prowgen: remove .config.prowgen support#21
Open
Prucek wants to merge 107 commits into
Open
Conversation
Signed-off-by: Nikolaos Moraitis <nmoraiti@redhat.com>
remove the vendor folder
Add skip_operator_presubmits to the prowgen section of ci-operator config, so it can be set directly instead of requiring a .config.prowgen file. This is simpler than the .config.prowgen approach which requires branch+variant matching, since each ci-operator config already represents a specific branch and variant. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
….from in quay ImageStreams
…y-type-defaults slack-bot add optional Activity Type to Slack modals and Jira filing
The kubeconfig and kubeAdminPassword were previously written directly to the EphemeralCluster status, exposing sensitive credentials in a resource that may be logged or cached. Instead, create a credentials Secret in the same namespace as the EphemeralCluster and reference it via a new status.secretRef field. The Secret is owned by the EphemeralCluster for automatic cleanup. Assisted-by: Claude claude-opus-4-6 Signed-off-by: amisstea <amisstea@redhat.com>
…er_skill added Claude skill to maange vault group membership
Add support-request handling for long forum threads by creating DPTP Jira tickets, posting thread guidance, and closing linked tickets from :closed: reactions with replica-safe locking and transition-aware Jira updates. Co-authored with Cursor. Signed-off-by: Jakub Guzik <jguzik@redhat.com>
…rom-status DPTP-3787: Resolve QCI digest post-mirror via oc image info to pin spec.from in quay ImageStreams
Signed-off-by: Jakub Guzik <jguzik@redhat.com>
…shooting-skill add cluster pool troubleshooting skill for hosted-mgmt
prowgen: allow ci-operator config to skip operator presubmits
feat(slack-bot): automate support-request Jira workflow
Add enable_secrets_store_csi_driver to the prowgen section of ci-operator config, so it can be set directly instead of requiring a .config.prowgen file. This is the second step toward deprecating .config.prowgen. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
prowgen: allow ci-operator config to enable CSI secrets store
Store ephemeral cluster credentials in a Secret instead of the status
When build_if_affected is enabled, users can now add /image directives in commit messages to force-build specific images regardless of code change detection. The directive must start at the beginning of a line. Supported syntax: - /image <name1> <name2> ... - force specific images - /image all - force all configured images Image names are validated against images.items[].to in ci-operator config. Unknown names are warned and ignored. Forced images are unioned with auto-detected affected images. Signed-off-by: Jakub Guzik <jguzik@redhat.com>
* build(deps): bump sigs.k8s.io/prow to 5aca44b7f08f Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: update test fixtures for prow plugin config changes Remove commandHelpLink from approve plugin serialization and add release_note default to match new prow version behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add release_note default to cluster-init integration fixture Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Added an option to set a body for a PR
Add private and expose fields to the prowgen section of ci-operator config. This allows repos to control job visibility directly in their ci-operator config instead of requiring a .config.prowgen file. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
prowgen: allow ci-operator config to set private and expose
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add CodeRabbit review configuration
image-detector: support /image commit directive to force image builds
Today there was a Deck outage, when both of two Pods restarted their 'deck' containers simultaneously at 22:23, causing: Application is not available errors to https://prow.ci.openshift.org/ users. Timestamps and exit 0: $ oc -n ci get -l component=deck -o json pods | jq -r '.items[].status.containerStatuses[] | select(.restartCount > 0) | {name, restartCount, lastState}' { "name": "deck", "restartCount": 1, "lastState": { "terminated": { "containerID": "cri-o://21786efafb65fd5b67e72eb2a1a91405b182d3b20daeb549980217210bf0e22a", "exitCode": 0, "finishedAt": "2026-04-23T22:23:37Z", "reason": "Completed", "startedAt": "2026-04-23T20:04:03Z" } } } { "name": "deck", "restartCount": 1, "lastState": { "terminated": { "containerID": "cri-o://7af2f63b995729d1e8e64b1776a6a2aa3439076e9d55616182ac61b1c64fe855", "exitCode": 0, "finishedAt": "2026-04-23T22:23:58Z", "reason": "Completed", "startedAt": "2026-04-23T19:28:51Z" } } } The container exits were because of Kubeconfig changes: $ oc -n ci logs -c deck --previous deck-54c8d55b65-6fxcn | tail -n16 | head -n2 {"component":"deck","file":"sigs.k8s.io/prow/cmd/deck/main.go:392","func":"main.main.func2","level":"info","msg":"Kubeconfig changed, exiting to trigger a restart","severity":"info","time":"2026-04-23T22:23:36Z"} {"component":"deck","file":"sigs.k8s.io/prow/pkg/interrupts/interrupts.go:63","func":"sigs.k8s.io/prow/pkg/interrupts.handleInterrupt","level":"info","msg":"Received signal.","severity":"info","signal":2,"time":"2026-04-23T22:23:36Z"} The Secret update was this ci-secret-bootstrapper in [1]: {"cluster":"app.ci","component":"ci-secret-bootstrap","file":"/go/src/github.com/openshift/ci-tools/cmd/ci-secret-bootstrap/main.go:815","func":"main.updateSecrets","level":"debug","msg":"secret updated","name":"deck","namespace":"ci","severity":"debug","time":"2026-04-23T22:23:02Z","type":"Opaque"} This commit adds more logs to that "secret updated" entry, to make it easier for us to figure out which change triggered the next bump, so we can decide if it's appropriate, and the kind of thing we'll accept a few minutes of Deck outage over, or if it's surprising churn. [1]: https://deck-internal-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/origin-ci-private/logs/periodic-ci-secret-bootstrap/2047432829557542912
…r-profiles-config/profiles-diff check-cluster-profiles-config: Diff with pointers
Enable possibility to use capabilities in images jobs
prowgen: allow per-test slack reporter config in ci-operator config
coderabbit: add high-level summary instructions
Signed-off-by: mehabhalodiya <mehabhalodiya@gmail.com>
…op notifications
pj-rehearse was vulnerable to memory spikes (50+ GB) under load because
it handled an unlimited number of webhook requests concurrently, each
loading full CI/Prow configurations.
This commit introduces three features to mitigate the problem:
1. Handler dispatcher with bounded concurrency and queuing:
- Configurable max concurrent handlers (default 5), max queued (50),
queue timeout (5m), and execution timeout (15m) via CLI flags.
- Requests that exceed the queue capacity or wait too long are dropped
with a GitHub comment notifying the user.
- Separate Prometheus metrics for in-flight handlers, queued requests,
drops (by reason), and execution timeouts.
2. Changed-files prefilter (implements DPTP-2888):
- Before loading full configs, diffs the PR against the base branch to
check if any changed files fall under ci-operator/config,
ci-operator/jobs, core-services/prow/02_config, or
ci-operator/step-registry.
- If no rehearsal-relevant paths changed, skips DetermineAffectedJobs
entirely, avoiding the expensive config load.
3. Merged PR event handlers into a single registration:
- handlePullRequestCreation and handleNewPush are now dispatched as
one unit, preventing a single PR event from consuming two dispatcher
slots.
Co-authored-by Cursor
Signed-off-by: Jakub Guzik <jguzik@redhat.com>
…ale-qe Add new profile: azure-perfscale-qe
pj-rehearse: add concurrency control, changed-files prefilter, and drop notifications
…ate-with-cluster-profile-set Integrate BYOIP with Cluster Profile Sets
The handler processed all IssueCommentEvent actions (created, edited, deleted), which meant editing a comment containing a /payload-job command would unintentionally re-trigger the payload job. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The handler processed all IssueCommentEvent actions (created, edited, deleted), which meant editing a comment containing a /testwith command would unintentionally re-trigger the job. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The handler processed all IssueCommentEvent actions (created, edited, deleted), which meant editing a comment containing a /validate-backports command would unintentionally re-trigger the verification. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The handler processed all IssueCommentEvent actions (created, edited, deleted), which meant editing a comment containing a /pipeline command would unintentionally re-trigger the pipeline. Also avoids taking the mutex lock for events that will be ignored. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…cate-periodics NO-JIRA: remove release-release template
…ift#5166) * prowgen: don't fill in default report_template for inline slack config When report_template is not specified in per-test reporter_config, don't fill in the default template. This keeps the behavior consistent with the .config.prowgen path and avoids unnecessary diffs during migration. Prow applies its own default template when none is set. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * prowgen: support inline slack reporter config for images jobs Add SlackReporterConfig field to ImageConfiguration so that images presubmit/postsubmit jobs can receive inline slack reporter config, removing the need for .config.prowgen fallback for images jobs. Also remove unused DefaultSlackReporterReportTemplate. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * prowgen: update generated files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Ignore non-created issue comment events in prow plugins
…e-local-reference-policy resolve digest-only tags in ResolvePullSpec for PreserveOriginal imports
…-checkconfig/cps-ignore-list ci-operator-checkconfig: Add cluster profile sets allowlist
…ster-init-breaking-changes Remove cluster-init from `check-breaking-changes`
Fix issue DPTP-4756 add STS hub-account role chaining for AWS cluster profiles
* prowgen: compute sparse checkout files for image builds Replace skipCloning() with sparseCheckoutFiles() that computes the minimal set of files needed for image builds: .ci-operator.yaml (if from_repository is set) plus all Dockerfile paths from image configs. When sparse checkout files are available, set them on DecorationConfig instead of skipping cloning entirely. This allows prow to checkout only the files needed for image builds, significantly reducing clone time for large repositories. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * rehearse: clear sparse checkout from rehearsal DecorationConfig When a rehearsal job's primary ref (openshift/release) differs from the target repo, CompletePrimaryRefs propagates SparseCheckoutFiles from DecorationConfig to the extra ref (the original repo). However, the DecorationConfig.SparseCheckoutFiles remains set and prow applies it to the primary ref too, causing the release repo to be sparse-checked out — which breaks the clone with "unrelated histories" errors. Clear SparseCheckoutFiles from DecorationConfig after setting up the extra ref, since the files are already on the extra ref via CompletePrimaryRefs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * steps/source: clear sparse checkout before src image build When sparse checkout is active, clonerefs inside the src image build only checks out Dockerfiles, leaving the repo without source code. This breaks binary_build_commands (e.g. make all) and test steps that need the full source tree. Clear SparseCheckoutFiles from all refs before passing them to clonerefs in createBuild(), ensuring the src image always gets a full clone regardless of job-level sparse checkout settings. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * prowgen: propagate sparse checkout to periodic extra_refs Periodic jobs use extra_refs[0] as their primary ref instead of a top-level Refs field. DecorationConfig.SparseCheckoutFiles was not being propagated to this ref, so periodic jobs never used sparse checkout even when configured. Copy SparseCheckoutFiles from DecorationConfig to the periodic's extra_refs[0] before appending it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
All features previously configured via .config.prowgen files are now available inline in ci-operator configuration YAML via the `prowgen:` field (private, expose, disable_rehearsals, skip_operator_presubmits, enable_secrets_store_csi_driver) and per-test `reporter_config` / `disable_rehearsal` fields. This removes: - config.Prowgen struct and all associated types/functions from pkg/config/load.go (Rehearsals, SlackReporterConfig, SkipOperatorPresubmits, LoadProwgenConfig, validateProwgenConfig, MergeDefaults, GetSlackReporterConfigForJobName, SkipPresubmits) - ProwgenInfo.Config field — ProwgenInfo now only contains Metadata - .config.prowgen loading from ci-operator-prowgen and image-graph-generator - .config.prowgen skip from check-gh-automation Integration test fixtures migrated from .config.prowgen to inline ci-operator config equivalents. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After removing .config.prowgen support, ProwgenInfo was an empty wrapper around cioperatorapi.Metadata. Replace all usages with *cioperatorapi.Metadata. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.config.prowgenconfiguration file support🤖 Generated with Claude Code