feat(quay): add e2e Playwright job with OIDC, LDAP, and Mailpit

[jbpratt]

Extend the Quay CI to run Playwright tests across three auth backends. A new deploy-test-services step provisions Keycloak (OIDC), 389ds (LDAP), and Mailpit (email) into the cluster. The test runner executes Database, OIDC, and LDAP auth phases sequentially with config-swap restarts between each phase.

• Rename playwright-e2e job to e2e
• Move playwright step from quay-tests/ to quay/ namespace
• Delete old quay-tests-test-quay-playwright step

Summary by CodeRabbit

This PR modifies OpenShift CI configuration for Quay Playwright end-to-end tests to deploy test services in-cluster and run a multi-phase authentication matrix (Database, OIDC, LDAP).

What changed, in practical terms:

• Affected area: ci-operator job/config and step-registry entries for Quay (ci-operator/config/quay and ci-operator/step-registry/quay).
• Job/config updates:
  • The Quay Playwright job was renamed from the old quay-tests location to a consolidated quay/ role (the Playwright job ref is now quay-test-playwright).
  • The job timeout was increased to allow the expanded workflow (refs show longer timeouts for the new steps).
  • CI config was extended to enable mail flows for tests (Mailpit-related settings are added so mailing is exercised during e2e).
• New deploy step: quay-deploy-test-services
  • Adds a commands script and ref that deploys Keycloak (OIDC), 389 Directory Server (LDAP, seeded and with a custom Quay schema), and Mailpit into the quay-enterprise namespace.
  • Waits for rollouts/readiness, verifies LDAP initialization, and writes the Keycloak Route URL to $SHARED_DIR/keycloak_route for the test runner.
• New test orchestration step: quay-test-playwright
  • Adds a runner script and ref that:
    • Runs Playwright tests in three sequential phases: Database-only, OIDC (Keycloak), and LDAP (389ds).
    • Swaps Quay config between phases by extracting the config secret, merging overlays (uses a pinned yq), updating the secret, restarting quay-app, and waiting for health before each phase.
    • Port-forwards Mailpit, captures per-phase logs and artifacts, merges Playwright reporters into combined HTML/JUnit outputs, and returns a consolidated exit status.
  • Declares resource requests, a multi-hour timeout and a credential mount for Quay test secrets.
• Cleanup / reorganization:
  • The previous quay-tests/test-quay-playwright command/ref files are removed from the repository (their script path is missing) and equivalent functionality now lives under quay/deploy-test-services and quay/test-playwright.
  • Step registry metadata files were updated to reference the new quay paths and add OWNERS/metadata for the new quay/test-playwright entries.

Net effect:

• Consolidates Quay Playwright e2e into a single CI flow that first deploys Keycloak, LDAP, and Mailpit into-cluster, then runs Playwright across three auth phases with config swaps between phases, collects artifacts per phase, and increases timeouts/resources to support the expanded testing matrix.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Splits Playwright e2e into a deploy step provisioning Keycloak/LDAP/Mailpit and a phased Playwright runner; updates Quay CI to enable mailing, replace test refs, rename the job, and increase timeout.

Changes

Quay Playwright E2E Pipeline Restructure

Layer / File(s)	Summary
Test Services Deployment Step ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-commands.sh, quay-deploy-test-services-ref.yaml, quay-deploy-test-services-ref.metadata.json	New quay-deploy-test-services CI step provisions Keycloak (OIDC provider), 389 DS (LDAP with seeded users and Quay group membership schema), and Mailpit into quay-enterprise namespace. Validates service readiness, polls LDAP initialization, and writes Keycloak HTTPS route to ${SHARED_DIR}/keycloak_route for downstream consumption.
Phased Playwright Test Runner ci-operator/step-registry/quay/test-playwright/quay-test-playwright-commands.sh, quay-test-playwright-ref.yaml, quay-test-playwright-ref.metadata.json, OWNERS	New quay-test-playwright step executes Playwright tests in three phases: database-only authentication, OIDC via Keycloak, and LDAP via 389ds. Includes swap_quay_config() helper to dynamically merge auth overlays into Quay's config-bundle-secret, port-forwards Mailpit, aggregates test reports via blob merging, and gates final exit on cumulative phase failures.
CI Configuration Integration ci-operator/config/quay/quay/quay-quay-master.yaml	Renames e2e job alias from playwright-e2e to e2e. Extends QUAY_EXTRA_CONFIG with mailing feature (FEATURE_MAILING enabled, mail server/port configured, TLS/auth disabled). Replaces deprecated quay-tests-test-quay-playwright ref with new quay-deploy-test-services and quay-test-playwright refs in rehearse workflow. Increases workflow timeout from 4h0m0s to 5h0m0s to accommodate infrastructure provisioning and phased test execution.

Sequence Diagram

sequenceDiagram
  participant Deploy as quay-deploy-test-services
  participant Runner as quay-test-playwright
  participant Quay as Quay App
  participant Keycloak
  participant LDAP as 389DS
  participant Mailpit

  Deploy->>Keycloak: deploy dev-mode realm + Route
  Deploy->>LDAP: deploy with init ConfigMap + postStart hook
  Deploy->>Mailpit: deploy SMTP + HTTP services
  Deploy->>LDAP: poll base DN until initialized
  Deploy->>Keycloak: poll Route until host admitted
  Deploy->>Runner: keycloak_route written to SHARED_DIR
  
  Runner->>Quay: Phase 1: run database auth tests
  Runner->>Quay: extract config.yaml + merge OIDC overlay
  Quay->>Keycloak: restart app + handle OIDC requests
  Runner->>Quay: Phase 2: run OIDC auth tests
  
  Runner->>Quay: extract config.yaml + merge LDAP overlay
  Quay->>LDAP: restart app + bind/search during auth
  Runner->>Quay: Phase 3: run LDAP auth tests
  Runner->>Mailpit: port-forward active during all phases

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

lgtm, rehearsals-ack

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
No-Sensitive-Data-In-Logs	❌ Error	Scripts log passwords/credentials: LDAP_ADMIN_PASSWD=admin, user passwords, ldapsearch -w argument, and PII via 'set -x' tracing.	Use 'set +x' around password operations; remove hardcoded passwords from YAML; mask sensitive command args in logs.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (13 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding an e2e Playwright job with OIDC, LDAP, and Mailpit support, which aligns with the primary objectives of the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR contains CI/CD configuration files only (YAML, shell scripts, JSON), not Ginkgo test code. No test names to evaluate against stability check.
Test Structure And Quality	✅ Passed	PR contains no Ginkgo test code—only CI/CD infrastructure (Bash scripts, YAML configs). Check for Ginkgo test quality is not applicable.
Microshift Test Compatibility	✅ Passed	PR adds Playwright e2e tests (JavaScript/TypeScript framework), not Ginkgo e2e tests (Go). The custom check applies only to Ginkgo e2e tests, so it is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds Playwright e2e tests (JavaScript via npx), not Ginkgo tests. No Go-based tests with It(), Describe(), Context() patterns were added, so this check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds test infrastructure deployments (Keycloak, LDAP, Mailpit) with replicas: 1 and no topology-constraining affinity rules, node selectors, or PDBs that would fail on alternative topologies.
Ote Binary Stdout Contract	✅ Passed	This PR contains no Go code. All changes are YAML CI config, Bash scripts, JSON metadata, and a symlink. The OTE Binary Stdout Contract check applies only to Go binaries, not these file types.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR contains no Ginkgo e2e tests (.go files). Only Bash scripts, YAML configs, and JSON metadata files are added. Check is not applicable to Playwright-based JavaScript tests.
No-Weak-Crypto	✅ Passed	No weak crypto patterns detected. PR uses SHA256 (secure) for yq binary verification, base64 (encoding, not encryption) for K8s secrets, and hardcoded test-only credentials appropriately.
Container-Privileges	✅ Passed	No prohibited privilege settings (privileged, hostPID/Network/IPC, SYS_ADMIN, allowPrivilegeEscalation) found. Anyuid SCC grant has explicit justification for 389ds LDAP initialization.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jbpratt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/quay/quay/OWNERS [jbpratt]
• ci-operator/jobs/quay/quay/OWNERS [jbpratt]
• ci-operator/step-registry/quay/OWNERS [jbpratt]
• ci-operator/step-registry/quay-tests/OWNERS [jbpratt]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jbpratt]

/pj-rehearse

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-commands.sh`:
- Around line 544-550: The current single read of `.status.ingress[0].host` into
KEYCLOAK_ROUTE is race-prone; replace it with a polling loop that repeatedly
runs the oc -n "${NAMESPACE}" get route keycloak -o
jsonpath='{.status.ingress[0].host}' until a non-empty host is returned or a
timeout/maximum attempts is reached, logging each attempt and sleeping between
retries; once KEYCLOAK_ROUTE is non-empty write "https://${KEYCLOAK_ROUTE}" to
"${SHARED_DIR}/keycloak_route" and echo it, and if the timeout is reached still
empty exit 1 with an error message.
- Around line 340-385: The ldapmodify and ldapadd calls in init-389ds.sh
currently swallow failures with "|| true", causing the init to succeed even if
schema or LDIF application fails; update the ldapmodify (using LDAPI_URI) and
ldapadd commands to remove the "|| true" suppression, capture their exit status,
and if non-zero log a descriptive error (including command output) and exit
non-zero so the container fails fast when schema (quayMemberOf/quayUser) or
base.ldif import fails; ensure any grep -v "^SASL" filtering preserves exit
detection (e.g., check the pipeline exit status) and apply the same fail-fast
handling for both ldapmodify and ldapadd invocations.
- Line 414: Replace nondeterministic :latest image tags with pinned, immutable
references: update occurrences of docker.io/389ds/dirsrv:latest and
docker.io/axllent/mailpit:latest in quay-deploy-test-services-commands.sh to
either a specific version tag or a content-addressable digest (e.g.,
`@sha256`:...) so CI uses a fixed image; also audit
quay-deploy-test-services-ref.yaml for keys like cli: latest and from_image.tag:
latest and pin those entries similarly. Ensure you fetch the correct stable tag
or digest from the upstream registry, replace the :latest strings in the deploy
script and the YAML, and run the deploy/test pipeline to confirm the pinned
images work as expected.

In
`@ci-operator/step-registry/quay/test-playwright/quay-test-playwright-commands.sh`:
- Around line 10-18: The script reads QUAY_ROUTE and already validates it; do
the same for KEYCLOAK_ROUTE: after assigning KEYCLOAK_ROUTE via cat
"${SHARED_DIR}/keycloak_route", add an explicit non-empty check (similar to the
QUAY_ROUTE block) that writes an error to stderr and exits non‑zero if
KEYCLOAK_ROUTE is missing or empty, and only echo "Keycloak route:
${KEYCLOAK_ROUTE}" after the validation; update the validation logic for
KEYCLOAK_ROUTE to mirror the QUAY_ROUTE pattern so OIDC config never runs with
an invalid value.
- Around line 35-36: The curl invocation that fetches and executes yq from the
"latest" GitHub URL should be changed to download a pinned YQ_VERSION and
perform integrity verification before making it executable: introduce a
YQ_VERSION variable (or pinned release tag), fetch the corresponding yq binary
and its known SHA256 (or the .sha256 file from the same release), verify the
checksum with sha256sum (or openssl) and abort if it doesn't match, then chmod
+x /tmp/yq only after verification; also replace the global set -x tracing and
any echo of "Quay route" / "Keycloak route" with either removal or wrap them
with set +x / set -x so sensitive URLs are not printed, and use curl flags like
-fSLo to fail loudly without leaking URL info.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: aa6eb3be-f0e4-4acf-932b-31e08e202797

📥 Commits

Reviewing files that changed from the base of the PR and between c6a5bdb and b9604e0.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/quay/quay/quay-quay-master-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (11)

• ci-operator/config/quay/quay/quay-quay-master.yaml
• ci-operator/step-registry/quay-tests/test-quay-playwright/quay-tests-test-quay-playwright-commands.sh
• ci-operator/step-registry/quay-tests/test-quay-playwright/quay-tests-test-quay-playwright-ref.yaml
• ci-operator/step-registry/quay/deploy-test-services/OWNERS
• ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-commands.sh
• ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-ref.metadata.json
• ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-ref.yaml
• ci-operator/step-registry/quay/test-playwright/OWNERS
• ci-operator/step-registry/quay/test-playwright/quay-test-playwright-commands.sh
• ci-operator/step-registry/quay/test-playwright/quay-test-playwright-ref.metadata.json
• ci-operator/step-registry/quay/test-playwright/quay-test-playwright-ref.yaml

💤 Files with no reviewable changes (2)

• ci-operator/step-registry/quay-tests/test-quay-playwright/quay-tests-test-quay-playwright-ref.yaml
• ci-operator/step-registry/quay-tests/test-quay-playwright/quay-tests-test-quay-playwright-commands.sh

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

@CodeRabbit resolve

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# List all review threads on the PR to find CodeRabbit's comments
gh api graphql -f query='
{
  repository(owner: "openshift", name: "release") {
    pullRequest(number: 80187) {
      reviewThreads(first: 50) {
        nodes {
          id
          isResolved
          comments(first: 5) {
            nodes {
              author { login }
              body
              databaseId
            }
          }
        }
      }
    }
  }
}'

Length of output: 18528

---

🏁 Script executed:

#!/bin/bash
# Resolve the two unresolved CodeRabbit review threads
gh api graphql -f query='
mutation {
  resolveReviewThread(input: {threadId: "PRRT_kwDOBHvUUM6HsqmV"}) {
    thread { id isResolved }
  }
}'

gh api graphql -f query='
mutation {
  resolveReviewThread(input: {threadId: "PRRT_kwDOBHvUUM6HsqmW"}) {
    thread { id isResolved }
  }
}'

Length of output: 1124

---

---

@jbpratt Sure! Resolving all my review comments now.

[resolve]

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-commands.sh (1)

3-4: ⚡ Quick win

Disable global xtrace by default in this step script.

set -x at Line 4 makes every command traced. Keep tracing opt-in (debug-only) to match repo policy and reduce accidental log exposure.

Suggested patch

 set -euo pipefail
-set -x
+[[ "${CI_DEBUG_TRACE:-false}" == "true" ]] && set -x

As per coding guidelines, step-registry scripts should default to set -euo pipefail without -x, enabling tracing only when necessary.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-commands.sh`
around lines 3 - 4, Remove the unconditional tracing flag by deleting the `set
-x` line so the script defaults to `set -euo pipefail`; make tracing opt-in by
enabling xtrace only when a debug env var is set (e.g., check `CI_DEBUG` or
`DEBUG` and then enable `set -x`), ensuring you reference the existing `set -euo
pipefail` and `set -x` symbols when editing the script.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-commands.sh`:
- Around line 118-147: The inline Deployment pod specs for the keycloak, ldap,
and mailpit containers must be hardened: add pod-level
automountServiceAccountToken: false, enforce a podSecurityContext with
runAsNonRoot: true and a non-zero runAsUser (or add container-level
securityContext with runAsNonRoot: true and runAsUser > 0), and for each
container (keycloak, ldap, mailpit) add a container securityContext that sets
allowPrivilegeEscalation: false, readOnlyRootFilesystem: true, and drops all
non-essential capabilities (drop: ["ALL"]); also add resource requests and
limits (cpu/memory) for each container to avoid unbounded resources; ensure
capabilities and securityContext are applied to the same container specs
referenced by the names keycloak, ldap, and mailpit in the Deployment manifests
mentioned.

---

Nitpick comments:
In
`@ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-commands.sh`:
- Around line 3-4: Remove the unconditional tracing flag by deleting the `set
-x` line so the script defaults to `set -euo pipefail`; make tracing opt-in by
enabling xtrace only when a debug env var is set (e.g., check `CI_DEBUG` or
`DEBUG` and then enable `set -x`), ensuring you reference the existing `set -euo
pipefail` and `set -x` symbols when editing the script.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 652a19b7-a8c9-43e4-89f7-f7f4f8b44184

📥 Commits

Reviewing files that changed from the base of the PR and between d60e72e and 0a61d05.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/quay/quay/quay-quay-master-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (11)

• ci-operator/config/quay/quay/quay-quay-master.yaml
• ci-operator/step-registry/quay-tests/test-quay-playwright/quay-tests-test-quay-playwright-commands.sh
• ci-operator/step-registry/quay-tests/test-quay-playwright/quay-tests-test-quay-playwright-ref.yaml
• ci-operator/step-registry/quay/deploy-test-services/OWNERS
• ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-commands.sh
• ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-ref.metadata.json
• ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-ref.yaml
• ci-operator/step-registry/quay/test-playwright/OWNERS
• ci-operator/step-registry/quay/test-playwright/quay-test-playwright-commands.sh
• ci-operator/step-registry/quay/test-playwright/quay-test-playwright-ref.metadata.json
• ci-operator/step-registry/quay/test-playwright/quay-test-playwright-ref.yaml

💤 Files with no reviewable changes (2)

• ci-operator/step-registry/quay-tests/test-quay-playwright/quay-tests-test-quay-playwright-ref.yaml
• ci-operator/step-registry/quay-tests/test-quay-playwright/quay-tests-test-quay-playwright-commands.sh

✅ Files skipped from review due to trivial changes (2)

• ci-operator/step-registry/quay/test-playwright/quay-test-playwright-ref.metadata.json
• ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-ref.metadata.json

🚧 Files skipped from review as they are similar to previous changes (2)

• ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-ref.yaml
• ci-operator/step-registry/quay/test-playwright/quay-test-playwright-commands.sh

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Harden the inline Deployments to the repo’s Kubernetes security baseline.

The generated keycloak, ldap, and mailpit pod specs currently rely on permissive defaults (no explicit non-root/read-only/priv-esc controls, no dropped capabilities, no explicit automountServiceAccountToken: false, and no container limits). Please add explicit hardening and limits in each container spec before merge.

As per coding guidelines, Kubernetes/OpenShift manifests should enforce non-root hardening (runAsNonRoot, readOnlyRootFilesystem, allowPrivilegeEscalation: false, drop capabilities), disable service-account token automount unless needed, and define resource limits.

Also applies to: 404-430, 468-488

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/quay/deploy-test-services/quay-deploy-test-services-commands.sh`
around lines 118 - 147, The inline Deployment pod specs for the keycloak, ldap,
and mailpit containers must be hardened: add pod-level
automountServiceAccountToken: false, enforce a podSecurityContext with
runAsNonRoot: true and a non-zero runAsUser (or add container-level
securityContext with runAsNonRoot: true and runAsUser > 0), and for each
container (keycloak, ldap, mailpit) add a container securityContext that sets
allowPrivilegeEscalation: false, readOnlyRootFilesystem: true, and drops all
non-essential capabilities (drop: ["ALL"]); also add resource requests and
limits (cpu/memory) for each container to avoid unbounded resources; ensure
capabilities and securityContext are applied to the same container specs
referenced by the names keycloak, ldap, and mailpit in the Deployment manifests
mentioned.

Source: Coding guidelines

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@jbpratt: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-quay-quay-master-e2e	quay/quay	presubmit	Presubmit changed
pull-ci-quay-quay-master-images	quay/quay	presubmit	Ci-operator config changed
periodic-ci-quay-quay-master-claim-claim-cluster	N/A	periodic	Ci-operator config changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[jbpratt]

/pj-rehearse pull-ci-quay-quay-master-e2e

[openshift-merge-bot]

@jbpratt: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@jbpratt: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/quay/quay/master/e2e	b2b47e8	link	unknown	/pj-rehearse pull-ci-quay-quay-master-e2e

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.