ci-operator: use yaml file instead of env vars to load GSM project config

[psalajova]

Use core-services/ci-secret-bootstrap/gsm-project-config.yaml (added in this PR) as source for the GSM project config instead of ENV vars; this way we only have one source of truth if we ever need to change the project.

Summary by CodeRabbit

• New Features

  • Added Google Secrets Manager (GSM) project configuration support.
  • Introduced a new --gsm-project-config CLI flag to specify a GSM project config file.
  • Configuration loading now merges project-level GSM settings with existing GSM configuration.

• Bug Fixes

  • Added validation to ensure GCP project identifiers are present in project config.

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a95056b7-582a-4de4-b477-bfa9775bdfb7

📥 Commits

Reviewing files that changed from the base of the PR and between 70fddcb and 397d726.

📒 Files selected for processing (3)

• cmd/ci-operator/main.go
• pkg/api/gsm.go
• pkg/gsm-secrets/types.go

🚧 Files skipped from review as they are similar to previous changes (2)

• pkg/gsm-secrets/types.go
• cmd/ci-operator/main.go

---

Walkthrough

Adds file-based GSM project configuration support: CLI flag to specify a GSM project config file, a loader function to read/validate that file, and new GSM config fields for GCP project identifiers; replaces environment-based project config retrieval with the file-backed value.

Changes

Cohort / File(s)	Summary
CLI & bootstrap cmd/ci-operator/main.go	Adds gsmProjectConfigPath and gsmProjectConfig to options, new --gsm-project-config flag, loads GSM project config from file during Complete, and uses the loaded project config in Run instead of reading from environment.
GSM API loader pkg/api/gsm.go	Introduces LoadGSMProjectConfigFromFile(file string, config *gsm.Config) error to read (optionally gzipped) YAML into gsm.Config and validate presence of GCP project identifiers.
GSM types pkg/gsm-secrets/types.go	Adds ProjectIdString and ProjectIdNumber fields to Config with JSON/YAML tags (GCP_PROJECT_ID, GCP_PROJECT_NUMBER) and removes the exported Production variable.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	❓ Inconclusive	Repository test files for modified source code could not be located in standard directories.	Provide or locate test files accompanying the changes to pkg/api/gsm.go, pkg/gsm-secrets/types.go, and cmd/ci-operator/main.go for assessment.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: switching GSM project config loading from environment variables to YAML file, which is the core objective of the pull request.
Stable And Deterministic Test Names	✅ Passed	The pull request modifies three functional files with no test definitions or test names to evaluate.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: psalajova

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [psalajova]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/api/gsm.go`:
- Around line 95-102: LoadGSMProjectConfigFromFile currently unmarshals into the
passed config but does not validate required fields; after calling
yaml.UnmarshalStrict in LoadGSMProjectConfigFromFile, check that
config.GCP_PROJECT_ID is not empty and config.GCP_PROJECT_NUMBER is present
(non-empty or non-zero as appropriate for its type) and return a clear
fmt.Errorf if either is missing (e.g., "missing required GSM config:
GCP_PROJECT_ID" / "GCP_PROJECT_NUMBER"); perform this validation before
returning so callers never receive a config lacking those required values.

---

ℹ️ Review info

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 686181d and 70fddcb.

📒 Files selected for processing (3)

• cmd/ci-operator/main.go
• pkg/api/gsm.go
• pkg/gsm-secrets/types.go

[psalajova]

/test lint
/test checkconfig

[openshift-ci]

@psalajova: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	397d726	link	true	/test images
ci/prow/integration	397d726	link	true	/test integration
ci/prow/breaking-changes	397d726	link	false	/test breaking-changes

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.