MGMT-22635: add CaaS CI workflow and e2e-caas jobs for OSAC

[omer-vishlitzky]

Summary

• Parameterize cluster-tool boot step: add CLUSTER_TOOL_FLAVOR_NAME and E2E_CLUSTER_TEMPLATE env vars, replace hardcoded flavor name
• Parameterize cluster-tool test step: add E2E_TEST_DIR env var, make KubeVirt wait conditional
• Add CaaS agent setup step (osac-project-cluster-tool-caas-agents): boots agent VM for HyperShift provisioning
• Add CaaS workflow (osac-project-cluster-tool-caas): boot + agents + test + cleanup
• Add e2e-caas presubmit job to all 5 OSAC repos (fulfillment-service, osac-operator, osac-installer, osac-test-infra, osac-aap)
• Add 2 CaaS periodic jobs to osac-test-infra (Friday 2am + 6am)
• Update gather step with CaaS/HyperShift diagnostics (ClusterOrders, HostedClusters, NodePools, Agents, MCE, MetalLB)

Test plan

• Verify VMaaS e2e-vmaas jobs still work (backward compatible — all new env vars have VMaaS defaults)
• Verify e2e-caas presubmit runs on osac-test-infra PRs
• Verify CaaS periodic jobs trigger on Friday schedule
• Verify gather step collects CaaS diagnostics

Overview

This PR adds CaaS (Cluster-as-a-Service) support to the OSAC OpenShift CI infra by introducing a new parameterizable CaaS workflow and the steps required to boot, provision HyperShift agents, run CaaS e2e tests, collect CaaS diagnostics, and clean up agent VMs. Changes are additive and preserve existing VMaaS behavior via environment variable defaults.

Practical impact — which CI/infrastructure is affected

• CI configs in five OSAC repositories gain a new e2e-caas presubmit:
  • ci-operator configs updated for: fulfillment-service, osac-operator, osac-installer, osac-aap, osac-test-infra.
• osac-test-infra also receives two periodic CaaS-backed metal cluster order lifecycle tests scheduled Fridays at 02:00 and 06:00.
• New step refs, scripts, workflow, metadata, and OWNERS were added under ci-operator/step-registry/osac-project/cluster-tool to implement CaaS flows.

New workflow and steps

• New workflow: osac-project-cluster-tool-caas

  • Boots an OSAC cluster from a pre-built CaaS snapshot, runs a refresh/fix step, provisions HyperShift/agent infra, runs CaaS e2e tests, and performs cleanup.
  • Workflow metadata files (including approvers/reviewers) added.

• New step: caas-agents

  • Script creates InfraEnv, waits for ISO, boots an agent VM via libvirt on the clone network, waits for an OpenShift Agent resource, labels and approves it for use by HyperShift provisioning.
  • OWNERS and metadata entries added for the caas-agents area.

Parameterization & compatibility

• Boot step:

  • Added CLUSTER_TOOL_FLAVOR_NAME (default "osac-vmaas-pruned") to replace hardcoded flavor and allow CaaS flavors.
  • Added E2E_CLUSTER_TEMPLATE (default empty) to optionally publish/use a cluster template for CaaS flows.
  • Boot commands now forward these values into remote boot logic.

• Test step:

  • Added E2E_TEST_DIR (default tests/vmaas) to select the test directory.
  • KubeVirt readiness/wait is now conditional and skipped for CaaS tests (tests whose path includes "caas"), preserving VMaaS behavior when defaults are used.
  • JUnit artifact path standardized to junit_e2e.xml.

These defaults maintain backward compatibility with existing e2e-vmaas jobs.

Diagnostics & cleanup

• gather step extended to capture CaaS/HyperShift diagnostics (ClusterOrders, HostedClusters, NodePools, Agents, InfraEnvs, AgentServiceConfig, MultiClusterEngine, MetalLB IPAddressPools).
• destroy step extended to detect and remove an agent VM (agent-worker-01) and associated disk/ISO artifacts during teardown.

CI job changes

• Added e2e-caas presubmit job entries for the five repos, routing to the new caas workflow and reusing existing dependency images where applicable.
• Added two periodic CAAS-backed metal cluster order lifecycle jobs to osac-test-infra with E2E-specific envs (E2E_KUSTOMIZE_OVERLAY, E2E_CLUSTER_TEMPLATE, E2E_TEST_DIR) and specific test scripts.

Other notes / fixes in commit

• Commit message and scripts include MetalLB reconfiguration for the clone subnet and cleanup behavior for agent VM destruction.
• OWNERS and metadata JSONs were added/updated for the new step/workflow areas; approver/reviewer groups set to osac-cicd.

Testing notes (from PR)

• VMaaS e2e-vmaas jobs should remain functional due to defaults.
• e2e-caas presubmit should run on osac-test-infra PRs.
• CaaS periodic jobs should trigger on the Friday schedule.
• Gather step should now collect the listed CaaS diagnostics.

[openshift-ci-robot]

@omer-vishlitzky: This pull request references MGMT-22635 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• Parameterize cluster-tool boot step: add CLUSTER_TOOL_FLAVOR_NAME and E2E_CLUSTER_TEMPLATE env vars, replace hardcoded flavor name
• Parameterize cluster-tool test step: add E2E_TEST_DIR env var, make KubeVirt wait conditional
• Add CaaS agent setup step (osac-project-cluster-tool-caas-agents): boots agent VM for HyperShift provisioning
• Add CaaS workflow (osac-project-cluster-tool-caas): boot + agents + test + cleanup
• Add e2e-caas presubmit job to all 5 OSAC repos (fulfillment-service, osac-operator, osac-installer, osac-test-infra, osac-aap)
• Add 2 CaaS periodic jobs to osac-test-infra (Friday 2am + 6am)
• Update gather step with CaaS/HyperShift diagnostics (ClusterOrders, HostedClusters, NodePools, Agents, MCE, MetalLB)

Test plan

• Verify VMaaS e2e-vmaas jobs still work (backward compatible — all new env vars have VMaaS defaults)
• Verify e2e-caas presubmit runs on osac-test-infra PRs
• Verify CaaS periodic jobs trigger on Friday schedule
• Verify gather step collects CaaS diagnostics

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: a4325bbf-dba0-4c19-94a9-49fd1ee64073

📥 Commits

Reviewing files that changed from the base of the PR and between 1577d00 and 4aa7f6f.

📒 Files selected for processing (2)

• ci-operator/step-registry/osac-project/cluster-tool/caas-agents/osac-project-cluster-tool-caas-agents-commands.sh
• ci-operator/step-registry/osac-project/cluster-tool/destroy/osac-project-cluster-tool-destroy-commands.sh

---

Walkthrough

Adds a new osac-project-cluster-tool-caas CI workflow, a caas-agents provisioning step and scripts, parameterizes boot and test steps for CaaS, extends gather to collect CaaS diagnostics, and wires e2e-caas tests into service pipelines and schedules.

Changes

CaaS Workflow and Infrastructure

Layer / File(s)	Summary
Workflow, metadata, and owners ci-operator/step-registry/osac-project/cluster-tool/caas/osac-project-cluster-tool-caas-workflow.yaml, ci-operator/step-registry/osac-project/cluster-tool/caas/osac-project-cluster-tool-caas-workflow.metadata.json, ci-operator/step-registry/osac-project/cluster-tool/caas/OWNERS	New osac-project-cluster-tool-caas workflow and associated metadata/OWNERS added.
CaaS agent provisioning ci-operator/step-registry/osac-project/cluster-tool/caas-agents/*	New caas-agents ref, metadata, OWNERS, and osac-project-cluster-tool-caas-agents-commands.sh script to create InfraEnv, boot discovery VM, and approve/register an agent.
Boot step parameterization ci-operator/step-registry/osac-project/cluster-tool/boot/osac-project-cluster-tool-boot-commands.sh, ci-operator/step-registry/osac-project/cluster-tool/boot/osac-project-cluster-tool-boot-ref.yaml	Boot step accepts CLUSTER_TOOL_FLAVOR_NAME and E2E_CLUSTER_TEMPLATE, forwards them to remote boot script and installer container.
Test step generalization ci-operator/step-registry/osac-project/cluster-tool/test/osac-project-cluster-tool-test-commands.sh, ci-operator/step-registry/osac-project/cluster-tool/test/osac-project-cluster-tool-test-ref.yaml	Test commands and ref add E2E_TEST_DIR, conditionally skip KubeVirt readiness for CaaS, run pytest from provided test dir, and adjust artifact naming.
Service pipeline CaaS test configuration ci-operator/config/osac-project/*-main.yaml (fulfillment-service, osac-aap, osac-installer, osac-operator, osac-test-infra)	Multiple service pipelines add e2e-caas test entries wiring image deps and selecting the CaaS workflow; test-infra adds scheduled CAAS metal cluster order tests with CAAS-specific env vars.
Gather diagnostics & destroy cleanup ci-operator/step-registry/osac-project/gather/osac-project-gather-commands.sh, ci-operator/step-registry/osac-project/cluster-tool/destroy/osac-project-cluster-tool-destroy-commands.sh	Gather step extended to collect CaaS/HyperShift and MetalLB diagnostics; destroy script removes agent VM artifacts when present.

Sequence Diagram

sequenceDiagram
  participant CI as CI System
  participant Workflow as osac-project-cluster-tool-caas
  participant AgentStep as caas-agents step
  participant Boot as cluster-tool boot step
  participant Test as cluster-tool test step
  participant Gather as gather step

  CI->>Workflow: trigger `osac-project-cluster-tool-caas`
  Workflow->>AgentStep: run caas-agents ref
  AgentStep->>Boot: prepare cluster/tool inputs (flavor, template)
  Boot->>Test: boot cluster, pass E2E_NAMESPACE/FLAVOR/TEMPLATE
  Test->>Gather: run tests from E2E_TEST_DIR and upload artifacts
  Gather->>CI: collect CaaS/HyperShift diagnostics

Loading

🎯 3 (Moderate) | ⏱️ ~25 minutes

• openshift/release#79365: Edits to cluster-tool-boot-commands.sh overlap with boot parameter changes and may be related.

Suggested labels

lgtm, approved, rehearsals-ack

Suggested reviewers

• adriengentil
• akshaynadkarni

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: adding a CaaS CI workflow and e2e-caas jobs for OSAC. It is concise, clear, and directly reflects the primary objectives outlined in the PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR contains only CI/CD configuration files (YAML, shell scripts, and metadata) with no Ginkgo test code added or modified. The check for stable Ginkgo test names does not apply.
Test Structure And Quality	✅ Passed	This PR contains no Ginkgo test code. All changes are CI/CD infrastructure (YAML config, bash scripts, JSON metadata). The check for Ginkgo test structure is not applicable.
Microshift Test Compatibility	✅ Passed	PR adds CI configuration and shell scripts only; no new Ginkgo e2e tests are introduced in this repository. Actual test code exists in separate osac-project repositories.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests found. PR adds CI config YAML, bash orchestration scripts, and metadata only. Tests are Python-based in external repositories.
Topology-Aware Scheduling Compatibility	✅ Passed	PR contains only CI infrastructure (test jobs and orchestration steps) with no deployment manifests, operator code, or scheduling constraints that would affect cluster topologies.
Ote Binary Stdout Contract	✅ Passed	PR contains no Go source code changes, only YAML CI configuration and bash scripts. OTE Binary Stdout Contract check (for Go binaries) is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds CI/CD infrastructure (YAML configs and bash scripts) for CaaS workflows, not new Ginkgo e2e tests. No Go test files or Ginkgo test definitions are present in the PR.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

ci-operator/step-registry/osac-project/gather/osac-project-gather-commands.sh (1)

84-86: ⚡ Quick win

Capture YAML for NodePools/Agents/InfraEnvs as well.

These three resources are currently captured only with -o wide; adding YAML snapshots would make post-failure triage much easier and keep this section consistent with the other CaaS resources.

Proposed patch

 oc get nodepools -A -o wide > "${ARTIFACT_DIR}/caas/nodepools.txt" 2>&1 || true
+oc get nodepools -A -o yaml > "${ARTIFACT_DIR}/caas/nodepools.yaml" 2>&1 || true
 oc get agents -A -o wide > "${ARTIFACT_DIR}/caas/agents.txt" 2>&1 || true
+oc get agents -A -o yaml > "${ARTIFACT_DIR}/caas/agents.yaml" 2>&1 || true
 oc get infraenvs -A -o wide > "${ARTIFACT_DIR}/caas/infraenvs.txt" 2>&1 || true
+oc get infraenvs -A -o yaml > "${ARTIFACT_DIR}/caas/infraenvs.yaml" 2>&1 || true

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/gather/osac-project-gather-commands.sh`
around lines 84 - 86, Add YAML snapshots for the three CaaS resources in
addition to the existing -o wide outputs by running `oc get nodepools -A -o
yaml`, `oc get agents -A -o yaml`, and `oc get infraenvs -A -o yaml` and writing
them to "${ARTIFACT_DIR}/caas/nodepools.yaml",
"${ARTIFACT_DIR}/caas/agents.yaml", and "${ARTIFACT_DIR}/caas/infraenvs.yaml"
respectively (preserve the existing -o wide > ... .txt lines and the "2>&1 ||
true" behavior); update the block containing the existing `oc get ... -o wide`
commands so each resource also has a corresponding `-o yaml` capture using the
same ARTIFACT_DIR and error-tolerant redirection.

ci-operator/step-registry/osac-project/cluster-tool/caas/osac-project-cluster-tool-caas-workflow.yaml (1)

21-21: ⚡ Quick win

Use a team-owned immutable flavor image reference.

Line 21 points to a personal namespace with a tag. This can make CI reproducibility and ownership brittle; prefer an org-owned image and digest pinning.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/cluster-tool/caas/osac-project-cluster-tool-caas-workflow.yaml`
at line 21, The CLUSTER_TOOL_FLAVOR_IMAGE value currently points to a personal
namespace and a mutable tag
("quay.io/rh-ee-ovishlit/cluster-flavors:osac-caas"); change the value of
CLUSTER_TOOL_FLAVOR_IMAGE to use a team/org-owned repository and pin to an
immutable digest (e.g., quay.io/<team-or-org>/cluster-flavors@sha256:<digest>)
so CI uses a stable, owned image; update any related image publishing workflow
to publish the digested image into the team repo if needed.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/osac-project/cluster-tool/caas-agents/osac-project-cluster-tool-caas-agents-commands.sh`:
- Line 67: The script prints a sensitive discovery ISO URL via the echo "ISO
URL: ${ISO_URL}" statement; remove this direct printing and either delete the
echo or replace it with a non-sensitive check (e.g., log that ISO_URL is
set/empty or print a redacted placeholder/length) in the same script section so
that the ISO_URL variable is not emitted to CI logs; locate and update the echo
line referencing ISO_URL in osac-project-cluster-tool-caas-agents-commands.sh to
implement this change.

In
`@ci-operator/step-registry/osac-project/cluster-tool/test/osac-project-cluster-tool-test-commands.sh`:
- Around line 49-50: Validate TEST_DIR explicitly instead of using loose
substring matching: check TEST_DIR is non-empty and equals the expected value or
matches a strict pattern (e.g., "^tests/caas(/.*)?$") before the KubeVirt
availability branch and before invoking pytest, and replace the unquoted usage
with a quoted expansion when passing to pytest (use "${TEST_DIR}"). Update the
if condition that currently uses [[ "${TEST_DIR}" != *"caas"* ]] to perform the
explicit validation and ensure later references to TEST_DIR (the pytest
invocation) are quoted to avoid word-splitting.

---

Nitpick comments:
In
`@ci-operator/step-registry/osac-project/cluster-tool/caas/osac-project-cluster-tool-caas-workflow.yaml`:
- Line 21: The CLUSTER_TOOL_FLAVOR_IMAGE value currently points to a personal
namespace and a mutable tag
("quay.io/rh-ee-ovishlit/cluster-flavors:osac-caas"); change the value of
CLUSTER_TOOL_FLAVOR_IMAGE to use a team/org-owned repository and pin to an
immutable digest (e.g., quay.io/<team-or-org>/cluster-flavors@sha256:<digest>)
so CI uses a stable, owned image; update any related image publishing workflow
to publish the digested image into the team repo if needed.

In
`@ci-operator/step-registry/osac-project/gather/osac-project-gather-commands.sh`:
- Around line 84-86: Add YAML snapshots for the three CaaS resources in addition
to the existing -o wide outputs by running `oc get nodepools -A -o yaml`, `oc
get agents -A -o yaml`, and `oc get infraenvs -A -o yaml` and writing them to
"${ARTIFACT_DIR}/caas/nodepools.yaml", "${ARTIFACT_DIR}/caas/agents.yaml", and
"${ARTIFACT_DIR}/caas/infraenvs.yaml" respectively (preserve the existing -o
wide > ... .txt lines and the "2>&1 || true" behavior); update the block
containing the existing `oc get ... -o wide` commands so each resource also has
a corresponding `-o yaml` capture using the same ARTIFACT_DIR and error-tolerant
redirection.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 8e07b33e-6abb-494a-b1cc-229a609e0104

📥 Commits

Reviewing files that changed from the base of the PR and between 69d8268 and 9c1e473.

📒 Files selected for processing (17)

• ci-operator/config/osac-project/fulfillment-service/osac-project-fulfillment-service-main.yaml
• ci-operator/config/osac-project/osac-aap/osac-project-osac-aap-main.yaml
• ci-operator/config/osac-project/osac-installer/osac-project-osac-installer-main.yaml
• ci-operator/config/osac-project/osac-operator/osac-project-osac-operator-main.yaml
• ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
• ci-operator/step-registry/osac-project/cluster-tool/boot/osac-project-cluster-tool-boot-commands.sh
• ci-operator/step-registry/osac-project/cluster-tool/boot/osac-project-cluster-tool-boot-ref.yaml
• ci-operator/step-registry/osac-project/cluster-tool/caas-agents/OWNERS
• ci-operator/step-registry/osac-project/cluster-tool/caas-agents/osac-project-cluster-tool-caas-agents-commands.sh
• ci-operator/step-registry/osac-project/cluster-tool/caas-agents/osac-project-cluster-tool-caas-agents-ref.metadata.json
• ci-operator/step-registry/osac-project/cluster-tool/caas-agents/osac-project-cluster-tool-caas-agents-ref.yaml
• ci-operator/step-registry/osac-project/cluster-tool/caas/OWNERS
• ci-operator/step-registry/osac-project/cluster-tool/caas/osac-project-cluster-tool-caas-workflow.metadata.json
• ci-operator/step-registry/osac-project/cluster-tool/caas/osac-project-cluster-tool-caas-workflow.yaml
• ci-operator/step-registry/osac-project/cluster-tool/test/osac-project-cluster-tool-test-commands.sh
• ci-operator/step-registry/osac-project/cluster-tool/test/osac-project-cluster-tool-test-ref.yaml
• ci-operator/step-registry/osac-project/gather/osac-project-gather-commands.sh

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid logging the discovery ISO URL.

Line 67 prints a URL derived from cluster state; this can expose sensitive cluster URL/token material in CI logs.

Proposed fix

-echo "ISO URL: ${ISO_URL}"
+echo "Discovery ISO URL acquired."

As per coding guidelines, "Protect sensitive information in step registry scripts - never echo or print passwords, tokens, API keys, cluster URLs, or kubeconfig contents".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	echo "ISO URL: ${ISO_URL}"
	echo "Discovery ISO URL acquired."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/cluster-tool/caas-agents/osac-project-cluster-tool-caas-agents-commands.sh`
at line 67, The script prints a sensitive discovery ISO URL via the echo "ISO
URL: ${ISO_URL}" statement; remove this direct printing and either delete the
echo or replace it with a non-sensitive check (e.g., log that ISO_URL is
set/empty or print a redacted placeholder/length) in the same script section so
that the ISO_URL variable is not emitted to CI logs; locate and update the echo
line referencing ISO_URL in osac-project-cluster-tool-caas-agents-commands.sh to
implement this change.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
rg -n 'E2E_TEST_DIR:' ci-operator/config/osac-project/**/osac-project-*-main.yaml

Repository: openshift/release

Length of output: 305

---

🏁 Script executed:

# View the full script to understand context around lines 49-83
cat -n ci-operator/step-registry/osac-project/cluster-tool/test/osac-project-cluster-tool-test-commands.sh | sed -n '1,90p'

Repository: openshift/release

Length of output: 3739

---

🏁 Script executed:

# Search for other references to E2E_TEST_DIR in the repository to see if it's sourced elsewhere
rg -n 'E2E_TEST_DIR|TEST_DIR=' --type yaml --type sh ci-operator/ | head -40

Repository: openshift/release

Length of output: 2558

---

Harden TEST_DIR handling with explicit validation.

Line 49 uses substring matching and line 83 passes ${TEST_DIR} unquoted to pytest. While current configuration strictly sets E2E_TEST_DIR: tests/caas, explicit validation makes the intent clearer and prevents future misconfiguration.

🔧 Proposed fix

 TEST_DIR="$7"
+
+case "${TEST_DIR}" in
+  tests/caas) ;;
+  *)
+    echo "ERROR: unsupported E2E_TEST_DIR: ${TEST_DIR}"
+    exit 1
+    ;;
+esac
@@
-if [[ "${TEST_DIR}" != *"caas"* ]]; then
+if [[ "${TEST_DIR}" != "tests/caas" ]]; then
@@
-    pytest ${TEST_DIR}/ -v --junitxml=/tmp/test-results/junit_e2e.xml
+    pytest -- "${TEST_DIR%/}/" -v --junitxml=/tmp/test-results/junit_e2e.xml

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/cluster-tool/test/osac-project-cluster-tool-test-commands.sh`
around lines 49 - 50, Validate TEST_DIR explicitly instead of using loose
substring matching: check TEST_DIR is non-empty and equals the expected value or
matches a strict pattern (e.g., "^tests/caas(/.*)?$") before the KubeVirt
availability branch and before invoking pytest, and replace the unquoted usage
with a quoted expansion when passing to pytest (use "${TEST_DIR}"). Update the
if condition that currently uses [[ "${TEST_DIR}" != *"caas"* ]] to perform the
explicit validation and ensure later references to TEST_DIR (the pytest
invocation) are quoted to avoid word-splitting.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ci-operator/step-registry/osac-project/gather/osac-project-gather-commands.sh (1)

90-90: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Change ipaddresspool to ipaddresspools on line 90.

The MetalLB resource name is ipaddresspools (plural), not ipaddresspool (singular). The current command fails silently due to || true and does not collect MetalLB diagnostics. Use oc get ipaddresspools -A -o yaml > "${ARTIFACT_DIR}/caas/metallb-pools.yaml" 2>&1 || true instead.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/gather/osac-project-gather-commands.sh`
at line 90, Replace the incorrect MetalLB resource name in the gather command:
change the oc invocation that currently uses "ipaddresspool" to the plural
"ipaddresspools" so the command becomes oc get ipaddresspools -A -o yaml >
"${ARTIFACT_DIR}/caas/metallb-pools.yaml" 2>&1 || true; update the line that
writes to "${ARTIFACT_DIR}/caas/metallb-pools.yaml" to use the corrected
resource name so MetalLB diagnostics are actually collected.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@ci-operator/step-registry/osac-project/gather/osac-project-gather-commands.sh`:
- Line 90: Replace the incorrect MetalLB resource name in the gather command:
change the oc invocation that currently uses "ipaddresspool" to the plural
"ipaddresspools" so the command becomes oc get ipaddresspools -A -o yaml >
"${ARTIFACT_DIR}/caas/metallb-pools.yaml" 2>&1 || true; update the line that
writes to "${ARTIFACT_DIR}/caas/metallb-pools.yaml" to use the corrected
resource name so MetalLB diagnostics are actually collected.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2e889a68-b836-46dd-99af-c48c28fe9d4a

📥 Commits

Reviewing files that changed from the base of the PR and between 9c1e473 and 1577d00.

📒 Files selected for processing (2)

• ci-operator/step-registry/osac-project/cluster-tool/caas-agents/osac-project-cluster-tool-caas-agents-commands.sh
• ci-operator/step-registry/osac-project/gather/osac-project-gather-commands.sh

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: omer-vishlitzky
Once this PR has been reviewed and has the lgtm label, please assign eranco74 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• ci-operator/config/osac-project/fulfillment-service/OWNERS [omer-vishlitzky]
• ci-operator/config/osac-project/osac-aap/OWNERS
• ci-operator/config/osac-project/osac-installer/OWNERS [omer-vishlitzky]
• ci-operator/config/osac-project/osac-operator/OWNERS
• ci-operator/config/osac-project/osac-test-infra/OWNERS [omer-vishlitzky]
• ci-operator/jobs/osac-project/fulfillment-service/OWNERS [omer-vishlitzky]
• ci-operator/jobs/osac-project/osac-aap/OWNERS
• ci-operator/jobs/osac-project/osac-installer/OWNERS [omer-vishlitzky]
• ci-operator/jobs/osac-project/osac-operator/OWNERS
• ci-operator/jobs/osac-project/osac-test-infra/OWNERS [omer-vishlitzky]
• ci-operator/step-registry/osac-project/cluster-tool/OWNERS [omer-vishlitzky]
• ci-operator/step-registry/osac-project/gather/OWNERS [omer-vishlitzky]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[omer-vishlitzky]

/pj-rehearse

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-installer-main-e2e-caas pull-ci-osac-project-osac-operator-main-e2e-caas pull-ci-osac-project-osac-test-infra-main-e2e-caas pull-ci-osac-project-osac-aap-main-e2e-caas pull-ci-osac-project-fulfillment-service-main-e2e-caas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-fulfillment-service-main-e2e-caas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-installer-main-e2e-caas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-installer-main-e2e-caas pull-ci-osac-project-osac-operator-main-e2e-caas pull-ci-osac-project-osac-test-infra-main-e2e-caas pull-ci-osac-project-osac-aap-main-e2e-caas pull-ci-osac-project-fulfillment-service-main-e2e-caas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-installer-main-e2e-caas pull-ci-osac-project-osac-operator-main-e2e-caas pull-ci-osac-project-osac-test-infra-main-e2e-caas pull-ci-osac-project-osac-aap-main-e2e-caas pull-ci-osac-project-fulfillment-service-main-e2e-caas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[omer-vishlitzky]

/retest

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-installer-main-e2e-caas pull-ci-osac-project-osac-operator-main-e2e-caas pull-ci-osac-project-osac-test-infra-main-e2e-caas pull-ci-osac-project-osac-aap-main-e2e-caas pull-ci-osac-project-fulfillment-service-main-e2e-caas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@omer-vishlitzky: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/osac-project/osac-test-infra/main/e2e-caas	fe0113f	link	unknown	/pj-rehearse pull-ci-osac-project-osac-test-infra-main-e2e-caas
ci/rehearse/osac-project/osac-aap/main/e2e-caas	fe0113f	link	unknown	/pj-rehearse pull-ci-osac-project-osac-aap-main-e2e-caas
ci/rehearse/osac-project/osac-operator/main/e2e-caas	fe0113f	link	unknown	/pj-rehearse pull-ci-osac-project-osac-operator-main-e2e-caas
ci/rehearse/osac-project/fulfillment-service/main/e2e-caas	fe0113f	link	unknown	/pj-rehearse pull-ci-osac-project-fulfillment-service-main-e2e-caas
ci/rehearse/osac-project/osac-installer/main/e2e-caas	fe0113f	link	unknown	/pj-rehearse pull-ci-osac-project-osac-installer-main-e2e-caas
ci/rehearse/osac-project/osac-installer/main/e2e-vmaas	fe0113f	link	unknown	/pj-rehearse pull-ci-osac-project-osac-installer-main-e2e-vmaas

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[omer-vishlitzky]

/pj-rehearse pull-ci-osac-project-osac-installer-main-e2e-caas pull-ci-osac-project-osac-operator-main-e2e-caas pull-ci-osac-project-osac-test-infra-main-e2e-caas pull-ci-osac-project-osac-aap-main-e2e-caas pull-ci-osac-project-fulfillment-service-main-e2e-caas pull-ci-osac-project-osac-operator-main-e2e-vmaas pull-ci-osac-project-fulfillment-service-main-e2e-vmaas pull-ci-osac-project-osac-test-infra-main-e2e-vmaas pull-ci-osac-project-osac-installer-main-e2e-vmaas pull-ci-osac-project-osac-aap-main-e2e-vmaas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@omer-vishlitzky: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-osac-project-osac-aap-main-e2e-caas	osac-project/osac-aap	presubmit	Presubmit changed
pull-ci-osac-project-osac-aap-main-e2e-vmaas	osac-project/osac-aap	presubmit	Registry content changed
pull-ci-osac-project-osac-test-infra-main-e2e-caas	osac-project/osac-test-infra	presubmit	Presubmit changed
pull-ci-osac-project-osac-test-infra-main-e2e-vmaas	osac-project/osac-test-infra	presubmit	Registry content changed
pull-ci-osac-project-fulfillment-service-main-e2e-caas	osac-project/fulfillment-service	presubmit	Presubmit changed
pull-ci-osac-project-fulfillment-service-main-e2e-vmaas	osac-project/fulfillment-service	presubmit	Registry content changed
pull-ci-osac-project-osac-installer-main-e2e-caas	osac-project/osac-installer	presubmit	Presubmit changed
pull-ci-osac-project-osac-installer-main-e2e-vmaas	osac-project/osac-installer	presubmit	Registry content changed
pull-ci-osac-project-osac-operator-main-e2e-caas	osac-project/osac-operator	presubmit	Presubmit changed
pull-ci-osac-project-osac-operator-main-e2e-vmaas	osac-project/osac-operator	presubmit	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-delete-during-provision	N/A	periodic	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-restart	N/A	periodic	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-restart-negative	N/A	periodic	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-subnet-lifecycle	N/A	periodic	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-virtual-network-lifecycle	N/A	periodic	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-creation	N/A	periodic	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-api-fields	N/A	periodic	Registry content changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-cli-fields	N/A	periodic	Registry content changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.