Skip to content

Add z-stream testing#81376

Open
kasturinarra wants to merge 4 commits into
openshift:mainfrom
kasturinarra:main
Open

Add z-stream testing#81376
kasturinarra wants to merge 4 commits into
openshift:mainfrom
kasturinarra:main

Conversation

@kasturinarra

@kasturinarra kasturinarra commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

This PR extends OpenShift CI to add automated “z-stream” nightly e2e testing for the openshift/lvm-operator.

  • New CI variant/config: Adds ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml, introducing an ocp nightly stream candidate targeting version 4.21, with a scheduled tests trigger (cron: 0 6 * * *) that runs the lvms-zstream-trigger step. It also sets default resource requests for all targets (*) to 100m CPU / 200Mi memory.
  • New step-registry trigger: Adds ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger plus ref/metadata and ownership/routing files. The trigger runs lvms-zstream-trigger-commands.sh in the ocp/cli-jq:latest image with Gangway credentials mounted from test-credentials and executes nightly jobs via the Gangway API.

Trigger behavior (practical impact):

  • For a fixed set of operator releases (e.g., 4.14, 4.16, 4.18–4.21), it looks for the latest open z-stream PR in openshift/lvm-operator.
  • It extracts the snapshot: catalog token from the PR diff, resolves it to the best matching quay.io catalog manifest tag near the snapshot timestamp, and derives the corresponding image digest.
  • Before triggering, it fetches the previous successful run’s zstream-summary.json artifact (via the most recent successful trigger build id). If the resolved digest is unchanged (and FORCE is not set), it skips triggering for that release and records per-release skipped state.
  • Otherwise, it triggers the configured nightly LVMS e2e jobs, overriding MULTISTAGE_PARAM_OVERRIDE_LVM_INDEX_IMAGE with the resolved digest (with optional DRY_RUN support), writes per-release outputs, and merges them into a new zstream-summary.json for the run.

Script hardening/fixes included:

  • Resolves issues from prior review findings in the z-stream trigger logic (notably around prowjobs.js parsing, adding a missing get_last_pr() helper, preventing a tracing state leak in trigger_job() via save/restore, and correcting empty triggered_jobs output from [""] to []).

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 9991d625-b486-4623-8eef-a26e51e22368

📥 Commits

Reviewing files that changed from the base of the PR and between 87cf42e and 2b2e8b2.

📒 Files selected for processing (1)
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
🚧 Files skipped from review as they are similar to previous changes (1)
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh

Walkthrough

This PR adds a new LVMS z-stream CI path, including CI config, step-registry wiring, ownership metadata, and a trigger script that resolves snapshots, starts nightly jobs through Gangway, and writes per-release summary state.

Changes

LVMS z-stream trigger

Layer / File(s) Summary
Config and registry wiring
ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml, ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.yaml, ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.metadata.json, ci-operator/step-registry/lvms/zstream/OWNERS, ci-operator/step-registry/lvms/zstream/trigger/OWNERS
Adds the zstream CI config, trigger step definition, metadata link, and OWNERS routing for the new LVMS trigger area.
Script bootstrap and state loading
ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
Defines runtime constants, helpers, token setup, workdir preparation, and previous-summary loading.
PR lookup and digest resolution
ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
Finds matching PRs, checks merge state, extracts snapshot tokens, and resolves snapshots to Quay digests.
Trigger execution and summary output
ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
Triggers Gangway jobs or skips unchanged digests, fetches recent nightly run states, processes each release, and writes the final summary.

Estimated code review effort: 4 (Complex) | ~60 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: adding z-stream testing for LVMS/OpenShift LVM operator.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only adds CI config, OWNERS, and a shell entrypoint; no Ginkgo test files or It/Describe/Context/When titles were added.
Test Structure And Quality ✅ Passed PR changes are CI config, OWNERS, and shell scripts only; no Ginkgo/Go test code or test patterns were modified.
Microshift Test Compatibility ✅ Passed PASS: The PR adds CI/step-registry config only; no new Ginkgo tests, MicroShift skips, or unsupported OpenShift API/resource usage were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; the PR only adds CI config and trigger plumbing, so the SNO compatibility check is not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed CI-only additions; no deployment/controller manifests or pod scheduling fields (nodeSelector, affinity, spread, PDBs) were added.
Ote Binary Stdout Contract ✅ Passed Main script logs to stderr; top-level summary is redirected to stderr, and bare echo outputs are function return values, not process-level stdout writes.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; only CI config and a shell trigger script, so the IPv6/disconnected test check is not applicable.
No-Weak-Crypto ✅ Passed No weak ciphers/hashes or custom crypto were added; token use is auth-only and string compares are for digests/status, not secrets.
Container-Privileges ✅ Passed Added CI/step-registry manifests contain no privileged, hostPID/Network/IPC, SYS_ADMIN, or allowPrivilegeEscalation settings.
No-Sensitive-Data-In-Logs ✅ Passed Logs only release/job/status info; the Gangway token is read from file and xtrace is disabled around the authenticated POST, so no secrets/PII are echoed.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from eggfoobar and jaypoulz July 2, 2026 09:10
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kasturinarra
Once this PR has been reviewed and has the lgtm label, please assign jaypoulz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh (1)

14-16: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Consider making RELEASES/DRY_RUN/FORCE overridable via environment.

These are hardcoded, so enabling a dry run or forcing a re-trigger (e.g. to debug a production incident) requires a code change/PR rather than a job parameter.

♻️ Proposed refactor
-RELEASES="4.14,4.16,4.18,4.19,4.20,4.21"
-DRY_RUN=false
-FORCE=false
+RELEASES="${RELEASES:-4.14,4.16,4.18,4.19,4.20,4.21}"
+DRY_RUN="${DRY_RUN:-false}"
+FORCE="${FORCE:-false}"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh`
around lines 14 - 16, The lvms-zstream-trigger-commands.sh defaults for
RELEASES, DRY_RUN, and FORCE are hardcoded, so make them overridable from the
environment instead of fixed constants. Update the variable initialization near
the top of the script to respect externally supplied values while preserving the
current defaults when unset, and keep the existing behavior in the trigger
command path that consumes these settings.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh`:
- Around line 290-320: The process_release flow calls get_last_pr, but that
helper is missing and will cause the script to fail under set -euo pipefail
whenever no open PR is found. Add a get_last_pr implementation alongside the
existing get_last_digest logic, or refactor process_release to use the correct
helper, and make sure the returned value is safely handled before the merged
check in process_release.
- Around line 219-250: The trigger_job helper is leaking shell tracing state and
is sending the job identifier in the URL instead of the request body. In
trigger_job, preserve the prior xtrace setting around the curl call so set -x is
restored only if it was already enabled, and update the Gangway request to POST
to the executions endpoint with job_name included in the JSON payload alongside
the existing pod_spec_options. Use the existing trigger_job, http_code, and body
logic as the place to make both fixes.
- Around line 71-105: The prowjobs.js response still includes a JavaScript
variable assignment, so the jq pipeline in load_previous_summary cannot parse it
and prev_build_id never gets set. Update the curl/jq handling in
load_previous_summary to strip the leading var allBuilds = prefix before jq
processes the payload, so the previous successful build ID can be extracted
correctly and the unchanged-release path in get_last_digest can be reached.

---

Nitpick comments:
In
`@ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh`:
- Around line 14-16: The lvms-zstream-trigger-commands.sh defaults for RELEASES,
DRY_RUN, and FORCE are hardcoded, so make them overridable from the environment
instead of fixed constants. Update the variable initialization near the top of
the script to respect externally supplied values while preserving the current
defaults when unset, and keep the existing behavior in the trigger command path
that consumes these settings.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 03d11887-f605-4cc0-bb30-e98cf7d6f2bd

📥 Commits

Reviewing files that changed from the base of the PR and between 2f3b835 and e8437ab.

⛔ Files ignored due to path filters (1)
  • ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-main-periodics.yaml is excluded by !ci-operator/jobs/**
📒 Files selected for processing (6)
  • ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml
  • ci-operator/step-registry/lvms/zstream/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.metadata.json
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.yaml

@kasturinarra

Copy link
Copy Markdown
Contributor Author

/test core-valid


local tags_json
tags_json=$(curl -sSL --connect-timeout 10 --max-time 30 \
"${QUAY_API}/repository/${QUAY_REPO}/tag/?limit=50&filter_tag_name=like:${version_prefix}-on-push")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to use a different tag, the -on-push images are from PRs and not merge commits, meaning they have an expiry annotation that renders them stale. This would need to match to v{version}-{commit} instead.
We dont know the commit because the snapshot doesnt surface that info in the name (and doing the 1:1 exact mapping requires access to the konflux tenant) so the version filtering should do.
We would need to list tags, then exclude all auxiliary tags and we are left with raw commit tags and then the delta time logic would select the right one.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh`:
- Around line 291-297: The fetch_last_runs path in
lvms-zstream-trigger-commands.sh is selecting the first matching Prow job from
prow_json without ordering, so it can return a stale run. Update the jq logic in
the fetch_last_runs entry construction to sort the filtered .items by a time
field before choosing the result, matching the approach used by
load_previous_summary and ensuring the latest job is used. Keep the existing
name/state/url/started fields, but make the selection deterministic by ordering
on the job completion or start timestamp before taking the final item.
- Around line 415-419: The zstream summary JSON generation in
lvms-zstream-trigger-commands.sh is serializing an empty triggered_jobs array as
[""] because the jq pipeline always consumes a blank line from printf. Update
the jobs construction near the jq object in the zstream summary block to
explicitly handle the empty-array case, so jobs becomes [] when triggered_jobs
has no entries and otherwise contains the collected job names.
- Around line 46-52: The github_curl helper in lvms-zstream-trigger-commands.sh
is making unauthenticated GitHub API requests unless GITHUB_TOKEN is present,
which can trigger rate limits and false “no PR” behavior. Update the
lvms-zstream-trigger step so it injects a GitHub token into the environment
before github_curl runs, and verify the existing github_curl function uses that
token for Authorization when available.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 260bc542-6a94-4bc7-8256-c9209e5514a3

📥 Commits

Reviewing files that changed from the base of the PR and between e8437ab and d0f342a.

⛔ Files ignored due to path filters (1)
  • ci-operator/jobs/openshift/lvm-operator/openshift-lvm-operator-main-periodics.yaml is excluded by !ci-operator/jobs/**
📒 Files selected for processing (6)
  • ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml
  • ci-operator/step-registry/lvms/zstream/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-commands.sh
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.metadata.json
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.yaml
✅ Files skipped from review due to trivial changes (3)
  • ci-operator/step-registry/lvms/zstream/OWNERS
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.metadata.json
  • ci-operator/step-registry/lvms/zstream/trigger/OWNERS
🚧 Files skipped from review as they are similar to previous changes (2)
  • ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-main__zstream.yaml
  • ci-operator/step-registry/lvms/zstream/trigger/lvms-zstream-trigger-ref.yaml

kasturinarra and others added 2 commits July 2, 2026 23:00
- Switch from -on-push tags (which expire) to v{version}-{commit} merge tags
- Fix prowjobs.js parsing by stripping var/semicolon wrapper before jq
- Add missing get_last_pr() function
- Fix tracing state leak in trigger_job() with save/restore pattern
- Fix empty triggered_jobs producing [""] instead of []

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kasturinarra

Copy link
Copy Markdown
Contributor Author

/pj-rehearse periodic-ci-openshift-lvm-operator-main-zstream-trigger

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@kasturinarra: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

[REHEARSALNOTIFIER]
@kasturinarra: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name Repo Type Reason
periodic-ci-openshift-lvm-operator-main-zstream-trigger N/A periodic Periodic changed
Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

@kasturinarra

Copy link
Copy Markdown
Contributor Author

/pj-rehearse periodic-ci-openshift-lvm-operator-main-zstream-trigger

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@kasturinarra: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@kasturinarra: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants