summary
Deploy image refactoring and promotion update ci-operator/config/openshift/cincinnati/openshift-cincinnati-master.yaml	Removes the binary_build_commands directive. Replaces deploy image dockerfile_literal with dockerfile_path: dist/Dockerfile.deploy/Dockerfile. Removes the downstream-deploy image entry and removes downstream-deploy from promotion.to[0].excluded_images while leaving rustup-build excluded.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR modifies only YAML CI/CD configuration files, not Go test code. The custom check targets Ginkgo test names in test code, which is not present in this PR. Not applicable to YAML configuration.
Test Structure And Quality	✅ Passed	The PR contains no Ginkgo test code. It only modifies CI/CD pipeline configuration files (openshift-cincinnati-master.yaml). The custom check for Ginkgo test structure and quality is not applicable.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests added in this PR. Contains only CI/CD configuration changes to cincinnati YAML. Custom check targets new test code and is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR contains only YAML configuration changes to ci-operator settings, not new Ginkgo e2e tests. The SNO test compatibility check is not applicable here as it requires new test code additions.
Topology-Aware Scheduling Compatibility	✅ Passed	This is a CI-operator build configuration, not a deployment manifest. No scheduling constraints (affinity, nodeSelector, PDB, replicas) are introduced. Changes only affect Dockerfile source location.
Ote Binary Stdout Contract	✅ Passed	This PR is a configuration-only change to ci-operator config, not a modification to any OTE binary or test code. The custom check for OTE Binary Stdout Contract is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only modifies YAML CI configuration file; no Ginkgo e2e tests are added. Custom check for IPv6/disconnected network test compatibility is not applicable.
Title check	✅ Passed	The pull request title directly describes the main change: moving from an inline Dockerfile to using an upstream Dockerfile (from dist/Dockerfile.deploy/Dockerfile) for the deploy image in the Cincinnati pipeline configuration.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[DavidHurta]

/pj-rehearse more

[openshift-merge-bot]

@DavidHurta: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci-robot]

@DavidHurta: This pull request references OTA-1991 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

This PR updates the CI configuration for the openshift/cincinnati repository's master branch to use Cincinnati's upstream Dockerfile for testing and to simplify image handling in the pipeline.

What changed practically

• Affected CI config: ci-operator/config/openshift/cincinnati/openshift-cincinnati-master.yaml (the cincinnati master pipeline).
• Deploy image: the pipeline no longer uses an inline UBI-based dockerfile_literal for the deploy image. It now references the upstream Dockerfile at dist/Dockerfile.deploy/Dockerfile via dockerfile_path, so the deployment container built in CI matches the Cincinnati project's own Dockerfile.
• Build images/workflow:
• The pipeline still builds Rust artifacts via a rustup-build image (dockerfile_literal remains for the build stage that runs just build --release).
• The final e2e/test image continues to be assembled as before, but the separate downstream-deploy image entry has been removed from the images list and promotion config.
• Promotion: promotion config was simplified — only the intermediate rustup-build image remains excluded from promotion (no downstream-deploy to promote).
• Tests: test_binary_build_commands are present (just build_e2e) and existing tests reference the deploy image via the CINCINNATI_IMAGE dependency, unchanged in behavior except that the deploy image now comes from the upstream Dockerfile.

Why this matters

• Reduces divergence and maintenance overhead by building the deploy image from Cincinnati's authoritative Dockerfile instead of maintaining an inline copy in the release repo, ensuring CI tests exercise the same container image developers deploy.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@DavidHurta: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-cincinnati-master-cargo-test	openshift/cincinnati	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-master-images	openshift/cincinnati	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-master-olm-e2e	openshift/cincinnati	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-master-osus-e2e	openshift/cincinnati	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-master-rustfmt	openshift/cincinnati	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-master-verify-openapi	openshift/cincinnati	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-master-yaml-lint	openshift/cincinnati	presubmit	Ci-operator config changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@DavidHurta: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[DavidHurta]

/pj-rehearse ack

The jobs have passed on the c188c6f commit. Its changes are identical to the current a24e0cb commit.

[openshift-merge-bot]

@DavidHurta: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[wking]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: DavidHurta, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/cincinnati/OWNERS [DavidHurta,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment