Skip to content

prow: add registry-pull preset to provide jobs with pull credentials#75830

Merged
openshift-merge-bot[bot] merged 1 commit intoopenshift:mainfrom
petr-muller:preset-ci-operator-image-pull
Mar 9, 2026
Merged

prow: add registry-pull preset to provide jobs with pull credentials#75830
openshift-merge-bot[bot] merged 1 commit intoopenshift:mainfrom
petr-muller:preset-ci-operator-image-pull

Conversation

@petr-muller
Copy link
Member

@petr-muller petr-muller commented Mar 6, 2026
edited
Loading

Proof of concept for using Prow presets to deduplicate boilerplate from the 126K+ generated ci-operator Prowjob definitions.

This PR adds a preset to the Prow config that provides the pull-secret volume and volumeMount to any Prowjob labeled with presets.ci.openshift.io: "true".

This is the first of several compositional, domain-specific presets — each covers one logical domain with its own label, and they compose independently.

Rollout

  1. This PR merges first — adds the preset definition. No behavior change since no jobs have the label yet.
  2. Rehearse a job with removed volumes and added preset usage label
  3. A version of prowgen: use preset for registry pull credentials volume ci-tools#4994 limited to a single job merges; there are other Prowjob producers in ci-tools (prpqr and multi-pr) and I would like to test that everything works fine on selected jobs before merging the full thing that will force a gargantuan change in o/release that would be hard to revert.
  4. Full prowgen: use preset for registry pull credentials volume ci-tools#4994 PR merges — prowgen starts adding the label and stops inlining the volume/mount.
  5. make update run — regenerates all jobs, removing ~888K lines of boilerplate and adding the label.

🤖 Generated with Claude Code

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 6, 2026
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 6, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@petr-muller petr-muller mentioned this pull request Mar 6, 2026
Open
@openshift-ci-robot openshift-ci-robot added the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label Mar 6, 2026
petr-muller added a commit to petr-muller/release that referenced this pull request Mar 6, 2026
@petr-muller @claude
jobs: regenerate with preset-ci-operator-image-pull
79c587c 
Regenerate all Prowjob definitions using the modified prowgen that
uses the preset-ci-operator-image-pull Prow preset instead of inlining
the pull-secret volume and volumeMount in every job PodSpec.

Per-job changes:
- Added label: preset-ci-operator-image-pull: "true"
- Removed: pull-secret volumeMount (3 lines)
- Removed: pull-secret volume definition (3 lines)
- Net: -5 lines per job

25,666 files changed, -633K lines net reduction.

Depends on:
- Preset definition: openshift#75830
- Prowgen change: openshift/ci-tools#4994

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@petr-muller petr-muller mentioned this pull request Mar 6, 2026
Closed
3 tasks
@petr-muller
Copy link
Member Author

petr-muller commented Mar 6, 2026

/test prow-config

@petr-muller petr-muller force-pushed the preset-ci-operator-image-pull branch from 6fbb758 to d2694cd Compare March 7, 2026 18:36
@petr-muller petr-muller marked this pull request as ready for review March 7, 2026 18:39
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 7, 2026
@openshift-ci openshift-ci bot requested review from hector-vido and pruan-rht March 7, 2026 18:39
@petr-muller petr-muller mentioned this pull request Mar 7, 2026
Draft
@petr-muller @claude
prow: add preset-ci-operator-image-pull preset
42671df 
Add a Prow preset that provides the registry pull credentials
volume and volumeMount to Prowjobs labeled with
presets.ci.openshift.io/registry-pull: "true".

This is a proof of concept for using compositional Prow presets to
deduplicate boilerplate from the 126K+ generated ci-operator Prowjobs.
Each preset covers one logical domain and can be independently composed.

The corresponding prowgen change will add this label to all generated jobs
and stops inlining the pull-secret volume/mount in the PodSpec.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@petr-muller petr-muller force-pushed the preset-ci-operator-image-pull branch from d2694cd to 42671df Compare March 7, 2026 19:31
@petr-muller petr-muller changed the title prow: add preset-ci-operator-image-pull preset prow: add registry-pull preset to provide jobs with pull credentials Mar 7, 2026
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Mar 7, 2026

[REHEARSALNOTIFIER]
@petr-muller: no rehearsable tests are affected by this change

Note: If this PR includes changes to step registry files (ci-operator/step-registry/) and you expected jobs to be found, try rebasing your PR onto the base branch. This helps pj-rehearse accurately detect changes when the base branch has moved forward.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 7, 2026

@petr-muller: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 9, 2026
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 9, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: petr-muller, Prucek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 9, 2026
@openshift-merge-bot openshift-merge-bot bot merged commit 77bd0da into openshift:main Mar 9, 2026
10 checks passed
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 9, 2026

@petr-muller: Updated the config configmap in namespace ci at cluster app.ci using the following files:

  • key config.yaml using file core-services/prow/02_config/_config.yaml
Details

In response to this:

Proof of concept for using Prow presets to deduplicate boilerplate from the 126K+ generated ci-operator Prowjob definitions.

This PR adds a preset to the Prow config that provides the pull-secret volume and volumeMount to any Prowjob labeled with presets.ci.openshift.io: "true".

This is the first of several compositional, domain-specific presets — each covers one logical domain with its own label, and they compose independently.

Rollout

  1. This PR merges first — adds the preset definition. No behavior change since no jobs have the label yet.
  2. Rehearse a job with removed volumes and added preset usage label
  3. A version of prowgen: use preset for registry pull credentials volume ci-tools#4994 limited to a single job merges; there are other Prowjob producers in ci-tools (prpqr and multi-pr) and I would like to test that everything works fine on selected jobs before merging the full thing that will force a gargantuan change in o/release that would be hard to revert.
  4. Full prowgen: use preset for registry pull credentials volume ci-tools#4994 PR merges — prowgen starts adding the label and stops inlining the volume/mount.
  5. make update run — regenerates all jobs, removing ~888K lines of boilerplate and adding the label.

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

davdhacs pushed a commit to stackrox/openshift-release that referenced this pull request Mar 9, 2026
@petr-muller @claude @davdhacs
prow: add preset-ci-operator-image-pull preset (openshift#75830)
eccbdc2 
Add a Prow preset that provides the registry pull credentials
volume and volumeMount to Prowjobs labeled with
presets.ci.openshift.io/registry-pull: "true".

This is a proof of concept for using compositional Prow presets to
deduplicate boilerplate from the 126K+ generated ci-operator Prowjobs.
Each preset covers one logical domain and can be independently composed.

The corresponding prowgen change will add this label to all generated jobs
and stops inlining the pull-secret volume/mount in the PodSpec.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
SeanZhao-redhat pushed a commit to SeanZhao-redhat/openshift-release that referenced this pull request Mar 10, 2026
@petr-muller @claude @SeanZhao-redhat
prow: add preset-ci-operator-image-pull preset (openshift#75830)
79f540b 
Add a Prow preset that provides the registry pull credentials
volume and volumeMount to Prowjobs labeled with
presets.ci.openshift.io/registry-pull: "true".

This is a proof of concept for using compositional Prow presets to
deduplicate boilerplate from the 126K+ generated ci-operator Prowjobs.
Each preset covers one logical domain and can be independently composed.

The corresponding prowgen change will add this label to all generated jobs
and stops inlining the pull-secret volume/mount in the PodSpec.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hector-vido hector-vido Awaiting requested review from hector-vido

@pruan-rht pruan-rht Awaiting requested review from pruan-rht

1 more reviewer

@Prucek Prucek Prucek approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Prucek Prucek

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. rehearsals-ack Signifies that rehearsal jobs have been acknowledged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@petr-muller @openshift-ci-robot @Prucek