ROSAENG-57139 | ci: Replace terraform-provider-rhcs unit job with pre-push-checks

[amandahla]

Summary

• Replace the unit presubmit on terraform-redhat/terraform-provider-rhcs main with pre-push-checks, running make pre-push-checks in a Dockerfile.clients image (terraform-provider-rhcs-clients).
• Add ci/prow/pre-push-checks to branch protection required contexts for main (append-only; no other contexts removed).
• Extend skip_if_only_changed on all main presubmits (including e2e image builds and e2e test jobs) so PRs that only change markdown or other doc-only paths do not trigger Prow jobs.

Test plan

• make jobs WHAT=terraform-redhat/terraform-provider-rhcs
• ci-operator checkconfig (via make jobs)
• After merge: open a provider PR and confirm ci/prow/pre-push-checks runs and is required
• After merge: open a docs-only provider PR and confirm presubmits are skipped
• Swap ci/prow/unit off GitHub required checks if still listed (job removed)

Dependencies

Requires Dockerfile.clients and make pre-push-checks on terraform-redhat/terraform-provider-rhcs main (already merged).

Made with Cursor

Summary by CodeRabbit

This PR updates the CI/CD infrastructure for the terraform-redhat/terraform-provider-rhcs repository to replace the unit test job with a new pre-push-checks job and adds skip conditions for documentation-only changes across all presubmits.

Key Changes:

1. Unit Test Job Replacement - The unit presubmit job in the main CI configuration is replaced with a new pre-push-checks job that executes make pre-push-checks within a terraform-provider-rhcs-clients container image (built from Dockerfile.clients).

2. Branch Protection Requirement - The new ci/prow/pre-push-checks job is added as a required status check for the main branch, ensuring it must pass before merging.

3. Skip Documentation-Only Changes - All main presubmits (including e2e image builds and e2e test jobs) are now configured to skip execution when PRs only modify documentation and metadata files. This prevents unnecessary CI runs for changes to markdown files, LICENSE, OWNERS, .goreleaser.yaml, renovate configs, and documentation directories.

The changes maintain the same validation behavior while consolidating checks into a single pre-push-checks target and reducing CI noise for documentation-only PRs. The implementation depends on Dockerfile.clients and the make pre-push-checks target already being available on the repository's main branch.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 99788d16-c2f6-47ba-83dd-3149a5cb484c

📥 Commits

Reviewing files that changed from the base of the PR and between 9e7f743 and 784d2c3.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (4)

• ci-operator/config/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main.yaml
• ci-operator/config/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main__e2e-presubmits.yaml
• ci-operator/config/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main__e2e.yaml
• core-services/prow/02_config/terraform-redhat/terraform-provider-rhcs/_prowconfig.yaml

🚧 Files skipped from review as they are similar to previous changes (4)

• core-services/prow/02_config/terraform-redhat/terraform-provider-rhcs/_prowconfig.yaml
• ci-operator/config/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main.yaml
• ci-operator/config/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main__e2e-presubmits.yaml
• ci-operator/config/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main__e2e.yaml

---

Walkthrough

The CI configuration for terraform-redhat/terraform-provider-rhcs replaces the unit test step (using a src container) with a pre-push-checks step backed by a new terraform-provider-rhcs-clients image built from Dockerfile.clients. Skip guards are added or widened across e2e presubmit and e2e jobs to skip expensive runs when only documentation or configuration files change. The new ci/prow/pre-push-checks check is added as a required branch-protection status for the main branch.

Changes

RHCS CI configuration update

Layer / File(s)	Summary
Image definition and test step refactor ci-operator/config/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main.yaml	Removes binary_build_commands/build_root; adds an images block defining terraform-provider-rhcs-clients from Dockerfile.clients with skip_if_only_changed. Rewrites the test step from unit (make unit-test in src) to pre-push-checks (make pre-push-checks in terraform-provider-rhcs-clients, always_run: true).
Add skip guards to e2e jobs ci-operator/config/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main__e2e-presubmits.yaml, ci-operator/config/terraform-redhat/terraform-provider-rhcs/terraform-redhat-terraform-provider-rhcs-main__e2e.yaml	Adds skip_if_only_changed to the e2e images section and replaces or adds the guard across all e2e presubmit entries, broadening the regex from README.md-only to all *.md files plus common CI config and non-source directories.
Require pre-push-checks in branch protection core-services/prow/02_config/terraform-redhat/terraform-provider-rhcs/_prowconfig.yaml	Adds ci/prow/pre-push-checks to required_status_checks.contexts for the main branch.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• openshift/release#80463: Adds skip_if_only_changed regex filters to ci-operator presubmit YAML to skip e2e runs on docs/config-only changes, the same pattern applied here.
• openshift/release#80584: Adds skip_if_only_changed denylist filters to ci-operator e2e presubmit job definitions, directly parallel to the guard changes in this PR.
• openshift/release#80599: Updates ci-operator YAML job definitions to expand skip_if_only_changed regexes and skip presubmit/e2e runs when changes are limited to non-code paths, following the same conditional skipping pattern.

Suggested labels

jira/valid-reference

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: replacing the unit job with pre-push-checks for terraform-provider-rhcs CI configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only YAML CI/CD configuration files (Prow, ci-operator), not Ginkgo test files. No test names to evaluate.
Test Structure And Quality	✅ Passed	This PR modifies only CI/CD YAML configuration files (ci-operator and Prow configs), not any Ginkgo test code. The custom check for "Test Structure and Quality" is not applicable.
Microshift Test Compatibility	✅ Passed	This PR contains only CI/CD configuration changes (YAML files) with no new Ginkgo e2e tests. The check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR modifies only CI/CD configuration files (YAML) and does not add any new Ginkgo e2e test code. The check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	The PR modifies only CI/CD configuration files (ci-operator and Prow configs). No deployment manifests, operator code, controllers, or scheduling constraints are added or modified.
Ote Binary Stdout Contract	✅ Passed	PR only modifies CI/CD YAML configuration files with no Go test code changes. OTE Binary Stdout Contract check requires process-level Go code (main, init, TestMain, suite setup) that could write to...
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR contains only CI/CD configuration changes (YAML files for ci-operator and Prow). No new Ginkgo e2e tests are added, so the IPv6/disconnected network compatibility check is not applicable.
No-Weak-Crypto	✅ Passed	No weak cryptography patterns (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB) found. PR contains only CI/CD configuration files with no cryptographic code, custom crypto implementations, or unsafe compa...
Container-Privileges	✅ Passed	The modified files are CI operator and Prow configuration YAML files, not Kubernetes or container manifests. They contain no container security contexts, privileged settings, host access flags, or...
No-Sensitive-Data-In-Logs	✅ Passed	This PR modifies only CI/CD configuration files (YAML) with no hardcoded credentials, tokens, API keys, PII, or sensitive data exposed in logging.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amandahla

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/terraform-redhat/terraform-provider-rhcs/OWNERS [amandahla]
• ci-operator/jobs/terraform-redhat/terraform-provider-rhcs/OWNERS [amandahla]
• core-services/prow/02_config/terraform-redhat/terraform-provider-rhcs/OWNERS [amandahla]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@amandahla: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-terraform-redhat-terraform-provider-rhcs-main-images	terraform-redhat/terraform-provider-rhcs	presubmit	Presubmit changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-pre-push-checks	terraform-redhat/terraform-provider-rhcs	presubmit	Presubmit changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-images	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-classic-full-resources-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-day1-supplemental-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-advanced-critical-high-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-advanced-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-arm-critical-high-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-arm-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-encryption-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-full-resources-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-network-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-private-critical-high-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-private-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-upgrade-y-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-hcp-upgrade-z-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-sts-advanced-critical-high-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-sts-advanced-day1-negative-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-sts-advanced-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-sts-private-critical-high-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-sts-private-day1-negative-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-sts-private-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-sts-shared-vpc-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-sts-upgrade-y-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed
pull-ci-terraform-redhat-terraform-provider-rhcs-main-e2e-presubmits-rosa-sts-upgrade-z-optional-presubmit	terraform-redhat/terraform-provider-rhcs	presubmit	Ci-operator config changed

A total of 47 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[amandahla]

/pj-rehearse

[openshift-merge-bot]

@amandahla: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@amandahla: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/terraform-redhat/terraform-provider-rhcs/main/pre-push-checks	784d2c3	link	unknown	/pj-rehearse pull-ci-terraform-redhat-terraform-provider-rhcs-main-pre-push-checks
ci/rehearse/terraform-redhat/terraform-provider-rhcs/main/images	784d2c3	link	unknown	/pj-rehearse pull-ci-terraform-redhat-terraform-provider-rhcs-main-images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.