USHIFT-6967: MicroShift CI Doctor - Test workflow-based analysis in Prow environment

[ggiguash]

Summary by CodeRabbit

This PR adjusts the MicroShift CI “Doctor” workflow tooling used by OpenShift Prow jobs so it can be exercised against in-development changes to the edge-tooling repository.

Key changes:

• Updated openshift-edge-tooling-microshift-ci-doctor-commands.sh to create a fresh /tmp/edge-tooling checkout during the job run.
• The job now git clones https://github.com/ggiguash/edge-tooling.git and checks out the ci-doctor-analyse-workflow branch, instead of relying on a pre-installed EDGE_TOOLING_DIR.
• Switched the initial Claude invocation from claude to claude-latest.

Practical impact:

• Enables validation of the MicroShift CI Doctor workflow-based analysis (and its generated outputs like reports/bug handling) in the Prow environment against a specific development branch of the upstream plugins, supporting safer iteration before merging back to the primary workflow.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@ggiguash: This pull request references USHIFT-6967 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: b97a9c5a-697f-437a-b691-393f1fb6727b

📥 Commits

Reviewing files that changed from the base of the PR and between c1d144e and ddcadea.

📒 Files selected for processing (1)

• ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh

---

Walkthrough

The doctor CI script transitions from relying on the pre-installed EDGE_TOOLING_DIR variable to creating a fresh /tmp/edge-tooling directory and cloning https://github.com/ggiguash/edge-tooling.git at branch ci-doctor-analyse-workflow into SRC_DIR. The script also upgrades the Claude invocation from claude to claude-latest.

Changes

Doctor Script Directory and Tool Updates

Layer / File(s)	Summary
Git clone directory setup and Claude version upgrade ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh	SRC_DIR and PLUGIN_DIR are now defined under /tmp/edge-tooling, which is populated by cloning ggiguash/edge-tooling.git at branch ci-doctor-analyse-workflow, replacing reliance on the pre-installed EDGE_TOOLING_DIR. The Claude "doctor" command invocation is updated from claude to claude-latest.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: testing workflow-based analysis for MicroShift CI Doctor in Prow, which aligns with the script modifications that enable testing this functionality.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The PR contains no Ginkgo tests. It modifies a shell script and includes utility test files that don't use Ginkgo patterns, so the check is not applicable.
Test Structure And Quality	✅ Passed	The PR does not contain Ginkgo test code. Changes consist of a shell script, configuration files, and documentation. The check is not applicable as the PR makes no modifications to Ginkgo tests.
Microshift Test Compatibility	✅ Passed	PR modifies only a CI shell script, not Ginkgo e2e tests. Custom check for MicroShift test compatibility applies only to new e2e tests, which are not present in this PR.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests were added in this PR. The changes are to a bash CI script file only, making the SNO test compatibility check not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only a bash CI/CD orchestration script with no Kubernetes deployment manifests, operator code, controllers, or scheduling constraints that could impact topology awareness.
Ote Binary Stdout Contract	✅ Passed	The PR modifies only a CI step shell script, not an OTE binary. OTE binaries are Go test binaries communicating via JSON stdout; this check is inapplicable to shell scripts.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests added in this PR; custom check for IPv6/disconnected network compatibility is not applicable as the PR contains only a CI shell script and standard Go unit tests.
No-Weak-Crypto	✅ Passed	No weak cryptographic algorithms (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or timing-unsafe secret comparisons detected in the modified files.
Container-Privileges	✅ Passed	No container privilege escalation settings found in PR. The ref.yaml, workflow.yaml, and commands.sh script contain no privileged: true, hostPID, hostNetwork, hostIPC, SYS_ADMIN capabilities, root...
No-Sensitive-Data-In-Logs	✅ Passed	Script properly prevents sensitive data exposure: credentials are loaded/exported with command tracing disabled (set +x), sensitive environment variables are not echoed, and tokens are protected fr...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ggiguash

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/OWNERS [ggiguash]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ggiguash]

/pj-rehearse periodic-ci-openshift-eng-edge-tooling-main-microshift-ci-doctor

[openshift-merge-bot]

@ggiguash: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh (1)

246-248: 💤 Low value

Remove commented code before merging to production.

The commented-out lines provide useful context during development but should be removed before this PR is finalized and merged to avoid clutter.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh`
around lines 246 - 248, Remove the three commented-out lines that set SRC_DIR to
EDGE_TOOLING_DIR, PLUGIN_DIR to the microshift-ci plugin path, and change
directory to SRC_DIR. These lines provide no functional value and should be
deleted entirely rather than kept as comments to reduce code clutter.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh`:
- Around line 250-252: The git clone command will fail if the SRC_DIR directory
already exists from a prior run. Add a cleanup command to remove the SRC_DIR
directory before attempting the git clone. Place a `rm -rf "${SRC_DIR}"`
statement immediately before the `git clone` line to ensure the destination path
does not exist when the clone operation begins, preventing the "destination path
already exists" error.

---

Nitpick comments:
In
`@ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh`:
- Around line 246-248: Remove the three commented-out lines that set SRC_DIR to
EDGE_TOOLING_DIR, PLUGIN_DIR to the microshift-ci plugin path, and change
directory to SRC_DIR. These lines provide no functional value and should be
deleted entirely rather than kept as comments to reduce code clutter.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: ce22fe09-ea78-43d3-bba9-6cd167ba2a0b

📥 Commits

Reviewing files that changed from the base of the PR and between 591a844 and c1d144e.

📒 Files selected for processing (1)

• ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify if openshift/edge-tooling repository exists and check typical branch names

# Check if official repo exists
echo "Checking if openshift/edge-tooling exists:"
gh api repos/openshift/edge-tooling --jq '.full_name' 2>/dev/null || echo "Repository not found or not accessible"

# Check if the personal fork exists and list branches
echo -e "\nChecking ggiguash/edge-tooling branches:"
gh api repos/ggiguash/edge-tooling/branches --jq '.[].name' 2>/dev/null | head -10 || echo "Repository not found or not accessible"

# Search for other step-registry scripts that reference edge-tooling
echo -e "\nOther scripts referencing EDGE_TOOLING_DIR or edge-tooling repos:"
rg -n --type=sh 'EDGE_TOOLING_DIR|edge-tooling\.git' ci-operator/step-registry/ | head -20

Repository: openshift/release

Length of output: 1330

---

🏁 Script executed:

# Read the full context of the script around lines 246-252
sed -n '240,260p' ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh

Repository: openshift/release

Length of output: 786

---

🏁 Script executed:

# Check how EDGE_TOOLING_DIR is defined in related scripts
grep -n "EDGE_TOOLING_DIR" ci-operator/step-registry/openshift/edge-tooling/*/openshift-edge-tooling-*-commands.sh

Repository: openshift/release

Length of output: 400

---

🏁 Script executed:

# Check the script header to understand the error handling setup
head -20 ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh

Repository: openshift/release

Length of output: 711

---

🏁 Script executed:

# Verify if EDGE_TOOLING_DIR is passed as an environment variable from step metadata
cat ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-ref.yaml

Repository: openshift/release

Length of output: 1743

---

Add cleanup before git clone to prevent failure if /tmp/edge-tooling exists from a prior run.

The script clones into /tmp/edge-tooling without checking if the directory already exists. If it does (from a previous execution or concurrent step runs), git clone will fail with "destination path already exists and is not an empty directory," causing the script to exit due to set -euo pipefail.

🔧 Proposed fix

 SRC_DIR=/tmp/edge-tooling
 PLUGIN_DIR="${SRC_DIR}/plugins/microshift-ci"
+rm -rf "${SRC_DIR}"
 git clone https://github.com/ggiguash/edge-tooling.git -b ci-doctor-analyse-workflow "${SRC_DIR}"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/openshift/edge-tooling/microshift-ci/doctor/openshift-edge-tooling-microshift-ci-doctor-commands.sh`
around lines 250 - 252, The git clone command will fail if the SRC_DIR directory
already exists from a prior run. Add a cleanup command to remove the SRC_DIR
directory before attempting the git clone. Place a `rm -rf "${SRC_DIR}"`
statement immediately before the `git clone` line to ensure the destination path
does not exist when the clone operation begins, preventing the "destination path
already exists" error.

[ggiguash]

/pj-rehearse periodic-ci-openshift-eng-edge-tooling-main-microshift-ci-doctor

[openshift-merge-bot]

@ggiguash: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@ggiguash: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/periodic-ci-openshift-eng-edge-tooling-main-microshift-ci-doctor	c1d144e	link	unknown	/pj-rehearse periodic-ci-openshift-eng-edge-tooling-main-microshift-ci-doctor

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[ggiguash]

/pj-rehearse periodic-ci-openshift-eng-edge-tooling-main-microshift-ci-doctor

[openshift-merge-bot]

@ggiguash: your /pj-rehearse request was not processed because the request waited in queue for longer than 5 minutes. Please retry in a few minutes.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@ggiguash: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
periodic-ci-openshift-eng-edge-tooling-main-microshift-ci-doctor	N/A	periodic	Registry content changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.