[WIP] CMP-4229: Add rhcos10 test for Compliance Operator, File Integrity Operator and SPO#79345
[WIP] CMP-4229: Add rhcos10 test for Compliance Operator, File Integrity Operator and SPO#79345Anna-Koudelkova wants to merge 1 commit into
Conversation
… Security Profiles Operator
openshift-ci
Bot
added
the
do-not-merge/work-in-progress
WalkthroughThis PR adds four new FIPS-enabled test cases to the OpenShift release 4.22 multi-nightly CI configuration. The tests target GCP IPI environments with etcd encryption and RHEL 10, running in TechPreviewNoUpgrade mode, with variations for compliance, file-integrity, and security-profiles scenarios. ChangesFIPS etcd-encryption test configuration
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 12✅ Passed checks (12 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Anna-Koudelkova The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Anna-Koudelkova
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@Anna-Koudelkova: This pull request references CMP-4229 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[REHEARSALNOTIFIER]
Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals. Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__multi-nightly.yaml`:
- Around line 3041-3116: The tests block is out of alphabetical order: the four
entries whose as keys start with "gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-"
(e.g., gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-compliance, -compliance-dest,
-file-integrity, -security-profiles) must be moved so they appear after the
existing "gcp-ipi-proxy-..." jobs; relocate those four whole job entries and
ensure the surrounding tests list remains alphabetically ordered by the as key
and that each job’s fields (cron, steps, env, test, workflow) are preserved
exactly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 6040590a-fc67-4926-95cd-ef2cc45925a9
⛔ Files ignored due to path filters (1)
ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22-periodics.yamlis excluded by!ci-operator/jobs/**
📒 Files selected for processing (1)
ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__multi-nightly.yaml
| - as: gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-compliance | ||
| cron: 39 3 4 * * | ||
| steps: | ||
| cluster_profile: gcp-qe | ||
| env: | ||
| CATALOG_SOURCE_NAME: compliance-operator | ||
| COMPUTE_NODE_REPLICAS: "2" | ||
| FEATURE_SET: TechPreviewNoUpgrade | ||
| FILTERS_ADDITIONAL: "" | ||
| FIPS_ENABLED: "true" | ||
| OS_IMAGE_STREAM: rhel-10 | ||
| TEST_FILTERS: ~HyperShiftMGMT&;~DEPRECATED&;~Disruptive& | ||
| TEST_PARALLEL: "3" | ||
| TEST_SCENARIOS: Compliance_Operator | ||
| TEST_TIMEOUT: "30" | ||
| test: | ||
| - ref: file-integrity-konflux-catalogsource | ||
| - ref: openshift-extended-test | ||
| - ref: openshift-e2e-test-qe-report | ||
| workflow: cucushift-installer-rehearse-gcp-ipi-proxy-etcd-encryption | ||
| - as: gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-compliance-dest | ||
| cron: 52 1 26 * * | ||
| steps: | ||
| cluster_profile: gcp-qe | ||
| env: | ||
| CATALOG_SOURCE_NAME: compliance-operator | ||
| COMPUTE_NODE_REPLICAS: "2" | ||
| FEATURE_SET: TechPreviewNoUpgrade | ||
| FILTERS_ADDITIONAL: "" | ||
| FIPS_ENABLED: "true" | ||
| OS_IMAGE_STREAM: rhel-10 | ||
| TEST_FILTERS: ~HyperShiftMGMT&;~StressTest&;~DEPRECATED&;Disruptive& | ||
| TEST_PARALLEL: "3" | ||
| TEST_SCENARIOS: Compliance_Operator | ||
| TEST_TIMEOUT: "55" | ||
| test: | ||
| - ref: file-integrity-konflux-catalogsource | ||
| - ref: openshift-extended-test | ||
| - ref: openshift-e2e-test-qe-report | ||
| workflow: cucushift-installer-rehearse-gcp-ipi-proxy-etcd-encryption | ||
| - as: gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-file-integrity | ||
| cron: 31 13 30 * * | ||
| steps: | ||
| cluster_profile: gcp-qe | ||
| env: | ||
| FEATURE_SET: TechPreviewNoUpgrade | ||
| FILTERS_ADDITIONAL: "" | ||
| FIPS_ENABLED: "true" | ||
| OS_IMAGE_STREAM: rhel-10 | ||
| TEST_FILTERS: ~HyperShiftMGMT&;~DEPRECATED& | ||
| TEST_PARALLEL: "3" | ||
| TEST_SCENARIOS: File_Integrity_Operator | ||
| TEST_TIMEOUT: "30" | ||
| test: | ||
| - ref: file-integrity-konflux-catalogsource | ||
| - ref: openshift-extended-test | ||
| - ref: openshift-e2e-test-qe-report | ||
| workflow: cucushift-installer-rehearse-gcp-ipi-proxy-etcd-encryption | ||
| - as: gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-security-profiles | ||
| cron: 12 0 4 * * | ||
| steps: | ||
| cluster_profile: gcp-qe | ||
| env: | ||
| CATALOG_SOURCE_NAME: security-profiles-operator | ||
| FEATURE_SET: TechPreviewNoUpgrade | ||
| FILTERS_ADDITIONAL: "" | ||
| FIPS_ENABLED: "true" | ||
| OS_IMAGE_STREAM: rhel-10 | ||
| TEST_FILTERS: ~HyperShiftMGMT&;~DEPRECATED& | ||
| TEST_PARALLEL: "3" | ||
| TEST_SCENARIOS: Security_Profiles_Operator|Node_Audit_Logging | ||
| test: | ||
| - ref: file-integrity-konflux-catalogsource | ||
| - ref: openshift-extended-test | ||
| - ref: openshift-e2e-test-qe-report | ||
| workflow: cucushift-installer-rehearse-gcp-ipi-proxy-etcd-encryption |
There was a problem hiding this comment.
Keep tests entries alphabetically sorted by as key.
The new gcp-ipi-px-etcd-enc-* jobs are inserted in the middle of the gcp-ipi-proxy-etcd-encryption-* block (between Line 3041 and Line 3117), which breaks required alphabetical ordering. Please move the four gcp-ipi-px-* entries to their correct sorted position (after all gcp-ipi-proxy-* entries).
As per coding guidelines, "Ensure all jobs are ordered alphabetically".
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__multi-nightly.yaml`
around lines 3041 - 3116, The tests block is out of alphabetical order: the four
entries whose as keys start with "gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-"
(e.g., gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-compliance, -compliance-dest,
-file-integrity, -security-profiles) must be moved so they appear after the
existing "gcp-ipi-proxy-..." jobs; relocate those four whole job entries and
ensure the surrounding tests list remains alphabetically ordered by the as key
and that each job’s fields (cron, steps, env, test, workflow) are preserved
exactly.
|
/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.22-multi-nightly-gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-compliance |
|
@Anna-Koudelkova: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.22-multi-nightly-gcp-ipi-px-etcd-enc-rhcos10-tp-fips-amd-f28-file-integrity |
|
@Anna-Koudelkova: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
@Anna-Koudelkova: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
2 participants
Add rhcos10 test for Compliance Operator, File Integrity Operator and Security Profiles Operator
Summary
This PR adds RHCOS 10 (Red Hat CoreOS 10) test coverage for the OpenShift 4.22 release's multi-nightly CI pipeline. Specifically, it introduces four new FIPS-enabled test jobs running on GCP infrastructure for the Compliance Operator, File Integrity Operator, and Security Profiles Operator.
Changes
The modification adds test configuration entries to the openshift-tests-private release 4.22 multi-nightly CI jobs. The new test jobs are configured with:
The tests leverage the file-integrity-konflux-catalogsource and configure appropriate test parallelization for each operator's test suite.
Impact
This extends the CI infrastructure's test coverage to validate operator functionality on RHCOS 10, ensuring the Compliance Operator, File Integrity Operator, and Security Profiles Operator work correctly on the newer RHEL 10-based CoreOS platform.