CMP-3987: Add Component Readiness dashboard for Compliance Operator

[xiaojiey]

Overview

1. This PR adds support for tracking Component Readiness for the Compliance Operator as a separate layered product dashboard. The Compliance Operator includes both upstream (ComplianceAsCode) and downstream testing, and we need dedicated dashboards to track readiness across these components.

2. Component Readiness views are added for Compliance across actively supported OCP versions (4.16-4.21).

Changes

1. Configuration Views (config/views.yaml)

Added Component Readiness views for Compliance across OCP versions:

• 4.21-lp-Interop-compliance: Compares 4.21 vs 4.20
• 4.20-lp-Interop-compliance: Compares 4.20 vs 4.19
• 4.19-lp-Interop-compliance: Compares 4.19 vs 4.18
• 4.18-lp-Interop-compliance: Compares 4.18 vs 4.17
• 4.17-lp-Interop-compliance: Compares 4.17 vs 4.16
• 4.16-lp-Interop-compliance: Compares 4.16 vs 4.15

2. All views are configured with:

• LayeredProduct filter: lp-interop-compliance
• Platforms: azure, gcp, aws
• Architectures: amd64, arm64
• Owners: eng, qe
• Metrics and regression tracking: enabled
• Base releases use ga-30d to ga for GA'd releases

3. Suite Registration (pkg/db/suites.go)

• Added Compliance-lp-interop to the test suites list

4. Variant Registry (pkg/variantregistry/ocp.go)

• Added mapping rules for compliance jobs tagged as LayeredProduct lp-interop-compliance:
  • Jobs containing -complianceascode- (upstream tests)
  • Jobs containing -compliance-destructive (downstream destructive tests)
  • Jobs containing -compliance (downstream tests)

5. Snapshot (pkg/variantregistry/snapshot.yaml)

• Updated 66 compliance job entries to use LayeredProduct: lp-interop-compliance

Related Jobs

This tracks the following Compliance periodic jobs:

Upstream (ComplianceAsCode) Jobs:

• periodic-ci-ComplianceAsCode-content-master-{version}-e2e-aws-openshift-node-compliance (amd64/arm64)
• periodic-ci-ComplianceAsCode-content-master-{version}-e2e-aws-openshift-platform-compliance (amd64/arm64)

Downstream Jobs:

• periodic-ci-openshift-openshift-tests-private-release-{version}-{arch}-nightly-{platform}-*-compliance
• periodic-ci-openshift-openshift-tests-private-release-{version}-{arch}-nightly-{platform}-*-compliance-destructive

Coverage includes versions 4.12-4.21 across amd64, arm64, and multi architectures on platforms: aws, azure, gcp, baremetal, vsphere.

6. Testing

• Views follow the established naming pattern: {OCP_RELEASE}-lp-Interop-{product}
• Configuration aligns with other LP-Interop views (CNV, Quay, ServiceMesh, COO, etc.)
• Metrics and regression tracking enabled for proactive monitoring
• Both engineering and QE owned jobs are included for comprehensive coverage

Summary by CodeRabbit

• New Features
  • Added interoperability compliance testing coverage for releases 4.19, 4.20, and 4.21.
  • Introduced unified compliance job routing and classification to streamline test organization.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: xiaojiey
Once this PR has been reviewed and has the lgtm label, please assign deepsm007 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

This PR introduces support for a new "lp-interop-compliance" layered product by adding configuration blocks for compliance readiness tracking, creating a new test suite, mapping compliance-related job patterns to the layered product, and updating periodic CI jobs to reference it.

Changes

Cohort / File(s)	Summary
Compliance readiness configuration config/views.yaml	Adds three new component_readiness blocks (4.21-lp-Interop-compliance, 4.20-lp-Interop-compliance, 4.19-lp-Interop-compliance) with standard structure including base/sample releases, variant options, and advanced metrics configuration.
Test suite registration pkg/db/suites.go	Registers new test suite "Compliance-lp-interop" for database population.
Product routing mapping pkg/variantregistry/ocp.go	Maps three compliance-related substring patterns ("-complianceascode-", "-compliance-destructive", "-compliance") to the "lp-interop-compliance" layered product.
Periodic CI job configuration pkg/variantregistry/snapshot.yaml	Updates multiple periodic CI job entries, changing LayeredProduct from none to lp-interop-compliance.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verification points:
  • Confirm substring mappings in ocp.go do not conflict with existing product routing patterns
  • Verify all relevant job entries in snapshot.yaml have been updated consistently (bulk data change)
  • Ensure new component_readiness blocks follow the established YAML structure and field naming conventions

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (6 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the main change: adding Component Readiness dashboard support for the Compliance Operator. It includes a Jira reference and directly relates to the core objective of the PR.
Go Error Handling	✅ Passed	Pull request modifications follow proper error handling practices with straightforward string mappings and no error-prone patterns.
Sql Injection Prevention	✅ Passed	PR changes consist of configuration updates and string mappings with no SQL query construction or dynamic query building involving user input.
Excessive Css In React Should Use Styles	✅ Passed	PR modifies only YAML configuration and Go backend code with no React components, JSX/TSX files, or CSS styling present.
Single Responsibility And Clear Naming	✅ Passed	Pull request demonstrates excellent adherence to single responsibility and clear naming principles with systematic, descriptive entity names following established codebase patterns.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between d9b5bd5 and 2d2365c.

📒 Files selected for processing (1)

• config/views.yaml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• config/views.yaml

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between dfcbb55 and d1bdd22.

📒 Files selected for processing (4)

• config/views.yaml (1 hunks)
• pkg/db/suites.go (1 hunks)
• pkg/variantregistry/ocp.go (1 hunks)
• pkg/variantregistry/snapshot.yaml (66 hunks)

🔇 Additional comments (5)

pkg/db/suites.go (1)

60-71: New Compliance-lp-interop suite entry looks correct

Adding "Compliance-lp-interop" alongside the other *-lp-interop suites cleanly extends the set of suites we persist into the DB and aligns with the new compliance readiness flow. There are no behavioral concerns with this change itself.

One thing to double-check: ensure the underlying JUnit data (BigQuery testsuite values) for the new compliance jobs actually uses this exact string; any mismatch would mean those results are still filtered out here.

pkg/variantregistry/snapshot.yaml (1)

1173-1728: Verify that the snapshot changes align with the supporting configuration updates.

The changes update 66 CI job entries, changing LayeredProduct: none to LayeredProduct: lp-interop-compliance. While the bulk pattern is consistent, confirm:

1. Is this the correct change location? Verify whether snapshot.yaml is manually maintained or auto-generated. If auto-generated, ensure the generation process (potentially triggered by changes to config/views.yaml, pkg/variantregistry/ocp.go, or pkg/db/suites.go) is part of this PR workflow.

2. Job coverage completeness. Ensure all and only the correct compliance-related jobs are being categorized under lp-interop-compliance to prevent missing jobs from the compliance dashboard.

3. Integration validation. Verify that these snapshot updates, combined with supporting configuration changes, enable the Component Readiness dashboard for Compliance Operator as intended.

config/views.yaml (2)

1507-1507: Note: Lower minimum_failure threshold for new dashboard.

The minimum_failure is set to 2, which is lower than the standard threshold of 3 used in main views (e.g., line 68). This lower threshold means tests will be flagged as problematic with fewer failures, which could be appropriate for a new compliance dashboard to catch issues early, but may also result in more false positives if compliance jobs are less stable.

This appears intentional for initial compliance tracking sensitivity, similar to other specialized views like 4.21-LP-Interop (line 334).

---

1497-1506: Verify the intentionally limited platform and owner scope.

The compliance view is restricted to:

• Platform: only aws (line 1505)
• Owner: only eng (line 1503)

This is notably more restrictive than other views, which typically include multiple platforms (aws, azure, gcp, metal, rosa, vsphere) and owners (eng, service-delivery). Additionally, the view lacks filters for Installer, Network, Topology, and FeatureSet that are standard in other component readiness views.

If this is the initial rollout scope, consider documenting this in the PR description or a comment. Otherwise, verify whether this limited scope is intentional.

pkg/variantregistry/ocp.go (1)

1107-1109: Verify the generic -compliance pattern doesn't over-match unintended jobs.

The -compliance pattern on line 1109 uses substring matching and will categorize any job containing "compliance" (e.g., "pre-compliance-check", "non-compliance-test") under lp-interop-compliance. While the pattern order is correct—more specific patterns (-complianceascode-, -compliance-destructive) are checked first—confirm that no unintended compliance-related jobs are being routed to this product. If broader matching is undesired, consider anchoring the pattern with additional delimiters (e.g., compliance- instead of just compliance).

[openshift-ci-robot]

Scheduling required tests:
/test e2e

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3987 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Add Component Readiness dashboard for Compliance Operator:

• For upstream test jobs, the job name is like: periodic-ci-ComplianceAsCode-content-master-4.18-e2e-aws-openshift-node-compliance-arm-weekly
• For downstream test jobs, the job name is like periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance or periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance-destructive:

Summary by CodeRabbit

• New Features
• Added compliance-component-readiness analysis pathway with configurable release windows, advanced metrics, and variant options for comprehensive readiness assessment.
• Introduced new compliance test suite to expand testing capabilities across compliance scenarios.
• Consolidated compliance-related jobs under unified compliance product classification for streamlined tracking and analysis.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3987 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Add Component Readiness dashboard for Compliance Operator:

• For upstream test jobs, the job pattern is "-ComplianceAsCode-". The job name is like: periodic-ci-ComplianceAsCode-content-master-4.18-e2e-aws-openshift-node-compliance-arm-weekly
• For downstream test jobs, the job pattern is "-compliance" or "-compliance-destructive". The job name is like periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance or periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance-destructive:

Summary by CodeRabbit

• New Features
• Added compliance-component-readiness analysis pathway with configurable release windows, advanced metrics, and variant options for comprehensive readiness assessment.
• Introduced new compliance test suite to expand testing capabilities across compliance scenarios.
• Consolidated compliance-related jobs under unified compliance product classification for streamlined tracking and analysis.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3987 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Add Component Readiness dashboard for Compliance Operator:

• For upstream test jobs, the job pattern is "-ComplianceAsCode-". The job name is like: periodic-ci-ComplianceAsCode-content-master-4.18-e2e-aws-openshift-node-compliance-arm-weekly
• For downstream test jobs, the job pattern is "-compliance" or "-compliance-destructive". The job name is like periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance or periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance-destructive:

Summary by CodeRabbit

• New Features

• Added multiple compliance readiness blocks with individual release windows, variant selections, metrics, and sampling options for separate analyses.

• Added a new compliance test suite to be created/populated during test population.

• Chores

• Consolidated numerous compliance-related jobs under a unified compliance product classification for consistent tracking.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (6)

config/views.yaml (6)

1743-1786: Missing JobTier filter may include unstable jobs.

This compliance view block lacks a JobTier filter in include_variants, which means it will include jobs of all tiers (blocking, informing, standard, candidate, hidden). This is the same concern previously raised in past review comments.

For consistency with main release views (e.g., 4.21-main at lines 39-42) and to ensure only stable jobs are tracked, consider adding:

       include_variants:
         Architecture:
           - amd64
           - arm64
+        JobTier:
+          - blocking
+          - informing
+          - standard
         LayeredProduct:
           - lp-interop-compliance
         Owner:
           - eng
         Platform:
           - azure
           - gcp
           - aws

Note: If downstream QE jobs default to JobTier: hidden (as mentioned in the Owner filter concern), you may need to either include hidden in the filter or opt-in specific compliance QE jobs to a different tier in pkg/variantregistry/ocp.go.

---

1787-1830: Missing JobTier filter may include unstable jobs.

Same issue as the 4.21 block - this view lacks a JobTier filter and may include unstable candidate or hidden jobs.

---

1831-1874: Missing JobTier filter may include unstable jobs.

Same issue as the 4.21 and 4.20 blocks - this view lacks a JobTier filter.

---

1875-1918: Missing JobTier filter may include unstable jobs.

Same issue as other compliance blocks - this view lacks a JobTier filter.

---

1919-1962: Missing JobTier filter may include unstable jobs.

Same issue as other compliance blocks - this view lacks a JobTier filter.

---

1963-2006: Missing JobTier filter may include unstable jobs.

Same issue as other compliance blocks - this view lacks a JobTier filter.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between d1bdd22 and d8e9a70.

📒 Files selected for processing (3)

• config/views.yaml (1 hunks)
• pkg/db/suites.go (1 hunks)
• pkg/variantregistry/ocp.go (1 hunks)

🔇 Additional comments (1)

pkg/db/suites.go (1)

71-71: LGTM!

The new test suite "Compliance-lp-interop" is correctly added to the testSuites list, following the established pattern for other layered product interop suites.

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3987 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Add Component Readiness dashboard for Compliance Operator:

• For upstream test jobs, the job pattern is "-ComplianceAsCode-". The job name is like: periodic-ci-ComplianceAsCode-content-master-4.18-e2e-aws-openshift-node-compliance-arm-weekly
• For downstream test jobs, the job pattern is "-compliance" or "-compliance-destructive". The job name is like periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance or periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance-destructive:

Summary by CodeRabbit

• New Features

• Added multiple compliance readiness blocks with distinct release windows, variant selections, metrics, regression tracking, and sampling for separate analyses.

• Added a new compliance test suite to be created/populated during test population.

• Chores

• Consolidated numerous compliance-related jobs under a unified compliance product classification for consistent tracking.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

config/views.yaml (1)

1743-2012: Add JobTier filter to compliance-readiness blocks to exclude unstable job tiers.

All six new lp-interop-compliance blocks (4.21 through 4.16) are missing a JobTier filter in their include_variants sections. Without this filter, the views may include candidate or hidden jobs that are not stable enough for component readiness tracking. This mirrors the concern raised in the previous review.

Apply this diff to add JobTier filtering to each block (example shown for 4.21-lp-interop-compliance; repeat for all six):

       include_variants:
         Architecture:
           - amd64
           - arm64
         LayeredProduct:
           - lp-interop-compliance
+        JobTier:
+          - blocking
+          - informing
+          - standard
         Owner:
           - eng
           - qe
         Platform:
           - azure
           - gcp
           - aws

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between d8e9a70 and b682638.

📒 Files selected for processing (2)

• config/views.yaml (1 hunks)
• pkg/variantregistry/snapshot.yaml (66 hunks)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Extract job names and verify compliance pattern matching

# Get a few sample hunks to see job names
echo "=== Sample job names from snapshot.yaml around LayeredProduct updates ==="
rg -B 30 "LayeredProduct: lp-interop-compliance" pkg/variantregistry/snapshot.yaml | grep -E '"name":|periodic-ci-' | head -30

# Check if lp-interop-compliance is registered in suites.go
echo -e "\n=== Checking lp-interop-compliance registration in suites.go ==="
rg "lp-interop-compliance|interop.compliance" pkg/db/suites.go

# Check mapping in ocp.go
echo -e "\n=== Checking lp-interop-compliance in ocp.go ==="
rg "lp-interop-compliance" pkg/variantregistry/ocp.go

# Check for ComplianceAsCode pattern mapping in ocp.go
echo -e "\n=== Checking ComplianceAsCode patterns in ocp.go ==="
rg -i "ComplianceAsCode|compliance" pkg/variantregistry/ocp.go | head -20

Repository: openshift/sippy

Length of output: 3545

---

🏁 Script executed:

#!/bin/bash
# Check the structure and content of suites.go to understand how test suites are registered

echo "=== Checking suites.go for test suite definitions ==="
head -100 pkg/db/suites.go

echo -e "\n=== Searching for any reference to 'interop' or 'compliance' in suites.go ==="
rg -i "interop|compliance" pkg/db/suites.go

echo -e "\n=== Checking total content size and structure of suites.go ==="
wc -l pkg/db/suites.go

echo -e "\n=== Sample of suite definitions in suites.go ==="
rg "lp-" pkg/db/suites.go | head -20

Repository: openshift/sippy

Length of output: 2963

---

The LayeredProduct value lp-interop-compliance in snapshot.yaml is not registered in pkg/db/suites.go.

All 66 hunks correctly target compliance jobs (names contain "-ComplianceAsCode-", "-compliance", or "-compliance-destructive"), and the mapping in pkg/variantregistry/ocp.go correctly routes these jobs to lp-interop-compliance. However, suites.go only defines "Compliance-lp-interop" as a test suite, not "lp-interop-compliance". This name mismatch will cause the system to fail when processing jobs assigned to the non-existent lp-interop-compliance suite. Either add "lp-interop-compliance" to the testSuites array in suites.go, or update the snapshot and ocp.go mappings to use the existing "Compliance-lp-interop" name.

🤖 Prompt for AI Agents

In pkg/variantregistry/snapshot.yaml at line 1104 the LayeredProduct is set to
"lp-interop-compliance" but pkg/db/suites.go only defines
"Compliance-lp-interop" in testSuites; add "lp-interop-compliance" to the
testSuites array in pkg/db/suites.go so the suite name used by snapshot.yaml and
pkg/variantregistry/ocp.go is registered, or alternatively change the
LayeredProduct in snapshot.yaml (and the mapping in ocp.go) to
"Compliance-lp-interop" so names are consistent across snapshot, ocp.go, and
suites.go.

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3987 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Add Component Readiness dashboard for Compliance Operator:

• For upstream test jobs, the job pattern is "-ComplianceAsCode-". The job name is like: periodic-ci-ComplianceAsCode-content-master-4.18-e2e-aws-openshift-node-compliance-arm-weekly
• For downstream test jobs, the job pattern is "-compliance" or "-compliance-destructive". The job name is like periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance or periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-aws-ipi-proxy-fips-f60-compliance-destructive:

Summary by CodeRabbit

• New Features

• Added multiple compliance readiness blocks covering several release windows with standardized variant selections, metrics, regression tracking, sampling, and multi-release analyses.

• Added a new compliance test suite to be created/populated during test population.

• Chores

• Consolidated numerous compliance-related jobs under a unified compliance product classification for consistent tracking.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3987 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Overview

1. This PR adds support for tracking Component Readiness for the Compliance Operator as a separate layered product dashboard. The Compliance Operator includes both upstream (ComplianceAsCode) and downstream testing, and we need dedicated dashboards to track readiness across these components.

2. Component Readiness views are added for Compliance across actively supported OCP versions (4.16-4.21).

Changes

1. Configuration Views (config/views.yaml)

Added Component Readiness views for Compliance across OCP versions:

• 4.21-lp-Interop-compliance: Compares 4.21 vs 4.20
• 4.20-lp-Interop-compliance: Compares 4.20 vs 4.19
• 4.19-lp-Interop-compliance: Compares 4.19 vs 4.18
• 4.18-lp-Interop-compliance: Compares 4.18 vs 4.17
• 4.17-lp-Interop-compliance: Compares 4.17 vs 4.16
• 4.16-lp-Interop-compliance: Compares 4.16 vs 4.15

2. All views are configured with:

• LayeredProduct filter: lp-interop-compliance
• Platforms: azure, gcp, aws
• Architectures: amd64, arm64
• Owners: eng, qe
• Metrics and regression tracking: enabled
• Base releases use ga-30d to ga for GA'd releases

3. Suite Registration (pkg/db/suites.go)

• Added Compliance-lp-interop to the test suites list

4. Variant Registry (pkg/variantregistry/ocp.go)

• Added mapping rules for compliance jobs tagged as LayeredProduct lp-interop-compliance:
  • Jobs containing -complianceascode- (upstream tests)
  • Jobs containing -compliance-destructive (downstream destructive tests)
  • Jobs containing -compliance (downstream tests)

5. Snapshot (pkg/variantregistry/snapshot.yaml)

• Updated 66 compliance job entries to use LayeredProduct: lp-interop-compliance

Related Jobs

This tracks the following Compliance periodic jobs:

Upstream (ComplianceAsCode) Jobs:

• periodic-ci-ComplianceAsCode-content-master-{version}-e2e-aws-openshift-node-compliance (amd64/arm64)
• periodic-ci-ComplianceAsCode-content-master-{version}-e2e-aws-openshift-platform-compliance (amd64/arm64)

Downstream Jobs:

• periodic-ci-openshift-openshift-tests-private-release-{version}-{arch}-nightly-{platform}-*-compliance
• periodic-ci-openshift-openshift-tests-private-release-{version}-{arch}-nightly-{platform}-*-compliance-destructive

Coverage includes versions 4.12-4.21 across amd64, arm64, and multi architectures on platforms: aws, azure, gcp, baremetal, vsphere.

6. Testing

• Views follow the established naming pattern: {OCP_RELEASE}-lp-Interop-{product}
• Configuration aligns with other LP-Interop views (CNV, Quay, ServiceMesh, COO, etc.)
• Metrics and regression tracking enabled for proactive monitoring
• Both engineering and QE owned jobs are included for comprehensive coverage

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3987 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Overview

1. This PR adds support for tracking Component Readiness for the Compliance Operator as a separate layered product dashboard. The Compliance Operator includes both upstream (ComplianceAsCode) and downstream testing, and we need dedicated dashboards to track readiness across these components.

2. Component Readiness views are added for Compliance across actively supported OCP versions (4.16-4.21).

Changes

1. Configuration Views (config/views.yaml)

Added Component Readiness views for Compliance across OCP versions:

• 4.21-lp-Interop-compliance: Compares 4.21 vs 4.20
• 4.20-lp-Interop-compliance: Compares 4.20 vs 4.19
• 4.19-lp-Interop-compliance: Compares 4.19 vs 4.18
• 4.18-lp-Interop-compliance: Compares 4.18 vs 4.17
• 4.17-lp-Interop-compliance: Compares 4.17 vs 4.16
• 4.16-lp-Interop-compliance: Compares 4.16 vs 4.15

2. All views are configured with:

• LayeredProduct filter: lp-interop-compliance
• Platforms: azure, gcp, aws
• Architectures: amd64, arm64
• Owners: eng, qe
• Metrics and regression tracking: enabled
• Base releases use ga-30d to ga for GA'd releases

3. Suite Registration (pkg/db/suites.go)

• Added Compliance-lp-interop to the test suites list

4. Variant Registry (pkg/variantregistry/ocp.go)

• Added mapping rules for compliance jobs tagged as LayeredProduct lp-interop-compliance:
  • Jobs containing -complianceascode- (upstream tests)
  • Jobs containing -compliance-destructive (downstream destructive tests)
  • Jobs containing -compliance (downstream tests)

5. Snapshot (pkg/variantregistry/snapshot.yaml)

• Updated 66 compliance job entries to use LayeredProduct: lp-interop-compliance

Related Jobs

This tracks the following Compliance periodic jobs:

Upstream (ComplianceAsCode) Jobs:

• periodic-ci-ComplianceAsCode-content-master-{version}-e2e-aws-openshift-node-compliance (amd64/arm64)
• periodic-ci-ComplianceAsCode-content-master-{version}-e2e-aws-openshift-platform-compliance (amd64/arm64)

Downstream Jobs:

• periodic-ci-openshift-openshift-tests-private-release-{version}-{arch}-nightly-{platform}-*-compliance
• periodic-ci-openshift-openshift-tests-private-release-{version}-{arch}-nightly-{platform}-*-compliance-destructive

Coverage includes versions 4.12-4.21 across amd64, arm64, and multi architectures on platforms: aws, azure, gcp, baremetal, vsphere.

6. Testing

• Views follow the established naming pattern: {OCP_RELEASE}-lp-Interop-{product}
• Configuration aligns with other LP-Interop views (CNV, Quay, ServiceMesh, COO, etc.)
• Metrics and regression tracking enabled for proactive monitoring
• Both engineering and QE owned jobs are included for comprehensive coverage

Summary by CodeRabbit

• New Features

• Added URL validation for artifact and job run links to improve safety when opening external resources.

• Extended component readiness analysis with new compliance-tracking blocks for multiple release versions.

• Chores

• Updated product mapping configuration for compliance-related jobs.

• Enhanced messaging formatting in analysis prompts.

• Expanded test suite configuration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

sippy-ng/src/component_readiness/JobArtifactQuery.js (1)

594-601: Align validateURL implementations to avoid subtle divergence

You now have three validateURL implementations: two with try/catch (Lines 594-601, 804-811) and one without (Lines 624-630). To keep behavior consistent and avoid future drift, consider giving the JAQResultTable version the same try/catch semantics (or extracting a shared helper in this file if Snyk still accepts it). This keeps all URL checks robust against malformed input while preserving the http/https protocol restriction.

Also applies to: 624-630, 804-811

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between dd3edd0 and d9b5bd5.

📒 Files selected for processing (2)

• chat/prompts/payload-analysis.yaml (1 hunks)
• sippy-ng/src/component_readiness/JobArtifactQuery.js (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

sippy-ng/src/component_readiness/JobArtifactQuery.js (1)

sippy-ng/src/helpers.js (1)

• url (338-338)

🔇 Additional comments (2)

chat/prompts/payload-analysis.yaml (1)

106-112: Revert text formatting change looks good

Switching the high-confidence revert notice to "** REVERT RECOMMENDED **" keeps the instruction explicit while avoiding emoji; no behavioral impact on the workflow.

sippy-ng/src/component_readiness/JobArtifactQuery.js (1)

594-601: URL validation around window.open is correctly tightened

The new validateURL helpers (Lines 594-601 and 804-811) and the guards around window.open (Lines 603-608 and 813-822) safely restrict navigation to http/https URLs and handle parse errors via try/catch. This meaningfully hardens these paths without changing intended behavior.

Also applies to: 603-608, 804-822

[openshift-ci-robot]

@xiaojiey: This pull request references CMP-3987 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Overview

1. This PR adds support for tracking Component Readiness for the Compliance Operator as a separate layered product dashboard. The Compliance Operator includes both upstream (ComplianceAsCode) and downstream testing, and we need dedicated dashboards to track readiness across these components.

2. Component Readiness views are added for Compliance across actively supported OCP versions (4.16-4.21).

Changes

1. Configuration Views (config/views.yaml)

Added Component Readiness views for Compliance across OCP versions:

• 4.21-lp-Interop-compliance: Compares 4.21 vs 4.20
• 4.20-lp-Interop-compliance: Compares 4.20 vs 4.19
• 4.19-lp-Interop-compliance: Compares 4.19 vs 4.18
• 4.18-lp-Interop-compliance: Compares 4.18 vs 4.17
• 4.17-lp-Interop-compliance: Compares 4.17 vs 4.16
• 4.16-lp-Interop-compliance: Compares 4.16 vs 4.15

2. All views are configured with:

• LayeredProduct filter: lp-interop-compliance
• Platforms: azure, gcp, aws
• Architectures: amd64, arm64
• Owners: eng, qe
• Metrics and regression tracking: enabled
• Base releases use ga-30d to ga for GA'd releases

3. Suite Registration (pkg/db/suites.go)

• Added Compliance-lp-interop to the test suites list

4. Variant Registry (pkg/variantregistry/ocp.go)

• Added mapping rules for compliance jobs tagged as LayeredProduct lp-interop-compliance:
  • Jobs containing -complianceascode- (upstream tests)
  • Jobs containing -compliance-destructive (downstream destructive tests)
  • Jobs containing -compliance (downstream tests)

5. Snapshot (pkg/variantregistry/snapshot.yaml)

• Updated 66 compliance job entries to use LayeredProduct: lp-interop-compliance

Related Jobs

This tracks the following Compliance periodic jobs:

Upstream (ComplianceAsCode) Jobs:

• periodic-ci-ComplianceAsCode-content-master-{version}-e2e-aws-openshift-node-compliance (amd64/arm64)
• periodic-ci-ComplianceAsCode-content-master-{version}-e2e-aws-openshift-platform-compliance (amd64/arm64)

Downstream Jobs:

• periodic-ci-openshift-openshift-tests-private-release-{version}-{arch}-nightly-{platform}-*-compliance
• periodic-ci-openshift-openshift-tests-private-release-{version}-{arch}-nightly-{platform}-*-compliance-destructive

Coverage includes versions 4.12-4.21 across amd64, arm64, and multi architectures on platforms: aws, azure, gcp, baremetal, vsphere.

6. Testing

• Views follow the established naming pattern: {OCP_RELEASE}-lp-Interop-{product}
• Configuration aligns with other LP-Interop views (CNV, Quay, ServiceMesh, COO, etc.)
• Metrics and regression tracking enabled for proactive monitoring
• Both engineering and QE owned jobs are included for comprehensive coverage

Summary by CodeRabbit

• New Features
• Added interoperability compliance testing coverage for releases 4.19, 4.20, and 4.21.
• Introduced unified compliance job routing and classification to streamline test organization.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@xiaojiey: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/security	2d2365c	link	true	/test security

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[xiaojiey]

@neisw @deepsm007 Could you please help to review this PR, thanks.