openshift · jupierce · Sep 19, 2025 · Prucek · Oct 2, 2025 · Prucek
diff --git a/content/en/docs/_index.md b/content/en/docs/_index.md
@@ -3,44 +3,98 @@ title: "Home"
 no_list: true
 ---
 
+# OpenShift CI Documentation
+
+Welcome to the OpenShift CI documentation! This site helps you understand and use our CI/CD platform effectively.
+
+## 🎯 Quick Start Navigation
+
 {{% card %}}
-### Onboarding
+### New to OpenShift CI?
+
+Start your journey here:
+1. **[Core Concepts](/docs/getting-started/concepts)** - Understand the basics
+2. **[Writing Your First Test](/docs/getting-started/writing-first-test)** - Hands-on tutorial
+3. **[Examples](/docs/getting-started/examples)** - Common patterns and use cases
 
-* [Onboarding a New Component for Testing and Merge Automation](/docs/how-tos/onboarding-a-new-component)
-* [Testing Operators Built With The Operator SDK and Deployed Through OLM](/docs/how-tos/testing-operator-sdk-operators)
-* [Contributing CI Configuration to the openshift/release Repository](/docs/how-tos/contributing-openshift-release)
+**Popular tasks:**
+- [Onboarding a New Component](/docs/how-tos/onboarding-a-new-component)
+- [Creating a Test Pipeline](/docs/how-tos/creating-a-pipeline)
+- [Using the Step Registry](https://steps.ci.openshift.org/)
 {{% /card %}}
 
 {{% card %}}
-### Writing New Jobs
+### Having Issues?
 
-* [Add a Job to TestGrid](/docs/how-tos/add-jobs-to-testgrid)
-* [Adding and Changing Step Registry Content](/docs/how-tos/adding-changing-step-registry-content/)
-* [Migrating CI Jobs from Templates to Multi-stage Tests](/docs/how-tos/migrating-template-jobs-to-multistage)
-* [Set Up Slack Alerts for Periodic Job Results](/docs/how-tos/notification)
-* [Using External Images in CI](/docs/how-tos/external-images)
+Our comprehensive troubleshooting guide covers:
+- **[Job Won't Start](/docs/troubleshooting/job-execution-issues)** - Triggering and scheduling problems
+- **[Test Failures](/docs/troubleshooting/debugging-failed-jobs)** - Debug failed tests
+- **[Cluster Issues](/docs/troubleshooting/cluster-problems)** - Installation and access problems
+- **[Configuration Errors](/docs/troubleshooting/configuration-issues)** - YAML and setup issues
+
+**[View Complete Troubleshooting Guide →](/docs/troubleshooting/)**
 {{% /card %}}
 
+{{% card %}}
+### Common How-To's
+
+**Testing & Development**
+- [Add a Job to TestGrid](/docs/how-tos/add-jobs-to-testgrid)
+- [Set Up Slack Notifications](/docs/how-tos/notification)
+- [Using External Images in CI](/docs/how-tos/external-images)
+- [Multi-Architecture Testing](/docs/how-tos/multi-architecture)
+
+**Configuration & Setup**
+- [Adding Step Registry Content](/docs/how-tos/adding-changing-step-registry-content/)
+- [Adding a New Secret to CI](/docs/how-tos/adding-a-new-secret-to-ci)
+- [Migrating to Multi-stage Tests](/docs/how-tos/migrating-template-jobs-to-multistage)
+
+**[Browse All How-To Guides →](/docs/how-tos/)**
+{{% /card %}}
 
 {{% card %}}
-### Working with ART
+### Architecture & Deep Dives
 
-* [Private Repositories and Fixing Embargoed CVEs](/docs/architecture/private-repositories)
-* [OCP Builder Images](/docs/architecture/images)
+**Core Components**
+- [Multi-Stage Tests and Step Registry](/docs/architecture/step-registry)
+- [CI Operator](/docs/architecture/ci-operator) - The test orchestration engine
+- [Job Timeouts and Interruptions](/docs/architecture/timeouts)
+
+**OpenShift Integration**
+- [Private Repositories and CVEs](/docs/architecture/private-repositories)
+- [OCP Builder Images](/docs/architecture/images)
+- [Branch Protection](/docs/architecture/branch-protection)
 {{% /card %}}
 
 {{% card %}}
-### Architecture and References
+### Release & Quality
+
+**Release Management**
+- [Centralized Release Branching](/docs/architecture/branching)
+- [Extending Release Gates](/docs/architecture/release-gating)
+- [Component Readiness](/docs/release-oversight/component-readiness)
 
-* [Multi-Stage Tests and the Test Step Registry](/docs/architecture/step-registry)
-* [Handling Job Timeouts and Interruptions](/docs/architecture/timeouts)
-* [CI Operator](/docs/architecture/ci-operator)
+**Working with ART**
+- [The Technical Release Team](/docs/release-oversight/the-technical-release-team)
+- [Payload Testing](/docs/release-oversight/payload-testing)
+- [Improving CI Signal](/docs/release-oversight/improving-ci-signal)
 {{% /card %}}
 
 {{% card %}}
-### Branching and Release
-* [Centralized Release Branching and Config Management](/docs/architecture/branching)
-* [Extending OpenShift Release Gates](/docs/architecture/release-gating)
+### Get Help
+
+**Self-Service Resources**
+- 📚 [FAQ](/docs/getting-started/helpdesk-faq) - Frequently asked questions
+- 🔍 [Search CI Logs](https://search.ci.openshift.org/) - Find error messages
+- 📊 [Sippy](https://sippy.dptools.openshift.org/) - Job health dashboard
+- 🔗 [Useful Links](/docs/getting-started/useful-links) - Tools and services
+
+**Contact Us**
+- 💬 Slack: `#forum-ocp-testplatform`
+- 🎫 [File a Jira Ticket](https://issues.redhat.com/projects/DPTP)
+- 📢 Announcements: `#announce-testplatform`
+
+**Emergency?** Use the "Report CI Outage" workflow in Slack.
 {{% /card %}}
 
 <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
diff --git a/content/en/docs/architecture/branch-protection.md b/content/en/docs/architecture/branch-protection.md
@@ -4,8 +4,14 @@ description: An overview of the integration between OpenShift CI and GitHub bran
 ---
 ## What Is Branch Protection?
 
-Branch protection is a repository setting that enforces certain rules when trying to merge to a protected branch. See
-the [GitHub documentation](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches)
+Branch protection is a GitHub feature that helps maintain code quality by preventing direct pushes to important branches (like `main` or `master`). Instead, changes must go through pull requests and pass required checks.
+
+Think of it as a safety gate - you can't accidentally break the main branch because:
+- All changes must be reviewed
+- Required tests must pass
+- The code must be up-to-date with the target branch
+
+See the [GitHub documentation](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches)
 for more details.
 
 {{< alert title="Note" color="info" >}}
@@ -34,15 +40,27 @@ blocking](https://docs.prow.k8s.io/docs/jobs#requiring-jobs-for-auto-merge-throu
 
 ## How Do We Set up Branch Protection?
 
+Good news: OpenShift CI handles branch protection automatically for you!
+
+### Automatic Setup
+
 Branch Protection requires no manual set-up for repositories with presubmit jobs. When a mandatory presubmit job is
 added or removed from a repository, automation will ensure that the GitHub Branch Protection settings are updated as
 well.
 
-Branch protection is configured by a job that runs periodically every six hours. You can see
-[here](https://prow.ci.openshift.org/?job=periodic-branch-protector) when it last ran. The implication of this is that
+### How It Works
+
+1. You add a required test to your CI configuration
+2. A periodic job (runs every 6 hours) detects the change
+3. Branch protection rules are automatically updated in GitHub
+4. Your required tests are now enforced before merging
+
+You can see [here](https://prow.ci.openshift.org/?job=periodic-branch-protector) when the updater last ran. The implication of this is that
 when you add/remove a mandatory job, it may take up to six hours for this change to show up in GitHub.
 
-The `openshift-merge-robot` that configures the branch protection needs admin permissions.
+### Prerequisites
+
+The `openshift-merge-robot` that configures the branch protection needs admin permissions on your repository. See the [onboarding guide]({{< ref "../how-tos/onboarding-a-new-component" >}}) for details.
 
 ## Is It Possible to Disable the Branch Protection for My Repository or Require Jobs That Are Not Managed by Prow?
 

diff --git a/content/en/docs/architecture/ci-operator.md b/content/en/docs/architecture/ci-operator.md
@@ -10,6 +10,20 @@ installed. `ci-operator` hides the complexity of assembling an ephemeral OpenShi
 of end-to-end test suites to focus on the content of their tests and not the infrastructure required for cluster setup and
 installation.
 
+## Key Concepts for New Users
+
+Before diving into the details, let's clarify some important terms:
+
+- **Release Payload**: A bundle of container images that together form a complete OpenShift installation. Think of it as all the pieces needed to install and run OpenShift.
+- **ImageStream**: An OpenShift resource that tracks different versions of container images. It's like a catalog of available image versions.
+- **ImageStreamTag**: A specific version within an ImageStream, referenced as `stream:tag` (e.g., `pipeline:src`).
+- **Namespace**: An isolated workspace in OpenShift where your CI job runs. Each job gets its own namespace to prevent interference.
+- **Build**: An OpenShift process that creates container images from source code.
+
+For more definitions, see the [Glossary]({{< ref "../getting-started/glossary" >}}).
+
+## How CI Operator Works
+
 `ci-operator` allows for components that make up an OpenShift release to be tested together by allowing each component repository
 to test with the latest published versions of all other components. An integration stream of container `images` is maintained with
 the latest tested versions of every component. A test for any one component snapshots that stream, replaces any `images` that are
@@ -36,10 +50,16 @@ to fulfill their intent.
 
 When `ci-operator` runs tests to verify proposed changes in a pull request to a component repository, it must first build the
 output artifacts from the repository. In order to generate these builds, `ci-operator` needs to know the inputs from which they
-will be created. A number of inputs can be configured; the following example provides both:
+will be created. 
 
-* `base_images`: provides a mapping of named `ImageStreamTags` which will be available for use in container image builds
-* `build_root`: defines the `ImageStreamTag` in which dependencies exist for building executables and non-image artifacts
+Think of inputs as the "ingredients" your CI job needs:
+- What container images contain your build tools?
+- What base images should your application be built on top of?
+
+A number of inputs can be configured; the following example provides both:
+
+* `base_images`: provides a mapping of named images that will be available for use in container image builds (like base operating system images or images with specific tools)
+* `build_root`: defines the image that contains all the compilers, tools, and dependencies needed to build your project (like a Go compiler for Go projects)
 
 `ci-operator` configuration:
 
@@ -60,8 +80,19 @@ build_root: # declares that the release:golang-1.13 image has the build-time dep
     tag: "golang-1.13"
 {{< / highlight >}}
 
+### Understanding the Configuration
+
+In the example above:
+- The `base` image (`ocp/4.5:base`) is a minimal operating system image that other images can be built on top of
+- The `cli` image (`ocp/4.5:cli`) contains the OpenShift command-line tools
+- The `build_root` image (`openshift/release:golang-1.13`) contains the Go compiler and related tools
+
+These images are referenced using the format `namespace/name:tag`. The CI system will fetch these specific versions and make them available to your build process.
+
+### How Image References Work
+
 As `ci-operator` is an OpenShift-native tool, all image references take the form of an `ImageStreamTag` on the build farm cluster,
-not just a valid pull-spec for an image. `ci-operator` will import these `ImageStreamTags` into the `Namespace` created for the test
+not just a regular container image URL (pull-spec). `ci-operator` will import these `ImageStreamTags` into the `Namespace` created for the test
 workflow; snapshotting the current state of inputs to allow for reproducible builds.
 
 If an image that is required for building is not yet present on the cluster, either:
@@ -109,16 +140,22 @@ build_root_image:
 
 ## Building Artifacts
 
+Once `ci-operator` has the build environment ready, it needs to actually build your project. This happens in stages, with each stage creating a new container image that builds on the previous one.
+
+### The Build Pipeline
+
 Starting `FROM` the image described as the `build_root`, `ci-operator` will clone the repository under test and compile
 artifacts, committing them as image layers that may be referenced in derivative builds. The commands which are run to
 compile artifacts are configured with `binary_build_commands` and are run in the root of the cloned repository. A
 separate set of commands, `test_binary_build_commands`, can be configured for building artifacts to support test
-execution. The following `ImageStreamTags` are created in the test's `Namespace`
+execution. 
 
-* `pipeline:root`: imports or builds the `build_root` image
-* `pipeline:src`: clones the code under test `FROM pipeline:root`
-* `pipeline:bin`: runs commands in the cloned repository to build artifacts `FROM pipeline:src`
-* `pipeline:test-bin`: runs a separate set of commands in the cloned repository to build test artifacts `FROM pipeline:src`
+Here's the sequence of images that get created (called the "pipeline"):
+
+* `pipeline:root`: imports or builds the `build_root` image (your build environment)
+* `pipeline:src`: clones your repository's code into the `root` image  
+* `pipeline:bin`: runs your build commands (like `make build`) to create compiled artifacts
+* `pipeline:test-bin`: optionally runs different commands to build test-specific artifacts
 
 `ci-operator` configuration:
 
@@ -127,8 +164,17 @@ binary_build_commands: "go build ./cmd/..."         # these commands are run to
 test_binary_build_commands: "go test -c -o mytests" # these commands are run to build "pipeline:test-bin"
 {{< / highlight >}}
 
+### Understanding the Build Flow
+
+Here's what happens when these commands run:
+
+1. **Setup**: The `pipeline:root` image (your Go development environment) is prepared
+2. **Clone**: Your repository is cloned into this environment, creating `pipeline:src`
+3. **Build**: The `binary_build_commands` run (e.g., `go build ./cmd/...`), creating `pipeline:bin` with your compiled binaries
+4. **Test Build** (optional): The `test_binary_build_commands` run, creating `pipeline:test-bin` with test executables
+
 The content created with these OpenShift `Builds` is addressable in the `ci-operator` configuration simply with the tag. For
-instance, the `pipeline:bin` image can be referenced as `bin` when the content in that image is needed in derivative `Builds`.
+instance, the `pipeline:bin` image can be referenced as just `bin` when the content in that image is needed in derivative `Builds`.
 
 ### Using the Build Cache
 
@@ -157,9 +203,17 @@ was built off of the same build root image as would otherwise be imported. That
 
 Once container `images` exist with output artifacts for a repository, additional output container `images` may be built that
 make use of those artifacts. Commonly, the desired output container image will contain only the executables for a
-component and not any of the build-time dependencies. Furthermore, most teams will need to publish their output
-container `images` through the automated release pipeline, which requires that the `images` are built in Red Hat's
-production image build system, OSBS. In order to create an output container image without build-time dependencies in a
+component and not any of the build-time dependencies. 
+
+### Why Multi-Stage Dockerfiles?
+
+Your compiled application doesn't need all the build tools (compilers, build scripts, etc.) to run - it just needs the final binary. Multi-stage Dockerfiles let you:
+1. Build your application in an image with all the development tools
+2. Copy just the compiled binary to a minimal runtime image
+3. Ship a smaller, more secure image
+
+Furthermore, most teams will need to publish their output container `images` through the automated release pipeline, which requires that the `images` are built in Red Hat's
+production image build system, OSBS (OpenShift Build Service). In order to create an output container image without build-time dependencies in a
 manner which is compatible with OSBS, the simplest approach is a multi-stage `Dockerfile` build.
 
 The standard pattern for a multi-stage `Dockerfile` is to run a compilation in a builder image and copy the resulting

diff --git a/content/en/docs/architecture/step-registry.md b/content/en/docs/architecture/step-registry.md
@@ -8,19 +8,41 @@ These individual steps can be put into a shared registry that other tests can ac
 upgrade as multiple test workflows can share steps and don’t have to each be updated individually to fix bugs or add new features. It also reduces the
 chances of a mistake when copying a feature from one test workflow to another.
 
+## Why Multi-Stage Tests?
+
+Think of multi-stage tests like building with LEGO blocks:
+- **Traditional approach**: Write one big script that does everything (install cluster, run tests, collect logs, cleanup)
+- **Multi-stage approach**: Use pre-built, tested components that you can mix and match
+
+Benefits:
+- **Reusability**: Someone already wrote the "install AWS cluster" step - just use it!
+- **Maintainability**: When AWS installation needs an update, fix it once, and all tests benefit
+- **Flexibility**: Mix different cluster types, test suites, and configurations easily
+
 The current step registry is available for browsing [here](https://steps.ci.openshift.org/).
 
+## Building Blocks
+
 To understand how the multistage tests and registry work, we must first talk about the three components of the test registry and how to use those
 components to create a test:
 
-* [Step](#step): A step is the lowest level component in the test step registry. It describes an individual test step.
-* [Chain](#chain): A chain is a registry component that specifies multiple steps to be run. Any item of the chain can be either a step or another chain.
-* [Workflow](#workflow): A workflow is the highest level component of the step registry. It contains three chains: pre, test, post.
+* [Step](#step): A step is the lowest level component in the test step registry. It describes an individual test step (like "install cluster" or "run e2e tests").
+* [Chain](#chain): A chain is a registry component that specifies multiple steps to be run in sequence. Any item of the chain can be either a step or another chain.
+* [Workflow](#workflow): A workflow is the highest level component of the step registry. It defines a complete test scenario with three phases: pre (setup), test (main tests), and post (cleanup).
 
 ## Step
 
-A step is the lowest level component in the test registry. A step defines a base container image, the filename of the shell script to run inside the
-container, the resource requests and limits for the container, and documentation for the step. Example of a step:
+A step is the lowest level component in the test registry. Think of it as a single action in your test process - like "install a cluster" or "run conformance tests" or "collect logs".
+
+### What Makes Up a Step?
+
+A step defines:
+- **Container image**: Where the step runs (what tools are available)
+- **Script**: What commands to execute
+- **Resources**: How much CPU/memory the step needs
+- **Documentation**: What the step does and how to use it
+
+Here's an example of a step configuration:
 
 {{< highlight yaml >}}
 ref: