From c18f7d897a6f4aba7d7b014b10139e6abbcae2a6 Mon Sep 17 00:00:00 2001 From: Bryan Cox Date: Thu, 14 May 2026 10:22:58 -0400 Subject: [PATCH 1/3] CNTRLPLANE-3380: Add rebasebot periodics for aws-encryption-provider, aws-node-termination-handler, azure-kubernetes-kms Configure rebasebot to automatically rebase these three HyperShift dependency repos onto their upstream sources on Mon/Thu: - openshift/aws-encryption-provider from kubernetes-sigs/aws-encryption-provider:master - openshift/aws-node-termination-handler from aws/aws-node-termination-handler:main - openshift/azure-kubernetes-kms from Azure/kubernetes-kms:master Co-Authored-By: Claude Opus 4.6 --- .../openshift-eng-rebasebot-main.yaml | 87 +++++++ ...penshift-eng-rebasebot-main-periodics.yaml | 222 ++++++++++++++++++ 2 files changed, 309 insertions(+) diff --git a/ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml b/ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml index 5ac0cb922d47c..14db674a1a098 100644 --- a/ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml +++ b/ci-operator/config/openshift-eng/rebasebot/openshift-eng-rebasebot-main.yaml @@ -62,6 +62,93 @@ tests: requests: cpu: 400m memory: 1Gi +- as: aws-encryption-provider + cron: 0 12 * * Mon,Thu + steps: + test: + - as: aws-encryption-provider + commands: | + rebasebot --source https://github.com/kubernetes-sigs/aws-encryption-provider:master \ + --dest openshift/aws-encryption-provider:master \ + --rebase openshift/aws-encryption-provider:rebase-bot-master \ + --update-go-modules \ + --github-app-key /secrets/rebasebot/hypershift-rebase-bot-key \ + --github-cloner-key /secrets/rebasebot/hypershift-rebase-bot-key \ + --github-app-id 3706026 \ + --github-cloner-id 3706026 \ + --git-username hypershift-rebase-bot \ + --git-email hypershift-rebase-bot@redhat.com \ + --bot-emails hypershift-rebase-bot@redhat.com openshift-bot@redhat.com openshift-ci-robot@redhat.com \ + --tag-policy=strict + credentials: + - mount_path: /secrets/rebasebot + name: hypershift-rebasebot-credentials + namespace: test-credentials + from: rebasebot + resources: + limits: + memory: 6Gi + requests: + cpu: 400m + memory: 1Gi +- as: aws-node-termination-handler + cron: 0 12 * * Mon,Thu + steps: + test: + - as: aws-node-termination-handler + commands: | + rebasebot --source https://github.com/aws/aws-node-termination-handler:main \ + --dest openshift/aws-node-termination-handler:main \ + --rebase openshift/aws-node-termination-handler:rebase-bot-main \ + --update-go-modules \ + --github-app-key /secrets/rebasebot/hypershift-rebase-bot-key \ + --github-cloner-key /secrets/rebasebot/hypershift-rebase-bot-key \ + --github-app-id 3706026 \ + --github-cloner-id 3706026 \ + --git-username hypershift-rebase-bot \ + --git-email hypershift-rebase-bot@redhat.com \ + --bot-emails hypershift-rebase-bot@redhat.com openshift-bot@redhat.com openshift-ci-robot@redhat.com \ + --tag-policy=strict + credentials: + - mount_path: /secrets/rebasebot + name: hypershift-rebasebot-credentials + namespace: test-credentials + from: rebasebot + resources: + limits: + memory: 6Gi + requests: + cpu: 400m + memory: 1Gi +- as: azure-kubernetes-kms + cron: 0 12 * * Mon,Thu + steps: + test: + - as: azure-kubernetes-kms + commands: | + rebasebot --source https://github.com/Azure/kubernetes-kms:master \ + --dest openshift/azure-kubernetes-kms:main \ + --rebase openshift/azure-kubernetes-kms:rebase-bot-main \ + --update-go-modules \ + --github-app-key /secrets/rebasebot/hypershift-rebase-bot-key \ + --github-cloner-key /secrets/rebasebot/hypershift-rebase-bot-key \ + --github-app-id 3706026 \ + --github-cloner-id 3706026 \ + --git-username hypershift-rebase-bot \ + --git-email hypershift-rebase-bot@redhat.com \ + --bot-emails hypershift-rebase-bot@redhat.com openshift-bot@redhat.com openshift-ci-robot@redhat.com \ + --tag-policy=strict + credentials: + - mount_path: /secrets/rebasebot + name: hypershift-rebasebot-credentials + namespace: test-credentials + from: rebasebot + resources: + limits: + memory: 6Gi + requests: + cpu: 400m + memory: 1Gi - as: cloud-provider-aws cron: 0 12 * * Mon,Thu steps: diff --git a/ci-operator/jobs/openshift-eng/rebasebot/openshift-eng-rebasebot-main-periodics.yaml b/ci-operator/jobs/openshift-eng/rebasebot/openshift-eng-rebasebot-main-periodics.yaml index a329fd92f0f2e..896b4b9307c9b 100644 --- a/ci-operator/jobs/openshift-eng/rebasebot/openshift-eng-rebasebot-main-periodics.yaml +++ b/ci-operator/jobs/openshift-eng/rebasebot/openshift-eng-rebasebot-main-periodics.yaml @@ -221,6 +221,228 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build08 + cron: 0 12 * * Mon,Thu + decorate: true + decoration_config: + sparse_checkout_files: + - Containerfile + extra_refs: + - base_ref: main + org: openshift-eng + repo: rebasebot + sparse_checkout_files: + - Containerfile + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-eng-rebasebot-main-aws-encryption-provider + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --target=aws-encryption-provider + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build08 + cron: 0 12 * * Mon,Thu + decorate: true + decoration_config: + sparse_checkout_files: + - Containerfile + extra_refs: + - base_ref: main + org: openshift-eng + repo: rebasebot + sparse_checkout_files: + - Containerfile + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-eng-rebasebot-main-aws-node-termination-handler + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --target=aws-node-termination-handler + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build08 + cron: 0 12 * * Mon,Thu + decorate: true + decoration_config: + sparse_checkout_files: + - Containerfile + extra_refs: + - base_ref: main + org: openshift-eng + repo: rebasebot + sparse_checkout_files: + - Containerfile + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-eng-rebasebot-main-azure-kubernetes-kms + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --target=azure-kubernetes-kms + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build08 cron: 0 12 * * Mon,Thu From 56769dea489314b89108ef65b37916002198b6d3 Mon Sep 17 00:00:00 2001 From: Bryan Cox Date: Thu, 14 May 2026 12:07:38 -0400 Subject: [PATCH 2/3] CNTRLPLANE-3380: Add commitchecker verify-commits presubmit for rebasebot repos Adds a verify-commits presubmit test using the commitchecker tool to validate commit message format (UPSTREAM: ) on PRs for apiserver-network-proxy, aws-encryption-provider, aws-node-termination-handler, and azure-kubernetes-kms. Co-Authored-By: Claude Opus 4.6 --- ...penshift-apiserver-network-proxy-main.yaml | 9 +++ ...nshift-aws-encryption-provider-master.yaml | 9 +++ ...ift-aws-node-termination-handler-main.yaml | 10 +++ .../openshift-azure-kubernetes-kms-main.yaml | 9 +++ ...iserver-network-proxy-main-presubmits.yaml | 65 ++++++++++++++++++ ...encryption-provider-master-presubmits.yaml | 65 ++++++++++++++++++ ...e-termination-handler-main-presubmits.yaml | 66 +++++++++++++++++++ ...-azure-kubernetes-kms-main-presubmits.yaml | 65 ++++++++++++++++++ 8 files changed, 298 insertions(+) diff --git a/ci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main.yaml b/ci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main.yaml index ee703caa289bd..7e74649d41105 100644 --- a/ci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main.yaml +++ b/ci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main.yaml @@ -1,4 +1,8 @@ base_images: + commitchecker: + name: commitchecker + namespace: ci + tag: latest hypershift-operator: name: hypershift-operator namespace: hypershift @@ -39,6 +43,11 @@ tests: steps: cluster_profile: hypershift-aws workflow: hypershift-aws-conformance +- as: verify-commits + commands: | + commitchecker --start ${PULL_BASE_SHA:-main} + container: + from: commitchecker - as: verify-deps steps: env: diff --git a/ci-operator/config/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master.yaml b/ci-operator/config/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master.yaml index 6013351df5275..e6dda079af38d 100644 --- a/ci-operator/config/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master.yaml +++ b/ci-operator/config/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master.yaml @@ -1,4 +1,8 @@ base_images: + commitchecker: + name: commitchecker + namespace: ci + tag: latest hypershift-tests: name: hypershift-tests namespace: hypershift @@ -46,6 +50,11 @@ tests: steps: cluster_profile: hypershift-aws workflow: hypershift-aws-e2e-external +- as: verify-commits + commands: | + commitchecker --start ${PULL_BASE_SHA:-master} + container: + from: commitchecker - as: verify-deps steps: env: diff --git a/ci-operator/config/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main.yaml b/ci-operator/config/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main.yaml index bef72d185c60b..2de8b56db5df9 100644 --- a/ci-operator/config/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main.yaml +++ b/ci-operator/config/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main.yaml @@ -1,3 +1,8 @@ +base_images: + commitchecker: + name: commitchecker + namespace: ci + tag: latest build_root: from_repository: true canonical_go_repository: openshift/aws-node-termination-handler @@ -31,6 +36,11 @@ tests: commands: GOFLAGS="" go version && go mod vendor && go test -v ./... container: from: src +- as: verify-commits + commands: | + commitchecker --start ${PULL_BASE_SHA:-main} + container: + from: commitchecker zz_generated_metadata: branch: main org: openshift diff --git a/ci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main.yaml b/ci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main.yaml index c5d781638c3ee..3951ebf44cf2e 100644 --- a/ci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main.yaml +++ b/ci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main.yaml @@ -1,4 +1,8 @@ base_images: + commitchecker: + name: commitchecker + namespace: ci + tag: latest hypershift-tests: name: hypershift-tests namespace: hypershift @@ -41,6 +45,11 @@ tests: steps: cluster_profile: hypershift-aws workflow: hypershift-aws-e2e-external +- as: verify-commits + commands: | + commitchecker --start ${PULL_BASE_SHA:-main} + container: + from: commitchecker - as: verify-deps steps: env: diff --git a/ci-operator/jobs/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main-presubmits.yaml b/ci-operator/jobs/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main-presubmits.yaml index e69735a5c3d45..271b0fb36ddbd 100644 --- a/ci-operator/jobs/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main-presubmits.yaml @@ -417,6 +417,71 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )verify,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build05 + context: ci/prow/verify-commits + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile.openshift + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-apiserver-network-proxy-main-verify-commits + rerun_command: /test verify-commits + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=verify-commits + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify-commits,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master-presubmits.yaml b/ci-operator/jobs/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master-presubmits.yaml index a1d5fde85ebb5..3f01bd13152cf 100644 --- a/ci-operator/jobs/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master-presubmits.yaml @@ -419,6 +419,71 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )verify,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build05 + context: ci/prow/verify-commits + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile.openshift + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-aws-encryption-provider-master-verify-commits + rerun_command: /test verify-commits + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=verify-commits + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify-commits,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main-presubmits.yaml b/ci-operator/jobs/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main-presubmits.yaml index bad114cf98a13..0c3f89698896e 100644 --- a/ci-operator/jobs/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main-presubmits.yaml @@ -125,3 +125,69 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )unit,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build09 + context: ci/prow/verify-commits + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile.ocp + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-aws-node-termination-handler-main-verify-commits + path_alias: openshift/aws-node-termination-handler + rerun_command: /test verify-commits + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=verify-commits + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify-commits,?($|\s.*) diff --git a/ci-operator/jobs/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main-presubmits.yaml b/ci-operator/jobs/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main-presubmits.yaml index 674bb1ca7a0e7..2bc82a5f11041 100644 --- a/ci-operator/jobs/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main-presubmits.yaml @@ -352,6 +352,71 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )unit,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build11 + context: ci/prow/verify-commits + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile.openshift + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-azure-kubernetes-kms-main-verify-commits + rerun_command: /test verify-commits + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=verify-commits + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify-commits,?($|\s.*) - agent: kubernetes always_run: true branches: From 3820bc43e25fb19bb0448b476004d6e8305fd841 Mon Sep 17 00:00:00 2001 From: Bryan Cox Date: Thu, 14 May 2026 12:51:34 -0400 Subject: [PATCH 3/3] Revert "CNTRLPLANE-3380: Add commitchecker verify-commits presubmit for rebasebot repos" This reverts commit 56769dea489314b89108ef65b37916002198b6d3. --- ...penshift-apiserver-network-proxy-main.yaml | 9 --- ...nshift-aws-encryption-provider-master.yaml | 9 --- ...ift-aws-node-termination-handler-main.yaml | 10 --- .../openshift-azure-kubernetes-kms-main.yaml | 9 --- ...iserver-network-proxy-main-presubmits.yaml | 65 ------------------ ...encryption-provider-master-presubmits.yaml | 65 ------------------ ...e-termination-handler-main-presubmits.yaml | 66 ------------------- ...-azure-kubernetes-kms-main-presubmits.yaml | 65 ------------------ 8 files changed, 298 deletions(-) diff --git a/ci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main.yaml b/ci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main.yaml index 7e74649d41105..ee703caa289bd 100644 --- a/ci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main.yaml +++ b/ci-operator/config/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main.yaml @@ -1,8 +1,4 @@ base_images: - commitchecker: - name: commitchecker - namespace: ci - tag: latest hypershift-operator: name: hypershift-operator namespace: hypershift @@ -43,11 +39,6 @@ tests: steps: cluster_profile: hypershift-aws workflow: hypershift-aws-conformance -- as: verify-commits - commands: | - commitchecker --start ${PULL_BASE_SHA:-main} - container: - from: commitchecker - as: verify-deps steps: env: diff --git a/ci-operator/config/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master.yaml b/ci-operator/config/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master.yaml index e6dda079af38d..6013351df5275 100644 --- a/ci-operator/config/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master.yaml +++ b/ci-operator/config/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master.yaml @@ -1,8 +1,4 @@ base_images: - commitchecker: - name: commitchecker - namespace: ci - tag: latest hypershift-tests: name: hypershift-tests namespace: hypershift @@ -50,11 +46,6 @@ tests: steps: cluster_profile: hypershift-aws workflow: hypershift-aws-e2e-external -- as: verify-commits - commands: | - commitchecker --start ${PULL_BASE_SHA:-master} - container: - from: commitchecker - as: verify-deps steps: env: diff --git a/ci-operator/config/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main.yaml b/ci-operator/config/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main.yaml index 2de8b56db5df9..bef72d185c60b 100644 --- a/ci-operator/config/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main.yaml +++ b/ci-operator/config/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main.yaml @@ -1,8 +1,3 @@ -base_images: - commitchecker: - name: commitchecker - namespace: ci - tag: latest build_root: from_repository: true canonical_go_repository: openshift/aws-node-termination-handler @@ -36,11 +31,6 @@ tests: commands: GOFLAGS="" go version && go mod vendor && go test -v ./... container: from: src -- as: verify-commits - commands: | - commitchecker --start ${PULL_BASE_SHA:-main} - container: - from: commitchecker zz_generated_metadata: branch: main org: openshift diff --git a/ci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main.yaml b/ci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main.yaml index 3951ebf44cf2e..c5d781638c3ee 100644 --- a/ci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main.yaml +++ b/ci-operator/config/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main.yaml @@ -1,8 +1,4 @@ base_images: - commitchecker: - name: commitchecker - namespace: ci - tag: latest hypershift-tests: name: hypershift-tests namespace: hypershift @@ -45,11 +41,6 @@ tests: steps: cluster_profile: hypershift-aws workflow: hypershift-aws-e2e-external -- as: verify-commits - commands: | - commitchecker --start ${PULL_BASE_SHA:-main} - container: - from: commitchecker - as: verify-deps steps: env: diff --git a/ci-operator/jobs/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main-presubmits.yaml b/ci-operator/jobs/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main-presubmits.yaml index 271b0fb36ddbd..e69735a5c3d45 100644 --- a/ci-operator/jobs/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/apiserver-network-proxy/openshift-apiserver-network-proxy-main-presubmits.yaml @@ -417,71 +417,6 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )verify,?($|\s.*) - - agent: kubernetes - always_run: true - branches: - - ^main$ - - ^main- - cluster: build05 - context: ci/prow/verify-commits - decorate: true - decoration_config: - sparse_checkout_files: - - .ci-operator.yaml - - Dockerfile.openshift - labels: - ci.openshift.io/generator: prowgen - pj-rehearse.openshift.io/can-be-rehearsed: "true" - name: pull-ci-openshift-apiserver-network-proxy-main-verify-commits - rerun_command: /test verify-commits - spec: - containers: - - args: - - --gcs-upload-secret=/secrets/gcs/service-account.json - - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson - - --report-credentials-file=/etc/report/credentials - - --target=verify-commits - command: - - ci-operator - env: - - name: HTTP_SERVER_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest - imagePullPolicy: Always - name: "" - ports: - - containerPort: 8080 - name: http - resources: - requests: - cpu: 10m - volumeMounts: - - mountPath: /secrets/gcs - name: gcs-credentials - readOnly: true - - mountPath: /secrets/manifest-tool - name: manifest-tool-local-pusher - readOnly: true - - mountPath: /etc/pull-secret - name: pull-secret - readOnly: true - - mountPath: /etc/report - name: result-aggregator - readOnly: true - serviceAccountName: ci-operator - volumes: - - name: manifest-tool-local-pusher - secret: - secretName: manifest-tool-local-pusher - - name: pull-secret - secret: - secretName: registry-pull-credentials - - name: result-aggregator - secret: - secretName: result-aggregator - trigger: (?m)^/test( | .* )verify-commits,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master-presubmits.yaml b/ci-operator/jobs/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master-presubmits.yaml index 3f01bd13152cf..a1d5fde85ebb5 100644 --- a/ci-operator/jobs/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/aws-encryption-provider/openshift-aws-encryption-provider-master-presubmits.yaml @@ -419,71 +419,6 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )verify,?($|\s.*) - - agent: kubernetes - always_run: true - branches: - - ^master$ - - ^master- - cluster: build05 - context: ci/prow/verify-commits - decorate: true - decoration_config: - sparse_checkout_files: - - .ci-operator.yaml - - Dockerfile.openshift - labels: - ci.openshift.io/generator: prowgen - pj-rehearse.openshift.io/can-be-rehearsed: "true" - name: pull-ci-openshift-aws-encryption-provider-master-verify-commits - rerun_command: /test verify-commits - spec: - containers: - - args: - - --gcs-upload-secret=/secrets/gcs/service-account.json - - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson - - --report-credentials-file=/etc/report/credentials - - --target=verify-commits - command: - - ci-operator - env: - - name: HTTP_SERVER_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest - imagePullPolicy: Always - name: "" - ports: - - containerPort: 8080 - name: http - resources: - requests: - cpu: 10m - volumeMounts: - - mountPath: /secrets/gcs - name: gcs-credentials - readOnly: true - - mountPath: /secrets/manifest-tool - name: manifest-tool-local-pusher - readOnly: true - - mountPath: /etc/pull-secret - name: pull-secret - readOnly: true - - mountPath: /etc/report - name: result-aggregator - readOnly: true - serviceAccountName: ci-operator - volumes: - - name: manifest-tool-local-pusher - secret: - secretName: manifest-tool-local-pusher - - name: pull-secret - secret: - secretName: registry-pull-credentials - - name: result-aggregator - secret: - secretName: result-aggregator - trigger: (?m)^/test( | .* )verify-commits,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main-presubmits.yaml b/ci-operator/jobs/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main-presubmits.yaml index 0c3f89698896e..bad114cf98a13 100644 --- a/ci-operator/jobs/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/aws-node-termination-handler/openshift-aws-node-termination-handler-main-presubmits.yaml @@ -125,69 +125,3 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )unit,?($|\s.*) - - agent: kubernetes - always_run: true - branches: - - ^main$ - - ^main- - cluster: build09 - context: ci/prow/verify-commits - decorate: true - decoration_config: - sparse_checkout_files: - - .ci-operator.yaml - - Dockerfile.ocp - labels: - ci.openshift.io/generator: prowgen - pj-rehearse.openshift.io/can-be-rehearsed: "true" - name: pull-ci-openshift-aws-node-termination-handler-main-verify-commits - path_alias: openshift/aws-node-termination-handler - rerun_command: /test verify-commits - spec: - containers: - - args: - - --gcs-upload-secret=/secrets/gcs/service-account.json - - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson - - --report-credentials-file=/etc/report/credentials - - --target=verify-commits - command: - - ci-operator - env: - - name: HTTP_SERVER_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest - imagePullPolicy: Always - name: "" - ports: - - containerPort: 8080 - name: http - resources: - requests: - cpu: 10m - volumeMounts: - - mountPath: /secrets/gcs - name: gcs-credentials - readOnly: true - - mountPath: /secrets/manifest-tool - name: manifest-tool-local-pusher - readOnly: true - - mountPath: /etc/pull-secret - name: pull-secret - readOnly: true - - mountPath: /etc/report - name: result-aggregator - readOnly: true - serviceAccountName: ci-operator - volumes: - - name: manifest-tool-local-pusher - secret: - secretName: manifest-tool-local-pusher - - name: pull-secret - secret: - secretName: registry-pull-credentials - - name: result-aggregator - secret: - secretName: result-aggregator - trigger: (?m)^/test( | .* )verify-commits,?($|\s.*) diff --git a/ci-operator/jobs/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main-presubmits.yaml b/ci-operator/jobs/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main-presubmits.yaml index 2bc82a5f11041..674bb1ca7a0e7 100644 --- a/ci-operator/jobs/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/azure-kubernetes-kms/openshift-azure-kubernetes-kms-main-presubmits.yaml @@ -352,71 +352,6 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )unit,?($|\s.*) - - agent: kubernetes - always_run: true - branches: - - ^main$ - - ^main- - cluster: build11 - context: ci/prow/verify-commits - decorate: true - decoration_config: - sparse_checkout_files: - - .ci-operator.yaml - - Dockerfile.openshift - labels: - ci.openshift.io/generator: prowgen - pj-rehearse.openshift.io/can-be-rehearsed: "true" - name: pull-ci-openshift-azure-kubernetes-kms-main-verify-commits - rerun_command: /test verify-commits - spec: - containers: - - args: - - --gcs-upload-secret=/secrets/gcs/service-account.json - - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson - - --report-credentials-file=/etc/report/credentials - - --target=verify-commits - command: - - ci-operator - env: - - name: HTTP_SERVER_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest - imagePullPolicy: Always - name: "" - ports: - - containerPort: 8080 - name: http - resources: - requests: - cpu: 10m - volumeMounts: - - mountPath: /secrets/gcs - name: gcs-credentials - readOnly: true - - mountPath: /secrets/manifest-tool - name: manifest-tool-local-pusher - readOnly: true - - mountPath: /etc/pull-secret - name: pull-secret - readOnly: true - - mountPath: /etc/report - name: result-aggregator - readOnly: true - serviceAccountName: ci-operator - volumes: - - name: manifest-tool-local-pusher - secret: - secretName: manifest-tool-local-pusher - - name: pull-secret - secret: - secretName: registry-pull-credentials - - name: result-aggregator - secret: - secretName: result-aggregator - trigger: (?m)^/test( | .* )verify-commits,?($|\s.*) - agent: kubernetes always_run: true branches: