Use aws-stackrox for all CO aws parallel and serial jobs

[rhmdnd]

Extends the cluster profile change from #79978 to the remaining
parallel and serial e2e jobs: e2e-aws-serial, e2e-aws-parallel-arm,
and e2e-aws-serial-arm.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

Summary by CodeRabbit

This PR updates the CI ComplianceAsCode configuration for the compliance-operator (in ci-operator/config/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master.yaml) to align additional AWS e2e jobs with the newer cluster setup.

In practical terms, the AWS e2e jobs are switched to use the aws-stackrox cluster profile instead of quay-aws, and they now set env.BASE_DOMAIN to perfscale.rox.systems instead of quay.devcluster.openshift.com (covering e2e-aws-serial and e2e-aws-serial-arm, and extending the same approach to the ARM AWS e2e variant as part of the full AWS test suite consistency work). The e2e-aws-serial-arm step keeps its existing OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE dependency.

Coordination-wise, the author notes overlap with a related change and plans to rebase once the other PR is merged to avoid conflicts and redundant edits.

[coderabbitai]

Caution

Review failed

An error occurred during the review process. Please try again later.

Walkthrough

The ComplianceAsCode compliance-operator master CI config is updated to use the aws-stackrox cluster profile and perfscale.rox.systems base domain for the e2e-aws-serial and e2e-aws-serial-arm E2E test jobs, replacing the previous quay-aws profile and quay.devcluster.openshift.com domain.

Changes

AWS Cluster Profile Migration

Layer / File(s)	Summary
AWS E2E cluster profile and domain update ci-operator/config/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master.yaml	cluster_profile changed from quay-aws to aws-stackrox and BASE_DOMAIN changed from quay.devcluster.openshift.com to perfscale.rox.systems across the e2e-aws-serial and e2e-aws-serial-arm job blocks.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• openshift/release#80309: Updates AWS Compliance Operator jobs' cluster_profile to aws-stackrox and env.BASE_DOMAIN to perfscale.rox.systems in the same configuration file for other E2E job steps.

Suggested reviewers

• yuumasato

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating AWS CI jobs to use the aws-stackrox cluster profile instead of quay-aws.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only CI configuration YAML files, not Ginkgo test code. The custom check for stable test names applies to test code, not CI config metadata. No Ginkgo tests are modified.
Test Structure And Quality	✅ Passed	The PR modifies CI configuration YAML files, not Ginkgo test code. The custom check (review of Ginkgo test code quality: single responsibility, setup/cleanup, timeouts, assertion messages, consiste...
Microshift Test Compatibility	✅ Passed	This PR modifies only CI configuration (YAML file) for the compliance-operator repository's CI/CD setup. It changes cluster profiles and base domains for AWS e2e test jobs, but does NOT add any new...
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR modifies CI configuration (YAML) for existing e2e test jobs, not new Ginkgo tests. The check is only applicable when new tests with Ginkgo's It(), Describe(), Context(), etc. are added; thi...
Topology-Aware Scheduling Compatibility	✅ Passed	This PR only modifies CI test configuration (cluster profile and environment variables), not deployment manifests, operator code, or controllers. The check for topology-aware scheduling is not appl...
Ote Binary Stdout Contract	✅ Passed	PR modifies only YAML CI configuration files, not OTE binary or test suite source code, making the OTE Binary Stdout Contract check inapplicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only modifies CI configuration (cluster profile and BASE_DOMAIN settings), not test code. No new Ginkgo e2e tests are added, so IPv6/disconnected compatibility check is not applicable.
No-Weak-Crypto	✅ Passed	This PR modifies only CI/CD configuration (cluster profiles and domain names), not cryptographic code. No weak crypto patterns detected.
Container-Privileges	✅ Passed	PR modifies only CI operator config (cluster profiles and BASE_DOMAIN settings). No container security specs, privileged configs, hostPID/Network/IPC, SYS_ADMIN capabilities, or root privilege esca...
No-Sensitive-Data-In-Logs	✅ Passed	No sensitive data (passwords, tokens, API keys, PII, or credentials) found in the PR changes to the CI operator configuration file.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[rhmdnd]

cc: @davdhacs for awareness

[rhmdnd]

@vickeybrown already has a PR for some of this in #80309 - merging that and then I'll rebase.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@rhmdnd: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-ComplianceAsCode-compliance-operator-master-e2e-aws-serial	ComplianceAsCode/compliance-operator	presubmit	Ci-operator config changed
pull-ci-ComplianceAsCode-compliance-operator-master-e2e-aws-serial-arm	ComplianceAsCode/compliance-operator	presubmit	Ci-operator config changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[vickeybrown]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rhmdnd, vickeybrown

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/ComplianceAsCode/compliance-operator/OWNERS [rhmdnd]
• ci-operator/jobs/ComplianceAsCode/compliance-operator/OWNERS [rhmdnd]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vickeybrown]

/pj-rehearse

[openshift-merge-bot]

@vickeybrown: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@rhmdnd: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.