RHDH: Add disconnected OCP 4.21 nightly CI jobs (helm + operator)

[zdrapela]

Summary

Add CI jobs that provision a disconnected OCP 4.21 cluster on AWS for RHDH E2E testing in both Helm and Operator deployment modes.

The jobs are not intended to run periodically yet. The cron schedule 0 3 31 12 * / 0 4 31 12 * (Dec 31, which only fires once a year) is a placeholder. The actual periodic schedule will be configured after the disconnected E2E test is developed in the RHDH repo. This PR enables triggering the jobs on-demand on any PR via /test e2e-ocp-disconnected-helm-nightly or /test e2e-ocp-disconnected-operator-nightly.

Jira: https://redhat.atlassian.net/browse/RHIDP-13968

Dependencies

This PR depends on (must merge first):

• api: register aws-rhdh-disconnected cluster profile ci-tools#5205 — adds the aws-rhdh-disconnected cluster profile constant
• Add aws-rhdh-disconnected Boskos lease and secret bootstrap #79749 — adds Boskos quota slices and secret bootstrap for the new profile

RHDH is a layered product and must not use the shared openshift-org-aws profile (core OpenShift AWS budget). These jobs use a dedicated aws-rhdh-disconnected profile with RHDH's own AWS account in us-east-2.

Disconnected vs Air-gapped: What This PR Configures

This PR configures a disconnected environment — not a fully air-gapped one.

Property	This PR (Disconnected)	Air-gapped (Fully Disconnected)
VPC	Private subnets, no NAT gateway	Same
Cluster nodes direct internet	No	No
Squid proxy config	Open — http_access allow authenticated (any destination)	Whitelist-only (proxy-whitelist-enable step) or no proxy
CI pod internet access	Yes — via Squid proxy	No
OCP payload	Mirrored to bastion registry	Same
Default CatalogSources	Disabled	Same
IDMS	Yes (ENABLE_IDMS=yes)	Same

Key distinction: The openshift-e2e-aws-disconnected workflow provisions a VPC where private subnets have no internet route (no NAT gateway). Cluster nodes genuinely cannot reach the internet directly. However, the bastion host sits on the public subnet and runs a Squid proxy (ports 3128/3129) configured with unrestricted http_access allow authenticated — any authenticated request to any destination is forwarded. The CI test pod sources proxy-conf.sh and can reach GitHub, Quay, and any external service through this proxy.

To create a true air-gapped environment, you would add the proxy-whitelist-enable step to restrict the Squid proxy to only essential Red Hat domains (registries, telemetry, cluster apps), blocking all other outbound traffic. This PR does not use that step.

Which mode is more useful for RHDH testing?

Disconnected (this PR) is the right starting point for several reasons:

1. Validates the core customer pain point. The most common "disconnected" RHDH deployment is one where cluster nodes cannot pull from public registries (quay.io, registry.redhat.io) directly — all images must be mirrored and redirected via IDMS/ICSP. This is exactly what this environment provides. The majority of enterprise customers who say "disconnected" mean this scenario, not a fully air-gapped network.

2. Tests the RHDH image mirroring pipeline. The critical thing to validate is that prepare-restricted-environment.sh correctly mirrors all RHDH operator and operand images to the bastion registry, creates the right IDMS rules, and that RHDH starts up pulling exclusively from the mirror. This works identically in both disconnected and air-gapped modes — the cluster nodes behave the same way.

3. Avoids conflating two failure domains. In a true air-gapped setup, the CI test pod itself loses internet access. Any test failure could be caused by either (a) RHDH not working in disconnected mode, or (b) the test harness failing because it can't reach GitHub/Quay/external APIs. Starting with disconnected mode isolates the RHDH-specific failures from test infrastructure issues, making failures actionable.

4. Incremental tightening is straightforward. Once disconnected E2E tests are stable and green, adding the proxy-whitelist-enable step (or proxy-blocklist-enable with specific domains) is a single-line chain addition to create an air-gapped variant. The test code itself may need adjustments (pre-download test fixtures, avoid external API calls), but the CI infrastructure change is minimal.

5. Matches the RHDH airgap documentation. The RHDH airgap docs distinguish "partially disconnected" (host has internet + mirror access) from "fully disconnected" (bastion-only, no internet). This PR's environment maps to the "partially disconnected" scenario, which is the recommended and more common deployment model.

A future air-gapped variant would be valuable for validating that RHDH's offline bundle is truly self-contained (no surprise external calls from plugins, no hardcoded registry references), but it requires the test harness to also work fully offline — a separate effort.

Disconnected Environment Architecture

┌─────────────────────────────────────────────────────────────────────┐
│                        PUBLIC SUBNET                                │
│                                                                     │
│  ┌───────────────────────────────────────────────────────────────┐  │
│  │                      BASTION HOST                             │  │
│  │                                                               │  │
│  │  ┌─────────────────┐  ┌──────────────┐  ┌─────────────────┐  │  │
│  │  │ Mirror Registry │  │ Squid Proxy  │  │  Pull-through   │  │  │
│  │  │   :5000         │  │  :3128/:3129 │  │  quay.io :6001  │  │  │
│  │  │ (Docker Dist v2)│  │  (open)      │  │  brew    :6002  │  │  │
│  │  └─────────────────┘  └──────┬───────┘  └─────────────────┘  │  │
│  │         ▲                    │                                │  │
│  └─────────┼────────────────────┼────────────────────────────────┘  │
│            │                    │                                    │
└────────────┼────────────────────┼────────────────────────────────────┘
             │                    │
             │         ┌──────────┼──────────────────────────────────┐
             │         │          │      PRIVATE SUBNETS             │
             │         │          │      (NO INTERNET)               │
             │         │          ▼                                   │
             │         │  ┌──────────────┐  ┌──────────────────────┐ │
             │         │  │   OCP 4.21   │  │   Worker Nodes       │ │
             │         │  │   Control    │  │                      │ │
             │         │  │   Plane      │  │  Pull images from    │ │
             │         │  │              │  │  bastion:5000 via    │ │
             │         │  │              │  │  IDMS redirect rules │ │
             │         │  └──────────────┘  └──────────────────────┘ │
             │         │                                              │
             │         └──────────────────────────────────────────────┘
             │
    ┌────────┴─────────────────────────────────┐
    │           CI TEST POD                     │
    │       (rhdh-e2e-runner)                   │
    │                                           │
    │  Internet access: via Squid proxy         │
    │  Cluster access:  via Squid proxy → API   │
    │  Mirror registry: direct (bastion:5000)   │
    │                                           │
    │  Has credentials for:                     │
    │  • Mirror registry (vault secret)         │
    │  • Bastion SSH (cluster profile)          │
    │  • Cluster kubeconfig (SHARED_DIR)        │
    │  • RHDH secrets (vault secret)            │
    └───────────────────────────────────────────┘

Data flow

1. Pre phase (ipi-aws-pre-disconnected): Provisions isolated VPC, bastion host with mirror registry + Squid proxy, mirrors OCP release payload to bastion:5000, installs OCP cluster with PUBLISH=Internal and IDMS enabled
2. Test phase: CI pod runs RHDH E2E tests. Pod reaches internet via Squid proxy. Cluster nodes pull images from bastion mirror registry via IDMS redirect rules. The test step has authenticated access to the mirror registry for mirroring RHDH images via prepare-restricted-environment.sh
3. Post phase (ipi-aws-post-disconnected): Destroys cluster, CloudFormation stacks, IAM users, and verifies no AWS resources leaked

Changes

Step Registry (new refs)

• redhat-developer-rhdh-ocp-helm-disconnected-nightly — disconnected test ref for Helm deployment
• redhat-developer-rhdh-ocp-operator-disconnected-nightly — disconnected test ref for Operator deployment (commands.sh is a symlink to Helm variant)
• Both refs mount two vault secrets:
  • rhdh at /tmp/secrets — RHDH-specific credentials
  • openshift-custom-mirror-registry at /var/run/vault/mirror-registry — mirror registry credentials (user/pass, CA cert, upstream registry creds)
• Mirror registry variables (MIRROR_REGISTRY_URL, BASTION_PUBLIC_ADDRESS, BASTION_SSH_USER, MIRROR_REGISTRY_PULL_SECRET, MIRROR_REGISTRY_CA) are exported and authenticated access is verified before test execution

CI Config (redhat-developer-rhdh-main.yaml)

• Add base_images.upi-installer from ocp/4.21 — required by workflow steps (mirror-images-by-oc-adm, ipi-install-install-aws, gather-installer-boostrap-logs-in-bastion) that need the upi-installer image not included in GA release payloads
• Add 2 periodic test entries with placeholder cron (Dec 31):
  • e2e-ocp-disconnected-helm-nightly (cron: 0 3 31 12 *)
  • e2e-ocp-disconnected-operator-nightly (cron: 0 4 31 12 *)
• Both use workflow: openshift-e2e-aws-disconnected, cluster_profile: aws-rhdh-disconnected, ENABLE_IDMS: "yes"
• Post phase: gather-core-dump + ipi-aws-post-disconnected (full AWS teardown) + send-data-router + send-alert

Generated Jobs

• 2 new periodic jobs + 2 new presubmit jobs (optional, always_run: false)

Links

• Slack discussion: https://redhat-internal.slack.com/archives/C055E9HFYGM/p1779788704666139
• RHDH airgap docs: https://github.com/redhat-developer/rhdh-operator/blob/main/.rhdh/docs/airgap.adoc

Docs

• openshift-e2e-aws-disconnected workflow — the workflow these jobs use
• ipi-aws-pre-disconnected chain — VPC + bastion + mirror + install
• ipi-aws-post-disconnected chain — teardown + leak verification
• Add a New Cluster Profile — process followed for the aws-rhdh-disconnected profile
• Adding a New Secret to CI — Vault credential setup (next step after these PRs merge)

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds disconnected (air-gapped) nightly CI for RHDH: bumps release to OpenShift 4.21, registers rhdh with AWS cluster profiles, adds two cron-scheduled disconnected nightly jobs (helm and operator), and supplies step-registry scripts, refs, metadata, and OWNERS symlinks to bootstrap and run tests.

Changes

Disconnected Nightly CI Workflow for RHDH

Layer / File(s)	Summary
Release channel and cluster profile foundation ci-operator/config/redhat-developer/rhdh/redhat-developer-rhdh-main.yaml, ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml	base_images.upi-installer and build_root.releases.latest.release updated to 4.21/stable; rhdh added to redhat-developer repos for aws, aws-2, aws-3, aws-4, aws-5.
Nightly test job definitions ci-operator/config/redhat-developer/rhdh/redhat-developer-rhdh-main.yaml	Adds e2e-ocp-disconnected-helm-nightly and e2e-ocp-disconnected-operator-nightly cron jobs configured with openshift-org-aws profile, ENABLE_IDMS: "yes", post-chain ipi-aws-post-disconnected, and the openshift-e2e-aws-disconnected workflow.
Disconnected helm step-registry ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/..., ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/...	Adds OWNERS symlinks, a comprehensive ...-commands.sh bootstrap script (proxy/mirror handling, kubeconfig rewrite, oc login, node readiness, disconnected verification, optional HTPasswd, service account token, git/image resolution, Quay polling), plus ref YAML and metadata JSON with env overrides and resource requests/limits.
Disconnected operator step-registry ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/...	Operator entrypoints reference the helm commands via symlink, add OWNERS symlinks, and provide operator-specific ref YAML and metadata JSON mirroring helm env overrides and resource constraints.

Sequence Diagram(s)

sequenceDiagram
  participant JobDef as Nightly Job
  participant StepRef as Step Registry Ref
  participant CmdScript as Commands Script
  participant Quay as Quay Registry
  participant Cluster as OpenShift Cluster
  JobDef->>StepRef: schedule/run job (cron/presubmit)
  StepRef->>CmdScript: execute disconnected bootstrap (env overrides + secrets)
  CmdScript->>Quay: poll image/tag (when quay.io)
  CmdScript->>Cluster: oc login -> verify cluster -> run tests

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• RHDH: fix IMAGE_NAME using empty QUAY_REPO instead of IMAGE_REPO #79469

Suggested labels

lgtm, rehearsals-ack

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the primary change: adding two new disconnected OCP 4.21 nightly CI jobs (helm and operator deployment modes) to the RHDH project.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR does not modify any Ginkgo test code; it only changes CI/CD configuration (YAML), shell scripts, and metadata. The check for stable Ginkgo test names is not applicable to this PR.
Test Structure And Quality	✅ Passed	This PR contains CI/CD configuration and infrastructure code (YAML configs, shell scripts, JSON metadata, symlinks) only. No Ginkgo test code or Go test files are present, so the check does not apply.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR; all changes are CI/CD infrastructure (YAML configs, bash scripts, symlinks). The check does not apply.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR adds CI configuration and shell scripts but no Ginkgo e2e tests. The SNO compatibility check applies only to new Go test code, which is not present.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds CI test infrastructure only (step refs, test scripts, configs). No deployment manifests or operator code that could have topology-aware scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	PR adds CI jobs and shell script setup steps, not OTE binaries. OTE stdout contract only applies to Go test binaries (main, init, BeforeSuite, etc.), and this PR contains no such code modifications.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR—only CI infrastructure (configs, bash scripts). Per PR objectives, actual e2e tests follow in later PRs.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ci-operator/config/redhat-developer/rhdh/redhat-developer-rhdh-main.yaml`:
- Around line 166-167: The cron entries in the YAML use "0 3 31 12 *" which
schedules jobs only on December 31; update the cron key(s) in
redhat-developer-rhdh-main.yaml (both occurrences of the cron field) to a
nightly schedule such as "0 3 * * *" (or another preferred hourly/minute
pattern) so the job runs every night at the intended time instead of once per
year.

In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`:
- Around line 186-187: The curl calls that populate GIT_PR_RESPONSE and LONG_SHA
(and other curl usages around the file) lack timeouts and failure handling; wrap
or replace them with a resilient helper (e.g., a function like
call_curl_with_retries) that uses curl options such as --fail --max-time
<seconds> --retry <n> --retry-delay <s> and returns non-zero on failure, then
check the exit status and validate the response before using jq; specifically
update the GIT_PR_RESPONSE assignment and any other direct curl invocations
(references: GIT_PR_RESPONSE, LONG_SHA) to use this helper and add explicit
error handling/logging and a safe exit or retry policy when the request fails or
yields empty/invalid JSON.
- Line 2: Replace the current "set +x" tracing disable with strict shell mode by
changing the script header to enable fail-fast, undefined-var and pipefail
checks (use "set -euo pipefail") and only enable "set -x" temporarily where
tracing is required; update the script's top-level invocation that contains the
"set +x" token so functions and top-level commands (the step script header) run
with strict mode enabled to avoid silently continuing on errors.

In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.yaml`:
- Around line 10-11: The OC_CLIENT_VERSION default is stale—update the default
value for the OC_CLIENT_VERSION variable from "stable-4.17" to "stable-4.21" in
the YAML where OC_CLIENT_VERSION is defined so the step uses the correct OCP
4.21 client by default; ensure the change is applied to the OC_CLIENT_VERSION
entry and that any jobs/overrides that expect a different client still function
(adjust overrides if needed).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2f16c541-d715-4b8f-a148-2d0b130704a5

📥 Commits

Reviewing files that changed from the base of the PR and between 270e89d and 966f831.

⛔ Files ignored due to path filters (2)

• ci-operator/jobs/redhat-developer/rhdh/redhat-developer-rhdh-main-periodics.yaml is excluded by !ci-operator/jobs/**
• ci-operator/jobs/redhat-developer/rhdh/redhat-developer-rhdh-main-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (10)

• ci-operator/config/redhat-developer/rhdh/redhat-developer-rhdh-main.yaml
• ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.yaml
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-commands.sh
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-ref.yaml

[zdrapela]

/pj-rehearse pull-ci-redhat-developer-rhdh-main-e2e-ocp-disconnected-helm-nightly

[openshift-merge-bot]

@zdrapela: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (2)

ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.yaml (1)

10-11: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Update OC_CLIENT_VERSION default to match the 4.21 flow.

At Line 10-11, defaulting to stable-4.17 is stale for this new 4.21 disconnected path and can cause client/server feature drift when no override is provided.

For OpenShift CI step-registry jobs targeting OCP 4.21, what OC_CLIENT_VERSION default is recommended, and is using stable-4.17 considered unsupported or risky?

🔧 Suggested fix

     - name: OC_CLIENT_VERSION
-      default: stable-4.17
+      default: stable-4.21

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.yaml`
around lines 10 - 11, The OC_CLIENT_VERSION default in the job config is stale
(set to stable-4.17) and should be updated to stable-4.21 to match the 4.21
disconnected flow; update the OC_CLIENT_VERSION default value (referencing the
OC_CLIENT_VERSION variable in the YAML) to stable-4.21 so client/server feature
drift is avoided — using stable-4.17 for 4.21 jobs is unsupported/risky and may
cause compatibility issues.

ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh (1)

275-276: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Harden external curl calls with fail/retry/timeout.

At Line 275, Line 338, and Line 369, raw curl -s is used on critical control flow. Transient network/API errors can yield empty/invalid JSON and drive incorrect tag/SHA decisions.

🔧 Suggested fix

+curl_json() {
+  curl -sS --fail --retry 5 --retry-all-errors --retry-delay 3 --connect-timeout 10 --max-time 30 "$1"
+}
...
-    GIT_PR_RESPONSE=$(curl -s "https://api.github.com/repos/${GITHUB_ORG_NAME}/${GITHUB_REPOSITORY_NAME}/pulls/${GIT_PR_NUMBER}")
+    GIT_PR_RESPONSE=$(curl_json "https://api.github.com/repos/${GITHUB_ORG_NAME}/${GITHUB_REPOSITORY_NAME}/pulls/${GIT_PR_NUMBER}")
...
-            response=$(curl -s "https://quay.io/api/v1/repository/${IMAGE_REPO}/tag/?specificTag=$TAG_NAME")
+            response=$(curl_json "https://quay.io/api/v1/repository/${IMAGE_REPO}/tag/?specificTag=${TAG_NAME}")
...
-    IMAGE_SHA=$(curl -s "https://quay.io/api/v1/repository/${IMAGE_REPO}/tag/?specificTag=${TAG_NAME}" | jq -r '.tags[0].manifest_digest')
+    IMAGE_SHA=$(curl_json "https://quay.io/api/v1/repository/${IMAGE_REPO}/tag/?specificTag=${TAG_NAME}" | jq -r '.tags[0].manifest_digest')

Also applies to: 338-341, 369-369

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`
around lines 275 - 276, Harden the raw curl call that sets
GIT_PR_RESPONSE/LONG_SHA by replacing the single-shot `curl -s` with a
retry-and-timeout approach: call curl with --fail, a bounded --max-time, and
retry flags (e.g., --retry, --retry-connrefused, --retry-delay) inside a small
loop or wrapper that retries a few times and exits non-zero if it still returns
empty/invalid JSON; after the curl returns, validate that GIT_PR_RESPONSE is
non-empty and jq parsing of '.head.sha' succeeded before assigning LONG_SHA and
proceeding, and log or fail fast on error so downstream logic cannot use an
invalid SHA.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`:
- Around line 210-213: The current VERIFICATION_FAILED check prints warnings and
continues, allowing false-green runs; update the conditional that checks the
VERIFICATION_FAILED variable (the if [[ "${VERIFICATION_FAILED}" == "true" ]]
block) to exit non-zero when verification fails by replacing the continuing
behavior with an explicit failure (e.g., call exit 1 after logging the warning
messages) so the CI job fails instead of proceeding on a failed disconnected
verification.

In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-ref.yaml`:
- Around line 10-11: Update the OC_CLIENT_VERSION default from stable-4.17 to
stable-4.21 so the oc client matches the OCP 4.21 release under test; locate the
OC_CLIENT_VERSION entry (currently "default: stable-4.17") in the YAML and
change its default value to "stable-4.21".

---

Duplicate comments:
In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`:
- Around line 275-276: Harden the raw curl call that sets
GIT_PR_RESPONSE/LONG_SHA by replacing the single-shot `curl -s` with a
retry-and-timeout approach: call curl with --fail, a bounded --max-time, and
retry flags (e.g., --retry, --retry-connrefused, --retry-delay) inside a small
loop or wrapper that retries a few times and exits non-zero if it still returns
empty/invalid JSON; after the curl returns, validate that GIT_PR_RESPONSE is
non-empty and jq parsing of '.head.sha' succeeded before assigning LONG_SHA and
proceeding, and log or fail fast on error so downstream logic cannot use an
invalid SHA.

In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.yaml`:
- Around line 10-11: The OC_CLIENT_VERSION default in the job config is stale
(set to stable-4.17) and should be updated to stable-4.21 to match the 4.21
disconnected flow; update the OC_CLIENT_VERSION default value (referencing the
OC_CLIENT_VERSION variable in the YAML) to stable-4.21 so client/server feature
drift is avoided — using stable-4.17 for 4.21 jobs is unsupported/risky and may
cause compatibility issues.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 6ac84aea-939f-4060-8fbe-670550a9cfb1

📥 Commits

Reviewing files that changed from the base of the PR and between 966f831 and 2a3013c.

⛔ Files ignored due to path filters (2)

• ci-operator/jobs/redhat-developer/rhdh/redhat-developer-rhdh-main-periodics.yaml is excluded by !ci-operator/jobs/**
• ci-operator/jobs/redhat-developer/rhdh/redhat-developer-rhdh-main-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (12)

• ci-operator/config/redhat-developer/rhdh/redhat-developer-rhdh-main.yaml
• ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.yaml
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-commands.sh
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-ref.yaml

✅ Files skipped from review due to trivial changes (5)

• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-commands.sh
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/OWNERS
• ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml

[zdrapela]

/pj-rehearse pull-ci-redhat-developer-rhdh-main-e2e-ocp-disconnected-helm-nightly

[openshift-merge-bot]

@zdrapela: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh (1)

100-103: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Guard KUBEADMIN_PASSWORD_FILE under set -u (and gate disconnected verification + harden curl).

• Lines 100-103: set -u makes the unguarded "$KUBEADMIN_PASSWORD_FILE" expansion fatal when the var is unset, preventing the ${SHARED_DIR}/kubeadmin-password fallback from running.
• Lines 210-213: disconnected verification failures only print a warning and continue, which can false-green despite VERIFICATION_FAILED=true.
• Lines 275/338/369: curl -s calls lack --fail/timeout/retry, allowing silent bad responses or long hangs in CI.

🔧 Proposed fix

-if [[ -s "$KUBEADMIN_PASSWORD_FILE" ]]; then
-    OPENSHIFT_PASSWORD="$(cat "$KUBEADMIN_PASSWORD_FILE")"
+if [[ -n "${KUBEADMIN_PASSWORD_FILE:-}" && -s "${KUBEADMIN_PASSWORD_FILE}" ]]; then
+    OPENSHIFT_PASSWORD="$(cat "${KUBEADMIN_PASSWORD_FILE}")"
 elif [[ -s "${SHARED_DIR}/kubeadmin-password" ]]; then
     # Recommendation from hypershift qe team in slack channel..
     OPENSHIFT_PASSWORD="$(cat "${SHARED_DIR}/kubeadmin-password")"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`
around lines 100 - 103, The script uses unguarded expansions and weak failure
handling: change the KUBEADMIN_PASSWORD_FILE test to reference a safe default
(e.g. use the parameter expansion pattern like "${KUBEADMIN_PASSWORD_FILE:-}" or
explicitly test -n before using it) so OPENSHIFT_PASSWORD fallback to
"${SHARED_DIR}/kubeadmin-password" works under set -u; make disconnected
verification treat VERIFICATION_FAILED as a hard failure by checking the
VERIFICATION_FAILED flag after verification steps and exiting non-zero (instead
of only printing a warning); and harden all curl invocations that currently use
"curl -s" (the calls around the occurrences you noted) to include --fail, a
connect and total timeout (e.g. --connect-timeout and --max-time) and retry
options (e.g. --retry) and preserve -sS or -s only for quiet output so CI fails
fast on HTTP errors or hangs.

♻️ Duplicate comments (2)

ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh (2)

275-276: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Harden external curl calls with failure/timeout/retry policy.

These calls are on the primary path and currently use curl -s only; transient API/network issues can hang or yield invalid state.

🔧 Proposed fix

+curl_json() {
+    curl -sS --fail --retry 5 --retry-all-errors --retry-delay 5 --connect-timeout 10 --max-time 30 "$1"
+}
+
 ...
-    GIT_PR_RESPONSE=$(curl -s "https://api.github.com/repos/${GITHUB_ORG_NAME}/${GITHUB_REPOSITORY_NAME}/pulls/${GIT_PR_NUMBER}")
+    GIT_PR_RESPONSE=$(curl_json "https://api.github.com/repos/${GITHUB_ORG_NAME}/${GITHUB_REPOSITORY_NAME}/pulls/${GIT_PR_NUMBER}")
 ...
-            response=$(curl -s "https://quay.io/api/v1/repository/${IMAGE_REPO}/tag/?specificTag=$TAG_NAME")
+            response=$(curl_json "https://quay.io/api/v1/repository/${IMAGE_REPO}/tag/?specificTag=${TAG_NAME}")
 ...
-    IMAGE_SHA=$(curl -s "https://quay.io/api/v1/repository/${IMAGE_REPO}/tag/?specificTag=${TAG_NAME}" | jq -r '.tags[0].manifest_digest')
+    IMAGE_SHA=$(curl_json "https://quay.io/api/v1/repository/${IMAGE_REPO}/tag/?specificTag=${TAG_NAME}" | jq -r '.tags[0].manifest_digest')

Also applies to: 338-338, 369-369

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`
around lines 275 - 276, The curl call that sets GIT_PR_RESPONSE (and similar
calls) is currently brittle; harden it by adding a timeout, retry/backoff and
failure handling: invoke curl with connection and max-time options and retry
loops (or use --retry/--retry-delay) and check the HTTP status code and
non-empty response before piping to jq, fail-fast with a clear error message if
the request ultimately fails; update the code paths that assign GIT_PR_RESPONSE
and subsequently LONG_SHA to validate the response (e.g., ensure jq returns a
non-null .head.sha) and exit with a descriptive error if validation fails.

---

210-213: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fail fast when disconnected verification fails.

Line 210 allows execution to continue after failed disconnected checks, which can produce false-green results.

🔧 Proposed fix

 if [[ "${VERIFICATION_FAILED}" == "true" ]]; then
-    echo "WARNING: One or more disconnected environment checks failed. Review the output above."
-    echo "Continuing with test execution — failures may indicate environment misconfiguration."
+    echo "ERROR: One or more disconnected environment checks failed. Aborting."
+    exit 1
 else
     echo "All disconnected environment checks passed."
 fi

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`
around lines 210 - 213, The current if-block that checks the VERIFICATION_FAILED
variable prints warnings but continues; change it to fail fast by replacing the
branch so that when VERIFICATION_FAILED == "true" the script exits with a
non-zero status (e.g., exit 1) after logging the warning, ensuring the
disconnected verification failures stop further test execution; reference the
VERIFICATION_FAILED check and the existing if/else block to locate and update
the behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`:
- Around line 100-103: The script uses unguarded expansions and weak failure
handling: change the KUBEADMIN_PASSWORD_FILE test to reference a safe default
(e.g. use the parameter expansion pattern like "${KUBEADMIN_PASSWORD_FILE:-}" or
explicitly test -n before using it) so OPENSHIFT_PASSWORD fallback to
"${SHARED_DIR}/kubeadmin-password" works under set -u; make disconnected
verification treat VERIFICATION_FAILED as a hard failure by checking the
VERIFICATION_FAILED flag after verification steps and exiting non-zero (instead
of only printing a warning); and harden all curl invocations that currently use
"curl -s" (the calls around the occurrences you noted) to include --fail, a
connect and total timeout (e.g. --connect-timeout and --max-time) and retry
options (e.g. --retry) and preserve -sS or -s only for quiet output so CI fails
fast on HTTP errors or hangs.

---

Duplicate comments:
In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`:
- Around line 275-276: The curl call that sets GIT_PR_RESPONSE (and similar
calls) is currently brittle; harden it by adding a timeout, retry/backoff and
failure handling: invoke curl with connection and max-time options and retry
loops (or use --retry/--retry-delay) and check the HTTP status code and
non-empty response before piping to jq, fail-fast with a clear error message if
the request ultimately fails; update the code paths that assign GIT_PR_RESPONSE
and subsequently LONG_SHA to validate the response (e.g., ensure jq returns a
non-null .head.sha) and exit with a descriptive error if validation fails.
- Around line 210-213: The current if-block that checks the VERIFICATION_FAILED
variable prints warnings but continues; change it to fail fast by replacing the
branch so that when VERIFICATION_FAILED == "true" the script exits with a
non-zero status (e.g., exit 1) after logging the warning, ensuring the
disconnected verification failures stop further test execution; reference the
VERIFICATION_FAILED check and the existing if/else block to locate and update
the behavior.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: ee354e90-a770-4db9-bd2a-ed5dc44cc221

📥 Commits

Reviewing files that changed from the base of the PR and between 2a3013c and 82aa793.

📒 Files selected for processing (13)

• ci-operator/step-registry/redhat-developer/rhdh/ocp/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.yaml
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/nightly/redhat-developer-rhdh-ocp-helm-nightly-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/redhat-developer-rhdh-ocp-helm-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/upgrade/nightly/redhat-developer-rhdh-ocp-helm-upgrade-nightly-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-ref.yaml
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/nightly/redhat-developer-rhdh-ocp-operator-nightly-ref.metadata.json

✅ Files skipped from review due to trivial changes (4)

• ci-operator/step-registry/redhat-developer/rhdh/ocp/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/redhat-developer-rhdh-ocp-helm-ref.metadata.json
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-ref.metadata.json

[zdrapela]

/pj-rehearse pull-ci-redhat-developer-rhdh-main-e2e-ocp-disconnected-helm-nightly

[openshift-merge-bot]

@zdrapela: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh`:
- Around line 54-69: The curl probe currently uses -k which ignores TLS
validation and defeats the MIRROR_REGISTRY_CA export; update the probe to
validate TLS with the mounted CA by replacing -k with --cacert
"${MIRROR_REGISTRY_CA}" (use the MIRROR_REGISTRY_CA variable set from
MIRROR_REGISTRY_CA_FILE) in the curl command that checks
"https://${MIRROR_REGISTRY_URL}/v2/"; ensure the MIRROR_REGISTRY_CA
variable/file (MIRROR_REGISTRY_CA_FILE/MIRROR_REGISTRY_CA) is present before
invoking curl so the probe fails if the CA is missing or invalid.
- Around line 24-58: The script currently converts missing mirror-registry
inputs into empty vars and warnings; instead, detect and fail fast when any
required input is missing: check MIRROR_REGISTRY_URL (from
SHARED_DIR/mirror_registry_url), MIRROR_REGISTRY_CREDS_FILE (registry_creds) and
MIRROR_REGISTRY_CA_FILE (client_ca.crt) and if any is missing or empty, emit a
clear error message referencing MIRROR_REGISTRY_URL, MIRROR_REGISTRY_CREDS_FILE
and MIRROR_REGISTRY_CA_FILE and exit 1; otherwise proceed to create
MIRROR_REGISTRY_PULL_SECRET and export MIRROR_REGISTRY_CA as the existing logic
(keep use of registry_cred, MIRROR_REGISTRY_PULL_SECRET and
CLUSTER_PROFILE_DIR/pull-secret).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 3a16d6c3-c62f-4f1c-9c23-87ccb45ee784

📥 Commits

Reviewing files that changed from the base of the PR and between a0117da and 347381f.

📒 Files selected for processing (3)

• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-commands.sh
• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.yaml
• ci-operator/step-registry/redhat-developer/rhdh/ocp/operator/disconnected/nightly/redhat-developer-rhdh-ocp-operator-disconnected-nightly-ref.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• ci-operator/step-registry/redhat-developer/rhdh/ocp/helm/disconnected/nightly/redhat-developer-rhdh-ocp-helm-disconnected-nightly-ref.yaml

[zdrapela]

/pj-rehearse pull-ci-redhat-developer-rhdh-main-e2e-ocp-disconnected-helm-nightly

[openshift-merge-bot]

@zdrapela: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: zdrapela
Once this PR has been reviewed and has the lgtm label, please assign josephca for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• ci-operator/config/redhat-developer/rhdh/OWNERS
• ci-operator/jobs/redhat-developer/rhdh/OWNERS
• ci-operator/step-registry/redhat-developer/rhdh/ocp/OWNERS [zdrapela]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

@zdrapela, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

could not load configuration from candidate revision of release repo: failed to load ci-operator configuration from release repo: invalid ci-operator config: configuration has 2 errors:

 * tests[5]: invalid cluster profile "aws-rhdh-disconnected"
 * tests[6]: invalid cluster profile "aws-rhdh-disconnected"

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@zdrapela: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/ci-operator-config-metadata	9134fa6	link	true	/test ci-operator-config-metadata
ci/prow/check-gh-automation	9134fa6	link	true	/test check-gh-automation
ci/prow/ci-operator-config	9134fa6	link	true	/test ci-operator-config
ci/prow/openshift-image-mirror-mappings	9134fa6	link	true	/test openshift-image-mirror-mappings
ci/rehearse/redhat-developer/rhdh/main/e2e-ocp-disconnected-helm-nightly	87669c7	link	unknown	/pj-rehearse pull-ci-redhat-developer-rhdh-main-e2e-ocp-disconnected-helm-nightly
ci/prow/generated-config	9134fa6	link	true	/test generated-config
ci/prow/ci-operator-registry	9134fa6	link	true	/test ci-operator-registry

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.