trusted-execution-clusters: Use native OpenShift infrastructure

[Jakob-Naucke]

Rely on native OpenShift infrastructure. Avoids logic of transferring PR to and setting up on Beaker.

Summary by CodeRabbit

This PR converts the trusted-execution-clusters CI from a Beaker-hosted, Kind-on-Beaker workflow to native OpenShift infrastructure and image-based steps. It removes Beaker provisioning/Kind orchestration and cleanup plumbing, refactors the test step to run from prebuilt images, and updates operator CI configuration and OWNERS/metadata.

Practical impact

• CI workflow: Deletes Beaker/KIND provisioning and cleanup chains, refs, metadata and large provisioning/cleanup scripts. Removed areas include infra-provision, kind-cluster-create, beaker-kind-provision, beaker-deprovision, lifecycle, and cleanup step-registry content.
• Test execution: Replaces the remote Beaker-run integration-test flow with an image-based test step (runs from kubevirt-test-image). The test script is simplified: it bootstraps locally in CI, sets TEST_NAMESPACE_PREFIX, VIRT_PROVIDER=kubevirt and PLATFORM=openshift, installs Rust/cert-manager, and runs make integration-tests. All Beaker-specific SSH/lock/artifact handling and remote orchestration were removed.
• Operator CI config: Adds a CLI base image and multiple image build entries, declares a releases.latest.candidate, increases per-step memory limits from 4Gi to 8Gi, and rewrites the operator-lifecycle-verify job to use cluster_profile: aws-virtualization, inject environment variables (BASE_DOMAIN, CNV_VERSION, COMPUTE_NODE_TYPE, COMPUTE_NODE_REPLICAS), update refs, and set workflow: ipi-aws.
• Ownership metadata: Numerous OWNERS and metadata.json entries across ci-operator/config and step-registry were pruned or cleared (many reviewers/approvers removed; Jak‑ob‑Naucke and alicefr remain in some places). Several step-level owners blocks were removed or emptied.
• Deleted artifacts: Large provisioning/cleanup shell scripts and many step YAML/metadata files tied to Beaker/KIND provisioning and deprovisioning were removed.

Files/areas with largest effect

• ci-operator/step-registry/trusted-execution-clusters/ref/operator: removed Beaker-related scripts, refs, and metadata (beaker-kind-provision, beaker-deprovision, kind-cluster-create, infra-provision, lifecycle, cleanup).
• ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml: added base_images/images/releases entries, increased memory limits, and updated operator-lifecycle-verify job.
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test: script refactored and step changed to run from kubevirt-test-image; environment exports (TEST_NAMESPACE_PREFIX, VIRT_PROVIDER, PLATFORM) added.

Risks / review notes

• Behavioral change: tests now run against OpenShift/KubeVirt via CI-provided infrastructure (aws-virtualization profile) instead of a Beaker-hosted Kind cluster — verify cluster_profile permissions and that the aws-virtualization profile meets test requirements.
• Image availability: ensure kubevirt-test-image and the declared image dependencies (operator, compute-pcrs, register-server, attestation-key-register) are published and accessible to CI.
• Artifacts & cleanup: Beaker-specific artifact collection and exclusive-lock cleanup were removed — confirm CI still captures required logs and that cleanup semantics in the new environment are sufficient.
• Ownership/governance: many approvers/reviewers were removed or cleared — validate remaining OWNERS entries for correctness.
• Resource sizing: memory limits increased to 8Gi; confirm this aligns with capacity planning and actual needs.

Overall assessment

• The change simplifies CI by removing complex Beaker orchestration and moving to native OpenShift image-based test execution, while updating job config and ownership metadata. Review focus should be on image availability, test prerequisites and permissions for aws-virtualization, artifact/diagnostic collection, and OWNER correctness.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Jakob-Naucke

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/trusted-execution-clusters/operator/OWNERS [Jakob-Naucke]
• ci-operator/step-registry/trusted-execution-clusters/operator/OWNERS [Jakob-Naucke]
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/OWNERS [Jakob-Naucke]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Removes Beaker-based step scripts and chains, prunes multiple OWNERS files, adds base_images and image build items (including kubevirt-test-image), increases CI memory limits, refactors operator-lifecycle-verify, and moves the operator test to run from kubevirt-test-image with simplified resources and dependencies.

Changes

Trusted Execution Clusters CI Infrastructure Migration

Layer / File(s)	Summary
Ownership roster updates ci-operator/config/trusted-execution-clusters/operator/OWNERS, ci-operator/step-registry/trusted-execution-clusters/operator/OWNERS, ci-operator/step-registry/trusted-execution-clusters/ref/operator/OWNERS, ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/OWNERS	Remove or prune reviewers/approvers entries across multiple OWNERS files (remove fangge1212, yalzhang; retain/update entries such as Jakob-Naucke, alicefr).
Test step refactoring to containerized execution ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/trusted-execution-clusters-ref-operator-test-commands.sh, ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/trusted-execution-clusters-ref-operator-test-ref.yaml	Replace Beaker/Prow SSH-based orchestration with a local/container bootstrap that installs Rust, sets TEST_NAMESPACE_PREFIX, VIRT_PROVIDER=kubevirt, PLATFORM=openshift, installs cert-manager, and runs make integration-tests; switch the step to run from kubevirt-test-image, add image dependencies, and simplify resource and env/credentials wiring.
CI base images and operator container builds ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml	Add base_images for a CLI image, add images.items including a dockerfile_literal for kubevirt-test-image and several release-mode image builds, add releases.latest.candidate metadata, and increase wildcard resources['*'].limits.memory from 4Gi to 8Gi; refactor operator-lifecycle-verify job to new steps layout.

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

rehearsals-ack

Suggested reviewers

• deads2k

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
Ote Binary Stdout Contract	❌ Error	Test command script contains plain text echo statements that write to stdout before running integration tests; this corrupts OTE JSON stdout contract if the test binary is OTE-compatible.	Remove echo statements or redirect to stderr using echo "..." >&2 before any OTE binary execution to maintain JSON stdout integrity.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'trusted-execution-clusters: Use native OpenShift infrastructure' clearly and specifically describes the main change: migrating from Beaker-based infrastructure to native OpenShift infrastructure, as evidenced by removals of Beaker scripts and adoption of IPI-based testing.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR modifies CI configuration in openshift/release. No Ginkgo test definitions exist in this repo - actual tests are in trusted-execution-clusters/operator repo, not here.
Test Structure And Quality	✅ Passed	PR modifies only CI/CD configuration (YAML, shell, JSON, OWNERS), not Ginkgo test code. Custom check for test structure is not applicable.
Microshift Test Compatibility	✅ Passed	This PR modifies CI/CD infrastructure configuration in the openshift/release repo, not Ginkgo e2e test code. No new test definitions (It(), Describe(), Context(), When()) are added in this repository.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests added. PR modifies only CI config and infrastructure setup scripts; actual test code is in the operator repository.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only CI infrastructure config and test scripts. No production manifests, operator code, or scheduling constraints introduced; check not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR modifies CI infrastructure and test orchestration only; no new Ginkgo e2e tests (It/Describe/Context) are added, so the IPv6/disconnected network check does not apply.
No-Weak-Crypto	✅ Passed	No weak cryptography (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or insecure constant-time comparisons of secrets found. Uses strong TLS 1.2 and trusted libraries.
Container-Privileges	✅ Passed	No privileged configurations found: no privileged: true, hostPID, hostNetwork, hostIPC, SYS_ADMIN capabilities, allowPrivilegeEscalation: true, or runAsUser: 0 in any modified CI/K8s manifests.
No-Sensitive-Data-In-Logs	✅ Passed	No problematic logging found. Echo statements only log informational messages ("[INFO]"), and non-sensitive variables are used. No credentials, tokens, keys, PII, or internal data are exposed in logs.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-merge-bot]

@Jakob-Naucke, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

could not load configuration from candidate revision of release repo: failed to load ci-operator configuration from release repo: failed to load ci-operator config (error converting YAML to JSON: yaml: line 28: could not find expected ':')

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml`:
- Around line 26-30: The YAML has a syntax error: add the missing colon after
the key "build_args" and ensure the following block is a properly indented
mapping/list under it; e.g., make "build_args:" followed by the "- name:
build_type" / "value: release" entries indented to be children of build_args and
keep "dockerfile_path: Containerfile" and "to: operator" at the correct
indentation so "build_args", "dockerfile_path", and "to" are valid peer keys.
- Around line 11-12: The YAML currently nests the image list under the key
`items` (i.e., images: items:), which violates the ci-operator schema; remove
the `items:` key and unindent the image entries so `images:` directly contains a
YAML sequence (each image as `- name: ...` / `- from: ...` or simple `-
"registry/path:tag"` as used in this repo), ensuring the list items are direct
children of `images` rather than under `items`.

In
`@ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/trusted-execution-clusters-ref-operator-test-commands.sh`:
- Around line 17-22: After applying cert-manager (the kubectl apply using
CRT_MGR_VERSION), wait for cert-manager resources to become ready before
invoking make integration-tests: poll for cert-manager deployments and pods
(e.g., check cert-manager, cert-manager-cainjector, cert-manager-webhook
deployments or their pods) and ensure webhook/service readiness and CRDs are
established; only proceed to run make integration-tests once those checks
succeed to prevent intermittent failures.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 6b2f7ebd-0f71-4c0e-bd4c-a5aea4147e8b

📥 Commits

Reviewing files that changed from the base of the PR and between bc2a19f and b51e835.

📒 Files selected for processing (28)

• ci-operator/config/trusted-execution-clusters/operator/OWNERS
• ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/trusted-execution-clusters-operator-cleanup-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/trusted-execution-clusters-operator-cleanup-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/trusted-execution-clusters-operator-infra-provision-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/trusted-execution-clusters-operator-infra-provision-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/trusted-execution-clusters-operator-lifecycle-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/trusted-execution-clusters-operator-lifecycle-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/trusted-execution-clusters-ref-operator-test-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/trusted-execution-clusters-ref-operator-test-ref.yaml

💤 Files with no reviewable changes (25)

• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/OWNERS
• ci-operator/config/trusted-execution-clusters/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/trusted-execution-clusters-operator-lifecycle-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/trusted-execution-clusters-operator-cleanup-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/trusted-execution-clusters-operator-infra-provision-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/trusted-execution-clusters-operator-cleanup-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/trusted-execution-clusters-operator-infra-provision-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/trusted-execution-clusters-operator-lifecycle-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/OWNERS

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Invalid images schema structure.

The ci-operator images field must be a list directly under the key, not nested under items:. This structure will fail config validation.

🐛 Proposed fix

 images:
-  items:
   - dockerfile_literal: |

Remove the items: key and unindent all image entries by 2 spaces.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml`
around lines 11 - 12, The YAML currently nests the image list under the key
`items` (i.e., images: items:), which violates the ci-operator schema; remove
the `items:` key and unindent the image entries so `images:` directly contains a
YAML sequence (each image as `- name: ...` / `- from: ...` or simple `-
"registry/path:tag"` as used in this repo), ensuring the list items are direct
children of `images` rather than under `items`.

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/trusted-execution-clusters-ref-operator-test-commands.sh`:
- Line 15: The script currently starts an ssh-agent via eval "$(ssh-agent -s)"
but never uses it; either remove the orphaned eval "$(ssh-agent -s)" line if SSH
is not needed, or if SSH functionality is required, add proper key handling:
call ssh-add with the intended key (e.g., from an environment variable or
mounted secret), perform the SSH operations that require the agent, and ensure
you kill the agent (ssh-agent -k) when done; update the
trusted-execution-clusters-ref-operator-test-commands.sh script accordingly
around the eval "$(ssh-agent -s)" symbol.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: be54a263-e837-46f5-9e82-ce398774d482

📥 Commits

Reviewing files that changed from the base of the PR and between b51e835 and 0347aff.

📒 Files selected for processing (28)

• ci-operator/config/trusted-execution-clusters/operator/OWNERS
• ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/trusted-execution-clusters-operator-cleanup-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/trusted-execution-clusters-operator-cleanup-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/trusted-execution-clusters-operator-infra-provision-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/trusted-execution-clusters-operator-infra-provision-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/trusted-execution-clusters-operator-lifecycle-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/trusted-execution-clusters-operator-lifecycle-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/trusted-execution-clusters-ref-operator-test-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/trusted-execution-clusters-ref-operator-test-ref.yaml

💤 Files with no reviewable changes (25)

• ci-operator/step-registry/trusted-execution-clusters/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/trusted-execution-clusters-operator-cleanup-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/trusted-execution-clusters-operator-lifecycle-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/trusted-execution-clusters-operator-infra-provision-chain.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/lifecycle/trusted-execution-clusters-operator-lifecycle-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/trusted-execution-clusters-operator-cleanup-chain.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/operator/cleanup/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/trusted-execution-clusters-operator-infra-provision-chain.metadata.json
• ci-operator/config/trusted-execution-clusters/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/operator/infra-provision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-commands.sh
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/trusted-execution-clusters-ref-operator-kind-cluster-create-ref.metadata.json
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/kind-cluster-create/OWNERS
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-deprovision/trusted-execution-clusters-ref-operator-beaker-deprovision-ref.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/beaker-kind-provision/trusted-execution-clusters-ref-operator-beaker-kind-provision-commands.sh

🚧 Files skipped from review as they are similar to previous changes (2)

• ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml
• ci-operator/step-registry/trusted-execution-clusters/ref/operator/test/trusted-execution-clusters-ref-operator-test-ref.yaml

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

@Jakob-Naucke, pj-rehearse: unable prepare a candidate for rehearsal; rehearsals will not be run. This could be due to a branch that needs to be rebased. ERROR:

couldn't checkout base SHA b67d21e82e5f4cc592418c232f44149456f17d9b: error checking out "b67d21e82e5f4cc592418c232f44149456f17d9b": exit status 128 fatal: unable to read tree (b67d21e82e5f4cc592418c232f44149456f17d9b)

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

@Jakob-Naucke, pj-rehearse: unable prepare a candidate for rehearsal; rehearsals will not be run. This could be due to a branch that needs to be rebased. ERROR:

couldn't checkout base SHA a2a3be4e46b92f4b0e3be325e1a9aece63dc2a11: error checking out "a2a3be4e46b92f4b0e3be325e1a9aece63dc2a11": exit status 128 fatal: unable to read tree (a2a3be4e46b92f4b0e3be325e1a9aece63dc2a11)

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml (1)

11-12: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Invalid images schema structure—still present despite prior fix claim.

The ci-operator images field must be a list directly under the key, not nested under items:. A previous review flagged this and claimed it was addressed in commit 0347aff, but the current code still has the items: key on line 12. This structure will fail config validation.

🐛 Proposed fix

 images:
-  items:
   - dockerfile_literal: |

Remove the items: key and unindent all image entries by 2 spaces so they are direct children of images:.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml`
around lines 11 - 12, The images section still uses a nested "items:" key which
breaks schema validation; remove the "items:" key under the images mapping and
unindent all image entries so they are direct children of the top-level images
key (i.e., make entries sit directly under "images:" instead of under "images:
-> items:"); update the block that currently contains "images:" and "items:"
accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml`:
- Around line 11-12: The images section still uses a nested "items:" key which
breaks schema validation; remove the "items:" key under the images mapping and
unindent all image entries so they are direct children of the top-level images
key (i.e., make entries sit directly under "images:" instead of under "images:
-> items:"); update the block that currently contains "images:" and "items:"
accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: bce1f22c-8896-4cee-b5cd-ab09be7b4743

📥 Commits

Reviewing files that changed from the base of the PR and between 71ca9f0 and 42253b3.

📒 Files selected for processing (1)

• ci-operator/config/trusted-execution-clusters/operator/trusted-execution-clusters-operator-main.yaml

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[Jakob-Naucke]

again no VPCs, trying Azure /pj-rehearse

…

On Wed, Jun 17, 2026 at 9:45 AM openshift-ci[bot] ***@***.***> wrote: *openshift-ci[bot]* left a comment (openshift/release#80214) <#80214 (comment)> @Jakob-Naucke <https://github.com/Jakob-Naucke>: The following test *failed*, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests: Test name Commit Details Required Rerun command ci/rehearse/trusted-execution-clusters/operator/main/operator-lifecycle-verify 7d28b79 <7d28b79> link <https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_release/80214/rehearse-80214-pull-ci-trusted-execution-clusters-operator-main-operator-lifecycle-verify/2067142762607677440> unknown /pj-rehearse pull-ci-trusted-execution-clusters-operator-main-operator-lifecycle-verify Full PR test history <https://prow.ci.openshift.org/pr-history?org=openshift&repo=release&pr=80214>. Your PR dashboard <https://prow.ci.openshift.org/pr?query=is:pr+state:open+author:Jakob-Naucke> . Details Instructions for interacting with me using PR comments are available here <https://git.k8s.io/community/contributors/guide/pull-requests.md>. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow <https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:> repository. I understand the commands that are listed here <https://go.k8s.io/bot-commands>. — Reply to this email directly, view it on GitHub <#80214?email_source=notifications&email_token=AKDRZESR6KAQUXHYIZFBKJL5AJD7XA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZSG4ZTMMBTGY2KM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4727360364>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKDRZEW7BC23ZRRW2IWUAOL5AJD7XAVCNFSNUABEKJSXA33TNF2G64TZHM3TKMRSGQYTINB3JFZXG5LFHM2DMMJTGE4DAMRVGOQXMAQ> . Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS <https://github.com/notifications/mobile/ios/AKDRZEWMTWANWQQR3NQHGR35AJD7XA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZSG4ZTMMBTGY2KM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y> and Android <https://github.com/notifications/mobile/android/AKDRZET5HTCMSMCTGA64LE35AJD7XA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZSG4ZTMMBTGY2KM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>. Download it today! You are receiving this because you were mentioned.Message ID: ***@***.***>

-- Best regards Jakob Naucke

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[Jakob-Naucke]

pass. try full suite /pj-rehearse

…

On Wed, Jun 17, 2026 at 2:06 PM openshift-ci[bot] ***@***.***> wrote: *openshift-ci[bot]* left a comment (openshift/release#80214) <#80214 (comment)> @Jakob-Naucke <https://github.com/Jakob-Naucke>: all tests *passed!* Full PR test history <https://prow.ci.openshift.org/pr-history?org=openshift&repo=release&pr=80214>. Your PR dashboard <https://prow.ci.openshift.org/pr?query=is:pr+state:open+author:Jakob-Naucke> . Details Instructions for interacting with me using PR comments are available here <https://git.k8s.io/community/contributors/guide/pull-requests.md>. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow <https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:> repository. I understand the commands that are listed here <https://go.k8s.io/bot-commands>. — Reply to this email directly, view it on GitHub <#80214?email_source=notifications&email_token=AKDRZEWOWOVYN3EOSKI4QLL5AKCVXA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZSHE4DAOJSG4YKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4729809270>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKDRZESMX2KXLIE4KKM7TOL5AKCVXAVCNFSNUABEKJSXA33TNF2G64TZHM3TKMRSGQYTINB3JFZXG5LFHM2DMMJTGE4DAMRVGOQXMAQ> . Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS <https://github.com/notifications/mobile/ios/AKDRZEQIUH7E6PUP532WH235AKCVXA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZSHE4DAOJSG4YKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y> and Android <https://github.com/notifications/mobile/android/AKDRZEWPCC62EDSKKSXSM6D5AKCVXA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZSHE4DAOJSG4YKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>. Download it today! You are receiving this because you were mentioned.Message ID: ***@***.***>

-- Best regards Jakob Naucke

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[Jakob-Naucke]

/pj-rehearse

…

On Wed, Jun 17, 2026 at 3:54 PM openshift-ci[bot] ***@***.***> wrote: *openshift-ci[bot]* left a comment (openshift/release#80214) <#80214 (comment)> @Jakob-Naucke <https://github.com/Jakob-Naucke>: The following test *failed*, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests: Test name Commit Details Required Rerun command ci/rehearse/trusted-execution-clusters/operator/main/operator-lifecycle-verify 88b1ccf <88b1ccf> link <https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_release/80214/rehearse-80214-pull-ci-trusted-execution-clusters-operator-main-operator-lifecycle-verify/2067220971281977344> unknown /pj-rehearse pull-ci-trusted-execution-clusters-operator-main-operator-lifecycle-verify Full PR test history <https://prow.ci.openshift.org/pr-history?org=openshift&repo=release&pr=80214>. Your PR dashboard <https://prow.ci.openshift.org/pr?query=is:pr+state:open+author:Jakob-Naucke> . Details Instructions for interacting with me using PR comments are available here <https://git.k8s.io/community/contributors/guide/pull-requests.md>. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow <https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:> repository. I understand the commands that are listed here <https://go.k8s.io/bot-commands>. — Reply to this email directly, view it on GitHub <#80214?email_source=notifications&email_token=AKDRZEQ7ZILWEUDD4BZ6LWD5AKPIFA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZTGA4TSNJTGE42M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4730995319>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKDRZEQQ5POXKLJX7JQE54L5AKPIFAVCNFSNUABEKJSXA33TNF2G64TZHM3TKMRSGQYTINB3JFZXG5LFHM2DMMJTGE4DAMRVGOQXMAQ> . Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS <https://github.com/notifications/mobile/ios/AKDRZER4AGROFTSI6U4UH7L5AKPIFA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZTGA4TSNJTGE42M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y> and Android <https://github.com/notifications/mobile/android/AKDRZET2OL73FYDAW4NURGD5AKPIFA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZTGA4TSNJTGE42M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>. Download it today! You are receiving this because you were mentioned.Message ID: ***@***.***>

-- Best regards Jakob Naucke

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[Jakob-Naucke]

rustup.rs was down

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[Jakob-Naucke]

/pj-rehearse

…

On Thu, Jun 18, 2026 at 11:50 AM openshift-merge-bot[bot] < ***@***.***> wrote: *openshift-merge-bot[bot]* left a comment (openshift/release#80214) <#80214 (comment)> @Jakob-Naucke <https://github.com/Jakob-Naucke>: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. — Reply to this email directly, view it on GitHub <#80214?email_source=notifications&email_token=AKDRZEWU5AHZRZHG6AZVJ6L5AO3PHA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZUGA3DKMZUGA42M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4740653409>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKDRZER3E6QJXJR6E3S2YR35AO3PHAVCNFSNUABEKJSXA33TNF2G64TZHM3TKMRSGQYTINB3JFZXG5LFHM2DMMJTGE4DAMRVGOQXMAQ> . Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS <https://github.com/notifications/mobile/ios/AKDRZESNRXPR7D4374OS4T35AO3PHA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZUGA3DKMZUGA42M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y> and Android <https://github.com/notifications/mobile/android/AKDRZEQMPMYUNI7GNZSGK3D5AO3PHA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZUGA3DKMZUGA42M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>. Download it today! You are receiving this because you were mentioned.Message ID: ***@***.***>

-- Best regards Jakob Naucke

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@Jakob-Naucke: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-trusted-execution-clusters-operator-main-operator-lifecycle-verify	trusted-execution-clusters/operator	presubmit	Ci-operator config changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[Jakob-Naucke]

/pj-rehearse

[openshift-merge-bot]

@Jakob-Naucke: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@Jakob-Naucke: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/trusted-execution-clusters/operator/main/operator-lifecycle-verify	1cfb0ba	link	unknown	/pj-rehearse pull-ci-trusted-execution-clusters-operator-main-operator-lifecycle-verify

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[Jakob-Naucke]

superseded by trusted-execution-clusters/operator#287