Skip to content

HIVE-3148: add OTE e2e test jobs for openshift/hive #78554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
miyadav wants to merge 6 commits into from
+482 −0
Closed

HIVE-3148: add OTE e2e test jobs for openshift/hive #78554

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
bd18d2a
HIVE-3148: add OTE e2e test jobs for openshift/hive
miyadav Apr 29, 2026
8b5b973
Adding flags for filtering tests
miyadav Apr 30, 2026
9f60bfd
adding env variable as flag is unidentified
miyadav Apr 30, 2026
e312974
fix to clean json output and deserilization error fix to coderepo
miyadav Apr 30, 2026
892405f
increase timeout
miyadav May 1, 2026
c39af88
Merge branch 'openshift:main' into hiveotetests
miyadav May 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
139 changes: 139 additions & 0 deletions ci-operator/config/openshift/hive/openshift-hive-master.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,18 @@ images:
dockerfile_path: Dockerfile
from: ubi9-minimal-entitled
to: hive
- dockerfile_literal: |
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 as builder
RUN mkdir -p /go/src/github.com/openshift/hive
WORKDIR /go/src/github.com/openshift/hive
RUN git clone --branch fix-ote-init --depth 1 https://github.com/miyadav/hive.git .
RUN make -C test/ote build
FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
RUN microdnf install -y gzip jq && microdnf clean all
COPY --from=builder /go/src/github.com/openshift/hive/test/ote/bin/hive /usr/bin/openshift-tests-extension
RUN gzip -f -k /usr/bin/openshift-tests-extension
WORKDIR /tmp
to: hive-tests
Comment on lines +29 to +40
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Shows the current branch head that this Dockerfile consumes today.
git ls-remote https://github.com/miyadav/hive.git refs/heads/fix-ote-init

Repository: openshift/release

Length of output: 126

Pin the temporary miyadav/hive source to an immutable revision.

Cloning from the fix-ote-init branch makes this image non-reproducible and allows future branch updates to change the test binary without additional openshift/release review. Pin a commit SHA instead of using a moving branch reference.

Suggested change 
   - dockerfile_literal: |
       FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 as builder
       RUN mkdir -p /go/src/github.com/openshift/hive
       WORKDIR /go/src/github.com/openshift/hive
-      RUN git clone --branch fix-ote-init --depth 1 https://github.com/miyadav/hive.git .
+      ARG HIVE_OTE_COMMIT=<pinned-sha>
+      RUN git init . \
+       && git remote add origin https://github.com/miyadav/hive.git \
+       && git fetch --depth 1 origin "${HIVE_OTE_COMMIT}" \
+       && git checkout --detach FETCH_HEAD
       RUN make -C test/ote build
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines 29
- 40, Replace the moving branch reference in the dockerfile_literal (the RUN git
clone --branch fix-ote-init --depth 1 https://github.com/miyadav/hive.git .
line) with a clone and checkout pinned to a specific commit SHA so the image is
reproducible; e.g., clone the repo (no branch), fetch the desired commit SHA,
and checkout that SHA (or use git clone --depth 1 <repo> && git -C hive checkout
<COMMIT_SHA>) so the build always uses an immutable revision—update the RUN line
to perform these steps and document the chosen commit SHA in the file.

skip_if_only_changed: ^(?:docs|\.tekton)/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$
promotion:
to:
Expand Down Expand Up @@ -291,6 +303,133 @@ tests:
requests:
cpu: 100m
workflow: ipi-openstack
- as: e2e-ote
cluster_claim:
architecture: amd64
as: unused
cloud: aws
labels:
region: us-east-1
owner: openshift-ci
product: ocp
timeout: 1h0m0s
version: "4.20"
skip_if_only_changed: ^(?:docs|\.tekton)/|\.md$|^(?:.*/)?(?:\.gitignore|.coderabbit.yaml|OWNERS|PROJECT|LICENSE)$
steps:
test:
- as: test
cli: latest
commands: |
export AWS_ACCESS_KEY_ID=$(cat /tmp/secret/hiveci-aws-creds/AWS_ACCESS_KEY_ID)
export AWS_SECRET_ACCESS_KEY=$(cat /tmp/secret/hiveci-aws-creds/AWS_SECRET_ACCESS_KEY)
export PULL_SECRET_FILE=/tmp/secret/pull-secret/.dockerconfigjson
export CLUSTER_NAME=$(printf "hiveci-%x-%x" $(date +%s) $PULL_NUMBER)
export SKIP_LONG_RUNNING_TESTS=true
export PLATFORM=aws
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
credentials:
- mount_path: /tmp/secret/hiveci-aws-creds
name: hiveci-aws-creds
namespace: test-credentials
- mount_path: /tmp/secret/pull-secret
name: ci-pull-credentials
namespace: test-credentials
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
grace_period: 15m0s
resources:
requests:
cpu: 100m
timeout: 3h30m0s
workflow: generic-claim
timeout: 4h0m0s
- as: e2e-gcp-ote
run_if_changed: gcp
steps:
cluster_profile: openshift-org-gcp
test:
- as: test
cli: latest
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
export BASE_DOMAIN=$(< "${CLUSTER_PROFILE_DIR}/public_hosted_zone")
export PLATFORM=gcp
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
resources:
requests:
cpu: 100m
timeout: 2h30m0s
workflow: ipi-gcp
- as: e2e-azure-ote
run_if_changed: azure
steps:
cluster_profile: openshift-org-azure
test:
- as: test
cli: latest
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
export PLATFORM=azure
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
resources:
requests:
cpu: 100m
timeout: 2h30m0s
workflow: ipi-azure
timeout: 4h30m0s
- as: e2e-vsphere-ote
run_if_changed: vsphere
steps:
cluster_profile: vsphere-elastic
env:
NETWORK_TYPE: single-tenant
VSPHERE_ADDITIONAL_CLUSTER: "true"
test:
- as: test
cli: latest
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
source $SHARED_DIR/vsphere_context.sh
source $SHARED_DIR/govc.sh
source $SHARED_DIR/additional_cluster.sh

export CLUSTER_NAME=$ADDITIONAL_CLUSTER_NAME
export VSPHERE_API_VIP=$ADDITIONAL_CLUSTER_API_VIP
export VSPHERE_INGRESS_VIP=$ADDITIONAL_CLUSTER_INGRESS_VIP
export VSPHERE_MACHINE_NETWORK=$(<"${SHARED_DIR}"/machinecidr.txt)
export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)

export PLATFORM=vsphere
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
Comment on lines +407 to +427
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Mount the vSphere credentials in the OTE variant too.

This step sources the same vSphere helper scripts as e2e-vsphere, but unlike the existing job it never mounts vsphere-ibmcloud-ci at /var/run/vault/vsphere-ibmcloud-ci. Those helpers depend on that secret, so this job is likely to fail before the suite starts.

Suggested change 
       commands: |
         export KUBECONFIG="${SHARED_DIR}/kubeconfig"
         source $SHARED_DIR/vsphere_context.sh
         source $SHARED_DIR/govc.sh
         source $SHARED_DIR/additional_cluster.sh
@@
         export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)

         /usr/bin/openshift-tests-extension run-suite openshift/hive
+      credentials:
+      - mount_path: /var/run/vault/vsphere-ibmcloud-ci
+        name: vsphere-ibmcloud-ci
+        namespace: test-credentials
       dependencies:
       - env: HIVE_IMAGE
         name: hive
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
source $SHARED_DIR/vsphere_context.sh
source $SHARED_DIR/govc.sh
source $SHARED_DIR/additional_cluster.sh
export CLUSTER_NAME=$ADDITIONAL_CLUSTER_NAME
export VSPHERE_API_VIP=$ADDITIONAL_CLUSTER_API_VIP
export VSPHERE_INGRESS_VIP=$ADDITIONAL_CLUSTER_INGRESS_VIP
export VSPHERE_MACHINE_NETWORK=$(<"${SHARED_DIR}"/machinecidr.txt)
export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)
/usr/bin/openshift-tests-extension run-suite openshift/hive
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
source $SHARED_DIR/vsphere_context.sh
source $SHARED_DIR/govc.sh
source $SHARED_DIR/additional_cluster.sh
export CLUSTER_NAME=$ADDITIONAL_CLUSTER_NAME
export VSPHERE_API_VIP=$ADDITIONAL_CLUSTER_API_VIP
export VSPHERE_INGRESS_VIP=$ADDITIONAL_CLUSTER_INGRESS_VIP
export VSPHERE_MACHINE_NETWORK=$(<"${SHARED_DIR}"/machinecidr.txt)
export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)
/usr/bin/openshift-tests-extension run-suite openshift/hive
credentials:
- mount_path: /var/run/vault/vsphere-ibmcloud-ci
name: vsphere-ibmcloud-ci
namespace: test-credentials
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines
399 - 418, The OTE job's commands block sources vsphere helper scripts (source
$SHARED_DIR/vsphere_context.sh, source $SHARED_DIR/govc.sh) but does not mount
the vsphere secret; update the job spec that contains the commands/from:
hive-tests to add a volume/volumeMount or secret mount for vsphere-ibmcloud-ci
at /var/run/vault/vsphere-ibmcloud-ci (matching the e2e-vsphere job) so the
helpers can read the credentials when sourcing those scripts.

resources:
requests:
cpu: 100m
timeout: 2h30m0s
workflow: ipi-vsphere
zz_generated_metadata:
branch: master
org: openshift
Expand Down
Loading