INTEROP-8979: Wire Slack webhook into firewatch-report-issues step

[amp-rh]

Summary

• Mount firewatch-slack-notify-webhook-url secret at /tmp/secrets/slack in the firewatch-report-issues step
• Read /tmp/secrets/slack/url and export as $SLACK_WEBHOOK_URL before running firewatch report
• Add SLACK_WEBHOOK_URL env var declaration to the step ref
• Add minimal test config (RedHatQE-firewatch-main__slack-webhook-test.yaml) to verify end-to-end webhook delivery

Dependencies

Requires firewatch PR: RedHatQE/firewatch#274

Prerequisites

• Create firewatch-slack-notify-webhook-url secret in test-credentials namespace with key url

Test plan

• Rehearse slack-webhook-test job from this PR
• Verify firewatch posts a Slack notification to the configured webhook
• Confirm no impact to existing firewatch-report-issues consumers (webhook is opt-in via secret)

Relates: https://issues.redhat.com/browse/INTEROP-8979

Summary by CodeRabbit

• New Features

  • New scheduled CI workflow for nightly testing and metadata recording ("slack-webhook-test").
  • Enhanced issue reporting to optionally send Slack notifications using a mounted secret and webhook URL env var.
  • Added a CLI-based test step that triggers webhook handling to validate notifications.

• Chores

  • Minor CI profile and credential configuration cleanups (cluster profile update and credential namespace adjustments).

[openshift-ci-robot]

@amp-rh: This pull request references INTEROP-8979 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• Mount firewatch-slack-notify-webhook-url secret at /tmp/secrets/slack in the firewatch-report-issues step
• Read /tmp/secrets/slack/url and export as $SLACK_WEBHOOK_URL before running firewatch report
• Add SLACK_WEBHOOK_URL env var declaration to the step ref
• Add minimal test config (RedHatQE-firewatch-main__slack-webhook-test.yaml) to verify end-to-end webhook delivery

Dependencies

Requires firewatch PR: RedHatQE/firewatch#274

Prerequisites

• Create firewatch-slack-notify-webhook-url secret in test-credentials namespace with key url

Test plan

• Rehearse slack-webhook-test job from this PR
• Verify firewatch posts a Slack notification to the configured webhook
• Confirm no impact to existing firewatch-report-issues consumers (webhook is opt-in via secret)

Relates: https://issues.redhat.com/browse/INTEROP-8979

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[amp-rh]

/pj-rehearse periodic-ci-RedHatQE-firewatch-main-slack-webhook-test-slack-webhook-test

[openshift-merge-bot]

@amp-rh: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Warning

Rate limit exceeded

@amp-rh has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 21 minutes and 9 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2ae50144-2b06-4d18-91d0-a4bd19735afe

📥 Commits

Reviewing files that changed from the base of the PR and between 1a1b403 and e6707ba.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/RedHatQE/firewatch/RedHatQE-firewatch-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (20)

• ci-operator/config/RedHatQE/firewatch/RedHatQE-firewatch-main__slack-webhook-test.yaml
• ci-operator/config/openshift/ci-tools/openshift-ci-tools-main.yaml
• ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml
• ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh
• ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-ref.yaml
• cluster-profile-set-details.json
• core-services/prow/02_config/openshift-eng/olm-team-ai-helpers/_pluginconfig.yaml
• core-services/prow/02_config/openshift-eng/openshift-tests-extension/_pluginconfig.yaml
• core-services/prow/02_config/openshift-eng/ota-tools/_pluginconfig.yaml
• core-services/prow/02_config/openshift-online/aws-nuke-cf/_pluginconfig.yaml
• core-services/prow/02_config/openshift-priv/ansible-ocp-networking-migration-rollback/_pluginconfig.yaml
• core-services/prow/02_config/openshift-priv/community.okd/_pluginconfig.yaml
• core-services/prow/02_config/openshift-priv/installer-aro/_pluginconfig.yaml
• core-services/prow/02_config/openshift-priv/kueue-operator/_pluginconfig.yaml
• core-services/prow/02_config/openshift-priv/lightspeed-service/_pluginconfig.yaml
• core-services/prow/02_config/openshift-priv/lvm-driver/_pluginconfig.yaml
• core-services/prow/02_config/openshift-priv/osd-example-operator/_pluginconfig.yaml
• core-services/prow/02_config/osac-project/fulfillment-cli/_pluginconfig.yaml
• core-services/prow/02_config/osac-project/osac-templates/_pluginconfig.yaml
• core-services/prow/02_config/smg247/ai-pr-timeline/_pluginconfig.yaml

Walkthrough

Adds a new Firewatch CI config variant to test Slack webhook notifications, updates the firewatch report-issues step to optionally load a mounted Slack webhook secret and export SLACK_WEBHOOK_URL, allows the firewatch repo in an AWS cluster profile, and removes empty namespace fields from two credential mounts in an openshift ci-tools config.

Changes

Cohort / File(s)	Summary
Slack Webhook Test Configuration ci-operator/config/RedHatQE/firewatch/RedHatQE-firewatch-main__slack-webhook-test.yaml	New CI Operator config: cron slack-webhook-test variant with CLI/base image and release settings, default resource requests, cluster profile, env vars (BASE_DOMAIN, FIREWATCH_CONFIG, Jira defaults), workflow steps and metadata.
Firewatch report-issues step ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh, ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-ref.yaml	Script conditionally reads /tmp/secrets/slack/url and exports SLACK_WEBHOOK_URL when present. Ref mounts firewatch-slack-notify-webhook-url at /tmp/secrets/slack and adds SLACK_WEBHOOK_URL env var (default "").
Cluster profile allowlist ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml	Adds firewatch to repos for RedHatQE owner under the aws-cspi-qe cluster profile.
Openshift ci-tools credential mounts ci-operator/config/openshift/ci-tools/openshift-ci-tools-main.yaml	Removed empty namespace fields from two credential mount definitions (GSM e2e service account key and Snyk API token).

Sequence Diagram(s)

sequenceDiagram
  participant CI as CI Job
  participant Step as firewatch-report step
  participant CLI as Firewatch CLI
  participant Jira as Jira API
  participant Slack as Slack Webhook

  CI->>Step: start report-issues step (env + mounted secrets)
  Step->>Step: if `/tmp/secrets/slack/url` exists -> read & export SLACK_WEBHOOK_URL
  Step->>CLI: run `firewatch report` (env/FIREWATCH_CONFIG)
  CLI->>Jira: create/annotate issue per config
  CLI->>Slack: POST to SLACK_WEBHOOK_URL (if set)
  Slack-->>CLI: response
  Jira-->>CLI: response
  CLI-->>Step: exit/status

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change—wiring a Slack webhook into the firewatch-report-issues step—with a clear reference to the related Jira ticket (INTEROP-8979).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR only modifies CI operator configuration files (YAML) and shell scripts. No Go test files with Ginkgo tests are added or modified, so the check is not applicable.
Test Structure And Quality	✅ Passed	This pull request does not contain any Ginkgo test code requiring review. Changes consist of YAML configurations and shell scripts only.
Microshift Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests. The modified files are CI operator configuration files (YAML format), shell scripts for step registry commands, and cluster profile configurations. The check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests; changes are only CI/CD configuration and shell scripts.
Topology-Aware Scheduling Compatibility	✅ Passed	The PR modifies only CI operator configuration files without scheduling constraints incompatible with SNO, Two-Node, or HyperShift topologies.
Ote Binary Stdout Contract	✅ Passed	PR contains only YAML CI configs and bash orchestration script; no OTE binary or Go test code present that could violate stdout contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR does not introduce any new Ginkgo e2e tests, only CI/CD configuration and shell scripts.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-merge-bot]

@amp-rh: job(s): periodic-ci-RedHatQE-firewatch-main-slack-webhook-test-slack-webhook-test either don't exist or were not found to be affected, and cannot be rehearsed

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh (1)

45-47: Minor: split export from command substitution to avoid masking errors.

Per ShellCheck SC2155, export VAR=$(cmd) masks the exit status of cmd, so a failed cat here would not trigger errexit. In practice the preceding [ -f ] check makes this very unlikely to matter, but splitting the two statements is the idiomatic fix and costs nothing.

♻️ Proposed tweak

 if [ -f /tmp/secrets/slack/url ]; then
-    export SLACK_WEBHOOK_URL=$(cat /tmp/secrets/slack/url)
+    SLACK_WEBHOOK_URL=$(cat /tmp/secrets/slack/url)
+    export SLACK_WEBHOOK_URL
 fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh`
around lines 45 - 47, Split the combined export and command substitution so the
exit status of cat isn't masked: assign SLACK_WEBHOOK_URL using command
substitution first (e.g., SLACK_WEBHOOK_URL=$(cat /tmp/secrets/slack/url)) and
then run export SLACK_WEBHOOK_URL separately; keep the existing file-existence
guard around the assignment (the symbols to change are SLACK_WEBHOOK_URL and the
cat /tmp/secrets/slack/url command).

ci-operator/config/RedHatQE/firewatch/RedHatQE-firewatch-main__slack-webhook-test.yaml (1)

28-31: Heavy ipi-install chain for a Slack-webhook-only test.

Provisioning a full IPI AWS cluster in pre just to run an echo and then the post firewatch-report step is expensive for what is effectively a webhook-delivery smoke test. If the goal is only to verify firewatch-report-issues posts to Slack, consider dropping the cluster provisioning and using a lightweight workflow so the rehearsal is cheap and fast. If cluster context is required by firewatch report, please ignore.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/config/RedHatQE/firewatch/RedHatQE-firewatch-main__slack-webhook-test.yaml`
around lines 28 - 31, The pre-step currently includes a heavy cluster
provisioning chain ("chain: ipi-install") alongside "ref: ipi-conf" and "ref:
ipi-conf-aws", which makes this Slack-webhook smoke test expensive; remove or
replace "chain: ipi-install" with a lightweight/no-op pre-chain (or omit it
entirely) so the job only runs the minimal refs required, keeping "ref:
ipi-conf"/"ref: ipi-conf-aws" if they are needed for configuration or else drop
them and ensure the post step still invokes "firewatch-report-issues" as
intended; if "firewatch-report-issues" truly requires cluster context, leave
provisioning but otherwise remove "ipi-install" to make the rehearsal cheap and
fast.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ci-operator/config/RedHatQE/firewatch/RedHatQE-firewatch-main__slack-webhook-test.yaml`:
- Around line 18-25: Replace the hardcoded personal address used in
FIREWATCH_CONFIG (slack_user) and FIREWATCH_DEFAULT_JIRA_ASSIGNEE with a team
alias or channel/group distribution list for INTEROP (e.g., an `@channel` or dl)
so the config doesn't rely on a single person, and update the noop test to
actually exercise the webhook by either adding a deliberate failing step that
will trigger the "failure_rules" (so issue creation/duplicate detection runs) or
remove the firewatch failure_rules from this noop test if you only intend to
validate job setup; look for FIREWATCH_CONFIG, slack_user, and
FIREWATCH_DEFAULT_JIRA_ASSIGNEE to make the edits.

---

Nitpick comments:
In
`@ci-operator/config/RedHatQE/firewatch/RedHatQE-firewatch-main__slack-webhook-test.yaml`:
- Around line 28-31: The pre-step currently includes a heavy cluster
provisioning chain ("chain: ipi-install") alongside "ref: ipi-conf" and "ref:
ipi-conf-aws", which makes this Slack-webhook smoke test expensive; remove or
replace "chain: ipi-install" with a lightweight/no-op pre-chain (or omit it
entirely) so the job only runs the minimal refs required, keeping "ref:
ipi-conf"/"ref: ipi-conf-aws" if they are needed for configuration or else drop
them and ensure the post step still invokes "firewatch-report-issues" as
intended; if "firewatch-report-issues" truly requires cluster context, leave
provisioning but otherwise remove "ipi-install" to make the rehearsal cheap and
fast.

In
`@ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh`:
- Around line 45-47: Split the combined export and command substitution so the
exit status of cat isn't masked: assign SLACK_WEBHOOK_URL using command
substitution first (e.g., SLACK_WEBHOOK_URL=$(cat /tmp/secrets/slack/url)) and
then run export SLACK_WEBHOOK_URL separately; keep the existing file-existence
guard around the assignment (the symbols to change are SLACK_WEBHOOK_URL and the
cat /tmp/secrets/slack/url command).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: d6e8631b-c0a6-405d-9b7a-08814b595857

📥 Commits

Reviewing files that changed from the base of the PR and between ae2e6fc and 2f5b7f1.

📒 Files selected for processing (3)

• ci-operator/config/RedHatQE/firewatch/RedHatQE-firewatch-main__slack-webhook-test.yaml
• ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh
• ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-ref.yaml

[amp-rh]

/pj-rehearse periodic-ci-RedHatQE-firewatch-main-slack-webhook-test-slack-webhook-test

[openshift-merge-bot]

@amp-rh: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

@amp-rh: job(s): periodic-ci-RedHatQE-firewatch-main-slack-webhook-test-slack-webhook-test either don't exist or were not found to be affected, and cannot be rehearsed

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh (1)

45-47: Optional: parameterize the Slack credential path for consistency.

Other credential paths in this step (Jira token/email, private-deck creds) flow through documented env vars in firewatch-report-issues-ref.yaml (e.g., FIREWATCH_JIRA_API_TOKEN_PATH). Hardcoding /tmp/secrets/slack/url works, but introducing a FIREWATCH_SLACK_WEBHOOK_PATH env var (default /tmp/secrets/slack/url) in the ref would make the mount path configurable and consistent with the rest of the step. Not a blocker.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh`
around lines 45 - 47, The script currently hardcodes /tmp/secrets/slack/url when
exporting SLACK_WEBHOOK_URL; change it to read the path from a new env var
(e.g., FIREWATCH_SLACK_WEBHOOK_PATH) with a default of /tmp/secrets/slack/url,
then check that file and export SLACK_WEBHOOK_URL from it. Update the logic that
references SLACK_WEBHOOK_URL to keep behavior identical but allow configuration
via FIREWATCH_SLACK_WEBHOOK_PATH so the mount path becomes consistent with other
variables like FIREWATCH_JIRA_API_TOKEN_PATH.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh`:
- Around line 45-48: Split the export and assignment for SLACK_WEBHOOK_URL to
avoid SC2155: first read the secret into SLACK_WEBHOOK_URL (e.g. with read -r or
a safe command substitution) then trim any trailing whitespace/newline from that
variable (use parameter expansion or a small sed/xargs trim) and only after
trimming run export SLACK_WEBHOOK_URL; update the block that currently uses
export SLACK_WEBHOOK_URL=$(cat ...) accordingly.

---

Nitpick comments:
In
`@ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh`:
- Around line 45-47: The script currently hardcodes /tmp/secrets/slack/url when
exporting SLACK_WEBHOOK_URL; change it to read the path from a new env var
(e.g., FIREWATCH_SLACK_WEBHOOK_PATH) with a default of /tmp/secrets/slack/url,
then check that file and export SLACK_WEBHOOK_URL from it. Update the logic that
references SLACK_WEBHOOK_URL to keep behavior identical but allow configuration
via FIREWATCH_SLACK_WEBHOOK_PATH so the mount path becomes consistent with other
variables like FIREWATCH_JIRA_API_TOKEN_PATH.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: d0b9427a-f75b-4d4c-aa8d-386baad22dfa

📥 Commits

Reviewing files that changed from the base of the PR and between 9bd6b5d and 92dccbd.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/RedHatQE/firewatch/RedHatQE-firewatch-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (4)

• ci-operator/config/RedHatQE/firewatch/RedHatQE-firewatch-main__slack-webhook-test.yaml
• ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml
• ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh
• ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-ref.yaml

✅ Files skipped from review due to trivial changes (1)

• ci-operator/config/RedHatQE/firewatch/RedHatQE-firewatch-main__slack-webhook-test.yaml

[openshift-merge-bot]

@amp-rh, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

couldn't prepare candidate: couldn't rebase candidate onto 800975f7466f57f1ae18a4e00b51a010d8211210 due to conflicts

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-merge-bot]

@amp-rh, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

couldn't prepare candidate: couldn't rebase candidate onto 800975f7466f57f1ae18a4e00b51a010d8211210 due to conflicts

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: amp-rh
Once this PR has been reviewed and has the lgtm label, please assign danilo-gemoli for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[amp-rh]

/retest

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@amp-rh: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-red-hat-data-services-ods-ci-release-2.19-rhoai-ocp4.19-interop-rhoai-interop-aws	red-hat-data-services/ods-ci	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-acm-observability-v4.14-stage-multi-cluster-observability-4-14-rosa-acm-gcp-mngd-rosa-mngd	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhods-rhoam-v4.14-stage-co-exist-rosa-rhoai-rhoam	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhods-rhoam-v4.15-stage-co-exist-rosa-rhoai-rhoam	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhods-rhoam-v4.14-production-co-exist-rosa-rhoai-rhoam	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-addon-interop-v4.15-GA-smoke-rosa-rhoai-addon-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-hypershift-IIB-smoke-rosa-rhoai-hypershift	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-IIB-smoke-rosa-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-IIB-smoke-osd-gcp-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-IIB-smoke-osd-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-IIB-smoke-ipi-aws-addon-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-hypershift-GA-stage-smoke-rosa-rhoai-hypershift	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-production-smoke-rosa-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-production-smoke-osd-gcp-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-production-smoke-osd-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-production-smoke-ipi-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-stage-smoke-rosa-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-stage-smoke-osd-gcp-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-stage-smoke-osd-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-stage-smoke-ipi-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-hypershift-GA-production-smoke-rosa-rhoai-hypershift	CSPI-QE/MSI	presubmit	Registry content changed
periodic-ci-stolostron-acmqe-autotest-main-acm-ocp4.14-lp-interop-acm-interop-aws	N/A	periodic	Registry content changed
periodic-ci-jws-qe-interop-ocp-ci-main-ocp-4.14-lp-interop-jws-interop-ibmcloud	N/A	periodic	Registry content changed
periodic-ci-redhat-developer-helm-release-3.11-helm-ocp4.16-lp-interop-helm-interop-aws	N/A	periodic	Registry content changed
periodic-ci-kiegroup-kie-cloud-tests-container-main-rhba-ocp4.14-lp-interop-rhba-interop-aws	N/A	periodic	Registry content changed

A total of 464 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@amp-rh: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/build-farm/core-ci-config-dry	28ee4c2	link	true	/test core-ci-config-dry
ci/prow/sync-rover-groups	28ee4c2	link	true	/test sync-rover-groups
ci/build-farm/build10-dry	28ee4c2	link	true	/test build10-dry
ci/build-farm/vsphere02-dry	28ee4c2	link	true	/test vsphere02-dry
ci/prow/prow-config	e6707ba	link	true	/test prow-config
ci/build-farm/build11-dry	28ee4c2	link	true	/test build11-dry
ci/build-farm/build09-dry	28ee4c2	link	true	/test build09-dry
ci/prow/check-gh-automation	e6707ba	link	true	/test check-gh-automation
ci/prow/config	e6707ba	link	true	/test config

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.