OSAC-866: Consolidate 8 periodic vmaas jobs into 2 by omer-vishlitzky · Pull Request #80146 · openshift/release

omer-vishlitzky · 2026-06-05T10:45:23Z

Summary

Replaces 8 separate periodic vmaas CI jobs — each provisioning a full OCP cluster just to run a single test file — with 3 consolidated periodics:

e2e-vmaas-periodic (every 12h): boots from cluster-tool snapshot, runs all vmaas tests in one job. Same workflow as the presubmit e2e-vmaas.
e2e-vmaas-full-setup-kustomize (nightly): full OCP installation via assisted-installer, deploys OSAC via kustomize, runs all vmaas tests.
e2e-vmaas-full-setup-helm (nightly): full OCP installation via assisted-installer, deploys OSAC via helm, runs all vmaas tests.

All periodics send Slack notifications via osac-project-notify with custom labels.

Changes

ci-operator config (osac-test-infra):

Delete 8 e2e-metal-vmaas-* periodic entries
Add 3 consolidated periodics

ci-operator config (osac-installer):

Add helm binary to osac-installer dockerfile_literal

Step registry:

osac-project-baremetal-test: replace single-file TEST env var with TEST_SUITE (default: vmaas) — runs full pytest tests/vmaas/ with JUnit XML
osac-project-installer: add DEPLOY_MODE (default: kustomize) and VALUES_FILE (default: values/vmaas-ci.yaml) env vars, pass them to setup.sh
osac-project-cluster-tool-vmaas workflow: add osac-project-notify to post steps
osac-project-ofcir-baremetal workflow: change CLUSTERTYPE to assisted_large_el9, add osac-project-notify to post steps
osac-project-notify: add NOTIFY_LABEL env var for custom Slack message headers

Net: 8 jobs → 3 jobs, -596 lines in the first commit

Jira

OSAC-866 — Consolidate 8 periodic vmaas jobs into a single full-installation nightly job

Test plan

Rehearse e2e-vmaas-periodic — boots from snapshot, runs all vmaas tests
Rehearse e2e-vmaas-full-setup-kustomize — full OCP install + kustomize deploy + all vmaas tests
Rehearse e2e-vmaas-full-setup-helm — full OCP install + helm deploy + all vmaas tests
Verify Slack notifications fire with correct labels for periodic jobs
Verify presubmit e2e-vmaas is unaffected

Summary by CodeRabbit

This PR updates OSAC’s OpenShift CI configuration to consolidate multiple vmaas periodic jobs into a smaller set and to improve test execution, deployment-mode flexibility, and Slack notifications across the OSAC CI repo(s).

What changed in practical terms

CI job consolidation: Removed eight older e2e-metal-vmaas-* periodics and introduced three consolidated periodics:
- e2e-vmaas-periodic (every 12h) — boots from a cluster-tool snapshot and runs the full vmaas test suite in one job (aligns with presubmit e2e-vmaas).
- e2e-vmaas-full-setup-kustomize (nightly) — full OCP install via assisted-installer, deploy OSAC with kustomize, run full vmaas tests.
- e2e-vmaas-full-setup-helm (nightly) — full OCP install via assisted-installer, deploy OSAC with helm, run full vmaas tests.
Notifications: All new periodics call osac-project-notify and support customizable NOTIFY_LABEL values so Slack messages show descriptive job labels.

Key implementation details

Test runner and artifacts
- baremetal test step now uses TEST_SUITE (default "vmaas") instead of TEST, runs pytest against tests//, and emits junit_${TEST_SUITE}.xml.
- Added artifact collection and explicit write of PASSED/FAILED to ${SHARED_DIR}/test-result so notify step can report actual results.
Deployment mode and Helm support
- osac-installer image Dockerfile_literal now installs Helm (v3.17.3) so the installer image can perform Helm deployments.
- Installer step adds DEPLOY_MODE (default: kustomize) and VALUES_FILE (default: values/vmaas-ci.yaml) and passes them into the setup invocation; DEPLOY_MODE=helm is used by the helm full-setup job.
Workflows and labels
- osac-project-cluster-tool-vmaas and osac-project-ofcir-baremetal workflows include osac-project-notify in post steps; ofcir-baremetal CLUSTERTYPE set to assisted_large_el9 for these runs.
- osac-project-notify step and script accept NOTIFY_LABEL (falls back to JOB_NAME) and the helm full-setup job explicitly overrides NOTIFY_LABEL to “Full Setup vmaas (helm)”.
- Steps now ensure test-result is written so notify can display pass/fail.

Files/areas affected (high level)

ci-operator config: osac-test-infra (periodic job matrix removed/added)
ci-operator config: osac-installer (embedded Dockerfile add helm)
step-registry: baremetal test step and ref, cluster-tool vmaas workflow, ofcir-baremetal workflow, installer step and ref, notify step and script, cluster-tool test script

Impact

Reduces periodic jobs from 8 → 3 while preserving end-to-end coverage and adding nightly full-setup variants for both kustomize and helm.
Adds Helm deployment testing and parameterized installer behavior, ensures JUnit artifacts are collected per-suite, and improves Slack notification clarity by using descriptive labels and actual pass/fail reporting.
Net repository diff is a reduction in lines (first commit ~ -596 lines). Presubmit e2e-vmaas workflows are unchanged.

Jira: OSAC-866

Replace 8 separate periodic vmaas CI jobs (each installing a full OCP cluster to run a single test file) with two consolidated periodics: - e2e-vmaas-periodic: runs every 12h via cluster-tool snapshot boot, executes all vmaas tests in one job - e2e-vmaas-full-install: runs nightly with full OCP installation (no cluster-tool), deploys OSAC via osac-installer, runs all vmaas tests Changes: - Delete 8 e2e-metal-vmaas-* periodic entries from ci-operator config - Modify osac-project-baremetal-test step: replace single-file TEST env var with TEST_SUITE (default: vmaas) that runs the full suite - Add osac-project-notify to post steps of both workflows for Slack notifications (skipped for non-periodic jobs) - Add NOTIFY_LABEL env var to notify step for custom Slack headers - Change osac-project-ofcir-baremetal CLUSTERTYPE to assisted_large_el9 - Regenerate Prow job configs via make jobs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

openshift-ci-robot · 2026-06-05T10:45:27Z

@omer-vishlitzky: This pull request references OSAC-866 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

Replaces 8 separate periodic vmaas CI jobs — each provisioning a full OCP cluster just to run a single test file — with 2 consolidated periodics:

e2e-vmaas-periodic (every 12h): boots from cluster-tool snapshot, runs all vmaas tests in one job. Same workflow as the presubmit e2e-vmaas.

e2e-vmaas-full-install (nightly): full OCP installation via assisted-installer (no cluster-tool), deploys OSAC via osac-installer, runs all vmaas tests. Validates the full installation path end-to-end.

Both periodics send Slack notifications via osac-project-notify with custom labels ("E2E vmaas" / "Full Install vmaas").

Changes

Delete 8 e2e-metal-vmaas-* periodic entries from ci-operator config

Modify osac-project-baremetal-test step: replace single-file TEST env var with TEST_SUITE (default: vmaas) that runs pytest tests/vmaas/ with JUnit XML output

Add osac-project-notify to post steps of osac-project-cluster-tool-vmaas and osac-project-ofcir-baremetal workflows (no-op for non-periodic jobs)

Add NOTIFY_LABEL env var to notify step for custom Slack message headers

Change osac-project-ofcir-baremetal CLUSTERTYPE from assisted_medium_el9 to assisted_large_el9

Regenerate Prow job configs via make jobs

Net: -596 lines (8 jobs → 2 jobs)

Jira

OSAC-866 — Consolidate 8 periodic vmaas jobs into a single full-installation nightly job

OSAC-914 — Enable parallel execution of VMaaS E2E tests (related)

Test plan

Rehearse e2e-vmaas-periodic — verify it boots from snapshot and runs all vmaas tests

Rehearse e2e-vmaas-full-install — verify full OCP install + OSAC deploy + all vmaas tests

Verify Slack notifications fire with correct labels for periodic jobs

Verify presubmit e2e-vmaas is unaffected (no cron, same workflow)

Verify no other configs reference the deleted test entries

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-06-05T10:45:47Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 29b47914-7ff6-45b1-aa6d-a571f0f773ff

📥 Commits

Reviewing files that changed from the base of the PR and between 82900be and b81d843.

📒 Files selected for processing (3)

ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh
ci-operator/step-registry/osac-project/cluster-tool/test/osac-project-cluster-tool-test-commands.sh

🚧 Files skipped from review as they are similar to previous changes (1)

ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh

Walkthrough

OSAC test infra switches from single-file test selection to TEST_SUITE directories, the baremetal test script adds artifact collection and pytest JUnit output, installer and workflows gain DEPLOY_MODE/VALUES_FILE and Helm support, and workflows add notification/gather post-steps with configurable Slack labels.

Changes

OSAC Test Infrastructure Modernization

Layer / File(s)	Summary
Test Suite Parameter Contract `ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-ref.yaml`	`TEST` parameter replaced by `TEST_SUITE` (default `"vmaas"`) selecting `tests/<suite>/` directories.
Test Execution with Artifact Collection `ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh`	Script now uses `TEST_SUITE`, creates remote `RESULTS_DIR`, installs `collect_artifacts` trap to scp JUnit XML back to `${ARTIFACT_DIR}`, and runs `pytest --junitxml` inside the test container with explicit exit handling.
Installer deploy-mode and Helm `ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml`, `ci-operator/step-registry/osac-project/installer/osac-project-installer-commands.sh`, `ci-operator/step-registry/osac-project/installer/osac-project-installer-ref.yaml`	Installer image now installs Helm v3.17.3; installer step and command forward `DEPLOY_MODE` and `VALUES_FILE` into the container and declare their defaults (`kustomize`, `values/vmaas-ci.yaml`), and `INGRESS_SERVICE` is recorded.
Workflow integration and test manifest consolidation `ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml`, `ci-operator/step-registry/osac-project/cluster-tool/vmaas/osac-project-cluster-tool-vmaas-workflow.yaml`, `ci-operator/step-registry/osac-project/ofcir/baremetal/osac-project-ofcir-baremetal-workflow.yaml`	Replaced legacy `e2e-metal-vmaas-*` scheduled entries with `e2e-vmaas-periodic`, `e2e-vmaas-full-setup-kustomize`, and `e2e-vmaas-full-setup-helm` (the helm job sets `DEPLOY_MODE: helm`), and added notification/gather post-steps plus `NOTIFY_LABEL` and updated `CLUSTERTYPE`.
Notification label configuration `ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh`, `ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.yaml`	Added `NOTIFY_LABEL` env var (default empty) and changed `MESSAGE` to use derived `LABEL` (falls back to `JOB_NAME`).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

lgtm, rehearsals-ack

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'OSAC-866: Consolidate 8 periodic vmaas jobs into 2' accurately and specifically describes the main change: consolidating multiple periodic CI jobs into fewer consolidated jobs, with a clear reference to the Jira issue.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only CI configuration, shell scripts, and YAML files. No Ginkgo test code or test declarations (It(), Describe(), etc.) are present in the changes.
Test Structure And Quality	✅ Passed	No Ginkgo test code in this PR; it only modifies CI configuration files, shell scripts, and Dockerfile. The custom check is not applicable to infrastructure/configuration changes.
Microshift Test Compatibility	✅ Passed	PR adds no new Ginkgo e2e tests. Changes are CI configuration (YAML/shell scripts) only, consolidating existing vmaas periodic jobs without adding test code.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds no new Ginkgo e2e tests. Changes are CI config/scripts/workflows only. Tests consolidated are pytest-based, not Ginkgo. SNO compatibility check not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR contains only CI/CD configuration, test scripts, and Dockerfile changes. No Kubernetes deployment manifests, pod scheduling constraints, or topology-aware scheduling requirements are introduced.
Ote Binary Stdout Contract	✅ Passed	PR contains only YAML CI config and shell scripts; no OTE binary or Go code changes subject to stdout contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR contains no new Ginkgo e2e tests. Changes are limited to CI/CD infrastructure (YAML configs, shell scripts), not test implementations. Check is not applicable.
No-Weak-Crypto	✅ Passed	PR contains no weak cryptographic algorithms, custom crypto implementations, or non-constant-time secret comparisons. Changes are CI/CD configuration and test infrastructure modifications only.
Container-Privileges	✅ Passed	No privileged container configurations found. PR contains CI/step-registry YAML and bash scripts with no privileged: true, hostPID/Network/IPC, SYS_ADMIN, or allowPrivilegeEscalation: true settings.
No-Sensitive-Data-In-Logs	✅ Passed	No sensitive data exposed in logs. WEBHOOK_URL kept private, pull-secrets masked with sed, debug logging disabled, new environment variables contain only non-sensitive configuration.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

omer-vishlitzky · 2026-06-05T10:51:36Z

/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-osac-aap-main-e2e-vmaas pull-ci-osac-project-fulfillment-service-main-e2e-vmaas pull-ci-osac-project-osac-operator-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-e2e-vmaas periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-install periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-periodic

openshift-merge-bot · 2026-06-05T10:51:38Z

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

coderabbitai

🧹 Nitpick comments (1)

ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh (1)

19-27: ⚡ Quick win

Validate TEST_SUITE before using it in paths.

TEST_SUITE is interpolated into file paths and the pytest target without format checks. A simple allowlist regex avoids unintended path expansion (for example ../...) and keeps suite selection bounded.

Suggested patch

+if [[ ! "${TEST_SUITE}" =~ ^[a-zA-Z0-9_-]+$ ]]; then
+  echo "Invalid TEST_SUITE: ${TEST_SUITE}"
+  exit 1
+fi
+
 echo "Running OSAC E2E tests: suite=${TEST_SUITE}"

Also applies to: 30-57

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh`
around lines 19 - 27, Validate and sanitize TEST_SUITE before it is used in
paths and passed to pytest: add an allowlist check (e.g. /^[A-Za-z0-9._-]+$/ or
similar) at the top of the script that rejects or exits on any value not
matching the regex, normalize/strip dangerous sequences (e.g. remove leading ../
or path separators) and use the validated variable in the ssh command invocation
and any file/path concatenations (referencing TEST_SUITE in the ssh -F ...
ci_machine bash -s invocation and any later uses of TEST_SUITE in file
paths/pytest targets) so untrusted values cannot cause path traversal or command
injection.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh`:
- Around line 19-27: Validate and sanitize TEST_SUITE before it is used in paths
and passed to pytest: add an allowlist check (e.g. /^[A-Za-z0-9._-]+$/ or
similar) at the top of the script that rejects or exits on any value not
matching the regex, normalize/strip dangerous sequences (e.g. remove leading ../
or path separators) and use the validated variable in the ssh command invocation
and any file/path concatenations (referencing TEST_SUITE in the ssh -F ...
ci_machine bash -s invocation and any later uses of TEST_SUITE in file
paths/pytest targets) so untrusted values cannot cause path traversal or command
injection.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 0baa4d92-b663-431d-b733-7400c21f237c

📥 Commits

Reviewing files that changed from the base of the PR and between 165d3b4 and bda84a4.

⛔ Files ignored due to path filters (1)

ci-operator/jobs/osac-project/osac-test-infra/osac-project-osac-test-infra-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (7)

ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-commands.sh
ci-operator/step-registry/osac-project/baremetal/test/osac-project-baremetal-test-ref.yaml
ci-operator/step-registry/osac-project/cluster-tool/vmaas/osac-project-cluster-tool-vmaas-workflow.yaml
ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh
ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.yaml
ci-operator/step-registry/osac-project/ofcir/baremetal/osac-project-ofcir-baremetal-workflow.yaml

omer-vishlitzky · 2026-06-05T14:38:09Z

/pj-rehearse

openshift-merge-bot · 2026-06-05T14:38:11Z

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml`:
- Around line 30-32: The Dockerfile RUN that fetches and extracts Helm (the RUN
line using curl to download https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz
and then tar/mv) must verify the artifact before extraction: download both the
tarball and its published SHA256 file (or the .tar.gz.sha256sum), compute the
local sha256 (sha256sum) and compare to the published value, aborting the build
if they differ; only after successful verification proceed to tar -xzf and mv
/tmp/linux-amd64/helm /usr/local/bin/helm. Ensure the verification is done in
the same RUN step so intermediate layers don’t keep an unverified artifact and
clean up downloaded files afterwards.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 4b09841d-8ac4-43e5-ba8f-e38838e53110

📥 Commits

Reviewing files that changed from the base of the PR and between bda84a4 and 2bfb9e4.

⛔ Files ignored due to path filters (1)

ci-operator/jobs/osac-project/osac-test-infra/osac-project-osac-test-infra-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (5)

ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml
ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
ci-operator/step-registry/osac-project/installer/osac-project-installer-commands.sh
ci-operator/step-registry/osac-project/installer/osac-project-installer-ref.yaml
ci-operator/step-registry/osac-project/ofcir/baremetal/osac-project-ofcir-baremetal-workflow.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml

coderabbitai · 2026-06-05T14:40:17Z

+      RUN dnf install -y git jq && \
+          curl -fsSL https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz | tar xz -C /tmp && \
+          mv /tmp/linux-amd64/helm /usr/local/bin/helm


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail # Verify Helm release artifact has published checksums for the pinned version. ver="v3.17.3" curl -fsSL "https://get.helm.sh/helm-${ver}-linux-amd64.tar.gz.sha256" | sed -n '1,3p' curl -fsSL "https://get.helm.sh/helm-${ver}-linux-amd64.tar.gz.sha256sum" | sed -n '1,3p'

Repository: openshift/release

Length of output: 224

Add checksum verification for downloaded Helm artifact

The Docker build installs Helm fetched from the network (curl ... | tar) without checksum/signature verification, leaving a supply-chain integrity gap. Helm v3.17.3 publishes SHA256 checksums, so downloading the tarball and verifying it with sha256sum before extracting/install is straightforward.

Suggested hardening diff

- RUN dnf install -y git jq && \ - curl -fsSL https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz | tar xz -C /tmp && \ - mv /tmp/linux-amd64/helm /usr/local/bin/helm + ARG HELM_VERSION=v3.17.3 + ARG HELM_SHA256 + RUN dnf install -y git jq && \ + curl -fsSLo /tmp/helm.tar.gz "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" && \ + echo "${HELM_SHA256} /tmp/helm.tar.gz" | sha256sum -c - && \ + tar xzf /tmp/helm.tar.gz -C /tmp && \ + install -m 0755 /tmp/linux-amd64/helm /usr/local/bin/helm

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml` around lines 30 - 32, The Dockerfile RUN that fetches and extracts Helm (the RUN line using curl to download https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz and then tar/mv) must verify the artifact before extraction: download both the tarball and its published SHA256 file (or the .tar.gz.sha256sum), compute the local sha256 (sha256sum) and compare to the published value, aborting the build if they differ; only after successful verification proceed to tar -xzf and mv /tmp/linux-amd64/helm /usr/local/bin/helm. Ensure the verification is done in the same RUN step so intermediate layers don’t keep an unverified artifact and clean up downloaded files afterwards.

omer-vishlitzky · 2026-06-05T14:41:05Z

/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-fulfillment-service-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-images pull-ci-osac-project-osac-operator-main-e2e-vmaas pull-ci-osac-project-osac-aap-main-e2e-vmaas periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-kustomize periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-periodic

openshift-merge-bot · 2026-06-05T14:41:09Z

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

omer-vishlitzky · 2026-06-05T16:12:51Z

/pj-rehearse periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm pull-ci-osac-project-osac-installer-main-e2e-vmaas

openshift-merge-bot · 2026-06-05T16:12:54Z

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

- Add helm binary to osac-installer dockerfile_literal - Add DEPLOY_MODE and VALUES_FILE env vars to osac-project-installer step (default: kustomize, values/vmaas-ci.yaml) - Rename e2e-vmaas-full-install to e2e-vmaas-full-setup-kustomize - Add e2e-vmaas-full-setup-helm nightly periodic (DEPLOY_MODE=helm) - Update notify label to "Full Setup vmaas (kustomize)" - Regenerate Prow job configs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

omer-vishlitzky · 2026-06-05T18:05:22Z

/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-fulfillment-service-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-images pull-ci-osac-project-osac-operator-main-e2e-vmaas pull-ci-osac-project-osac-aap-main-e2e-vmaas periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-kustomize periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-periodic

openshift-merge-bot · 2026-06-05T18:05:25Z

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

omer-vishlitzky · 2026-06-05T21:39:38Z

/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-osac-operator-main-e2e-vmaas

openshift-merge-bot · 2026-06-05T21:39:41Z

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

- Override NOTIFY_LABEL in e2e-vmaas-full-setup-helm job config so Slack shows "Full Setup vmaas (helm)" instead of "(kustomize)" - Write PASSED/FAILED to ${SHARED_DIR}/test-result in both test steps (baremetal-test and cluster-tool-test) so the notify step can report actual results instead of "UNKNOWN" Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

openshift-merge-bot · 2026-06-07T01:19:40Z

[REHEARSALNOTIFIER]
@omer-vishlitzky: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-osac-project-osac-installer-main-e2e-vmaas	osac-project/osac-installer	presubmit	Ci-operator config changed
pull-ci-osac-project-osac-installer-main-images	osac-project/osac-installer	presubmit	Ci-operator config changed
pull-ci-osac-project-fulfillment-service-main-e2e-vmaas	osac-project/fulfillment-service	presubmit	Registry content changed
pull-ci-osac-project-osac-aap-main-e2e-vmaas	osac-project/osac-aap	presubmit	Registry content changed
pull-ci-osac-project-osac-test-infra-main-e2e-vmaas	osac-project/osac-test-infra	presubmit	Registry content changed
pull-ci-osac-project-osac-operator-main-e2e-vmaas	osac-project/osac-operator	presubmit	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-periodic	N/A	periodic	Periodic changed
periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm	N/A	periodic	Periodic changed
periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-kustomize	N/A	periodic	Periodic changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

omer-vishlitzky · 2026-06-07T01:20:51Z

/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-fulfillment-service-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-images pull-ci-osac-project-osac-operator-main-e2e-vmaas pull-ci-osac-project-osac-aap-main-e2e-vmaas periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-kustomize periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-periodic

openshift-merge-bot · 2026-06-07T01:20:53Z

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

openshift-ci · 2026-06-07T09:19:05Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danmanor, omer-vishlitzky

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~ci-operator/config/osac-project/osac-installer/OWNERS~~ [danmanor,omer-vishlitzky]
~~ci-operator/config/osac-project/osac-test-infra/OWNERS~~ [danmanor,omer-vishlitzky]
~~ci-operator/jobs/osac-project/osac-test-infra/OWNERS~~ [danmanor,omer-vishlitzky]
~~ci-operator/step-registry/osac-project/baremetal/test/OWNERS~~ [danmanor,omer-vishlitzky]
~~ci-operator/step-registry/osac-project/cluster-tool/test/OWNERS~~ [danmanor,omer-vishlitzky]
~~ci-operator/step-registry/osac-project/cluster-tool/vmaas/OWNERS~~ [danmanor,omer-vishlitzky]
~~ci-operator/step-registry/osac-project/installer/OWNERS~~ [danmanor,omer-vishlitzky]
~~ci-operator/step-registry/osac-project/notify/OWNERS~~ [danmanor,omer-vishlitzky]
~~ci-operator/step-registry/osac-project/ofcir/baremetal/OWNERS~~ [danmanor,omer-vishlitzky]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

omer-vishlitzky · 2026-06-07T09:24:18Z

/pj-rehearse ack

openshift-merge-bot · 2026-06-07T09:24:20Z

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

openshift-ci · 2026-06-07T09:35:14Z

@omer-vishlitzky: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-install	`bda84a4`	link	unknown	`/pj-rehearse periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-install`
ci/rehearse/periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm	`b81d843`	link	unknown	`/pj-rehearse periodic-ci-osac-project-osac-test-infra-main-e2e-vmaas-full-setup-helm`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 5, 2026

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 5, 2026

openshift-ci Bot requested review from adriengentil and akshaynadkarni June 5, 2026 10:46

coderabbitai Bot reviewed Jun 5, 2026

View reviewed changes

omer-vishlitzky force-pushed the osac-866-consolidate-vmaas-periodics branch from 2bfb9e4 to 82900be Compare June 5, 2026 18:00

danmanor approved these changes Jun 7, 2026

View reviewed changes

openshift-ci Bot assigned danmanor Jun 7, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 7, 2026

openshift-merge-bot Bot added the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label Jun 7, 2026

openshift-merge-bot Bot merged commit 063f24e into openshift:main Jun 7, 2026
26 of 27 checks passed

Conversation

omer-vishlitzky commented Jun 5, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Changes

Jira

Test plan

Summary by CodeRabbit

Uh oh!

openshift-ci-robot commented Jun 5, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Changes

Jira

Test plan

Uh oh!

coderabbitai Bot commented Jun 5, 2026 • edited by atlassian Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Suggested labels

❌ Failed checks (1 warning)

Uh oh!

omer-vishlitzky commented Jun 5, 2026

Uh oh!

openshift-merge-bot Bot commented Jun 5, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

omer-vishlitzky commented Jun 5, 2026

Uh oh!

openshift-merge-bot Bot commented Jun 5, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 5, 2026

Choose a reason for hiding this comment

Uh oh!

omer-vishlitzky commented Jun 5, 2026

Uh oh!

openshift-merge-bot Bot commented Jun 5, 2026

Uh oh!

omer-vishlitzky commented Jun 5, 2026

Uh oh!

openshift-merge-bot Bot commented Jun 5, 2026

Uh oh!

omer-vishlitzky commented Jun 5, 2026

Uh oh!

openshift-merge-bot Bot commented Jun 5, 2026

Uh oh!

omer-vishlitzky commented Jun 5, 2026

Uh oh!

openshift-merge-bot Bot commented Jun 5, 2026

Uh oh!

openshift-merge-bot Bot commented Jun 7, 2026

Uh oh!

omer-vishlitzky commented Jun 7, 2026

Uh oh!

openshift-merge-bot Bot commented Jun 7, 2026

Uh oh!

openshift-ci Bot commented Jun 7, 2026

Uh oh!

omer-vishlitzky commented Jun 7, 2026

Uh oh!

openshift-merge-bot Bot commented Jun 7, 2026

Uh oh!

openshift-ci Bot commented Jun 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

omer-vishlitzky commented Jun 5, 2026 •

edited by openshift-ci Bot

Loading

openshift-ci-robot commented Jun 5, 2026 •

edited by openshift-ci Bot

Loading

coderabbitai Bot commented Jun 5, 2026 •

edited by atlassian Bot

Loading