WIP: OSAC-1630: Add Netris based e2e jobs#80852
Open
danmanor wants to merge 4 commits into
Open
Conversation
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Central YAML (inherited) Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
WalkthroughIntroduces a Netris CaaS end-to-end test pipeline for OSAC components. PR-tagged image names are renamed to stable targets across four CI configs ( ChangesNetris CaaS e2e pipeline for OSAC components
Sequence Diagram(s)sequenceDiagram
actor CI as CI Job (e2e-netris-caas)
participant workflow as osac-project-netris-caas
participant lab as osac-project-netris-lab chain
participant ci_machine as ci_machine (remote)
participant installer as osac-installer (podman)
participant caas as CaaS cluster
rect rgba(70, 130, 180, 0.5)
note over workflow,lab: pre: lab setup
CI->>workflow: trigger workflow
workflow->>lab: deploy Netris lab
lab->>ci_machine: SSH: install tooling, clone repo, make setup, make deploy-lab
lab->>ci_machine: SSH: make deploy-ocp (OCP SNO via Assisted Installer)
ci_machine-->>lab: kubeconfig
lab->>ci_machine: podman pull images, extract sources, make deploy-osac
ci_machine->>installer: run /installer/scripts/setup.sh
end
rect rgba(60, 179, 113, 0.5)
note over workflow,caas: test: CaaS provisioning
workflow->>ci_machine: SSH: make setup-caas (InfraEnv, agent registration)
workflow->>ci_machine: SSH: make deploy-caas (create CaaS cluster)
ci_machine->>caas: cluster reaches READY state
end
rect rgba(205, 92, 92, 0.5)
note over workflow,ci_machine: post: gather diagnostics
workflow->>ci_machine: SSH: make gather (best-effort, ignore failures)
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 error)
✅ Passed checks (14 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Contributor
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: danmanor The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
danmanor
changed the title
openshift-ci
Bot
added
the
do-not-merge/work-in-progress
Contributor
|
@danmanor, Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (1)
ci-operator/step-registry/osac-project/netris/lab/gather/osac-project-netris-lab-gather-commands.sh (1)
3-4: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick winAdd
errexitand keep best-effort behavior scoped to gather calls.This script should start with
set -euo pipefail; right now failures outside explicit|| truepaths can be silently ignored.Suggested patch
set -o nounset +set -o errexit set -o pipefailAs per coding guidelines, step-registry command scripts should default to
set -euo pipefailand selectively relax failure handling only where intended.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@ci-operator/step-registry/osac-project/netris/lab/gather/osac-project-netris-lab-gather-commands.sh` around lines 3 - 4, The script is missing the errexit option which allows silent failures outside of explicit || true paths. Modify the set commands at lines 3-4 to combine all options using the format `set -euo pipefail` instead of having separate `set -o nounset` and `set -o pipefail` statements. This ensures that the script exits on errors (errexit), treats undefined variables as errors (nounset), and handles pipeline failures (pipefail) as per coding guidelines, while allowing selective relaxation of failure handling only where explicitly intended with || true.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@ci-operator/step-registry/osac-project/installer/osac-project-installer-commands.sh`:
- Around line 97-138: Replace the string-based construction of NETRIS_ENV_FLAGS
and SSH_MOUNT_FLAGS with bash arrays, then remove the eval command from the
podman run invocation. Convert the current multi-line string assignments into
proper bash array declarations using parentheses, where each flag becomes a
separate array element. Update the podman run command to reference these arrays
with proper expansion syntax (e.g., "${NETRIS_ENV_FLAGS[@]}" and
"${SSH_MOUNT_FLAGS[@]}") to eliminate the need for eval and preserve the
integrity of JSON values like NETRIS_RESOURCE_CLASS_MAP.
In
`@ci-operator/step-registry/osac-project/netris/lab/deploy-ocp/osac-project-netris-lab-deploy-ocp-commands.sh`:
- Around line 29-31: The scp command used to copy the kubeconfig file from
ci_machine to the shared directory lacks a timeout mechanism, which can cause
the step to hang indefinitely during SSH stalls or transient network issues.
Wrap the scp command with the timeout utility (or add timeout-related SSH
options like ConnectTimeout and ServerAliveInterval to the scp invocation) to
ensure the copy operation fails gracefully within a reasonable time if the
remote connection becomes unresponsive, similar to how other remote calls in
this script handle timeouts.
In
`@ci-operator/step-registry/osac-project/netris/lab/deploy/osac-project-netris-lab-deploy-commands.sh`:
- Around line 8-9: The echo statements that output NETRIS_TEST_INFRA_REPO and
NETRIS_TEST_INFRA_BRANCH are logging raw environment variable values that may
contain credentials in authenticated URLs, which can expose sensitive
information in logs. Instead of printing the raw repository URL, modify these
echo statements to either log only whether the variables are set (using a test
condition like checking for non-empty values) or log a sanitized version of the
repository URL with credentials stripped. This ensures sensitive authentication
information is not exposed in the logs while still providing useful debugging
information.
In
`@ci-operator/step-registry/osac-project/netris/lab/deploy/osac-project-netris-lab-deploy-ref.yaml`:
- Around line 14-16: The NETRIS_TEST_INFRA_REPO parameter currently defaults to
a personal GitHub fork (https://github.com/danmanor/netris-test-infra.git),
which introduces supply-chain and availability risks. Replace this default value
with an organization-controlled repository URL that is maintained and controlled
by the organization rather than an individual. If possible, pin the repository
reference to a specific reviewed tag or commit hash for additional security and
stability.
---
Nitpick comments:
In
`@ci-operator/step-registry/osac-project/netris/lab/gather/osac-project-netris-lab-gather-commands.sh`:
- Around line 3-4: The script is missing the errexit option which allows silent
failures outside of explicit || true paths. Modify the set commands at lines 3-4
to combine all options using the format `set -euo pipefail` instead of having
separate `set -o nounset` and `set -o pipefail` statements. This ensures that
the script exits on errors (errexit), treats undefined variables as errors
(nounset), and handles pipeline failures (pipefail) as per coding guidelines,
while allowing selective relaxation of failure handling only where explicitly
intended with || true.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 71532429-09b1-40d4-8242-0b8a8bd79db2
⛔ Files ignored due to path filters (4)
ci-operator/jobs/osac-project/fulfillment-service/osac-project-fulfillment-service-main-presubmits.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/osac-project/osac-aap/osac-project-osac-aap-main-presubmits.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/osac-project/osac-installer/osac-project-osac-installer-main-presubmits.yamlis excluded by!ci-operator/jobs/**ci-operator/jobs/osac-project/osac-operator/osac-project-osac-operator-main-presubmits.yamlis excluded by!ci-operator/jobs/**
📒 Files selected for processing (36)
ci-operator/config/osac-project/fulfillment-service/osac-project-fulfillment-service-main.yamlci-operator/config/osac-project/osac-aap/osac-project-osac-aap-main.yamlci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yamlci-operator/config/osac-project/osac-operator/osac-project-osac-operator-main.yamlci-operator/step-registry/osac-project/installer/osac-project-installer-commands.shci-operator/step-registry/osac-project/installer/osac-project-installer-ref.yamlci-operator/step-registry/osac-project/netris/caas/OWNERSci-operator/step-registry/osac-project/netris/caas/deploy-caas/OWNERSci-operator/step-registry/osac-project/netris/caas/deploy-caas/osac-project-netris-caas-deploy-caas-commands.shci-operator/step-registry/osac-project/netris/caas/deploy-caas/osac-project-netris-caas-deploy-caas-ref.metadata.jsonci-operator/step-registry/osac-project/netris/caas/deploy-caas/osac-project-netris-caas-deploy-caas-ref.yamlci-operator/step-registry/osac-project/netris/caas/osac-project-netris-caas-workflow.metadata.jsonci-operator/step-registry/osac-project/netris/caas/osac-project-netris-caas-workflow.yamlci-operator/step-registry/osac-project/netris/caas/setup-caas/OWNERSci-operator/step-registry/osac-project/netris/caas/setup-caas/osac-project-netris-caas-setup-caas-commands.shci-operator/step-registry/osac-project/netris/caas/setup-caas/osac-project-netris-caas-setup-caas-ref.metadata.jsonci-operator/step-registry/osac-project/netris/caas/setup-caas/osac-project-netris-caas-setup-caas-ref.yamlci-operator/step-registry/osac-project/netris/lab/OWNERSci-operator/step-registry/osac-project/netris/lab/deploy-ocp/OWNERSci-operator/step-registry/osac-project/netris/lab/deploy-ocp/osac-project-netris-lab-deploy-ocp-commands.shci-operator/step-registry/osac-project/netris/lab/deploy-ocp/osac-project-netris-lab-deploy-ocp-ref.metadata.jsonci-operator/step-registry/osac-project/netris/lab/deploy-ocp/osac-project-netris-lab-deploy-ocp-ref.yamlci-operator/step-registry/osac-project/netris/lab/deploy-osac/OWNERSci-operator/step-registry/osac-project/netris/lab/deploy-osac/osac-project-netris-lab-deploy-osac-commands.shci-operator/step-registry/osac-project/netris/lab/deploy-osac/osac-project-netris-lab-deploy-osac-ref.metadata.jsonci-operator/step-registry/osac-project/netris/lab/deploy-osac/osac-project-netris-lab-deploy-osac-ref.yamlci-operator/step-registry/osac-project/netris/lab/deploy/OWNERSci-operator/step-registry/osac-project/netris/lab/deploy/osac-project-netris-lab-deploy-commands.shci-operator/step-registry/osac-project/netris/lab/deploy/osac-project-netris-lab-deploy-ref.metadata.jsonci-operator/step-registry/osac-project/netris/lab/deploy/osac-project-netris-lab-deploy-ref.yamlci-operator/step-registry/osac-project/netris/lab/gather/OWNERSci-operator/step-registry/osac-project/netris/lab/gather/osac-project-netris-lab-gather-commands.shci-operator/step-registry/osac-project/netris/lab/gather/osac-project-netris-lab-gather-ref.metadata.jsonci-operator/step-registry/osac-project/netris/lab/gather/osac-project-netris-lab-gather-ref.yamlci-operator/step-registry/osac-project/netris/lab/osac-project-netris-lab-chain.metadata.jsonci-operator/step-registry/osac-project/netris/lab/osac-project-netris-lab-chain.yaml
Comment on lines
+97
to
+138
| NETRIS_ENV_FLAGS="\ | ||
| -e NETWORK_CLASS=netris \ | ||
| -e NETWORK_STEPS_COLLECTION=netris.steps \ | ||
| -e EXTERNAL_ACCESS_BASE_DOMAIN=osac.local \ | ||
| -e EXTERNAL_ACCESS_SUPPORTED_BASE_DOMAINS=osac.local \ | ||
| -e EXTERNAL_ACCESS_API_INTERNAL_NETWORK=hypershift \ | ||
| -e HOSTED_CLUSTER_BASE_DOMAIN=osac.local \ | ||
| -e HOSTED_CLUSTER_CONTROLLER_AVAILABILITY_POLICY=SingleReplica \ | ||
| -e HOSTED_CLUSTER_INFRASTRUCTURE_AVAILABILITY_POLICY=SingleReplica \ | ||
| -e NETRIS_CONTROLLER_URL=${NETRIS_CTL_URL} \ | ||
| -e NETRIS_USERNAME=netris \ | ||
| -e NETRIS_PASSWORD=netris \ | ||
| -e NETRIS_SITE_ID=${NETRIS_SITE_ID} \ | ||
| -e NETRIS_TENANT_ID=${NETRIS_TENANT_ID} \ | ||
| -e NETRIS_TENANT_NAME=${NETRIS_TENANT_NAME} \ | ||
| -e NETRIS_MGMT_VPC_ID=${OCP_VPC_ID} \ | ||
| -e NETRIS_MGMT_VPC_NAME=ocp-sno \ | ||
| -e NETRIS_RESOURCE_CLASS_MAP=${RESOURCE_CLASS_MAP} \ | ||
| -e SERVER_SSH_BASTION_HOST=192.168.16.254 \ | ||
| -e SERVER_SSH_BASTION_USER=root \ | ||
| -e SERVER_SSH_USER=root \ | ||
| -e SERVER_MGMT_ROUTE_DESTINATION=192.168.16.0/20 \ | ||
| -e SERVER_MGMT_ROUTE_GATEWAY=192.168.16.1" | ||
|
|
||
| SSH_MOUNT_FLAGS="\ | ||
| -v /root/.ssh/id_rsa:/installer/overlays/${E2E_KUSTOMIZE_OVERLAY}/files/server-ssh-key:z \ | ||
| -v /root/.ssh/id_rsa:/installer/overlays/${E2E_KUSTOMIZE_OVERLAY}/files/server-ssh-bastion-key:z" | ||
| fi | ||
|
|
||
| eval podman run --authfile /root/pull-secret --rm --network=host \ | ||
| -v \${KUBECONFIG}:/root/.kube/config:z \ | ||
| -v /root/pull-secret:/installer/overlays/${E2E_KUSTOMIZE_OVERLAY}/files/quay-pull-secret.json:z \ | ||
| -v /tmp/license.zip:/installer/overlays/${E2E_KUSTOMIZE_OVERLAY}/files/license.zip:z \ | ||
| ${SSH_MOUNT_FLAGS} \ | ||
| -e INSTALLER_NAMESPACE=${E2E_NAMESPACE} \ | ||
| -e INSTALLER_KUSTOMIZE_OVERLAY=${E2E_KUSTOMIZE_OVERLAY} \ | ||
| -e INSTALLER_VM_TEMPLATE=${E2E_VM_TEMPLATE} \ | ||
| -e DEPLOY_MODE=${DEPLOY_MODE} \ | ||
| -e VALUES_FILE=${VALUES_FILE} \ | ||
| -e INGRESS_SERVICE=${INGRESS_SERVICE} \ | ||
| ${NETRIS_ENV_FLAGS} \ | ||
| ${OSAC_INSTALLER_IMAGE} sh /installer/scripts/setup.sh |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
RESOURCE_CLASS_MAP='{"ci-worker":{"server_cluster_template_id":7,"mgmt_interface":"ens4"}}'
NETRIS_ENV_FLAGS="-e NETRIS_RESOURCE_CLASS_MAP=${RESOURCE_CLASS_MAP}"
echo "Second-parse quote stripping with eval:"
eval "set -- run ${NETRIS_ENV_FLAGS}"
printf ' %s\n' "$@"
echo "Second-parse execution risk with eval:"
UNTRUSTED='$(printf EVAL_TRIGGERED >&2)'
eval "printf '%s\n' ${UNTRUSTED}"Repository: openshift/release
Length of output: 313
🏁 Script executed:
cat -n ci-operator/step-registry/osac-project/installer/osac-project-installer-commands.sh | sed -n '90,145p'Repository: openshift/release
Length of output: 2752
Replace string-based flag construction with bash arrays to eliminate eval and prevent quote stripping of JSON payloads.
The current code uses eval podman run to execute dynamic flags built as unquoted strings. This creates two critical vulnerabilities:
- Command injection: Untrusted values in
NETRIS_ENV_FLAGSorSSH_MOUNT_FLAGScan execute arbitrary commands viaeval - JSON corruption: The
NETRIS_RESOURCE_CLASS_MAPJSON loses internal quotes during shell parsing (quotes are consumed by the first parse, then re-parsed byeval, stripping internal structure)
Use bash arrays instead to pass arguments without a second shell parse. See diff for complete refactoring.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/step-registry/osac-project/installer/osac-project-installer-commands.sh`
around lines 97 - 138, Replace the string-based construction of NETRIS_ENV_FLAGS
and SSH_MOUNT_FLAGS with bash arrays, then remove the eval command from the
podman run invocation. Convert the current multi-line string assignments into
proper bash array declarations using parentheses, where each flag becomes a
separate array element. Update the podman run command to reference these arrays
with proper expansion syntax (e.g., "${NETRIS_ENV_FLAGS[@]}" and
"${SSH_MOUNT_FLAGS[@]}") to eliminate the need for eval and preserve the
integrity of JSON values like NETRIS_RESOURCE_CLASS_MAP.
Comment on lines
+29
to
+31
| scp -F "${SHARED_DIR}/ssh_config" \ | ||
| "ci_machine:/root/.kube/config" \ | ||
| "${SHARED_DIR}/kubeconfig" |
Contributor
There was a problem hiding this comment.
Add a timeout around kubeconfig scp to avoid hanging the step.
The copy-back scp is the only remote call here without a timeout; transient SSH stalls can block this step much longer than needed before failing.
Suggested patch
-scp -F "${SHARED_DIR}/ssh_config" \
+timeout -s 9 2m scp -F "${SHARED_DIR}/ssh_config" \
"ci_machine:/root/.kube/config" \
"${SHARED_DIR}/kubeconfig"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| scp -F "${SHARED_DIR}/ssh_config" \ | |
| "ci_machine:/root/.kube/config" \ | |
| "${SHARED_DIR}/kubeconfig" | |
| timeout -s 9 2m scp -F "${SHARED_DIR}/ssh_config" \ | |
| "ci_machine:/root/.kube/config" \ | |
| "${SHARED_DIR}/kubeconfig" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/step-registry/osac-project/netris/lab/deploy-ocp/osac-project-netris-lab-deploy-ocp-commands.sh`
around lines 29 - 31, The scp command used to copy the kubeconfig file from
ci_machine to the shared directory lacks a timeout mechanism, which can cause
the step to hang indefinitely during SSH stalls or transient network issues.
Wrap the scp command with the timeout utility (or add timeout-related SSH
options like ConnectTimeout and ServerAliveInterval to the scp invocation) to
ensure the copy operation fails gracefully within a reasonable time if the
remote connection becomes unresponsive, similar to how other remote calls in
this script handle timeouts.
Comment on lines
+8
to
+9
| echo "NETRIS_TEST_INFRA_REPO: ${NETRIS_TEST_INFRA_REPO}" | ||
| echo "NETRIS_TEST_INFRA_BRANCH: ${NETRIS_TEST_INFRA_BRANCH}" |
Contributor
There was a problem hiding this comment.
Avoid logging the raw repository URL from environment.
Printing NETRIS_TEST_INFRA_REPO verbatim can leak credentials if an authenticated URL is passed. Log a sanitized value (or just whether it is set).
Suggested minimal change
-echo "NETRIS_TEST_INFRA_REPO: ${NETRIS_TEST_INFRA_REPO}"
+echo "NETRIS_TEST_INFRA_REPO: <redacted>"As per coding guidelines, step-registry command scripts should avoid exposing sensitive material in logs.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| echo "NETRIS_TEST_INFRA_REPO: ${NETRIS_TEST_INFRA_REPO}" | |
| echo "NETRIS_TEST_INFRA_BRANCH: ${NETRIS_TEST_INFRA_BRANCH}" | |
| echo "NETRIS_TEST_INFRA_REPO: <redacted>" | |
| echo "NETRIS_TEST_INFRA_BRANCH: ${NETRIS_TEST_INFRA_BRANCH}" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/step-registry/osac-project/netris/lab/deploy/osac-project-netris-lab-deploy-commands.sh`
around lines 8 - 9, The echo statements that output NETRIS_TEST_INFRA_REPO and
NETRIS_TEST_INFRA_BRANCH are logging raw environment variable values that may
contain credentials in authenticated URLs, which can expose sensitive
information in logs. Instead of printing the raw repository URL, modify these
echo statements to either log only whether the variables are set (using a test
condition like checking for non-empty values) or log a sanitized version of the
repository URL with credentials stripped. This ensures sensitive authentication
information is not exposed in the logs while still providing useful debugging
information.
Source: Coding guidelines
Comment on lines
+14
to
+16
| - name: NETRIS_TEST_INFRA_REPO | ||
| default: "https://github.com/danmanor/netris-test-infra.git" | ||
| documentation: Git repository URL for the netris-test-infra project |
Contributor
There was a problem hiding this comment.
Use an organization-controlled default for NETRIS_TEST_INFRA_REPO.
Defaulting to a personal fork introduces avoidable supply-chain and availability risk for this CI path. Please switch the default to an org-owned repository (ideally pinned to a reviewed tag/commit).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/step-registry/osac-project/netris/lab/deploy/osac-project-netris-lab-deploy-ref.yaml`
around lines 14 - 16, The NETRIS_TEST_INFRA_REPO parameter currently defaults to
a personal GitHub fork (https://github.com/danmanor/netris-test-infra.git),
which introduces supply-chain and availability risks. Replace this default value
with an organization-controlled repository URL that is maintained and controlled
by the organization rather than an individual. If possible, pin the repository
reference to a specific reviewed tag or commit hash for additional security and
stability.
- Add osac-project-netris-caas workflow (CaaS e2e on Netris lab) - Add caas-discover step (InfraEnv + boot agents with discovery ISO) - Add caas-setup step (annotate agents, create host type + cluster) - Update installer step to discover and pass Netris env vars into cluster-fulfillment-ig ConfigMap/Secret when NETRIS_INTEGRATION=true (controller URL, site/tenant IDs, VPC, resource class map, SSH keys, hosted cluster policies, external access domain) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replaces the podman-based installer approach with netris-test-infra native Ansible deployment. Each component's code and images are extracted from CI-built container images and passed to the Ansible roles via EXTRA_VARS. Step registry changes: - Add osac-project-netris-lab chain (deploy → deploy-ocp → deploy-osac) - Add deploy-ocp step (make deploy-ocp) - Add deploy-osac step with 8 image dependencies for full component testing (installer, operator, fulfillment-service, osac-cli, osac-aap-ee, osac-aap-code, operator-code, fs-code) - Add gather step (make gather) - Move CaaS steps to netris/caas/ (setup-caas, deploy-caas) - Remove old caas-discover, caas-setup, configure, ocp-install steps - Update CaaS workflow to use chain + netris-native steps CI config changes: - Add e2e-netris-caas presubmit to all 4 component repos - Add promoted container images (fulfillment-service, osac-aap-ee) - Add code images (osac-operator-code, fulfillment-service-code) - Import upstream images for non-tested components via base_images - Override with locally built PR images for the tested component - Extract component code onto installer submodule paths for exact revision alignment Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
danmanor
force-pushed
the
osac-netris-lab-ci-workflow
branch
from
44dbdb5 to
e14a940
Compare
danmanor
changed the title
openshift-ci-robot
added
the
jira/valid-reference
Contributor
|
@danmanor: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
danmanor
changed the title
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
danmanor
changed the title
Contributor
|
@danmanor: This pull request references OSAC-1630 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Contributor
Author
|
/pj-rehearse pull-ci-osac-project-osac-aap-main-e2e-netris-caas |
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
@danmanor: your |
Contributor
|
[REHEARSALNOTIFIER]
Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
Contributor
|
@danmanor: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
e2e-netris-caaspresubmit test to all 4 OSAC component repos (osac-operator, fulfillment-service, osac-aap, osac-installer)Changes
Step Registry (
ci-operator/step-registry/osac-project/netris/)osac-project-netris-lab): deploy → deploy-ocp → deploy-osacmake setup && make deploy-lab(installs ansible/make prerequisites first)make deploy-ocp(replaces old configure + ocp-install)make gather(replaces osac-project-gather)netris/caas/(setup-caas, deploy-caas)CI Configs (
ci-operator/config/osac-project/)osac-operator-code,fulfillment-service-code) for submodule alignmentfulfillment-serviceandosac-aap-eepromoted imagese2e-netris-caastest explicitly lists all 8 image dependenciesImage Dependencies per Test
OSAC_INSTALLER_IMAGEOSAC_OPERATOR_IMAGEOSAC_OPERATOR_CODE_IMAGEFULFILLMENT_SERVICE_IMAGEFULFILLMENT_SERVICE_CODE_IMAGEOSAC_CLI_IMAGEOSAC_AAP_EE_IMAGEOSAC_AAP_CODE_IMAGESummary by CodeRabbit
This PR restructures the OSAC Netris CI workflow so e2e validation deploys the actual component artifacts and images produced by the component repos/CI (instead of always deploying from upstream
mainbuilds). It adds ane2e-netris-caaspresubmit test across the four OSAC component repositories:osac-operator,fulfillment-service,osac-aap, andosac-installer.What changed (practical impact)
ci-operator/step-registry/osac-project/netris/lab/:make setup && make deploy-labmake deploy-ocp(consolidating OCP deployment prep into one step)EXTRA_VARSmake gather(replacing the previous gather step behavior)ci-operator/step-registry/osac-project/netris/caas/, and the newosac-project-netris-caasworkflow composes the lab chain plus CAAS setup/deploy phases.Component CI configuration updates (all four repos)
Under
ci-operator/config/osac-project/, each repository’s CI config was updated to support the promoted-image model and to wire explicit image dependencies fore2e-netris-caas:fulfillment-service-codeimage promotion/build wiring; adjustse2e-vmaasto use the promoted component image; addse2e-netris-caaswith dependency wiring.osac-aap-ee) rather than*-pr; adjustse2e-vmaas; addse2e-netris-caas.base_images.dev-scriptsinputs for the full dependency set (installer + CLI + operator/AAp/FS code+EE); addse2e-netris-caaswith intranet capability.osac-operator-code(instead ofosac-operator-pr); updates promotions/exclusions; adjustse2e-vmaas; addse2e-netris-caas.Image dependency model for
e2e-netris-caasThe new
e2e-netris-caastest explicitly wires eight images:OSAC_INSTALLER_IMAGEOSAC_OPERATOR_IMAGEOSAC_OPERATOR_CODE_IMAGEFULFILLMENT_SERVICE_IMAGEFULFILLMENT_SERVICE_CODE_IMAGEOSAC_CLI_IMAGEOSAC_AAP_EE_IMAGEOSAC_AAP_CODE_IMAGEWhen testing a component PR, that component’s locally-built images override upstream images; the other components’ images come from upstream/promoted sources.
Script/step behavior updates
NETRIS_INTEGRATIONsupport and refactored the remote SSH bootstrap to use positional arguments passed into the remote script, including NETRIS-derived env flag generation for cluster fulfillment.netris-test-infra, runningmake setup/deploy/gather, and performing image extraction from the CI-built containers before deployment.OWNERSentries and new step/workflow*.ref.yamlplus metadata for the lab chain and CAAS steps.Jira/automation notes
Automated robot comments indicate the PR references Jira OSAC-1630, but the issue’s configured target version does not match the expected target branch version (warning that the expected task target version should be
5.0.0, while no valid target version is set).