[cyborg-data] add typing check job

ci-operator/config/openshift-eng/cyborg-data/openshift-eng-cyborg-data-main.yaml

@@ -12,40 +12,58 @@ build_root:
     dockerfile_literal: |
       FROM registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.23-openshift-4.19
 
-      # Pre-install Python 3.12 and tools
+      # Pre-install Python 3.12
       RUN dnf install -y python3.12 python3.12-pip python3.12-devel && \
-          python3.12 -m pip install --no-cache-dir pytest ruff && \
           dnf clean all
+
+      # Set default python interpreter for the container
+      ENV PYTHON=python3.12
+images:
+- dockerfile_literal: |
+    FROM src
+    # Install dependencies from pyproject.toml
+    RUN cd python && python3.12 -m pip install .[dev,gcs]
+  from: src
+  to: tests-image
 resources:
   '*':
     requests:
       cpu: 100m
       memory: 1Gi
 tests:
-- as: lint
+- as: go-lint
   commands: cd go && HOME=/tmp golangci-lint run --timeout=20m
   container:
     from: golangci-lint
-- as: lint-python
+- as: python-lint
   commands: cd python && python3.12 -m ruff check .
   container:
-    from: src
+    from: tests-image
+- as: python-typing
+  commands: |
+    export HOME=/tmp
+    make python-typing
+  container:
+    from: tests-image
 - as: unit
   commands: |
-    # Set HOME to writable location for pip
     export HOME=/tmp
-    # Install python package in editable mode so tests can import it
-    cd python && python3.12 -m pip install -e ".[dev]"
     # Run all tests via root Makefile
-    cd .. && make test
+    make test
   container:
-    from: src
-- as: govulncheck
+    from: tests-image
+- as: validate-parity
+  commands: |
+    export HOME=/tmp
+    make validate-parity
+  container:
+    from: tests-image
+- as: go-vulncheck
   commands: cd go && GOCACHE=$(mktemp -d) GOMODCACHE=$(mktemp -d) govulncheck ./...
   container:
     from: govulncheck
   optional: true
-- as: verify
+- as: go-verify
   commands: |
     cd go
     go mod verify

ci-operator/jobs/openshift-eng/cyborg-data/openshift-eng-cyborg-data-main-presubmits.yaml

@@ -6,23 +6,188 @@ presubmits:
     - ^main$
     - ^main-
     cluster: build06
-    context: ci/prow/govulncheck
+    context: ci/prow/go-lint
     decorate: true
     decoration_config:
       skip_cloning: true
     labels:
       ci.openshift.io/generator: prowgen
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
-    name: pull-ci-openshift-eng-cyborg-data-main-govulncheck
+    name: pull-ci-openshift-eng-cyborg-data-main-go-lint
+    rerun_command: /test go-lint
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --report-credentials-file=/etc/report/credentials
+        - --target=go-lint
+        command:
+        - ci-operator
+        image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )go-lint,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^main$
+    - ^main-
+    cluster: build06
+    context: ci/prow/go-verify
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-eng-cyborg-data-main-go-verify
+    rerun_command: /test go-verify
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --report-credentials-file=/etc/report/credentials
+        - --target=go-verify
+        command:
+        - ci-operator
+        image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )go-verify,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^main$
+    - ^main-
+    cluster: build06
+    context: ci/prow/go-vulncheck
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-eng-cyborg-data-main-go-vulncheck
     optional: true
-    rerun_command: /test govulncheck
+    rerun_command: /test go-vulncheck
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --report-credentials-file=/etc/report/credentials
+        - --target=go-vulncheck
+        command:
+        - ci-operator
+        image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )go-vulncheck,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^main$
+    - ^main-
+    cluster: build06
+    context: ci/prow/images
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-eng-cyborg-data-main-images
+    rerun_command: /test images
     spec:
       containers:
       - args:
         - --gcs-upload-secret=/secrets/gcs/service-account.json
         - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
         - --report-credentials-file=/etc/report/credentials
-        - --target=govulncheck
+        - --target=[images]
         command:
         - ci-operator
         image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
@@ -55,29 +220,29 @@ presubmits:
       - name: result-aggregator
         secret:
           secretName: result-aggregator
-    trigger: (?m)^/test( | .* )govulncheck,?($|\s.*)
+    trigger: (?m)^/test( | .* )images,?($|\s.*)
   - agent: kubernetes
     always_run: true
     branches:
     - ^main$
     - ^main-
     cluster: build06
-    context: ci/prow/lint
+    context: ci/prow/python-lint
     decorate: true
     decoration_config:
       skip_cloning: true
     labels:
       ci.openshift.io/generator: prowgen
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
-    name: pull-ci-openshift-eng-cyborg-data-main-lint
-    rerun_command: /test lint
+    name: pull-ci-openshift-eng-cyborg-data-main-python-lint
+    rerun_command: /test python-lint
     spec:
       containers:
       - args:
         - --gcs-upload-secret=/secrets/gcs/service-account.json
         - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
         - --report-credentials-file=/etc/report/credentials
-        - --target=lint
+        - --target=python-lint
         command:
         - ci-operator
         image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
@@ -110,29 +275,29 @@ presubmits:
       - name: result-aggregator
         secret:
           secretName: result-aggregator
-    trigger: (?m)^/test( | .* )lint,?($|\s.*)
+    trigger: (?m)^/test( | .* )python-lint,?($|\s.*)
   - agent: kubernetes
     always_run: true
     branches:
     - ^main$
     - ^main-
     cluster: build06
-    context: ci/prow/lint-python
+    context: ci/prow/python-typing
     decorate: true
     decoration_config:
       skip_cloning: true
     labels:
       ci.openshift.io/generator: prowgen
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
-    name: pull-ci-openshift-eng-cyborg-data-main-lint-python
-    rerun_command: /test lint-python
+    name: pull-ci-openshift-eng-cyborg-data-main-python-typing
+    rerun_command: /test python-typing
     spec:
       containers:
       - args:
         - --gcs-upload-secret=/secrets/gcs/service-account.json
         - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
         - --report-credentials-file=/etc/report/credentials
-        - --target=lint-python
+        - --target=python-typing
         command:
         - ci-operator
         image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
@@ -165,7 +330,7 @@ presubmits:
       - name: result-aggregator
         secret:
           secretName: result-aggregator
-    trigger: (?m)^/test( | .* )lint-python,?($|\s.*)
+    trigger: (?m)^/test( | .* )python-typing,?($|\s.*)
   - agent: kubernetes
     always_run: true
     branches:
@@ -227,22 +392,22 @@ presubmits:
     - ^main$
     - ^main-
     cluster: build06
-    context: ci/prow/verify
+    context: ci/prow/validate-parity
     decorate: true
     decoration_config:
       skip_cloning: true
     labels:
       ci.openshift.io/generator: prowgen
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
-    name: pull-ci-openshift-eng-cyborg-data-main-verify
-    rerun_command: /test verify
+    name: pull-ci-openshift-eng-cyborg-data-main-validate-parity
+    rerun_command: /test validate-parity
     spec:
       containers:
       - args:
         - --gcs-upload-secret=/secrets/gcs/service-account.json
         - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
         - --report-credentials-file=/etc/report/credentials
-        - --target=verify
+        - --target=validate-parity
         command:
         - ci-operator
         image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
@@ -275,4 +440,4 @@ presubmits:
       - name: result-aggregator
         secret:
           secretName: result-aggregator
-    trigger: (?m)^/test( | .* )verify,?($|\s.*)
+    trigger: (?m)^/test( | .* )validate-parity,?($|\s.*)