From 95651920943176c3cf0bb7d7ffb63ec1ce2e6b98 Mon Sep 17 00:00:00 2001 From: Max Cao Date: Thu, 2 Jul 2026 13:18:48 -0700 Subject: [PATCH 1/2] ci(cro): add rehearsal config for maxcao13/cluster-resource-override-admission-operator Fork config based on openshift/cluster-resource-override-admission-operator main, targeting the olm-bundle-upgrades branch. Adds e2e-upgrade-pre/post steps to the upgrade test job. Co-authored-by: Cursor --- ...dmission-operator-olm-bundle-upgrades.yaml | 179 ++++++ ...erator-olm-bundle-upgrades-presubmits.yaml | 593 ++++++++++++++++++ 2 files changed, 772 insertions(+) create mode 100644 ci-operator/config/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades.yaml create mode 100644 ci-operator/jobs/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-presubmits.yaml diff --git a/ci-operator/config/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades.yaml b/ci-operator/config/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades.yaml new file mode 100644 index 0000000000000..6cc5958e07890 --- /dev/null +++ b/ci-operator/config/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades.yaml @@ -0,0 +1,179 @@ +base_images: + operator-sdk: + name: "4.19" + namespace: origin + tag: operator-sdk + previous-bundle: + name: "4.22" + namespace: ocp + tag: cluster-resource-override-admission-operator-bundle + previous-operator: + name: "4.22" + namespace: ocp + tag: cluster-resource-override-admission-operator +binary_build_commands: make build --warn-undefined-variables +build_root: + from_repository: true +images: + items: + - dockerfile_path: images/ci/Dockerfile + to: cluster-resource-override-admission-operator + - dockerfile_path: images/operator-registry/Dockerfile.registry.ci + to: cluster-resource-override-admission-operator-registry +operator: + bundles: + - as: cluster-resource-override-admission-operator-bundle + dockerfile_path: bundle.Dockerfile + skip_building_index: true + substitutions: + - pullspec: quay.io/placeholder/operator.* + with: pipeline:cluster-resource-override-admission-operator + - pullspec: quay.io/placeholder/operand.* + with: stable:cluster-resource-override-admission +releases: + initial: + integration: + name: "5.0" + namespace: ocp + latest: + integration: + include_built_images: true + name: "5.0" + namespace: ocp +resources: + '*': + requests: + cpu: "3" + memory: 1Gi +test_binary_build_commands: make build GO_BUILD_FLAGS:='-race' --warn-undefined-variables +tests: +- as: unit + commands: | + make test-unit JUNITFILE=${ARTIFACT_DIR}/junit_report.xml --warn-undefined-variables + container: + from: test-bin + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ +- as: verify + commands: make verify + container: + from: src + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ +- as: e2e-aws-operator + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + steps: + cluster_profile: openshift-org-aws + test: + - as: test + cli: latest + commands: make e2e-ci + dependencies: + - env: CI_OPERATOR_IMAGE + name: cluster-resource-override-admission-operator + - env: CI_OPERAND_IMAGE + name: cluster-resource-override-admission + - env: CI_REGISTRY_IMAGE + name: cluster-resource-override-admission-operator-registry + from: src + resources: + requests: + cpu: 100m + workflow: ipi-aws +- as: e2e-aws-olm + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + steps: + cluster_profile: openshift-org-aws + test: + - as: test + cli: latest + commands: make e2e-olm-ci + dependencies: + - env: CI_OPERATOR_IMAGE + name: cluster-resource-override-admission-operator + - env: CI_OPERAND_IMAGE + name: cluster-resource-override-admission + - env: CI_REGISTRY_IMAGE + name: cluster-resource-override-admission-operator-registry + from: src + resources: + requests: + cpu: 100m + workflow: ipi-aws +- as: e2e-aws-upgrade + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + steps: + cluster_profile: openshift-org-aws + test: + - as: install + cli: latest + commands: | + export NS=clusterresourceoverride-operator + oc create ns $NS + + # Deploy the bundle which will fail to come up due to it pointing to the operator + # image via a tag that is only available to the presubmit job it is created + # within. This pipeline image is removed shortly after said job + # completes, so the csv needs to be patched to point the equivalent image that has been + # promoted. + operator-sdk run bundle --timeout=10m -n $NS --security-context-config restricted "$PREVIOUS_BUNDLE" || true + export OLD_CSV_NAME=$(oc get csv -n $NS -o jsonpath='{.items[0].metadata.name}') + + oc patch csv -n $NS $OLD_CSV_NAME --type='json' -p="[{\"op\": \"replace\", \"path\": \"/spec/install/spec/deployments/0/spec/template/spec/containers/0/image\", \"value\": \"$PREVIOUS_OPERATOR\"}]" + sleep 10 + + # Delete the deployment which will then be recreated by the subscription controller with the correct image. + oc delete deployment -n $NS clusterresourceoverride-operator + + + oc wait --timeout=10m --for=create -n $NS deployment clusterresourceoverride-operator + oc wait --timeout=10m --for condition=Available -n $NS deployment clusterresourceoverride-operator + dependencies: + - env: PREVIOUS_BUNDLE + name: previous-bundle + - env: PREVIOUS_OPERATOR + name: previous-operator + from: operator-sdk + resources: + requests: + cpu: 100m + - as: pre-check + cli: latest + commands: | + export KUBECTL=$(which oc) + make e2e-upgrade-pre + from: src + resources: + requests: + cpu: 100m + - as: upgrade + cli: latest + commands: | + export NS=clusterresourceoverride-operator + operator-sdk run bundle-upgrade --timeout 10m -n $NS --security-context-config restricted "$OO_BUNDLE" + dependencies: + - env: OO_BUNDLE + name: cluster-resource-override-admission-operator-bundle + from: operator-sdk + resources: + requests: + cpu: 100m + - as: test + cli: latest + commands: | + export KUBECTL=$(which oc) + make e2e-upgrade-post + make e2e + from: src + resources: + requests: + cpu: 100m + workflow: ipi-aws +- as: verify-deps + steps: + env: + CHECK_MOD_LIST: "false" + test: + - ref: go-verify-deps +zz_generated_metadata: + branch: olm-bundle-upgrades + org: maxcao13 + repo: cluster-resource-override-admission-operator diff --git a/ci-operator/jobs/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-presubmits.yaml b/ci-operator/jobs/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-presubmits.yaml new file mode 100644 index 0000000000000..da63ab32e53d3 --- /dev/null +++ b/ci-operator/jobs/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-presubmits.yaml @@ -0,0 +1,593 @@ +presubmits: + maxcao13/cluster-resource-override-admission-operator: + - agent: kubernetes + always_run: true + branches: + - ^olm-bundle-upgrades$ + - ^olm-bundle-upgrades- + cluster: build01 + context: ci/prow/ci-bundle-cluster-resource-override-admission-operator-bundle + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/operator-registry/Dockerfile.registry.ci + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-ci-bundle-cluster-resource-override-admission-operator-bundle + rerun_command: /test ci-bundle-cluster-resource-override-admission-operator-bundle + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=cluster-resource-override-admission-operator-bundle + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )ci-bundle-cluster-resource-override-admission-operator-bundle,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^olm-bundle-upgrades$ + - ^olm-bundle-upgrades- + cluster: build03 + context: ci/prow/e2e-aws-olm + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/operator-registry/Dockerfile.registry.ci + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-e2e-aws-olm + rerun_command: /test e2e-aws-olm + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-olm + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-olm,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^olm-bundle-upgrades$ + - ^olm-bundle-upgrades- + cluster: build03 + context: ci/prow/e2e-aws-operator + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/operator-registry/Dockerfile.registry.ci + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-e2e-aws-operator + rerun_command: /test e2e-aws-operator + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-operator + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-operator,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^olm-bundle-upgrades$ + - ^olm-bundle-upgrades- + cluster: build03 + context: ci/prow/e2e-aws-upgrade + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/operator-registry/Dockerfile.registry.ci + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-e2e-aws-upgrade + rerun_command: /test e2e-aws-upgrade + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-upgrade + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-upgrade,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^olm-bundle-upgrades$ + - ^olm-bundle-upgrades- + cluster: build01 + context: ci/prow/images + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/operator-registry/Dockerfile.registry.ci + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-images + rerun_command: /test images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=[images] + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^olm-bundle-upgrades$ + - ^olm-bundle-upgrades- + cluster: build01 + context: ci/prow/unit + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/operator-registry/Dockerfile.registry.ci + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-unit + rerun_command: /test unit + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=unit + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )unit,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^olm-bundle-upgrades$ + - ^olm-bundle-upgrades- + cluster: build01 + context: ci/prow/verify + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/operator-registry/Dockerfile.registry.ci + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-verify + rerun_command: /test verify + skip_if_only_changed: ^docs/|^\.github|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=verify + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^olm-bundle-upgrades$ + - ^olm-bundle-upgrades- + cluster: build01 + context: ci/prow/verify-deps + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/operator-registry/Dockerfile.registry.ci + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades-verify-deps + rerun_command: /test verify-deps + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=verify-deps + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify-deps,?($|\s.*) From 5cc8ec59dbc38993819bf7fd2ca9022bf7bcc2ab Mon Sep 17 00:00:00 2001 From: Max Cao Date: Fri, 3 Jul 2026 09:19:01 -0700 Subject: [PATCH 2/2] ci: patch operand image in previous bundle install step The previous-bundle CSV contains stale CI pipeline image refs for the operand. Add a previous-operand base image from ocp/4.22 and patch env/2 (OPERAND_IMAGE) alongside the operator container image so the operand pods can actually pull. Co-authored-by: Cursor --- ...e-override-admission-operator-olm-bundle-upgrades.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ci-operator/config/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades.yaml b/ci-operator/config/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades.yaml index 6cc5958e07890..362e8db3018a5 100644 --- a/ci-operator/config/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades.yaml +++ b/ci-operator/config/maxcao13/cluster-resource-override-admission-operator/maxcao13-cluster-resource-override-admission-operator-olm-bundle-upgrades.yaml @@ -7,6 +7,10 @@ base_images: name: "4.22" namespace: ocp tag: cluster-resource-override-admission-operator-bundle + previous-operand: + name: "4.22" + namespace: ocp + tag: cluster-resource-override-admission previous-operator: name: "4.22" namespace: ocp @@ -118,12 +122,12 @@ tests: export OLD_CSV_NAME=$(oc get csv -n $NS -o jsonpath='{.items[0].metadata.name}') oc patch csv -n $NS $OLD_CSV_NAME --type='json' -p="[{\"op\": \"replace\", \"path\": \"/spec/install/spec/deployments/0/spec/template/spec/containers/0/image\", \"value\": \"$PREVIOUS_OPERATOR\"}]" + oc patch csv -n $NS $OLD_CSV_NAME --type='json' -p="[{\"op\": \"replace\", \"path\": \"/spec/install/spec/deployments/0/spec/template/spec/containers/0/env/2/value\", \"value\": \"$PREVIOUS_OPERAND\"}]" sleep 10 # Delete the deployment which will then be recreated by the subscription controller with the correct image. oc delete deployment -n $NS clusterresourceoverride-operator - oc wait --timeout=10m --for=create -n $NS deployment clusterresourceoverride-operator oc wait --timeout=10m --for condition=Available -n $NS deployment clusterresourceoverride-operator dependencies: @@ -131,6 +135,8 @@ tests: name: previous-bundle - env: PREVIOUS_OPERATOR name: previous-operator + - env: PREVIOUS_OPERAND + name: previous-operand from: operator-sdk resources: requests: