Skip to content

Add z-stream testing#81376

Open
kasturinarra wants to merge 6 commits into
openshift:mainfrom
kasturinarra:main
Open

Add z-stream testing#81376
kasturinarra wants to merge 6 commits into
openshift:mainfrom
kasturinarra:main

Conversation

@kasturinarra

@kasturinarra kasturinarra commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

This PR extends OpenShift CI to add automated “z-stream” nightly e2e testing for the openshift/lvm-operator.

  • New CI variant/config: Adds ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml, defining an ocp nightly candidate at version 4.21. It schedules a nightly tests trigger (cron: 0 6 * * *) that runs the lvms-zstream-trigger step and sets default target resource requests to 100m CPU / 200Mi memory.
  • New step-registry trigger: Adds ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger (plus ref/metadata and OWNERS/approval routing). The step runs lvms-zstream-trigger-commands.sh in the ocp/cli-jq:latest image, mounts Gangway credentials from test-credentials at /etc/gangway, and triggers nightly LVMS e2e jobs via Gangway with MULTISTAGE_PARAM_OVERRIDE_LVM_INDEX_IMAGE set to a resolved Quay image digest.

Trigger behavior (practical impact):

  • For a fixed set of releases (4.14, 4.16, 4.18–4.21), the script:
    • Finds the latest open “z-stream” PR in openshift/lvm-operator.
    • Extracts the PR’s catalog snapshot: token from PR file diffs.
    • Resolves that snapshot to the best matching Quay catalog manifest digest by:
      • Converting the catalog snapshot version to a v{version} Quay tag prefix
      • Listing commit-style tags and selecting the one with the smallest absolute time delta versus the snapshot timestamp
    • Loads the previous successful run’s zstream-summary.json from GCS (discovered via the most recent successful Prow build id for the trigger job).
    • If the resolved digest matches the last recorded digest (and FORCE isn’t set), it skips triggering and records “skipped” job state; otherwise it triggers the configured nightly Gangway executions for the release, overriding MULTISTAGE_PARAM_OVERRIDE_LVM_INDEX_IMAGE with the resolved digest.
    • Writes per-release JSON outputs and merges them into ${WORKDIR}/zstream-summary.json, prints a concise summary, and removes the downloaded previous summary artifact when applicable.

Script correctness/hardening incorporated:

  • Adds a get_last_pr() helper to check/track whether a previously tracked release PR was merged and mark the release as completed.
  • Prevents tracing state from leaking by temporarily disabling set -x during the Gangway curl and restoring it only when tracing was previously enabled.
  • Ensures jobs output is consistently an array ([] when nothing was triggered) by building triggered_jobs as an array and emitting [] when empty.
  • Uses Prow’s prowjobs.js per job to fetch last run results (sorting by startTime) for the “skipped” case.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

This PR adds a new LVMS z-stream CI path with CI config, step-registry wiring, ownership metadata, and a Bash trigger that resolves snapshots, triggers nightly jobs through Gangway, and writes per-release summary state.

Changes

LVMS z-stream trigger

Layer / File(s) Summary
Config and registry wiring
ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml, ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.yaml, ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.metadata.json, ci-operator/step-registry/lvms/zstream/OWNERS, ci-operator/step-registry/lvms/zstream/trigger/OWNERS
Adds the zstream CI config, trigger step definition, metadata link, and OWNERS routing for the LVMS zstream area.
Bootstrap and prior state
ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
Defines runtime constants, helpers, token setup, workdir creation, and previous-summary loading.
PR snapshot and digest resolution
ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
Finds matching PRs, checks merge state, extracts snapshot tokens, and resolves snapshots to Quay digests.
Trigger execution and summary output
ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
Triggers Gangway jobs or skips unchanged digests, fetches recent nightly run states, processes each release, and writes the final summary.

Estimated code review effort: 4 (Complex) | ~60 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change: adding new z-stream testing support for the LVM operator.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed No Ginkgo tests were added; the PR only changes YAML, OWNERS, and a Bash trigger script, with no It/Describe/Context/When titles to audit.
Test Structure And Quality ✅ Passed No Ginkgo tests were changed; this PR only adds CI YAML, OWNERS, metadata, and a shell trigger script, so the test-structure check is not applicable.
Microshift Test Compatibility ✅ Passed No new Ginkgo test declarations were added; changed files are CI configs/scripts only and contain no MicroShift-guarded or unsafe test code.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No new Ginkgo tests were added; only CI config and trigger scripts, and searches found no It/Describe/Context or SNO-unsafe assumptions.
Topology-Aware Scheduling Compatibility ✅ Passed Changed files only add CI trigger config/scripts; no pod specs, affinity, nodeSelectors, topology spread, or replica logic were introduced.
Ote Binary Stdout Contract ✅ Passed No OTE binary/main() was added; the new process code is a CI shell entrypoint, and its status logging goes to stderr.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo test blocks were added; the PR only adds CI trigger/config files, with no IPv4-specific test code found.
No-Weak-Crypto ✅ Passed No weak algorithms, custom crypto, or secret/token comparisons found; only image digests are parsed and compared.
Container-Privileges ✅ Passed Added YAMLs only set resources/credentials; no privileged, hostPID/Network/IPC, allowPrivilegeEscalation, SYS_ADMIN, or root securityContext found.
No-Sensitive-Data-In-Logs ✅ Passed Logs only release/PR/snapshot/status data; token-bearing Gangway POST is wrapped with set +x, and no secrets/PII are echoed.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from eggfoobar and jaypoulz July 2, 2026 09:10
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kasturinarra
Once this PR has been reviewed and has the lgtm label, please assign jaypoulz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh (1)

14-16: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Consider making RELEASES/DRY_RUN/FORCE overridable via environment.

These are hardcoded, so enabling a dry run or forcing a re-trigger (e.g. to debug a production incident) requires a code change/PR rather than a job parameter.

♻️ Proposed refactor
-RELEASES="4.14,4.16,4.18,4.19,4.20,4.21"
-DRY_RUN=false
-FORCE=false
+RELEASES="${RELEASES:-4.14,4.16,4.18,4.19,4.20,4.21}"
+DRY_RUN="${DRY_RUN:-false}"
+FORCE="${FORCE:-false}"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh`
around lines 14 - 16, The lvms-zstream-trigger-commands.sh defaults for
RELEASES, DRY_RUN, and FORCE are hardcoded, so make them overridable from the
environment instead of fixed constants. Update the variable initialization near
the top of the script to respect externally supplied values while preserving the
current defaults when unset, and keep the existing behavior in the trigger
command path that consumes these settings.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh`:
- Around line 290-320: The process_release flow calls get_last_pr, but that
helper is missing and will cause the script to fail under set -euo pipefail
whenever no open PR is found. Add a get_last_pr implementation alongside the
existing get_last_digest logic, or refactor process_release to use the correct
helper, and make sure the returned value is safely handled before the merged
check in process_release.
- Around line 219-250: The trigger_job helper is leaking shell tracing state and
is sending the job identifier in the URL instead of the request body. In
trigger_job, preserve the prior xtrace setting around the curl call so set -x is
restored only if it was already enabled, and update the Gangway request to POST
to the executions endpoint with job_name included in the JSON payload alongside
the existing pod_spec_options. Use the existing trigger_job, http_code, and body
logic as the place to make both fixes.
- Around line 71-105: The prowjobs.js response still includes a JavaScript
variable assignment, so the jq pipeline in load_previous_summary cannot parse it
and prev_build_id never gets set. Update the curl/jq handling in
load_previous_summary to strip the leading var allBuilds = prefix before jq
processes the payload, so the previous successful build ID can be extracted
correctly and the unchanged-release path in get_last_digest can be reached.

---

Nitpick comments:
In
`@ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh`:
- Around line 14-16: The lvms-zstream-trigger-commands.sh defaults for RELEASES,
DRY_RUN, and FORCE are hardcoded, so make them overridable from the environment
instead of fixed constants. Update the variable initialization near the top of
the script to respect externally supplied values while preserving the current
defaults when unset, and keep the existing behavior in the trigger command path
that consumes these settings.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 03d11887-f605-4cc0-bb30-e98cf7d6f2bd

📥 Commits

Reviewing files that changed from the base of the PR and between 2f3b835 and e8437ab.

⛔ Files ignored due to path filters (1)
  • ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-main-periodics.yaml is excluded by !ci-operator/jobs/**
📒 Files selected for processing (6)
  • ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml
  • ci-operator/step-registry/lvms/zstream/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.metadata.json
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.yaml

@kasturinarra

Copy link
Copy Markdown
Contributor Author

/test core-valid


local tags_json
tags_json=$(curl -sSL --connect-timeout 10 --max-time 30 \
"${QUAY_API}/repository/${QUAY_REPO}/tag/?limit=50&filter_tag_name=like:${version_prefix}-on-push")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to use a different tag, the -on-push images are from PRs and not merge commits, meaning they have an expiry annotation that renders them stale. This would need to match to v{version}-{commit} instead.
We dont know the commit because the snapshot doesnt surface that info in the name (and doing the 1:1 exact mapping requires access to the konflux tenant) so the version filtering should do.
We would need to list tags, then exclude all auxiliary tags and we are left with raw commit tags and then the delta time logic would select the right one.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated, can you help check again ?

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh`:
- Around line 291-297: The fetch_last_runs path in
lvms-zstream-trigger-commands.sh is selecting the first matching Prow job from
prow_json without ordering, so it can return a stale run. Update the jq logic in
the fetch_last_runs entry construction to sort the filtered .items by a time
field before choosing the result, matching the approach used by
load_previous_summary and ensuring the latest job is used. Keep the existing
name/state/url/started fields, but make the selection deterministic by ordering
on the job completion or start timestamp before taking the final item.
- Around line 415-419: The zstream summary JSON generation in
lvms-zstream-trigger-commands.sh is serializing an empty triggered_jobs array as
[""] because the jq pipeline always consumes a blank line from printf. Update
the jobs construction near the jq object in the zstream summary block to
explicitly handle the empty-array case, so jobs becomes [] when triggered_jobs
has no entries and otherwise contains the collected job names.
- Around line 46-52: The github_curl helper in lvms-zstream-trigger-commands.sh
is making unauthenticated GitHub API requests unless GITHUB_TOKEN is present,
which can trigger rate limits and false “no PR” behavior. Update the
lvms-zstream-trigger step so it injects a GitHub token into the environment
before github_curl runs, and verify the existing github_curl function uses that
token for Authorization when available.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 260bc542-6a94-4bc7-8256-c9209e5514a3

📥 Commits

Reviewing files that changed from the base of the PR and between e8437ab and d0f342a.

⛔ Files ignored due to path filters (1)
  • ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-main-periodics.yaml is excluded by !ci-operator/jobs/**
📒 Files selected for processing (6)
  • ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml
  • ci-operator/step-registry/lvms/zstream/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.metadata.json
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.yaml
✅ Files skipped from review due to trivial changes (3)
  • ci-operator/step-registry/lvms/zstream/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.metadata.json
  • ci-operator/step-registry/lvms/zstream/trigger/OWNERS
🚧 Files skipped from review as they are similar to previous changes (2)
  • ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.yaml

kasturinarra and others added 2 commits July 2, 2026 23:00
- Switch from -on-push tags (which expire) to v{version}-{commit} merge tags
- Fix prowjobs.js parsing by stripping var/semicolon wrapper before jq
- Add missing get_last_pr() function
- Fix tracing state leak in trigger_job() with save/restore pattern
- Fix empty triggered_jobs producing [""] instead of []

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kasturinarra

Copy link
Copy Markdown
Contributor Author

/pj-rehearse periodic-ci-openshift-lvm-operator-main-zstream-trigger

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@kasturinarra: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@kasturinarra

Copy link
Copy Markdown
Contributor Author

/pj-rehearse periodic-ci-openshift-lvm-operator-main-zstream-trigger

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@kasturinarra: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

kasturinarra and others added 2 commits July 2, 2026 23:47
The v{version}-{commit} merge tags can appear before or after the
snapshot timestamp, so pick the closest match regardless of direction
instead of requiring a narrow 30-minute window.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Retry up to 3 times on HTTP 429 with exponential backoff (15s, 30s).
Increase base delay between triggers from 5s to 30s.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

[REHEARSALNOTIFIER]
@kasturinarra: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name Repo Type Reason
periodic-ci-openshift-lvm-operator-main-zstream-trigger N/A periodic Periodic changed
Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

@kasturinarra

Copy link
Copy Markdown
Contributor Author

/pj-rehearse periodic-ci-openshift-lvm-operator-main-zstream-trigger

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@kasturinarra: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@kasturinarra: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants