From d7aaef842015c2f225f467dee17e8ee7c10a9555 Mon Sep 17 00:00:00 2001 From: nhamza Date: Mon, 15 Jun 2026 12:52:13 +0300 Subject: [PATCH] Add CI configuration for openshift/oc-tnf Register Prow CI jobs for the new oc-tnf plugin repo: - Unit tests, golangci-lint, go mod tidy, dependency verification - Tide merge rules requiring lgtm + approved labels - Approve plugin configuration - OWNERS synced from openshift/oc-tnf repo - Generated presubmit jobs via ci-operator-prowgen Co-Authored-By: Claude Opus 4.6 (1M context) --- ci-operator/config/openshift/oc-tnf/OWNERS | 25 ++ .../oc-tnf/openshift-oc-tnf-main.yaml | 45 +++ ci-operator/jobs/openshift/oc-tnf/OWNERS | 25 ++ .../openshift-oc-tnf-main-presubmits.yaml | 266 ++++++++++++++++++ .../openshift/oc-tnf/_pluginconfig.yaml | 8 + .../openshift/oc-tnf/_prowconfig.yaml | 14 + 6 files changed, 383 insertions(+) create mode 100644 ci-operator/config/openshift/oc-tnf/OWNERS create mode 100644 ci-operator/config/openshift/oc-tnf/openshift-oc-tnf-main.yaml create mode 100644 ci-operator/jobs/openshift/oc-tnf/OWNERS create mode 100644 ci-operator/jobs/openshift/oc-tnf/openshift-oc-tnf-main-presubmits.yaml create mode 100644 core-services/prow/02_config/openshift/oc-tnf/_pluginconfig.yaml create mode 100644 core-services/prow/02_config/openshift/oc-tnf/_prowconfig.yaml diff --git a/ci-operator/config/openshift/oc-tnf/OWNERS b/ci-operator/config/openshift/oc-tnf/OWNERS new file mode 100644 index 0000000000000..5e00bb7e37d86 --- /dev/null +++ b/ci-operator/config/openshift/oc-tnf/OWNERS @@ -0,0 +1,25 @@ +# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools. +# Fetched from https://github.com/openshift/oc-tnf root OWNERS +# If the repo had OWNERS_ALIASES then the aliases were expanded +# Logins who are not members of 'openshift' organization were filtered out +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md + +approvers: +- dhensel-rh +- eggfoobar +- fonta-rh +- fracappa +- jaypoulz +- lucaconsalvi +- neilhamza +- vimauro +options: {} +reviewers: +- dhensel-rh +- eggfoobar +- fonta-rh +- fracappa +- jaypoulz +- lucaconsalvi +- neilhamza +- vimauro diff --git a/ci-operator/config/openshift/oc-tnf/openshift-oc-tnf-main.yaml b/ci-operator/config/openshift/oc-tnf/openshift-oc-tnf-main.yaml new file mode 100644 index 0000000000000..4f9e3e3023ad5 --- /dev/null +++ b/ci-operator/config/openshift/oc-tnf/openshift-oc-tnf-main.yaml @@ -0,0 +1,45 @@ +base_images: + golangci-lint: + name: golangci-lint + namespace: ci + tag: v1.64.8 +binary_build_commands: GOFLAGS="-mod=readonly" make build +build_root: + image_stream_tag: + name: release + namespace: openshift + tag: rhel-9-release-golang-1.24-openshift-4.20 +resources: + '*': + limits: + memory: 4Gi + requests: + cpu: 100m + memory: 200Mi +tests: +- as: unit + commands: GOFLAGS="-mod=readonly" make test + container: + from: bin +- as: golint + commands: | + make golangci-lint + container: + clone: true + from: golangci-lint + skip_if_only_changed: (^docs/)|((^|/)OWNERS(_ALIASES)?$)|((^|/)[A-Z]+\.md$) +- as: modtidy + commands: go mod tidy && git diff --exit-code + container: + from: src + skip_if_only_changed: (^docs/)|((^|/)OWNERS(_ALIASES)?$)|((^|/)[A-Z]+\.md$) +- as: verify-deps + steps: + env: + CHECK_MOD_LIST: "false" + test: + - ref: go-verify-deps +zz_generated_metadata: + branch: main + org: openshift + repo: oc-tnf diff --git a/ci-operator/jobs/openshift/oc-tnf/OWNERS b/ci-operator/jobs/openshift/oc-tnf/OWNERS new file mode 100644 index 0000000000000..5e00bb7e37d86 --- /dev/null +++ b/ci-operator/jobs/openshift/oc-tnf/OWNERS @@ -0,0 +1,25 @@ +# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools. +# Fetched from https://github.com/openshift/oc-tnf root OWNERS +# If the repo had OWNERS_ALIASES then the aliases were expanded +# Logins who are not members of 'openshift' organization were filtered out +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md + +approvers: +- dhensel-rh +- eggfoobar +- fonta-rh +- fracappa +- jaypoulz +- lucaconsalvi +- neilhamza +- vimauro +options: {} +reviewers: +- dhensel-rh +- eggfoobar +- fonta-rh +- fracappa +- jaypoulz +- lucaconsalvi +- neilhamza +- vimauro diff --git a/ci-operator/jobs/openshift/oc-tnf/openshift-oc-tnf-main-presubmits.yaml b/ci-operator/jobs/openshift/oc-tnf/openshift-oc-tnf-main-presubmits.yaml new file mode 100644 index 0000000000000..0e8d908ca39dd --- /dev/null +++ b/ci-operator/jobs/openshift/oc-tnf/openshift-oc-tnf-main-presubmits.yaml @@ -0,0 +1,266 @@ +presubmits: + openshift/oc-tnf: + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/golint + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-oc-tnf-main-golint + rerun_command: /test golint + skip_if_only_changed: (^docs/)|((^|/)OWNERS(_ALIASES)?$)|((^|/)[A-Z]+\.md$) + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=golint + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )golint,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/modtidy + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-oc-tnf-main-modtidy + rerun_command: /test modtidy + skip_if_only_changed: (^docs/)|((^|/)OWNERS(_ALIASES)?$)|((^|/)[A-Z]+\.md$) + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=modtidy + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )modtidy,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/unit + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-oc-tnf-main-unit + rerun_command: /test unit + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=unit + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )unit,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/verify-deps + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-oc-tnf-main-verify-deps + rerun_command: /test verify-deps + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --target=verify-deps + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify-deps,?($|\s.*) diff --git a/core-services/prow/02_config/openshift/oc-tnf/_pluginconfig.yaml b/core-services/prow/02_config/openshift/oc-tnf/_pluginconfig.yaml new file mode 100644 index 0000000000000..dfed6724f4b96 --- /dev/null +++ b/core-services/prow/02_config/openshift/oc-tnf/_pluginconfig.yaml @@ -0,0 +1,8 @@ +approve: +- repos: + - openshift/oc-tnf + require_self_approval: true +plugins: + openshift/oc-tnf: + plugins: + - approve diff --git a/core-services/prow/02_config/openshift/oc-tnf/_prowconfig.yaml b/core-services/prow/02_config/openshift/oc-tnf/_prowconfig.yaml new file mode 100644 index 0000000000000..5c4a627f1e7d2 --- /dev/null +++ b/core-services/prow/02_config/openshift/oc-tnf/_prowconfig.yaml @@ -0,0 +1,14 @@ +tide: + queries: + - labels: + - approved + - lgtm + missingLabels: + - backports/unvalidated-commits + - do-not-merge/hold + - do-not-merge/invalid-owners-file + - do-not-merge/work-in-progress + - jira/invalid-bug + - needs-rebase + repos: + - openshift/oc-tnf