DNM: Test openshift/cluster-capi-operator#527 with aws-disconnected

[mdbooth]

• Add openshift-e2e-aws-disconnected workflow
• DNM: test disconnected job with OCPCLOUD-3429: Mount provider images with image volumes cluster-capi-operator#527

Summary by CodeRabbit

• New Features

  • Added an optional TechPreview disconnected AWS Cluster API E2E pipeline, plus a CI presubmit to run it.
  • Added a disconnected AWS workflow with pre-install provisioning (bastion/mirroring), E2E tests, artifact gathering, and automated deprovisioning.

• Refactor

  • Improved credential handling for AWS provisioning to use raw credential fields.

• Chores

  • Added ownership/metadata entries for new steps and workflows; pipeline skips runs for docs/license/manifest/OWNERS-only changes.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds an optional TechPreview disconnected AWS CAPI E2E pipeline and presubmit, plus new pre/post disconnected step-registry chains, a disconnected E2E workflow with metadata/OWNERS files, and changes secret creation for AWS CCO manual-users to use raw stringData and include an INI-format credentials field.

Changes

Cohort / File(s)	Summary
Pipeline & Presubmit ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml, ci-operator/jobs/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main-presubmits.yaml	Adds optional e2e-aws-capi-disconnected-techpreview pipeline and matching presubmit pull-ci-openshift-cluster-capi-operator-main-e2e-aws-capi-disconnected-techpreview. Configures TechPreview release override, ENABLE_IDMS, FEATURE_SET=TechPreviewNoUpgrade, observers-resource-watch, proxy sourcing in test command, disconnected workflow openshift-e2e-aws-disconnected, AWS labels/volumes/credentials, skip-on-docs-only rules, and job trigger/timeout settings.
Pre-disconnected step-registry ci-operator/step-registry/ipi/aws/pre/disconnected/ipi-aws-pre-disconnected-chain.yaml, .../ipi-aws-pre-disconnected-chain.metadata.json, .../OWNERS	Adds ipi-aws-pre-disconnected chain to provision disconnected VPC/bastion, mirror payload, handle manual credentials/CCO users, patch OperatorHub, install cluster, wait for nodes, run validations; includes metadata and OWNERS.
Post-disconnected step-registry ci-operator/step-registry/ipi/aws/post/disconnected/ipi-aws-post-disconnected-chain.yaml, .../ipi-aws-post-disconnected-chain.metadata.json, .../OWNERS	Adds ipi-aws-post-disconnected chain to gather console/installer/bastion artifacts, mirror registry artifacts, then deprovision bastion, CFN stacks, security groups, IAM users/policies and continue deprovision flow; includes metadata and OWNERS.
Disconnected E2E workflow ci-operator/step-registry/openshift/e2e/aws/disconnected/openshift-e2e-aws-disconnected-workflow.yaml, .../openshift-e2e-aws-disconnected-workflow.metadata.json, .../OWNERS	Adds openshift-e2e-aws-disconnected workflow: runs ipi-aws-pre-disconnected → openshift-e2e-test → post steps (gather-core-dump, ipi-aws-post-disconnected) with allow_best_effort_post_steps: true; includes metadata and OWNERS.
AWS CCO manual-users script ci-operator/step-registry/aws/provision/cco-manual-users/static/aws-provision-cco-manual-users-static-commands.sh	Modifies secret creation to use stringData with raw AWS access key/secret (removes base64 helper and changes function signature), and adds a credentials INI-format field to the Secret payload.
Step-registry metadata/OWNERS additions multiple OWNERS and .metadata.json files under ci-operator/step-registry/.../disconnected	Adds metadata and OWNERS entries referencing new chain/workflow YAMLs, assigning approvers mdbooth and theobarberbany.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Presubmit as "Presubmit Job"
  participant CI as "ci-operator"
  participant Pre as "ipi-aws-pre-disconnected"
  participant Test as "openshift-e2e-test"
  participant Post as "ipi-aws-post-disconnected"
  participant AWS as "AWS (VPC/CFN/IAM)"

  Presubmit->>CI: trigger e2e-aws-capi-disconnected-techpreview
  CI->>Pre: run pre-disconnected chain (provision VPC, bastion, mirror)
  Pre->>AWS: create VPC, bastion, mirror artifacts
  CI->>Test: run openshift-e2e-test (TechPreview settings)
  Test->>CI: deliver test results & artifacts
  CI->>Post: run post-disconnected chain (gather & deprovision)
  Post->>AWS: teardown bastion, CFN stacks, SGs, IAM
  Post->>CI: upload post artifacts & finish

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	Title uses 'DNM' prefix indicating draft/work-in-progress status and references a specific upstream issue, but is partially vague with 'aws-disconnected' not clearly conveying the primary change of adding a disconnected AWS workflow.	Consider a more descriptive title like 'Add openshift-e2e-aws-disconnected workflow for disconnected AWS testing' to better communicate the main change, or clarify the intent given the DNM/draft status.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only CI/CD configuration files (YAML), job definitions, and bash scripts without any Ginkgo test code or test name definitions.
Test Structure And Quality	✅ Passed	This pull request does not contain any Ginkgo test code. The modifications consist exclusively of CI operator configuration files, step-registry workflow definitions, shell scripts, OWNERS files, and metadata JSON files.
Microshift Test Compatibility	✅ Passed	PR adds CI/CD infrastructure files (YAML workflow/chain definitions) that orchestrate existing test steps, not new Ginkgo e2e tests.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests. The changes consist entirely of CI/CD infrastructure files (YAML, shell scripts) without new test code.
Topology-Aware Scheduling Compatibility	✅ Passed	PR contains only CI/CD infrastructure and provisioning scripts; no Kubernetes workload definitions or scheduling constraints affecting non-standard topologies.
Ote Binary Stdout Contract	✅ Passed	PR only modifies CI/CD configuration files, OWNERS files, and shell scripts; no Go test code or OTE-related test sources modified, so stdout contract check is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR adds only CI infrastructure configuration files without new Ginkgo e2e test definitions.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mdbooth]

/pj-rehearse

[openshift-merge-bot]

@mdbooth: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml`:
- Line 126: Remove the hard-coded ephemeral CI payload by deleting the
CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE assignment that points to
registry.build10.ci.openshift.org/ci-ln-8941v02/release:latest; instead, wire
the release image via a stable dependency or parameterized env var (e.g., use
the job's release-image dependency or a configured RELEASE_IMAGE variable) so
the pipeline does not rely on a transient ci-ln-* tag before un-DNM/merge.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c281f6c6-ceb7-4daa-b5a0-f13758f11743

📥 Commits

Reviewing files that changed from the base of the PR and between 79fdab7 and b05477f.

📒 Files selected for processing (11)

• ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml
• ci-operator/jobs/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main-presubmits.yaml
• ci-operator/step-registry/ipi/aws/post/disconnected/OWNERS
• ci-operator/step-registry/ipi/aws/post/disconnected/ipi-aws-post-disconnected-chain.metadata.json
• ci-operator/step-registry/ipi/aws/post/disconnected/ipi-aws-post-disconnected-chain.yaml
• ci-operator/step-registry/ipi/aws/pre/disconnected/OWNERS
• ci-operator/step-registry/ipi/aws/pre/disconnected/ipi-aws-pre-disconnected-chain.metadata.json
• ci-operator/step-registry/ipi/aws/pre/disconnected/ipi-aws-pre-disconnected-chain.yaml
• ci-operator/step-registry/openshift/e2e/aws/disconnected/OWNERS
• ci-operator/step-registry/openshift/e2e/aws/disconnected/openshift-e2e-aws-disconnected-workflow.metadata.json
• ci-operator/step-registry/openshift/e2e/aws/disconnected/openshift-e2e-aws-disconnected-workflow.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid persisting an ephemeral ci-ln-* release override.

Line 126 hard-codes CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to a transient ci-ln payload. Once that namespace/tag is pruned, this job becomes stale/flaky. Please remove this before un-DNM/merge, or wire the release image via a stable dependency source instead.

Suggested minimal fix

     env:
-      CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: registry.build10.ci.openshift.org/ci-ln-8941v02/release:latest
       ENABLE_IDMS: "yes"
       FEATURE_SET: TechPreviewNoUpgrade

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml`
at line 126, Remove the hard-coded ephemeral CI payload by deleting the
CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE assignment that points to
registry.build10.ci.openshift.org/ci-ln-8941v02/release:latest; instead, wire
the release image via a stable dependency or parameterized env var (e.g., use
the job's release-image dependency or a configured RELEASE_IMAGE variable) so
the pipeline does not rely on a transient ci-ln-* tag before un-DNM/merge.

[mdbooth]

/pj-rehearse

[openshift-merge-bot]

@mdbooth: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

♻️ Duplicate comments (1)

ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml (1)

126-126: ⚠️ Potential issue | 🟠 Major

Remove the ephemeral ci-ln-* release override before un-DNM/merge.

CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE is pinned to a transient ci-ln payload. Once pruned, this job becomes stale/flaky. Keep this only for short-lived rehearsal and remove it (or source from a stable release dependency) before merging.

Suggested minimal fix

     env:
-      CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: registry.build10.ci.openshift.org/ci-ln-cc01ll2/release:latest
       ENABLE_IDMS: "yes"
       FEATURE_SET: TechPreviewNoUpgrade

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml`
at line 126, CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE is currently set to
a transient ci-ln-* release image; remove this ephemeral override (delete the
CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE line) or replace it with a
stable release reference (e.g., source from the job's release dependency or a
stable release image variable) so the job does not rely on a short-lived ci-ln
payload before un-DNM/merge.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml`:
- Line 126: CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE is currently set to
a transient ci-ln-* release image; remove this ephemeral override (delete the
CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE line) or replace it with a
stable release reference (e.g., source from the job's release dependency or a
stable release image variable) so the job does not rely on a short-lived ci-ln
payload before un-DNM/merge.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 95090fbf-433c-42b9-b3c9-f2213c01ac56

📥 Commits

Reviewing files that changed from the base of the PR and between b05477f and 80c0f73.

📒 Files selected for processing (1)

• ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml

[mdbooth]

/pj-rehearse

[openshift-merge-bot]

@mdbooth: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

♻️ Duplicate comments (1)

ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml (1)

126-126: ⚠️ Potential issue | 🟠 Major

Remove ephemeral ci-ln-* release override before this is mergeable.

Line 126 hard-codes a transient payload (ci-ln-cc01ll2). Once pruned, this job will become stale/flaky. Please drop this override (or wire a stable dependency-driven image) before removing DNM/WIP.

Suggested minimal change

     env:
-      CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: registry.build10.ci.openshift.org/ci-ln-cc01ll2/release:latest
       ENABLE_IDMS: "yes"
       FEATURE_SET: TechPreviewNoUpgrade

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml`
at line 126, Remove the ephemeral hard-coded release override by deleting the
CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE entry that sets
"registry.build10.ci.openshift.org/ci-ln-cc01ll2/release:latest" (or replace it
with a stable dependency-driven image reference); update the job spec that
defines CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE so it no longer
references the transient "ci-ln-cc01ll2" payload, or wire it to a stable release
image variable instead.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml`:
- Line 126: Remove the ephemeral hard-coded release override by deleting the
CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE entry that sets
"registry.build10.ci.openshift.org/ci-ln-cc01ll2/release:latest" (or replace it
with a stable dependency-driven image reference); update the job spec that
defines CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE so it no longer
references the transient "ci-ln-cc01ll2" payload, or wire it to a stable release
image variable instead.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: d6d96380-d408-40b5-b465-540fecbaf615

📥 Commits

Reviewing files that changed from the base of the PR and between 80c0f73 and a6b7068.

📒 Files selected for processing (1)

• ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mdbooth
Once this PR has been reviewed and has the lgtm label, please assign dgoodwin for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/cluster-capi-operator/OWNERS [mdbooth]
• ci-operator/jobs/openshift/cluster-capi-operator/OWNERS [mdbooth]
• ci-operator/step-registry/aws/OWNERS
• ci-operator/step-registry/ipi/OWNERS
• ci-operator/step-registry/openshift/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ci-operator/step-registry/aws/provision/cco-manual-users/static/aws-provision-cco-manual-users-static-commands.sh`:
- Line 67: The heredoc redirection uses an unquoted variable (cat <<EOF
>${output_file}) which can break if output_file contains spaces; update the
redirection to quote the variable (use >"${output_file}") so the heredoc writes
safely to paths with whitespace while keeping the rest of the heredoc unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4f763c34-4c4e-46c0-9ccb-18ff4cd0b5d2

📥 Commits

Reviewing files that changed from the base of the PR and between a6b7068 and c158b93.

📒 Files selected for processing (12)

• ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml
• ci-operator/jobs/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main-presubmits.yaml
• ci-operator/step-registry/aws/provision/cco-manual-users/static/aws-provision-cco-manual-users-static-commands.sh
• ci-operator/step-registry/ipi/aws/post/disconnected/OWNERS
• ci-operator/step-registry/ipi/aws/post/disconnected/ipi-aws-post-disconnected-chain.metadata.json
• ci-operator/step-registry/ipi/aws/post/disconnected/ipi-aws-post-disconnected-chain.yaml
• ci-operator/step-registry/ipi/aws/pre/disconnected/OWNERS
• ci-operator/step-registry/ipi/aws/pre/disconnected/ipi-aws-pre-disconnected-chain.metadata.json
• ci-operator/step-registry/ipi/aws/pre/disconnected/ipi-aws-pre-disconnected-chain.yaml
• ci-operator/step-registry/openshift/e2e/aws/disconnected/OWNERS
• ci-operator/step-registry/openshift/e2e/aws/disconnected/openshift-e2e-aws-disconnected-workflow.metadata.json
• ci-operator/step-registry/openshift/e2e/aws/disconnected/openshift-e2e-aws-disconnected-workflow.yaml

✅ Files skipped from review due to trivial changes (6)

• ci-operator/step-registry/ipi/aws/post/disconnected/ipi-aws-post-disconnected-chain.metadata.json
• ci-operator/step-registry/openshift/e2e/aws/disconnected/openshift-e2e-aws-disconnected-workflow.metadata.json
• ci-operator/step-registry/ipi/aws/pre/disconnected/OWNERS
• ci-operator/step-registry/openshift/e2e/aws/disconnected/OWNERS
• ci-operator/step-registry/ipi/aws/pre/disconnected/ipi-aws-pre-disconnected-chain.metadata.json
• ci-operator/step-registry/openshift/e2e/aws/disconnected/openshift-e2e-aws-disconnected-workflow.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

• ci-operator/step-registry/ipi/aws/post/disconnected/OWNERS
• ci-operator/step-registry/ipi/aws/post/disconnected/ipi-aws-post-disconnected-chain.yaml
• ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml

[coderabbitai]

♻️ Duplicate comments (1)

ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml (1)

126-126: ⚠️ Potential issue | 🟠 Major

Remove transient ci-ln-* release override before un-DNM.

Line 126 hard-codes CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to an ephemeral ci-ln payload (ci-ln-d906xw2). Once that payload is pruned, this job can become stale/flaky. Please wire the release image via a stable dependency/parameter before merge.

Suggested minimal fix

     env:
-      CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: registry.build10.ci.openshift.org/ci-ln-d906xw2/release:latest
       ENABLE_IDMS: "yes"
       FEATURE_SET: TechPreviewNoUpgrade

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml`
at line 126, The job hard-codes CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE
to a transient ci-ln payload (CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE:
registry.build10.ci.openshift.org/ci-ln-d906xw2/release:latest); remove this
literal and instead source the release image via a stable parameter or
dependency (e.g., a job parameter like RELEASE_IMAGE or an exported dependency
in the ci-operator config/releases section) so the pipeline injects the correct,
long-lived payload at runtime; update the job to reference that parameter
(replace the hardcoded value with the parameter name) and ensure the pipeline
that triggers this job supplies the stable release image.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml`:
- Line 126: The job hard-codes CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE
to a transient ci-ln payload (CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE:
registry.build10.ci.openshift.org/ci-ln-d906xw2/release:latest); remove this
literal and instead source the release image via a stable parameter or
dependency (e.g., a job parameter like RELEASE_IMAGE or an exported dependency
in the ci-operator config/releases section) so the pipeline injects the correct,
long-lived payload at runtime; update the job to reference that parameter
(replace the hardcoded value with the parameter name) and ensure the pipeline
that triggers this job supplies the stable release image.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f7c1ce7d-dd38-41fc-9ad6-8dbfec37daa0

📥 Commits

Reviewing files that changed from the base of the PR and between c158b93 and 8f63bf5.

📒 Files selected for processing (1)

• ci-operator/config/openshift/cluster-capi-operator/openshift-cluster-capi-operator-main.yaml

[mdbooth]

/pj-rehearse pull-ci-openshift-cluster-capi-operator-main-e2e-aws-capi-disconnected-techpreview

[openshift-merge-bot]

@mdbooth: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[mdbooth]

/pj-rehearse pull-ci-openshift-cluster-capi-operator-main-e2e-aws-capi-disconnected-techpreview

[openshift-merge-bot]

@mdbooth: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[mdbooth]

/pj-rehearse pull-ci-openshift-cluster-capi-operator-main-e2e-aws-capi-disconnected-techpreview

[openshift-merge-bot]

@mdbooth: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[mdbooth]

/pj-rehearse pull-ci-openshift-cluster-capi-operator-main-e2e-aws-capi-disconnected-techpreview

[openshift-merge-bot]

@mdbooth: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[mdbooth]

/pj-rehearse pull-ci-openshift-cluster-capi-operator-main-e2e-aws-capi-disconnected-techpreview

[openshift-merge-bot]

@mdbooth: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@mdbooth: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-cluster-capi-operator-main-e2e-aws-capi-disconnected-techpreview	openshift/cluster-capi-operator	presubmit	Presubmit changed
periodic-ci-openshift-openshift-tests-private-release-4.18-multi-stable-aws-ipi-disc-priv-arm-mixarch-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-release-main-nightly-4.20-e2e-aws-ovn-ha-cert-rotation-suspend-30d	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.14-amd64-nightly-aws-ipi-disc-priv-workers-rhcos-rhel8-f60	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.21-arm64-nightly-aws-ipi-disc-priv-tp-f28-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.17-amd64-stable-4.17-upgrade-from-stable-4.16-aws-ipi-disc-priv-localzone-fips-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.17-arm64-nightly-aws-ipi-disc-priv-tp-f28-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.20-arm64-nightly-aws-ipi-disc-priv-tp-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.15-amd64-nightly-aws-ipi-disc-priv-f60-longrun-ota	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.13-amd64-nightly-aws-ipi-disc-priv-sdn-rhcos-rhel8-f60-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.14-amd64-nightly-aws-ipi-disc-priv-localzone-fips-f60-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.16-multi-stable-aws-ipi-disc-priv-arm-mixarch-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.21-arm64-nightly-4.21-upgrade-from-stable-4.20-aws-ipi-disc-priv-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-5.0-arm64-nightly-aws-ipi-disc-priv-tp-f28-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.18-amd64-nightly-aws-ipi-disc-priv-localzone-fips-f28-destructive	N/A	periodic	Registry content changed
periodic-ci-quay-quay-tests-master-omr-ocp421-unreleased-quay-omr-tests-omr-ocp421-disconnected-unreleased	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-5.0-multi-nightly-aws-eusc-ipi-disc-priv-tp-amd-f28-destructive	N/A	periodic	Registry content changed
periodic-ci-quay-quay-tests-master-omr-ocp417-quay-omr-tests-omr-ocp417-disconnected	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.15-amd64-nightly-aws-usgov-ipi-disc-priv-f60-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.14-amd64-nightly-aws-ipi-disc-priv-sdn-rhcos-rhel8-f60-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.20-arm64-nightly-4.20-upgrade-from-stable-4.20-aws-ipi-disc-priv-tp-f60	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.20-amd64-nightly-aws-usgov-ipi-disc-priv-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-4.22-upgrade-from-stable-4.21-aws-ipi-disc-priv-localzone-fips-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.22-multi-stable-aws-ipi-disc-priv-arm-mixarch-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-disc-priv-localzone-fips-f28-destructive	N/A	periodic	Registry content changed

A total of 251 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@mdbooth: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[mdbooth]

This has served its purpose (getting a successful test run). Closing as the fixes can be merged into #77922