OSAC-866: Consolidate 8 periodic vmaas jobs into 2

[omer-vishlitzky]

Summary

Replaces 8 separate periodic vmaas CI jobs — each provisioning a full OCP cluster just to run a single test file — with 3 consolidated periodics:

• e2e-vmaas-periodic (every 12h): boots from cluster-tool snapshot, runs all vmaas tests in one job. Same workflow as the presubmit e2e-vmaas.
• e2e-vmaas-full-setup-kustomize (nightly): full OCP installation via assisted-installer, deploys OSAC via kustomize, runs all vmaas tests.
• e2e-vmaas-full-setup-helm (nightly): full OCP installation via assisted-installer, deploys OSAC via helm, runs all vmaas tests.

All periodics send Slack notifications via osac-project-notify with custom labels.

Changes

ci-operator config (osac-test-infra):

• Delete 8 e2e-metal-vmaas-* periodic entries
• Add 3 consolidated periodics

ci-operator config (osac-installer):

• Add helm binary to osac-installer dockerfile_literal

Step registry:

• osac-project-baremetal-test: replace single-file TEST env var with TEST_SUITE (default: vmaas) — runs full pytest tests/vmaas/ with JUnit XML
• osac-project-installer: add DEPLOY_MODE (default: kustomize) and VALUES_FILE (default: values/vmaas-ci.yaml) env vars, pass them to setup.sh
• osac-project-cluster-tool-vmaas workflow: add osac-project-notify to post steps
• osac-project-ofcir-baremetal workflow: change CLUSTERTYPE to assisted_large_el9, add osac-project-notify to post steps
• osac-project-notify: add NOTIFY_LABEL env var for custom Slack message headers

Net: 8 jobs → 3 jobs, -596 lines in the first commit

Jira

• OSAC-866 — Consolidate 8 periodic vmaas jobs into a single full-installation nightly job

Test plan

• Rehearse e2e-vmaas-periodic — boots from snapshot, runs all vmaas tests
• Rehearse e2e-vmaas-full-setup-kustomize — full OCP install + kustomize deploy + all vmaas tests
• Rehearse e2e-vmaas-full-setup-helm — full OCP install + helm deploy + all vmaas tests
• Verify Slack notifications fire with correct labels for periodic jobs
• Verify presubmit e2e-vmaas is unaffected

Summary by CodeRabbit

This PR updates OSAC's OpenShift CI configuration to consolidate multiple vmaas periodic jobs and improve deployment/test workflows and notifications across the OSAC CI repo(s). It replaces the previous set of e2e-metal-vmaas periodic jobs with three consolidated periodics and adds Helm deployment support, improved test-suite handling, and customizable Slack notification labels.

What changed in practical terms

• CI configuration (ci-operator configs and step-registry) for the OSAC project is modified: eight older periodic e2e-metal-vmaas-* jobs were removed and replaced by three new periodic workflows:
  • e2e-vmaas-periodic (every 12h): boots from a cluster-tool snapshot and runs all vmaas tests in one job (matches presubmit e2e-vmaas workflow).
  • e2e-vmaas-full-setup-kustomize (nightly): full OCP install via assisted-installer, deploy OSAC with kustomize, run all vmaas tests.
  • e2e-vmaas-full-setup-helm (nightly): full OCP install via assisted-installer, deploy OSAC with helm, run all vmaas tests.
• All new periodics send Slack notifications using osac-project-notify with configurable NOTIFY_LABELs for custom message headers.

Key implementation details

1. Test runner and artifacts

   • The baremetal test step now accepts TEST_SUITE (default "vmaas") instead of TEST and runs pytest directly, producing JUnit XML files (junit_${TEST_SUITE}.xml). Results collection was added (copying JUnit artifacts back to ARTIFACT_DIR) and exit handling improved.

2. Deployment mode / Helm support

   • The osac-installer image now includes a Helm binary (Helm v3.17.3 added to the Dockerfile literal).
   • Installer step/env adds DEPLOY_MODE (default: kustomize) and VALUES_FILE (default: values/vmaas-ci.yaml) and these are passed into the installer invocation to support both kustomize and helm deployments.

3. Notification and workflow changes

   • osac-project-notify gained a NOTIFY_LABEL env var to customize Slack message headers (falls back to JOB_NAME).
   • osac-project-cluster-tool-vmaas and osac-project-ofcir-baremetal workflows now include osac-project-notify in post steps. ofcir-baremetal CLUSTERTYPE was changed to assisted_large_el9 and NOTIFY_LABEL is set for full-setup jobs.

Files/areas touched (high level)

• ci-operator configs for osac-test-infra (removed old periodics, added new periodics)
• ci-operator configs for osac-installer (embedded Dockerfile: add helm)
• step-registry: baremetal test step and ref, installer step and ref, cluster-tool vmaas workflow, ofcir-baremetal workflow, notify step and script

Impact

• Consolidates periodic vmaas testing (8 → 3 jobs) while preserving full test coverage and adding nightly full-setup variants for both kustomize and helm deployments.
• Adds Helm testing capability and parameterized deployment mode, collects JUnit test artifacts per-suite, and improves Slack notification labeling for operational clarity.
• Net repo diff reduces lines (~ -596 lines in initial commit). Presubmit e2e-vmaas workflows remain unaffected.

Jira: OSAC-866

[openshift-ci-robot]

@omer-vishlitzky: This pull request references OSAC-866 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

Replaces 8 separate periodic vmaas CI jobs — each provisioning a full OCP cluster just to run a single test file — with 2 consolidated periodics:

• e2e-vmaas-periodic (every 12h): boots from cluster-tool snapshot, runs all vmaas tests in one job. Same workflow as the presubmit e2e-vmaas.
• e2e-vmaas-full-install (nightly): full OCP installation via assisted-installer (no cluster-tool), deploys OSAC via osac-installer, runs all vmaas tests. Validates the full installation path end-to-end.

Both periodics send Slack notifications via osac-project-notify with custom labels ("E2E vmaas" / "Full Install vmaas").

Changes

• Delete 8 e2e-metal-vmaas-* periodic entries from ci-operator config
• Modify osac-project-baremetal-test step: replace single-file TEST env var with TEST_SUITE (default: vmaas) that runs pytest tests/vmaas/ with JUnit XML output
• Add osac-project-notify to post steps of osac-project-cluster-tool-vmaas and osac-project-ofcir-baremetal workflows (no-op for non-periodic jobs)
• Add NOTIFY_LABEL env var to notify step for custom Slack message headers
• Change osac-project-ofcir-baremetal CLUSTERTYPE from assisted_medium_el9 to assisted_large_el9
• Regenerate Prow job configs via make jobs

Net: -596 lines (8 jobs → 2 jobs)

Jira

• OSAC-866 — Consolidate 8 periodic vmaas jobs into a single full-installation nightly job
• OSAC-914 — Enable parallel execution of VMaaS E2E tests (related)

Test plan

• Rehearse e2e-vmaas-periodic — verify it boots from snapshot and runs all vmaas tests
• Rehearse e2e-vmaas-full-install — verify full OCP install + OSAC deploy + all vmaas tests
• Verify Slack notifications fire with correct labels for periodic jobs
• Verify presubmit e2e-vmaas is unaffected (no cron, same workflow)
• Verify no other configs reference the deleted test entries

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 49c5f4d5-72a3-484f-b4a5-d0d5527661e7

📥 Commits

Reviewing files that changed from the base of the PR and between 2bfb9e4 and 82900be.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/osac-project/osac-test-infra/osac-project-osac-test-infra-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (5)

• ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml
• ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
• ci-operator/step-registry/osac-project/installer/osac-project-installer-commands.sh
• ci-operator/step-registry/osac-project/installer/osac-project-installer-ref.yaml
• ci-operator/step-registry/osac-project/ofcir/baremetal/osac-project-ofcir-baremetal-workflow.yaml

✅ Files skipped from review due to trivial changes (1)

• ci-operator/step-registry/osac-project/installer/osac-project-installer-ref.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

• ci-operator/step-registry/osac-project/installer/osac-project-installer-commands.sh
• ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml
• ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml

---

Walkthrough

OSAC test infra switches from single-file test selection to TEST_SUITE directories, the baremetal test script adds artifact collection and pytest JUnit output, installer and workflows gain DEPLOY_MODE/VALUES_FILE and Helm support, and workflows add notification/gather post-steps with configurable Slack labels.

Changes

OSAC Test Infrastructure Modernization

Layer / File(s)	Summary
Test Suite Parameter Contract ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-ref.yaml	TEST parameter replaced by TEST_SUITE (default "vmaas") selecting tests/<suite>/ directories.
Test Execution with Artifact Collection ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh	Script now uses TEST_SUITE, creates remote RESULTS_DIR, installs collect_artifacts trap to scp JUnit XML back to ${ARTIFACT_DIR}, and runs pytest --junitxml inside the test container with explicit exit handling.
Installer deploy-mode and Helm ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml, ci-operator/step-registry/osac-project/installer/osac-project-installer-commands.sh, ci-operator/step-registry/osac-project/installer/osac-project-installer-ref.yaml	Installer image now installs Helm v3.17.3; installer step and command forward DEPLOY_MODE and VALUES_FILE into the container and declare their defaults (kustomize, values/vmaas-ci.yaml), and INGRESS_SERVICE is recorded.
Workflow integration and test manifest consolidation ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml, ci-operator/step-registry/osac-project/cluster-tool/vmaas/osac-project-cluster-tool-vmaas-workflow.yaml, ci-operator/step-registry/osac-project/ofcir/baremetal/osac-project-ofcir-baremetal-workflow.yaml	Replaced legacy e2e-metal-vmaas-* scheduled entries with e2e-vmaas-periodic, e2e-vmaas-full-setup-kustomize, and e2e-vmaas-full-setup-helm (the helm job sets DEPLOY_MODE: helm), and added notification/gather post-steps plus NOTIFY_LABEL and updated CLUSTERTYPE.
Notification label configuration ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh, ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.yaml	Added NOTIFY_LABEL env var (default empty) and changed MESSAGE to use derived LABEL (falls back to JOB_NAME).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

lgtm, rehearsals-ack

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: consolidating 8 periodic vmaas jobs into fewer (2-3) jobs, which is the core objective of the PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR is CI/CD configuration with no Go/Ginkgo tests. Contains YAML CI config, shell scripts, and Dockerfile only. Ginkgo test name check not applicable.
Test Structure And Quality	✅ Passed	This PR does not contain Ginkgo test code. It only modifies CI configuration (YAML) and shell scripts in the openshift/release repo, so the Ginkgo test quality check is not applicable.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added. PR only consolidates CI jobs and modifies how existing pytest tests are executed via shell scripts and YAML configuration.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR only modifies CI configuration YAML and shell scripts. No Ginkgo e2e tests are added; the check is not applicable to this PR.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only CI/test infrastructure (Prow configs, step templates, container images). No production deployment manifests or scheduling constraints present.
Ote Binary Stdout Contract	✅ Passed	PR contains only YAML CI configuration and shell scripts; no Go code or OTE binary changes. The OTE Binary Stdout Contract check is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests were added. PR only modifies CI configuration and test runner scripts—OSAC uses pytest (Python), not Ginkgo. No test code changes present.
No-Weak-Crypto	✅ Passed	PR contains CI/CD configuration changes (YAML, shell scripts) with no weak cryptography, custom crypto implementations, or insecure secret comparisons detected.
Container-Privileges	✅ Passed	No new privileged container settings found. Pre-existing --network=host usage in scripts is not modified by this PR.
No-Sensitive-Data-In-Logs	✅ Passed	No sensitive data logging detected. Scripts use set +x, sed filtering, and --silent flags to protect secrets; new env vars are non-sensitive strings/paths.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-osac-aap-main-e2e-vmaas pull-ci-osac-project-fulfillment-service-main-e2e-vmaas pull-ci-osac-project-osac-operator-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-e2e-vmaas periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-install periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-periodic

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

🧹 Nitpick comments (1)

ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh (1)

19-27: ⚡ Quick win

Validate TEST_SUITE before using it in paths.

TEST_SUITE is interpolated into file paths and the pytest target without format checks. A simple allowlist regex avoids unintended path expansion (for example ../...) and keeps suite selection bounded.

Suggested patch

+if [[ ! "${TEST_SUITE}" =~ ^[a-zA-Z0-9_-]+$ ]]; then
+  echo "Invalid TEST_SUITE: ${TEST_SUITE}"
+  exit 1
+fi
+
 echo "Running OSAC E2E tests: suite=${TEST_SUITE}"

Also applies to: 30-57

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh`
around lines 19 - 27, Validate and sanitize TEST_SUITE before it is used in
paths and passed to pytest: add an allowlist check (e.g. /^[A-Za-z0-9._-]+$/ or
similar) at the top of the script that rejects or exits on any value not
matching the regex, normalize/strip dangerous sequences (e.g. remove leading ../
or path separators) and use the validated variable in the ssh command invocation
and any file/path concatenations (referencing TEST_SUITE in the ssh -F ...
ci_machine bash -s invocation and any later uses of TEST_SUITE in file
paths/pytest targets) so untrusted values cannot cause path traversal or command
injection.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh`:
- Around line 19-27: Validate and sanitize TEST_SUITE before it is used in paths
and passed to pytest: add an allowlist check (e.g. /^[A-Za-z0-9._-]+$/ or
similar) at the top of the script that rejects or exits on any value not
matching the regex, normalize/strip dangerous sequences (e.g. remove leading ../
or path separators) and use the validated variable in the ssh command invocation
and any file/path concatenations (referencing TEST_SUITE in the ssh -F ...
ci_machine bash -s invocation and any later uses of TEST_SUITE in file
paths/pytest targets) so untrusted values cannot cause path traversal or command
injection.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 0baa4d92-b663-431d-b733-7400c21f237c

📥 Commits

Reviewing files that changed from the base of the PR and between 165d3b4 and bda84a4.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/osac-project/osac-test-infra/osac-project-osac-test-infra-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (7)

• ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
• ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh
• ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-ref.yaml
• ci-operator/step-registry/osac-project/cluster-tool/vmaas/osac-project-cluster-tool-vmaas-workflow.yaml
• ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh
• ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.yaml
• ci-operator/step-registry/osac-project/ofcir/baremetal/osac-project-ofcir-baremetal-workflow.yaml

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: omer-vishlitzky

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/osac-project/osac-installer/OWNERS [omer-vishlitzky]
• ci-operator/config/osac-project/osac-test-infra/OWNERS [omer-vishlitzky]
• ci-operator/jobs/osac-project/osac-test-infra/OWNERS [omer-vishlitzky]
• ci-operator/step-registry/osac-project/baremetal/test/OWNERS [omer-vishlitzky]
• ci-operator/step-registry/osac-project/cluster-tool/vmaas/OWNERS [omer-vishlitzky]
• ci-operator/step-registry/osac-project/installer/OWNERS [omer-vishlitzky]
• ci-operator/step-registry/osac-project/notify/OWNERS [omer-vishlitzky]
• ci-operator/step-registry/osac-project/ofcir/baremetal/OWNERS [omer-vishlitzky]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[omer-vishlitzky]

/pj-rehearse

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml`:
- Around line 30-32: The Dockerfile RUN that fetches and extracts Helm (the RUN
line using curl to download https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz
and then tar/mv) must verify the artifact before extraction: download both the
tarball and its published SHA256 file (or the .tar.gz.sha256sum), compute the
local sha256 (sha256sum) and compare to the published value, aborting the build
if they differ; only after successful verification proceed to tar -xzf and mv
/tmp/linux-amd64/helm /usr/local/bin/helm. Ensure the verification is done in
the same RUN step so intermediate layers don’t keep an unverified artifact and
clean up downloaded files afterwards.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 4b09841d-8ac4-43e5-ba8f-e38838e53110

📥 Commits

Reviewing files that changed from the base of the PR and between bda84a4 and 2bfb9e4.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/osac-project/osac-test-infra/osac-project-osac-test-infra-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (5)

• ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml
• ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
• ci-operator/step-registry/osac-project/installer/osac-project-installer-commands.sh
• ci-operator/step-registry/osac-project/installer/osac-project-installer-ref.yaml
• ci-operator/step-registry/osac-project/ofcir/baremetal/osac-project-ofcir-baremetal-workflow.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Verify Helm release artifact has published checksums for the pinned version.
ver="v3.17.3"
curl -fsSL "https://get.helm.sh/helm-${ver}-linux-amd64.tar.gz.sha256" | sed -n '1,3p'
curl -fsSL "https://get.helm.sh/helm-${ver}-linux-amd64.tar.gz.sha256sum" | sed -n '1,3p'

Repository: openshift/release

Length of output: 224

---

Add checksum verification for downloaded Helm artifact

The Docker build installs Helm fetched from the network (curl ... | tar) without checksum/signature verification, leaving a supply-chain integrity gap. Helm v3.17.3 publishes SHA256 checksums, so downloading the tarball and verifying it with sha256sum before extracting/install is straightforward.

Suggested hardening diff

-      RUN dnf install -y git jq && \
-          curl -fsSL https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz | tar xz -C /tmp && \
-          mv /tmp/linux-amd64/helm /usr/local/bin/helm
+      ARG HELM_VERSION=v3.17.3
+      ARG HELM_SHA256
+      RUN dnf install -y git jq && \
+          curl -fsSLo /tmp/helm.tar.gz "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" && \
+          echo "${HELM_SHA256}  /tmp/helm.tar.gz" | sha256sum -c - && \
+          tar xzf /tmp/helm.tar.gz -C /tmp && \
+          install -m 0755 /tmp/linux-amd64/helm /usr/local/bin/helm

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml`
around lines 30 - 32, The Dockerfile RUN that fetches and extracts Helm (the RUN
line using curl to download https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz
and then tar/mv) must verify the artifact before extraction: download both the
tarball and its published SHA256 file (or the .tar.gz.sha256sum), compute the
local sha256 (sha256sum) and compare to the published value, aborting the build
if they differ; only after successful verification proceed to tar -xzf and mv
/tmp/linux-amd64/helm /usr/local/bin/helm. Ensure the verification is done in
the same RUN step so intermediate layers don’t keep an unverified artifact and
clean up downloaded files afterwards.

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-fulfillment-service-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-images pull-ci-osac-project-osac-operator-main-e2e-vmaas pull-ci-osac-project-osac-aap-main-e2e-vmaas periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-kustomize periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-periodic

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[omer-vishlitzky]

/pj-rehearse periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm pull-ci-osac-project-osac-installer-main-e2e-vmaas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-fulfillment-service-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-images pull-ci-osac-project-osac-operator-main-e2e-vmaas pull-ci-osac-project-osac-aap-main-e2e-vmaas periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-kustomize periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-periodic

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@omer-vishlitzky: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-osac-project-osac-test-infra-main-e2e-vmaas	osac-project/osac-test-infra	presubmit	Registry content changed
pull-ci-osac-project-fulfillment-service-main-e2e-vmaas	osac-project/fulfillment-service	presubmit	Registry content changed
pull-ci-osac-project-osac-installer-main-e2e-vmaas	osac-project/osac-installer	presubmit	Ci-operator config changed
pull-ci-osac-project-osac-installer-main-images	osac-project/osac-installer	presubmit	Ci-operator config changed
pull-ci-osac-project-osac-aap-main-e2e-vmaas	osac-project/osac-aap	presubmit	Registry content changed
pull-ci-osac-project-osac-operator-main-e2e-vmaas	osac-project/osac-operator	presubmit	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm	N/A	periodic	Periodic changed
periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-kustomize	N/A	periodic	Periodic changed
periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-periodic	N/A	periodic	Periodic changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-osac-operator-main-e2e-vmaas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@omer-vishlitzky: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm	82900be	link	unknown	/pj-rehearse periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm
ci/rehearse/periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-install	bda84a4	link	unknown	/pj-rehearse periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-install

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.