prowgen: remove .config.prowgen support

[Prucek]

Summary

Follow-up to #5012 (deprecation). This PR removes .config.prowgen support entirely:

• Removes config.Prowgen struct, SlackReporterConfig, Rehearsals, SkipOperatorPresubmits types and all related methods
• Removes ProwgenInfo.Config field — ProwgenInfo now only embeds Metadata
• Simplifies addSlackReporterConfig to only use per-test SlackReporter (no .config.prowgen fallback)
• Removes .config.prowgen loading/caching from ci-operator-prowgen and dead code from image-graph-generator
• Removes .config.prowgen skip from check-gh-automation
• Deletes all integration test .config.prowgen files (migrated to inline ci-operator config)
• Updates and removes related tests and fixtures

All configuration previously in .config.prowgen is now handled via inline ci-operator config fields introduced in #5012.

Depends on #5012.

🤖 Generated with Claude Code

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

Walkthrough

This pull request migrates Prowgen configuration from an external .config.prowgen file-based system into the CI Operator configuration schema as optional fields, removing the config loading subsystem and refactoring job generation to use the new API types for Slack reporting, rehearsal control, and concurrency settings.

Changes

Cohort / File(s)	Summary
API Type System pkg/api/types.go, pkg/api/zz_generated.deepcopy.go	Added SlackReporter and ProwgenExtras types with defaults; extended ReleaseBuildConfiguration, TestStepConfiguration, and OperatorStepConfiguration with new optional fields (slack_reporter, disable_rehearsal, max_concurrency, skip_presubmits, prowgen). Updated all related deepcopy methods and import aliases for image API types.
Config Module Removal pkg/config/load.go, pkg/config/load_test.go	Removed entire Prowgen struct and related types (SlackReporterConfig, SkipOperatorPresubmits, Rehearsals); deleted config loading functions (LoadProwgenConfig, validateProwgenConfig) and utility methods. Removed test coverage for Prowgen validation and merging logic.
Job Generation Refactoring pkg/prowgen/jobbase.go, pkg/prowgen/jobbase_test.go	Switched to new API types from ciop.ProwgenExtras instead of config.Prowgen; introduced helper functions for private/expose/CSI state and updated pointer utility usage from pointer.Bool to ptr.To. Updated all test cases to use ReleaseBuildConfiguration.Prowgen field.
Prowgen Logic Updates pkg/prowgen/prowgen.go, pkg/prowgen/prowgen_test.go	Removed dependency on config.Prowgen; refactored rehearsal disabling logic to use per-test DisableRehearsal field; updated Slack reporter handling to source from TestStepConfiguration.SlackReporter with defaults; added maxConcurrency helper and threaded max concurrency through presubmit/postsubmit/periodic generation. Added 201 lines of new test cases for Slack reporter and rehearsal behaviors.
CLI Tool Updates cmd/ci-operator-prowgen/main.go, cmd/ci-operator-prowgen/main_test.go, cmd/check-gh-automation/main.go	Removed config.Prowgen map caching and passing in generateJobsToDir; simplified job generation to initialize prowgen.ProwgenInfo with metadata only. Removed filter skipping .config.prowgen in check-gh-automation. Updated test call signatures.
Validation & Documentation pkg/validation/test.go, pkg/webreg/zz_generated.ci_operator_reference.go, pkg/image-graph-generator/operator.go	Added validation for empty SlackReporter.Channel; extended web reference documentation with new Prowgen schema fields; removed Prowgen config loading from image-graph-generator callback.
Integration Test Fixtures pkg/prowgen/testdata/zz_fixture_*, test/integration/ci-operator-prowgen/testdata/	Removed old Prowgen-centric fixtures; added 11 new YAML fixtures demonstrating Slack reporter (with/without defaults), max concurrency (periodic/postsubmit), private/expose behavior, rehearsal disabling (global/per-test), and operator presubmit skipping from CI Operator config.
Integration Test Input Configs test/integration/ci-operator-prowgen/input/config/*/	Migrated rehearsal/slack/private/expose settings from .config.prowgen files into CI Operator YAML files (prowgen/slack_reporter/disable_rehearsal fields); added new comprehensive test config at prowgen-config/duper/ exercising all features.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Prucek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Prucek]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Prucek]

/hold

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pkg/prowgen/prowgen.go (1)

444-453: ⚠️ Potential issue | 🟠 Major

Default periodic max_concurrency to 1 when unset.

Line 116 applies the new default to postsubmits, but Lines 451-453 only copy the periodic value when the pointer is non-nil. That diverges from Lines 915-918 in pkg/api/types.go and leaves test periodics at zero/unset concurrency when max_concurrency is omitted, so overlapping runs become possible.

🛠️ Suggested fix

 	pj := &prowconfig.Periodic{
 		JobBase:         base,
 		Cron:            cron,
 		Interval:        opts.Interval,
 		MinimumInterval: opts.MinimumInterval,
 		Retry:           opts.Retry,
+		MaxConcurrency:  maxConcurrency(opts.MaxConcurrency, 1),
 	}
-	if opts.MaxConcurrency != nil {
-		pj.MaxConcurrency = *opts.MaxConcurrency
-	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/prowgen/prowgen.go` around lines 444 - 453, The periodic job creation
sets pj.MaxConcurrency only when opts.MaxConcurrency is non-nil, leaving it
unset (zero) and allowing overlapping runs; update the logic in the block that
builds prowconfig.Periodic (pj) so that if opts.MaxConcurrency is nil you set
pj.MaxConcurrency = 1, otherwise set it to *opts.MaxConcurrency (i.e., ensure
pj.MaxConcurrency defaults to 1 when opts.MaxConcurrency is omitted, mirroring
the postsubmit/default behavior).

🧹 Nitpick comments (1)

pkg/webreg/zz_generated.ci_operator_reference.go (1)

641-644: Documentation references removed feature.

The comment mentions ".config.prowgen's disable_all setting" but this PR removes .config.prowgen support. Consider updating the documentation to remove this reference since users can no longer use that configuration method.

Suggested documentation update

-	"        # DisableRehearsal prevents this specific test from being picked up for rehearsals.\n" +
-	"        # Note: this cannot re-enable rehearsals if they are globally disabled via\n" +
-	"        # prowgen.disable_rehearsals or .config.prowgen's disable_all setting.\n" +
+	"        # DisableRehearsal prevents this specific test from being picked up for rehearsals.\n" +
+	"        # Note: this cannot re-enable rehearsals if they are globally disabled via\n" +
+	"        # prowgen.disable_rehearsals.\n" +

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/webreg/zz_generated.ci_operator_reference.go` around lines 641 - 644,
Update the generated comment string that mentions ".config.prowgen's disable_all
setting" to remove that reference and rephrase the sentence in the string
literal so it no longer suggests .config.prowgen can re-enable rehearsals;
locate the multi-line string in pkg/webreg/zz_generated.ci_operator_reference.go
(the block containing "DisableRehearsal prevents this specific test..." and
"disable_rehearsal: false") and edit the text to instead note that rehearsals
may be globally disabled via prowgen settings without referencing
.config.prowgen, keeping the rest of the explanatory text intact.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/prowgen/jobbase.go`:
- Around line 23-30: The isPrivate function currently lets
configSpec.Prowgen.Private override the org check; change it so that org ==
"openshift-priv" always yields true regardless of prowgen.private. Concretely,
in isPrivate ensure you return true if info.Org == "openshift-priv" before
honoring configSpec.Prowgen.Private (or compute the result as configPrivate ||
info.Org == "openshift-priv"), referencing the existing symbols isPrivate,
configSpec.Prowgen.Private, and info.Org with the literal "openshift-priv".

In
`@pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_private_with_expose_from_ci_operator_prowgen_config.yaml`:
- Around line 57-69: The volumes list is missing a definition for the referenced
volume "gcs-credentials" used by the container; add a volume entry named
"gcs-credentials" under the same volumes block (similar to existing secret
volumes like "pull-secret" and "result-aggregator") that mounts the appropriate
Kubernetes Secret (e.g., secretName: gcs-credentials) so the pod spec validates
and the container can access the GCS credentials.

---

Outside diff comments:
In `@pkg/prowgen/prowgen.go`:
- Around line 444-453: The periodic job creation sets pj.MaxConcurrency only
when opts.MaxConcurrency is non-nil, leaving it unset (zero) and allowing
overlapping runs; update the logic in the block that builds prowconfig.Periodic
(pj) so that if opts.MaxConcurrency is nil you set pj.MaxConcurrency = 1,
otherwise set it to *opts.MaxConcurrency (i.e., ensure pj.MaxConcurrency
defaults to 1 when opts.MaxConcurrency is omitted, mirroring the
postsubmit/default behavior).

---

Nitpick comments:
In `@pkg/webreg/zz_generated.ci_operator_reference.go`:
- Around line 641-644: Update the generated comment string that mentions
".config.prowgen's disable_all setting" to remove that reference and rephrase
the sentence in the string literal so it no longer suggests .config.prowgen can
re-enable rehearsals; locate the multi-line string in
pkg/webreg/zz_generated.ci_operator_reference.go (the block containing
"DisableRehearsal prevents this specific test..." and "disable_rehearsal:
false") and edit the text to instead note that rehearsals may be globally
disabled via prowgen settings without referencing .config.prowgen, keeping the
rest of the explanatory text intact.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1dedbeb5-c213-49d5-926a-9b56efa92654

📥 Commits

Reviewing files that changed from the base of the PR and between f56c667 and 4624022.

📒 Files selected for processing (45)

• cmd/check-gh-automation/main.go
• cmd/ci-operator-prowgen/main.go
• cmd/ci-operator-prowgen/main_test.go
• pkg/api/types.go
• pkg/api/zz_generated.deepcopy.go
• pkg/config/load.go
• pkg/config/load_test.go
• pkg/image-graph-generator/operator.go
• pkg/prowgen/jobbase.go
• pkg/prowgen/jobbase_test.go
• pkg/prowgen/prowgen.go
• pkg/prowgen/prowgen_test.go
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_disable_all_rehearsals_from_ci_operator_prowgen_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_disable_rehearsal_from_ci_operator_config_per_test.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_images_job_is_configured_for_slack_reporting.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_openshift_priv_org_defaults_to_private.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_periodic_with_custom_max_concurrency.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_postsubmit_with_custom_max_concurrency.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_private_from_ci_operator_prowgen_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_private_with_expose_from_ci_operator_prowgen_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_skip_operator_presubmits_from_ci_operator_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_slack_reporter_from_ci_operator_config_per_test.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_slack_reporter_from_ci_operator_config_with_defaults.yaml
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_slack_reporter_from_ci_operator_config_with_explicit_values.yaml
• pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_job_excluded_by_patterns_should_not_have_slack_reporter_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_simple_with_slack_reporter_config.yaml
• pkg/validation/test.go
• pkg/webreg/zz_generated.ci_operator_reference.go
• test/integration/ci-operator-prowgen/input/config/norehearsals/duper/.config.prowgen
• test/integration/ci-operator-prowgen/input/config/norehearsals/duper/norehearsals-duper-master.yaml
• test/integration/ci-operator-prowgen/input/config/norehearsals/stuper/.config.prowgen
• test/integration/ci-operator-prowgen/input/config/norehearsals/stuper/norehearsals-stuper-master.yaml
• test/integration/ci-operator-prowgen/input/config/private-org/.config.prowgen
• test/integration/ci-operator-prowgen/input/config/private-org/duper/private-org-duper-master.yaml
• test/integration/ci-operator-prowgen/input/config/private-org/super/private-org-super-master.yaml
• test/integration/ci-operator-prowgen/input/config/private/duper/.config.prowgen
• test/integration/ci-operator-prowgen/input/config/private/duper/private-duper-master.yaml
• test/integration/ci-operator-prowgen/input/config/prowgen-config/duper/prowgen-config-duper-master.yaml
• test/integration/ci-operator-prowgen/input/config/slack-report/duper/.config.prowgen
• test/integration/ci-operator-prowgen/input/config/slack-report/duper/slack-report-duper-master.yaml
• test/integration/ci-operator-prowgen/input/config/super/duper/.config.prowgen
• test/integration/ci-operator-prowgen/input/config/super/duper/super-duper-release-4.19__periodics.yaml
• test/integration/ci-operator-prowgen/output/jobs/prowgen-config/duper/prowgen-config-duper-master-periodics.yaml
• test/integration/ci-operator-prowgen/output/jobs/prowgen-config/duper/prowgen-config-duper-master-postsubmits.yaml
• test/integration/ci-operator-prowgen/output/jobs/prowgen-config/duper/prowgen-config-duper-master-presubmits.yaml

💤 Files with no reviewable changes (13)

• test/integration/ci-operator-prowgen/input/config/private-org/.config.prowgen
• test/integration/ci-operator-prowgen/input/config/norehearsals/stuper/.config.prowgen
• test/integration/ci-operator-prowgen/input/config/norehearsals/duper/.config.prowgen
• test/integration/ci-operator-prowgen/input/config/private/duper/.config.prowgen
• cmd/check-gh-automation/main.go
• pkg/image-graph-generator/operator.go
• test/integration/ci-operator-prowgen/input/config/super/duper/.config.prowgen
• pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_images_job_is_configured_for_slack_reporting.yaml
• test/integration/ci-operator-prowgen/input/config/slack-report/duper/.config.prowgen
• pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_job_excluded_by_patterns_should_not_have_slack_reporter_config.yaml
• pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_simple_with_slack_reporter_config.yaml
• pkg/config/load_test.go
• pkg/config/load.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Enforce openshift-priv as unconditionally private

Line 26 currently allows prowgen.private: false to override openshift-priv, which conflicts with the function contract and can unintentionally disable private-job protections (hidden jobs and private token paths at Line 109/Line 128/Line 137).

Suggested fix

 func isPrivate(configSpec *cioperatorapi.ReleaseBuildConfiguration, info *ProwgenInfo) bool {
-	if configSpec.Prowgen != nil && configSpec.Prowgen.Private != nil {
-		return *configSpec.Prowgen.Private
-	}
-	return info.Org == "openshift-priv"
+	if info != nil && info.Org == "openshift-priv" {
+		return true
+	}
+	if configSpec != nil && configSpec.Prowgen != nil && configSpec.Prowgen.Private != nil {
+		return *configSpec.Prowgen.Private
+	}
+	return false
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// isPrivate returns true if the repo is private, checking ci-operator config
	// and the org name (openshift-priv is always private).
	func isPrivate(configSpec *cioperatorapi.ReleaseBuildConfiguration, info *ProwgenInfo) bool {
	if configSpec.Prowgen != nil && configSpec.Prowgen.Private != nil {
	return *configSpec.Prowgen.Private
	}
	return info.Org == "openshift-priv"
	}
	// isPrivate returns true if the repo is private, checking ci-operator config
	// and the org name (openshift-priv is always private).
	func isPrivate(configSpec *cioperatorapi.ReleaseBuildConfiguration, info *ProwgenInfo) bool {
	if info != nil && info.Org == "openshift-priv" {
	return true
	}
	if configSpec != nil && configSpec.Prowgen != nil && configSpec.Prowgen.Private != nil {
	return *configSpec.Prowgen.Private
	}
	return false
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/prowgen/jobbase.go` around lines 23 - 30, The isPrivate function
currently lets configSpec.Prowgen.Private override the org check; change it so
that org == "openshift-priv" always yields true regardless of prowgen.private.
Concretely, in isPrivate ensure you return true if info.Org == "openshift-priv"
before honoring configSpec.Prowgen.Private (or compute the result as
configPrivate || info.Org == "openshift-priv"), referencing the existing symbols
isPrivate, configSpec.Prowgen.Private, and info.Org with the literal
"openshift-priv".

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Missing volume definition for gcs-credentials.

The container references a gcs-credentials volume mount at lines 41-43, but the volumes section does not define this volume. This results in an invalid Kubernetes pod spec that would fail validation.

🔧 Proposed fix: Add the missing volume definition

       serviceAccountName: ci-operator
       volumes:
+      - name: gcs-credentials
+        secret:
+          secretName: gcs-credentials
       - name: github-credentials-openshift-ci-robot-private-git-cloner
         secret:
           secretName: github-credentials-openshift-ci-robot-private-git-cloner

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_private_with_expose_from_ci_operator_prowgen_config.yaml`
around lines 57 - 69, The volumes list is missing a definition for the
referenced volume "gcs-credentials" used by the container; add a volume entry
named "gcs-credentials" under the same volumes block (similar to existing secret
volumes like "pull-secret" and "result-aggregator") that mounts the appropriate
Kubernetes Secret (e.g., secretName: gcs-credentials) so the pod spec validates
and the container can access the GCS credentials.