OSAC-793: add nightly full-installation vmaas E2E with Slack notification

[omer-vishlitzky]

Summary

Adds a nightly periodic job that installs OSAC with all component images
overridden to their latest CI-built versions, runs all vmaas E2E tests, and
sends results to Slack.

Unlike the existing 8 periodic jobs (which run one test each with pinned
installer versions), this job:

1. Swaps fulfillment-service, osac-operator, and osac-aap to their latest
   CI images before installation
2. Runs all vmaas tests in a single job via make test-vmaas
3. Sends a Slack notification with pass/fail, deployed versions, and Prow link

New step-registry components

Component	Purpose
osac-project-installer-all-latest	Installs OSAC with all images swapped to latest
osac-project-baremetal-test-all	Runs make test-vmaas (all tests), reports versions
osac-project-ofcir-baremetal-nightly	Nightly workflow chaining install + test + notify
osac-project-notify	Slack notification (from PR #79364, will rebase when merged)

Removed dead code

• osac-project-installer-component — single-image swap, replaced by all-latest
• osac-project-ofcir-baremetal-component — workflow that used it, unused by any config

Flow

ofcir-acquire → assisted-ofcir-setup → assisted-common-pre
  → osac-project-installer-all-latest (swap all images, run setup.sh)
  → osac-project-baremetal-test-all (make test-vmaas)
  → osac-project-notify → gather → release

Cluster specs

SNO with 64 GB RAM, 2x200 GB disks, 24 vCPUs, CNV + LVM, OCP 4.20.
Runs nightly at 3am UTC.

Test plan

• Rehearse via /test nightly-e2e-vmaas
• Verify all component images are swapped to latest in the installation logs
• Verify Slack notification with pass/fail + versions

Summary

This PR updates OpenShift CI configuration in openshift/release to add a nightly full-installation vmaas E2E job for the OSAC project. The job installs OSAC with multiple components overridden to their latest CI-built images, runs the full vmaas test suite, gathers artifacts, and posts a Slack notification containing pass/fail, deployed component versions, and a Prow logs link.

What changed (practical terms)

• Added a new nightly periodic job (nightly-e2e-vmaas) configured to run at 03:00 UTC against OCP 4.20 using the packet-assisted cluster profile.
• Introduced step-registry entries and a workflow that provision a cluster, install OSAC with image overrides, run tests, collect artifacts, notify Slack, and release resources.
• Updated ci-operator base_images to include latest CI images for fulfillment-service, osac-aap, and osac-operator so they can be swapped into the installation flow.

New CI step-registry components

• osac-project-installer-all-latest
  • Installer step that deploys OSAC and overrides multiple component images to the latest CI-built versions (fulfillment-service, osac-operator, and osac-aap EE image + branch) before running the installer overlay (scripts/setup.sh).
• osac-project-baremetal-test-all
  • Executes the full vmaas E2E suite (make test-vmaas) on a remote CI machine, records deployed component versions to SHARED_DIR/versions.txt, and copies JUnit results back to ARTIFACT_DIR. Registers artifact collection on exit and propagates test exit status.
• osac-project-ofcir-baremetal-nightly
  • Nightly workflow chaining: ofcir-acquire → assisted-ofcir-setup → assisted-common-pre → osac-project-installer-all-latest → osac-project-baremetal-test-all → osac-project-notify → gather → release.
• osac-project-notify
  • Best-effort notification step that posts a formatted Slack message (status emoji, Prow logs link, and contents of versions.txt) using a Vault-mounted webhook.

Removed / consolidated items

• Removed the older single-component installer step/script (osac-project-installer-component) and the previously unused component workflow (osac-project-ofcir-baremetal-component) in favor of the consolidated all-latest installer and the single end-to-end nightly workflow.

Cluster and runtime configuration

• Cluster profile: packet-assisted (assisted large), single-node/full-installation (SNO) with CNV + LVM.
  • Specs: SNO, 64 GB RAM, 2×200 GB disks, 24 vCPUs.
  • OpenShift version: 4.20.
• Timeouts/grace periods: installer step (~3h), test step (2h), notify step (5m); step resource requests included in refs.
• Images wired via ci-operator base_images and step dependencies (osac-test-infra plus the new image override variables for fulfillment/operator/aap).

Notifications & reporting

• Slack webhook URL loaded from Vault; notification includes result (PASSED/FAILED), an emoji, a Prow “View logs” link, and appended deployed component versions when available.
• JUnit XML from the remote test run is copied into ARTIFACT_DIR for Prow reporting.

Verification / test plan

• Rehearse with: /test nightly-e2e-vmaas
• Verify installer logs show fulfillment-service, osac-operator, and osac-aap were swapped to latest CI images.
• Verify Slack notification contains pass/fail, Prow link, and deployed versions.

Bot feedback / notes

• openshift-ci-robot confirmed referenced Jira issues (OSAC-867 and OSAC-793) are valid but issued warnings that the referenced Jira issue(s) lack the expected target version ("5.0.0") for the target branch.

[openshift-ci-robot]

@omer-vishlitzky: This pull request references OSAC-867 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

Adds a nightly periodic job that installs OSAC with all component images
overridden to their latest CI-built versions, runs all vmaas E2E tests, and
sends results to Slack.

Unlike the existing 8 periodic jobs (which run one test each with pinned
installer versions), this job:

1. Swaps fulfillment-service, osac-operator, and osac-aap to their latest
   CI images before installation
2. Runs all vmaas tests in a single job via make test-vmaas
3. Sends a Slack notification with pass/fail, deployed versions, and Prow link

New step-registry components

Component	Purpose
osac-project-installer-all-latest	Installs OSAC with all images swapped to latest
osac-project-baremetal-test-all	Runs make test-vmaas (all tests), reports versions
osac-project-ofcir-baremetal-nightly	Nightly workflow chaining install + test + notify
osac-project-notify	Slack notification (from PR #79364, will rebase when merged)

Removed dead code

• osac-project-installer-component — single-image swap, replaced by all-latest
• osac-project-ofcir-baremetal-component — workflow that used it, unused by any config

Flow

ofcir-acquire → assisted-ofcir-setup → assisted-common-pre
 → osac-project-installer-all-latest (swap all images, run setup.sh)
 → osac-project-baremetal-test-all (make test-vmaas)
 → osac-project-notify → gather → release

Cluster specs

SNO with 64 GB RAM, 2x200 GB disks, 24 vCPUs, CNV + LVM, OCP 4.20.
Runs nightly at 3am UTC.

Test plan

• Rehearse via /test nightly-e2e-vmaas
• Verify all component images are swapped to latest in the installation logs
• Verify Slack notification with pass/fail + versions

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 69d1e053-ad58-4af5-addb-5a6a0b5a4e00

📥 Commits

Reviewing files that changed from the base of the PR and between 7e33c12 and a21d2cb.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/osac-project/osac-test-infra/osac-project-osac-test-infra-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (21)

• ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
• ci-operator/step-registry/osac-project/baremetal/test-all/OWNERS
• ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-commands.sh
• ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.metadata.json
• ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.yaml
• ci-operator/step-registry/osac-project/installer/all-latest/OWNERS
• ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-commands.sh
• ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-ref.metadata.json
• ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-ref.yaml
• ci-operator/step-registry/osac-project/installer/component/OWNERS
• ci-operator/step-registry/osac-project/installer/component/osac-project-installer-component-commands.sh
• ci-operator/step-registry/osac-project/notify/OWNERS
• ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh
• ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.metadata.json
• ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.yaml
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/osac-project-ofcir-baremetal-component-workflow.metadata.json
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/osac-project-ofcir-baremetal-component-workflow.yaml
• ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/osac-project-ofcir-baremetal-nightly-workflow.metadata.json
• ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/osac-project-ofcir-baremetal-nightly-workflow.yaml

💤 Files with no reviewable changes (5)

• ci-operator/step-registry/osac-project/ofcir/baremetal/component/osac-project-ofcir-baremetal-component-workflow.yaml
• ci-operator/step-registry/osac-project/installer/component/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/osac-project-ofcir-baremetal-component-workflow.metadata.json
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/OWNERS
• ci-operator/step-registry/osac-project/installer/component/osac-project-installer-component-commands.sh

✅ Files skipped from review due to trivial changes (4)

• ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.metadata.json
• ci-operator/step-registry/osac-project/baremetal/test-all/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/osac-project-ofcir-baremetal-nightly-workflow.metadata.json
• ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.metadata.json

🚧 Files skipped from review as they are similar to previous changes (11)

• ci-operator/step-registry/osac-project/installer/all-latest/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/osac-project-ofcir-baremetal-nightly-workflow.yaml
• ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh
• ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.yaml
• ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
• ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-ref.yaml
• ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.yaml
• ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-ref.metadata.json
• ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-commands.sh
• ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-commands.sh

---

Walkthrough

Adds a nightly OSAC baremetal workflow and supporting step-registry entries: a new all-latest installer step, a remote baremetal test-all step that collects artifacts and component versions, a Slack notify step, OWNER updates, and test infra config with base image mappings and a cron-scheduled nightly job.

Changes

Nightly E2E Testing Workflow

Layer / File(s)	Summary
Test configuration and scheduling ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml	Base image mappings extended with fulfillment-service, osac-aap, and osac-operator; added nightly-e2e-vmaas cron job referencing the nightly workflow and setting OPENSHIFT_VERSION=4.20.
Baremetal test execution ci-operator/step-registry/osac-project/baremetal/test-all/OWNERS, ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-commands.sh, ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.metadata.json, ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.yaml	New step and script run vmaas E2E on a remote ci_machine, capture deployed component images to versions.txt, trap and scp JUnit artifacts back to ARTIFACT_DIR, and write pass/fail status to ${SHARED_DIR}/test-result.
All-latest installer setup step ci-operator/step-registry/osac-project/installer/all-latest/OWNERS, ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-commands.sh, ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-ref.metadata.json, ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-ref.yaml	New installer step and commands decode license, run readiness SSH actions (storage class annotation, HCO availability), apply network attachment, run installer container with pinned kustomize, and override fulfillment-service/osac-operator/osac-aap images to latest CI-built versions before running setup.sh.
Slack notification step ci-operator/step-registry/osac-project/notify/OWNERS, ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh, ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.metadata.json, ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.yaml	New notify step reads Slack webhook from Vault, composes a JSON message with job result, emoji, Prow log link, and optional component versions, and posts it to the webhook.
Nightly workflow orchestration ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/OWNERS, ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/osac-project-ofcir-baremetal-nightly-workflow.metadata.json, ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/osac-project-ofcir-baremetal-nightly-workflow.yaml	Adds the osac-project-ofcir-baremetal-nightly workflow wiring pre (ofcir-acquire, assisted-ofcir-setup, assisted-common-pre), test (osac-project-installer-all-latest, osac-project-baremetal-test-all), and post (osac-project-notify, osac-project-gather, ofcir-gather, ofcir-release) steps with best-effort post behavior and cluster profile settings.
Component reference cleanup ci-operator/step-registry/osac-project/installer/component/OWNERS, ci-operator/step-registry/osac-project/ofcir/baremetal/component/*	Removed/deprecated component-specific OWNERS and component workflow metadata/YAML in favor of the new all-latest installer and nightly workflow wiring.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Suggested labels

rehearsals-ack

Suggested reviewers

• adriengentil
• akshaynadkarni
• danmanor

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and concisely describes the main change: adding a nightly full-installation vmaas E2E test with Slack notification, which aligns with the primary objective of the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR contains CI/CD infrastructure only. No Ginkgo test definitions found. Tests run via external container, not defined in this repository.
Test Structure And Quality	✅ Passed	PR contains only CI/CD infrastructure changes (YAML, Bash, JSON). No Ginkgo test code present. Check not applicable.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. Changes are CI/CD infrastructure only (workflows, step registry, bash scripts) that orchestrate running tests via "make test-vmaas" in a container.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR adds CI infrastructure to run existing vmaas E2E tests but does not add any new Ginkgo test definitions. The check applies only when new Ginkgo tests are added, which is not the case here.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR modifies CI/test infrastructure configuration, not deployment manifests or operator code. No pod scheduling constraints are introduced.
Ote Binary Stdout Contract	✅ Passed	PR contains no Go code or OTE binary implementations—only CI configuration, shell scripts, JSON metadata, and OWNERS files. The OTE stdout contract check is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR adds CI/CD configuration and orchestration scripts only, not Ginkgo test definitions. No new Go test files with IPv4 assumptions or external connectivity requirements present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: omer-vishlitzky

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/osac-project/osac-test-infra/OWNERS [omer-vishlitzky]
• ci-operator/jobs/osac-project/osac-test-infra/OWNERS [omer-vishlitzky]
• ci-operator/step-registry/osac-project/OWNERS [omer-vishlitzky]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 6

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.yaml`:
- Around line 21-23: The env var documentation for E2E_CLUSTER_TEMPLATE
currently references “CaaS tests” but this step is for vmaas tests; update the
documentation string for E2E_CLUSTER_TEMPLATE (and the other similar entries
around it) to reference “vmaas tests” (or otherwise match the step routing) so
the env var description aligns with the step’s test-type; locate occurrences of
E2E_CLUSTER_TEMPLATE and the adjacent variable docs and replace “CaaS tests”
with “vmaas tests” (or a consistent vmaas-specific phrase).

In
`@ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-commands.sh`:
- Around line 40-47: The podman run invocation that starts the installer
container does not export required environment variables (FULFILLMENT_IMAGE,
OPERATOR_IMAGE, AAP_IMAGE, and E2E_KUSTOMIZE_OVERLAY) into the container,
causing failures when the in-container script (run with set -u) references them;
update the podman run commands (the block that constructs the container
invocation and the similar block around lines 53-63) to pass these variables via
-e FULFILLMENT_IMAGE=${FULFILLMENT_IMAGE} -e OPERATOR_IMAGE=${OPERATOR_IMAGE} -e
AAP_IMAGE=${AAP_IMAGE} and ensure E2E_KUSTOMIZE_OVERLAY is also exported with -e
E2E_KUSTOMIZE_OVERLAY=${E2E_KUSTOMIZE_OVERLAY} so the installer script can read
them inside the container.
- Around line 21-39: The remote SSH heredoc invoked by the ssh command (ssh -F
"${SHARED_DIR}/ssh_config" ci_machine bash - << EOF|& sed ...) does not enable
strict mode; insert a single line with set -euo pipefail as the first command
inside that heredoc (immediately after the heredoc start and before export
KUBECONFIG) so that commands like export KUBECONFIG, oc annotate sc lvms-vg1, oc
wait --for=condition=Available and the subsequent cat <<NADEOF block will fail
fast on errors, unset variables, or pipeline failures.

In
`@ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh`:
- Around line 38-40: The curl POST currently uses "curl -s" which neither fails
on non-2xx nor has timeouts; update the curl invocation that posts "${MESSAGE}"
to "${WEBHOOK_URL}" to use error-aware and bounded options (e.g. add --fail and
--show-error and sensible timeouts like --connect-timeout and --max-time) and
ensure the script checks curl's exit status and exits non‑zero on failure so the
CI step fails fast on notification errors.
- Around line 3-4: The script currently enables nounset and pipefail via the
lines "set -o nounset" and "set -o pipefail" but omits -e; update the top of the
step script so it uses full strict mode by replacing those with a single strict
set invocation (enable -e, -u and pipefail) so command failures cannot be
ignored; ensure this change is placed at the beginning of the
osac-project-notify-commands.sh script where "set -o nounset" and "set -o
pipefail" currently appear.
- Around line 33-40: The current code builds MESSAGE via shell string
interpolation and embeds it directly into the curl --data JSON string, which can
break if MESSAGE contains quotes or other JSON-sensitive characters; update the
notify step to JSON-encode the payload instead of manual interpolation by
replacing the inline --data "{\"text\":\"${MESSAGE}\"}" pattern with a safe
encoder (e.g., use jq, python -c 'import json,sys; print(json.dumps({...}))', or
printf + jq) to produce a properly escaped JSON object and then pass that
encoded payload to curl (keeping the existing MESSAGE, WEBHOOK_URL and curl
invocation but feeding curl the encoded JSON via --data `@-` or a temp file).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: d1c7d8e7-65de-4640-9cf4-99eeb069d3d1

📥 Commits

Reviewing files that changed from the base of the PR and between 16e4c03 and f2407dd.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/osac-project/osac-test-infra/osac-project-osac-test-infra-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (21)

• ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml
• ci-operator/step-registry/osac-project/baremetal/test-all/OWNERS
• ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-commands.sh
• ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.metadata.json
• ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.yaml
• ci-operator/step-registry/osac-project/installer/all-latest/OWNERS
• ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-commands.sh
• ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-ref.metadata.json
• ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-ref.yaml
• ci-operator/step-registry/osac-project/installer/component/OWNERS
• ci-operator/step-registry/osac-project/installer/component/osac-project-installer-component-commands.sh
• ci-operator/step-registry/osac-project/notify/OWNERS
• ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh
• ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.metadata.json
• ci-operator/step-registry/osac-project/notify/osac-project-notify-ref.yaml
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/osac-project-ofcir-baremetal-component-workflow.metadata.json
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/osac-project-ofcir-baremetal-component-workflow.yaml
• ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/osac-project-ofcir-baremetal-nightly-workflow.metadata.json
• ci-operator/step-registry/osac-project/ofcir/baremetal/nightly/osac-project-ofcir-baremetal-nightly-workflow.yaml

💤 Files with no reviewable changes (5)

• ci-operator/step-registry/osac-project/ofcir/baremetal/component/osac-project-ofcir-baremetal-component-workflow.metadata.json
• ci-operator/step-registry/osac-project/installer/component/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/OWNERS
• ci-operator/step-registry/osac-project/ofcir/baremetal/component/osac-project-ofcir-baremetal-component-workflow.yaml
• ci-operator/step-registry/osac-project/installer/component/osac-project-installer-component-commands.sh

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix test-type mismatch in env var documentation.

Line 23 says E2E_CLUSTER_TEMPLATE is for “CaaS tests”, but this step is documented/routed as vmaas tests. Please align wording to avoid operator confusion.

Also applies to: 25-26

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/baremetal/test-all/osac-project-baremetal-test-all-ref.yaml`
around lines 21 - 23, The env var documentation for E2E_CLUSTER_TEMPLATE
currently references “CaaS tests” but this step is for vmaas tests; update the
documentation string for E2E_CLUSTER_TEMPLATE (and the other similar entries
around it) to reference “vmaas tests” (or otherwise match the step routing) so
the env var description aligns with the step’s test-type; locate occurrences of
E2E_CLUSTER_TEMPLATE and the adjacent variable docs and replace “CaaS tests”
with “vmaas tests” (or a consistent vmaas-specific phrase).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Pass all referenced override vars into the installer container.

The in-container script uses FULFILLMENT_IMAGE, OPERATOR_IMAGE, AAP_IMAGE, and E2E_KUSTOMIZE_OVERLAY, but they are not passed via podman run -e. With set -u enabled inside the container, this will fail before setup completes.

Proposed fix

 podman run --authfile /root/pull-secret --rm --network=host \
 -v ${KUBECONFIG}:/root/.kube/config:z \
 -v /root/pull-secret:/installer/overlays/${E2E_KUSTOMIZE_OVERLAY}/files/quay-pull-secret.json:z \
 -v /tmp/license.zip:/installer/overlays/${E2E_KUSTOMIZE_OVERLAY}/files/license.zip:z \
 -e INSTALLER_NAMESPACE=${E2E_NAMESPACE} \
 -e INSTALLER_KUSTOMIZE_OVERLAY=${E2E_KUSTOMIZE_OVERLAY} \
 -e INSTALLER_VM_TEMPLATE=${E2E_VM_TEMPLATE} \
+-e FULFILLMENT_IMAGE=${FULFILLMENT_IMAGE} \
+-e OPERATOR_IMAGE=${OPERATOR_IMAGE} \
+-e AAP_IMAGE=${AAP_IMAGE} \
+-e E2E_KUSTOMIZE_OVERLAY=${E2E_KUSTOMIZE_OVERLAY} \
 ${OSAC_INSTALLER_IMAGE} sh -c '

Also applies to: 53-63

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/installer/all-latest/osac-project-installer-all-latest-commands.sh`
around lines 40 - 47, The podman run invocation that starts the installer
container does not export required environment variables (FULFILLMENT_IMAGE,
OPERATOR_IMAGE, AAP_IMAGE, and E2E_KUSTOMIZE_OVERLAY) into the container,
causing failures when the in-container script (run with set -u) references them;
update the podman run commands (the block that constructs the container
invocation and the similar block around lines 53-63) to pass these variables via
-e FULFILLMENT_IMAGE=${FULFILLMENT_IMAGE} -e OPERATOR_IMAGE=${OPERATOR_IMAGE} -e
AAP_IMAGE=${AAP_IMAGE} and ensure E2E_KUSTOMIZE_OVERLAY is also exported with -e
E2E_KUSTOMIZE_OVERLAY=${E2E_KUSTOMIZE_OVERLAY} so the installer script can read
them inside the container.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid manual JSON interpolation for Slack payload text.

MESSAGE content can include characters that break JSON encoding; build payload with a JSON encoder instead of string interpolation.

Suggested fix

-MESSAGE="${EMOJI} *${JOB_NAME}* — ${RESULT}\n<${JOB_URL}|View logs>"
+MESSAGE="${EMOJI} *${JOB_NAME}* — ${RESULT}\n<${JOB_URL}|View logs>"
 if [[ -n "${VERSIONS}" ]]; then
     MESSAGE="${MESSAGE}\n\n*Versions:*\n\`\`\`${VERSIONS}\n\`\`\`"
 fi
 
-curl -s -X POST -H 'Content-type: application/json' \
-    --data "{\"text\":\"${MESSAGE}\"}" \
-    "${WEBHOOK_URL}"
+payload="$(jq -n --arg text "${MESSAGE}" '{text: $text}')"
+curl --fail --show-error --silent \
+    --connect-timeout 10 --max-time 30 \
+    -X POST -H 'Content-type: application/json' \
+    --data "${payload}" \
+    "${WEBHOOK_URL}"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/osac-project/notify/osac-project-notify-commands.sh`
around lines 33 - 40, The current code builds MESSAGE via shell string
interpolation and embeds it directly into the curl --data JSON string, which can
break if MESSAGE contains quotes or other JSON-sensitive characters; update the
notify step to JSON-encode the payload instead of manual interpolation by
replacing the inline --data "{\"text\":\"${MESSAGE}\"}" pattern with a safe
encoder (e.g., use jq, python -c 'import json,sys; print(json.dumps({...}))', or
printf + jq) to produce a properly escaped JSON object and then pass that
encoded payload to curl (keeping the existing MESSAGE, WEBHOOK_URL and curl
invocation but feeding curl the encoded JSON via --data `@-` or a temp file).

[openshift-ci-robot]

@omer-vishlitzky: This pull request references OSAC-793 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

Adds a nightly periodic job that installs OSAC with all component images
overridden to their latest CI-built versions, runs all vmaas E2E tests, and
sends results to Slack.

Unlike the existing 8 periodic jobs (which run one test each with pinned
installer versions), this job:

1. Swaps fulfillment-service, osac-operator, and osac-aap to their latest
   CI images before installation
2. Runs all vmaas tests in a single job via make test-vmaas
3. Sends a Slack notification with pass/fail, deployed versions, and Prow link

New step-registry components

Component	Purpose
osac-project-installer-all-latest	Installs OSAC with all images swapped to latest
osac-project-baremetal-test-all	Runs make test-vmaas (all tests), reports versions
osac-project-ofcir-baremetal-nightly	Nightly workflow chaining install + test + notify
osac-project-notify	Slack notification (from PR #79364, will rebase when merged)

Removed dead code

• osac-project-installer-component — single-image swap, replaced by all-latest
• osac-project-ofcir-baremetal-component — workflow that used it, unused by any config

Flow

ofcir-acquire → assisted-ofcir-setup → assisted-common-pre
 → osac-project-installer-all-latest (swap all images, run setup.sh)
 → osac-project-baremetal-test-all (make test-vmaas)
 → osac-project-notify → gather → release

Cluster specs

SNO with 64 GB RAM, 2x200 GB disks, 24 vCPUs, CNV + LVM, OCP 4.20.
Runs nightly at 3am UTC.

Test plan

• Rehearse via /test nightly-e2e-vmaas
• Verify all component images are swapped to latest in the installation logs
• Verify Slack notification with pass/fail + versions

Summary

This PR modifies the OpenShift CI configuration in the openshift/release repository to add a nightly full-installation vmaas end-to-end job for the OSAC project that installs OSAC with the latest CI-built component images, runs the full vmaas test suite, and posts Slack notifications with pass/fail, deployed component versions, and a Prow link.

What changed (practical terms)

• Adds a nightly periodic test (nightly-e2e-vmaas) in ci-operator config to run at 03:00 UTC against OCP 4.20 using the packet-assisted cluster profile.
• Introduces step-registry steps and a workflow that provision a cluster, install OSAC with image overrides, run tests, gather artifacts, notify Slack, and release resources.

New CI step-registry components

• osac-project-installer-all-latest
• Installs OSAC on a provisioned cluster and overrides multiple components to their latest CI-built images (fulfillment-service, osac-operator, osac-aap EE image + branch) before running the installer (scripts/setup.sh).
• osac-project-baremetal-test-all
• Runs the entire vmaas E2E suite via make test-vmaas on a remote CI machine, collects JUnit results and writes deployed component image versions to SHARED_DIR/versions.txt; registers artifact collection on exit.
• osac-project-ofcir-baremetal-nightly
• Workflow that chains: ofcir-acquire → assisted-ofcir-setup → assisted-common-pre → osac-project-installer-all-latest → osac-project-baremetal-test-all → osac-project-notify → gather → release.
• osac-project-notify
• Best-effort step that posts formatted Slack messages (status emoji, Prow logs link, and component versions from versions.txt) using a Vault-mounted webhook.

Removed / consolidated items

• Removed the single-component installer step/script (osac-project-installer-component) and the older component workflow (osac-project-ofcir-baremetal-component) in favor of the all-latest installer and single end-to-end job.

Cluster and runtime configuration

• Targets a single-node/full-installation profile with CNV + LVM:
• SNO, 64 GB RAM, 2×200 GB disks, 24 vCPUs
• OpenShift version: 4.20
• Test job timeouts/grace periods: installer step (3h), test step (2h), notify step (5m).
• Images wired via ci-operator base_images and step dependencies (osac-test-infra, osac-installer, fulfillment-service, osac-operator, osac-aap).

Notifications & reporting

• Slack webhook read from Vault credentials; message includes status (PASSED/FAILED), emoji, Prow job link, and captured deployed component image lines.
• Test artifacts: JUnit XML copied from remote test run into ARTIFACT_DIR for Prow reporting.

Verification / test plan

• Rehearse with: /test nightly-e2e-vmaas
• Verify installer logs show fulfillment-service, osac-operator, and osac-aap were swapped to latest CI images.
• Verify Slack message contains pass/fail, Prow link, and deployed versions.

Notes / bot feedback

• openshift-ci-robot confirmed the PR references OSAC-867 and the Jira issue is valid, but warned the Jira issue has an invalid/missing target version for the target branch (expected target version "5.0.0" not set).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[omer-vishlitzky]

/jira-refresh

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@omer-vishlitzky: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-osac-project-osac-test-infra-main-e2e-vmaas	osac-project/osac-test-infra	presubmit	Ci-operator config changed
pull-ci-osac-project-osac-test-infra-main-images	osac-project/osac-test-infra	presubmit	Ci-operator config changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-delete-during-provision	N/A	periodic	Ci-operator config changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-subnet-lifecycle	N/A	periodic	Ci-operator config changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-creation	N/A	periodic	Ci-operator config changed
periodic-ci-osac-project-osac-test-infra-main-nightly-e2e-vmaas	N/A	periodic	Periodic changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-restart-negative	N/A	periodic	Ci-operator config changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-api-fields	N/A	periodic	Ci-operator config changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-cli-fields	N/A	periodic	Ci-operator config changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-virtual-network-lifecycle	N/A	periodic	Ci-operator config changed
periodic-ci-osac-project-osac-test-infra-main-e2e-metal-vmaas-compute-instance-restart	N/A	periodic	Ci-operator config changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[omer-vishlitzky]

/pj-rehearse periodic-ci-osac-project-osac-test-infra-main-nightly-e2e-vmaas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[omer-vishlitzky]

/pj-rehearse periodic-ci-osac-project-osac-test-infra-main-nightly-e2e-vmaas

[openshift-merge-bot]

@omer-vishlitzky: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@omer-vishlitzky: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/periodic-ci-osac-project-osac-test-infra-main-nightly-e2e-vmaas	a21d2cb	link	unknown	/pj-rehearse periodic-ci-osac-project-osac-test-infra-main-nightly-e2e-vmaas

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.