Skip to content

HIVE-3148: ote-e2e for hive #79036

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
miyadav wants to merge 1 commit into
base: main
Choose a base branch
from
+482 −0
Open

HIVE-3148: ote-e2e for hive #79036

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
139 changes: 139 additions & 0 deletions ci-operator/config/openshift/hive/openshift-hive-master.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,18 @@ images:
dockerfile_path: Dockerfile
from: ubi9-minimal-entitled
to: hive
- dockerfile_literal: |
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 as builder
RUN mkdir -p /go/src/github.com/openshift/hive
WORKDIR /go/src/github.com/openshift/hive
RUN git clone --branch fix-ote-init --depth 1 https://github.com/miyadav/hive.git .
RUN make -C test/ote build
Comment on lines +29 to +34
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Build hive-tests from the checked-out openshift/hive source instead of a personal fork.

Cloning miyadav/hive@fix-ote-init here means these jobs are not actually testing the PR/branch under review; they are testing whatever happens to be on that external branch when the image build runs. It also adds a live GitHub dependency to every CI run.

Suggested fix 
   - dockerfile_literal: |
       FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 as builder
-      RUN mkdir -p /go/src/github.com/openshift/hive
       WORKDIR /go/src/github.com/openshift/hive
-      RUN git clone --branch fix-ote-init --depth 1 https://github.com/miyadav/hive.git .
+      COPY . .
       RUN make -C test/ote build
       FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- dockerfile_literal: |
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 as builder
RUN mkdir -p /go/src/github.com/openshift/hive
WORKDIR /go/src/github.com/openshift/hive
RUN git clone --branch fix-ote-init --depth 1 https://github.com/miyadav/hive.git .
RUN make -C test/ote build
- dockerfile_literal: |
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 as builder
WORKDIR /go/src/github.com/openshift/hive
COPY . .
RUN make -C test/ote build
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines 29
- 34, The Dockerfile fragment uses RUN git clone --branch fix-ote-init
https://github.com/miyadav/hive.git . which pulls a personal fork instead of
building the hive-tests from the repository checked out for the PR; remove the
git clone step and build from the repository already present in the build
context (the WORKDIR /go/src/github.com/openshift/hive), i.e. ensure
dockerfile_literal omits the clone and leaves the existing WORKDIR and RUN make
-C test/ote build to operate on the checked-out openshift/hive source instead of
the miyadav fork.

FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
RUN microdnf install -y gzip jq && microdnf clean all
COPY --from=builder /go/src/github.com/openshift/hive/test/ote/bin/hive /usr/bin/openshift-tests-extension
RUN gzip -f -k /usr/bin/openshift-tests-extension
WORKDIR /tmp
to: hive-tests
skip_if_only_changed: ^(?:docs|\.tekton)/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$
promotion:
to:
Expand Down Expand Up @@ -291,6 +303,133 @@ tests:
requests:
cpu: 100m
workflow: ipi-openstack
- as: e2e-ote
cluster_claim:
architecture: amd64
as: unused
cloud: aws
labels:
region: us-east-1
owner: openshift-ci
product: ocp
timeout: 1h0m0s
version: "4.20"
Comment on lines +306 to +316
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid the 4.20/4.21 skew in the AWS OTE job.

This is the only AWS cluster-claim job in the file pinned to 4.20; the rest of the config and the release payload under test are 4.21. That makes the new signal hard to interpret and can miss regressions that only reproduce on the current target version.

Suggested fix 
   cluster_claim:
@@
-    version: "4.20"
+    version: "4.21"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- as: e2e-ote
cluster_claim:
architecture: amd64
as: unused
cloud: aws
labels:
region: us-east-1
owner: openshift-ci
product: ocp
timeout: 1h0m0s
version: "4.20"
- as: e2e-ote
cluster_claim:
architecture: amd64
as: unused
cloud: aws
labels:
region: us-east-1
owner: openshift-ci
product: ocp
timeout: 1h0m0s
version: "4.21"
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines
306 - 316, Update the cluster_claim version to match the rest of the job payload
by replacing cluster_claim.version "4.20" with "4.21"; locate the cluster_claim
block (the cluster_claim: entry and its version field) in the
openshift-hive-master.yaml and change the value to "4.21" so the AWS OTE job is
pinned to the same release as the rest of the config.

skip_if_only_changed: ^(?:docs|\.tekton)/|\.md$|^(?:.*/)?(?:\.gitignore|.coderabbit.yaml|OWNERS|PROJECT|LICENSE)$
steps:
test:
- as: test
cli: latest
commands: |
export AWS_ACCESS_KEY_ID=$(cat /tmp/secret/hiveci-aws-creds/AWS_ACCESS_KEY_ID)
export AWS_SECRET_ACCESS_KEY=$(cat /tmp/secret/hiveci-aws-creds/AWS_SECRET_ACCESS_KEY)
export PULL_SECRET_FILE=/tmp/secret/pull-secret/.dockerconfigjson
export CLUSTER_NAME=$(printf "hiveci-%x-%x" $(date +%s) $PULL_NUMBER)
export SKIP_LONG_RUNNING_TESTS=true
export PLATFORM=aws
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
credentials:
- mount_path: /tmp/secret/hiveci-aws-creds
name: hiveci-aws-creds
namespace: test-credentials
- mount_path: /tmp/secret/pull-secret
name: ci-pull-credentials
namespace: test-credentials
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
grace_period: 15m0s
resources:
requests:
cpu: 100m
timeout: 3h30m0s
workflow: generic-claim
timeout: 4h0m0s
- as: e2e-gcp-ote
run_if_changed: gcp
steps:
cluster_profile: openshift-org-gcp
test:
- as: test
cli: latest
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
export BASE_DOMAIN=$(< "${CLUSTER_PROFILE_DIR}/public_hosted_zone")
export PLATFORM=gcp
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
resources:
requests:
cpu: 100m
timeout: 2h30m0s
workflow: ipi-gcp
- as: e2e-azure-ote
run_if_changed: azure
steps:
cluster_profile: openshift-org-azure
test:
- as: test
cli: latest
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
export PLATFORM=azure
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
resources:
requests:
cpu: 100m
timeout: 2h30m0s
workflow: ipi-azure
timeout: 4h30m0s
- as: e2e-vsphere-ote
run_if_changed: vsphere
steps:
cluster_profile: vsphere-elastic
env:
NETWORK_TYPE: single-tenant
VSPHERE_ADDITIONAL_CLUSTER: "true"
test:
- as: test
cli: latest
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
source $SHARED_DIR/vsphere_context.sh
source $SHARED_DIR/govc.sh
source $SHARED_DIR/additional_cluster.sh

export CLUSTER_NAME=$ADDITIONAL_CLUSTER_NAME
export VSPHERE_API_VIP=$ADDITIONAL_CLUSTER_API_VIP
export VSPHERE_INGRESS_VIP=$ADDITIONAL_CLUSTER_INGRESS_VIP
export VSPHERE_MACHINE_NETWORK=$(<"${SHARED_DIR}"/machinecidr.txt)
export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)

export PLATFORM=vsphere
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
Comment on lines +404 to +427
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Mirror the vsphere-ibmcloud-ci credentials mount from the existing vSphere job.

This OTE variant sources the same vSphere helper scripts as e2e-vsphere, but it omits the extra secret mount that job uses. Without that vault-backed credential, the govc/vSphere setup is likely to fail before the suite even starts.

Suggested fix 
     - as: test
       cli: latest
       commands: |
         export KUBECONFIG="${SHARED_DIR}/kubeconfig"
         source $SHARED_DIR/vsphere_context.sh
         source $SHARED_DIR/govc.sh
         source $SHARED_DIR/additional_cluster.sh
@@
         export PLATFORM=vsphere
         /usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
+      credentials:
+      - mount_path: /var/run/vault/vsphere-ibmcloud-ci
+        name: vsphere-ibmcloud-ci
+        namespace: test-credentials
       dependencies:
       - env: HIVE_IMAGE
         name: hive
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
test:
- as: test
cli: latest
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
source $SHARED_DIR/vsphere_context.sh
source $SHARED_DIR/govc.sh
source $SHARED_DIR/additional_cluster.sh
export CLUSTER_NAME=$ADDITIONAL_CLUSTER_NAME
export VSPHERE_API_VIP=$ADDITIONAL_CLUSTER_API_VIP
export VSPHERE_INGRESS_VIP=$ADDITIONAL_CLUSTER_INGRESS_VIP
export VSPHERE_MACHINE_NETWORK=$(<"${SHARED_DIR}"/machinecidr.txt)
export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)
export PLATFORM=vsphere
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
test:
- as: test
cli: latest
commands: |
export KUBECONFIG="${SHARED_DIR}/kubeconfig"
source $SHARED_DIR/vsphere_context.sh
source $SHARED_DIR/govc.sh
source $SHARED_DIR/additional_cluster.sh
export CLUSTER_NAME=$ADDITIONAL_CLUSTER_NAME
export VSPHERE_API_VIP=$ADDITIONAL_CLUSTER_API_VIP
export VSPHERE_INGRESS_VIP=$ADDITIONAL_CLUSTER_INGRESS_VIP
export VSPHERE_MACHINE_NETWORK=$(<"${SHARED_DIR}"/machinecidr.txt)
export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)
export PLATFORM=vsphere
/usr/bin/openshift-tests-extension run-suite -c 1 openshift/hive -j ${ARTIFACT_DIR}/junit_results.xml
credentials:
- mount_path: /var/run/vault/vsphere-ibmcloud-ci
name: vsphere-ibmcloud-ci
namespace: test-credentials
dependencies:
- env: HIVE_IMAGE
name: hive
- env: RELEASE_IMAGE
name: release:latest
from: hive-tests
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines
404 - 427, The test step is missing the vault-backed credential mount used by
the e2e-vsphere job, which is required by the helper scripts sourced here
(source $SHARED_DIR/vsphere_context.sh and source $SHARED_DIR/govc.sh); add the
same secret/credentials mount as the vsphere-ibmcloud-ci entry in e2e-vsphere to
this test step so the govc/vSphere credentials are available under SHARED_DIR
(mount the secret with the same name and path used by e2e-vsphere), ensuring the
helper scripts can read the creds before running
/usr/bin/openshift-tests-extension.

resources:
requests:
cpu: 100m
timeout: 2h30m0s
workflow: ipi-vsphere
zz_generated_metadata:
branch: master
org: openshift
Expand Down
Loading