openshift · anithapriyanatarajan · Mar 25, 2026
diff --git a/...ig/openshift-pipelines/release-tests/openshift-pipelines-release-tests-release-v1.21.yaml b/...ig/openshift-pipelines/release-tests/openshift-pipelines-release-tests-release-v1.21.yaml
@@ -0,0 +1,74 @@
+base_images:
+  cli:
+    name: "4.21"
+    namespace: ocp
+    tag: cli
+  ocm-cli:
+    name: ocm-cli
+    namespace: ci
+    tag: latest
+  rosa-aws-cli:
+    name: rosa-aws-cli
+    namespace: ci
+    tag: latest
+  upi-installer:
+    name: "4.21"
+    namespace: ocp
+    tag: upi-installer
+build_root:
+  image_stream_tag:
+    name: release
+    namespace: openshift
+    tag: rhel-9-release-golang-1.24-openshift-4.21
+images:
+- context_dir: .
+  dockerfile_path: Dockerfile
+  to: openshift-pipelines-runner
+releases:
+  latest:
+    candidate:
+      product: ocp
+      stream: nightly
+      version: "4.21"
+resources:
+  '*':
+    limits:
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 200Mi
+tests:
+- as: openshift-pipelines-e2e
+  steps:
+    cluster_profile: aws-sd-qe
+    env:
+      CHANNEL_GROUP: candidate
+      FIREWATCH_CONFIG: |
+        {
+          "failure_rules": [
+            {"step": "openshift-pipelines-install", "failure_type": "all", "classification": "Operator Installation Failure", "jira_project": "SRVKP", "jira_component": ["QA"], "jira_priority": "major"},
+            {"step": "openshift-pipelines-e2e-tests", "failure_type": "all", "classification": "E2E Test Failure", "jira_project": "SRVKP", "jira_component": ["QA"], "jira_priority": "major"}
+          ]
+        }
+      FIREWATCH_DEFAULT_JIRA_ASSIGNEE: sselvan@redhat.com
+      FIREWATCH_DEFAULT_JIRA_PROJECT: SRVKP
+      FIREWATCH_FAIL_WITH_TEST_FAILURES: "true"
+      FIREWATCH_JIRA_SERVER: https://issues.redhat.com
+      NAME_PREFIX: pipelines-e2e
+      OCM_LOGIN_ENV: staging
+      ROSACLI_BUILD: latest
+      TEST_PROFILE: ocpe2e-rosa-hcp-shared-vpc-advanced
+      VERSION: "4.21"
+    post:
+    - ref: openshift-pipelines-cleanup
+    test:
+    - ref: ipi-install-rbac
+    - ref: cucushift-hypershift-extended-health-check
+    - ref: openshift-pipelines-install
+    - ref: openshift-pipelines-e2e-tests
+    - ref: firewatch-report-issues
+    workflow: rosa-lifecycle-advanced
+zz_generated_metadata:
+  branch: release-v1.21
+  org: openshift-pipelines
+  repo: release-tests
diff --git a/...t-pipelines/release-tests/openshift-pipelines-release-tests-release-v1.21-presubmits.yaml b/...t-pipelines/release-tests/openshift-pipelines-release-tests-release-v1.21-presubmits.yaml
@@ -1,5 +1,61 @@
 presubmits:
   openshift-pipelines/release-tests:
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^release-v1\.21$
+    - ^release-v1\.21-
+    cluster: build07
+    context: ci/prow/images
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci.openshift.io/generator: prowgen
+      job-release: "4.21"
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-pipelines-release-tests-release-v1.21-images
+    rerun_command: /test images
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --report-credentials-file=/etc/report/credentials
+        - --target=[images]
+        command:
+        - ci-operator
+        image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )images,?($|\s.*)
   - agent: kubernetes
     always_run: true
     branches:
@@ -58,6 +114,89 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )ocp-4.22-lp-interop-images,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^release-v1\.21$
+    - ^release-v1\.21-
+    cluster: build01
+    context: ci/prow/openshift-pipelines-e2e
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci-operator.openshift.io/cloud: aws
+      ci-operator.openshift.io/cloud-cluster-profile: aws-sd-qe
+      ci.openshift.io/generator: prowgen
+      job-release: "4.21"
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-pipelines-release-tests-release-v1.21-openshift-pipelines-e2e
+    rerun_command: /test openshift-pipelines-e2e
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=openshift-pipelines-e2e
+        command:
+        - ci-operator
+        env:
+        - name: HTTP_SERVER_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+        imagePullPolicy: Always
+        name: ""
+        ports:
+        - containerPort: 8080
+          name: http
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )openshift-pipelines-e2e,?($|\s.*)
   - agent: kubernetes
     always_run: true
     branches:

diff --git a/ci-operator/step-registry/openshift-pipelines/cleanup/OWNERS b/ci-operator/step-registry/openshift-pipelines/cleanup/OWNERS
@@ -0,0 +1,5 @@
+approvers:
+- srivickynesh
+options: {}
+reviewers:
+- srivickynesh
diff --git a/ci-operator/step-registry/openshift-pipelines/cleanup/README.md b/ci-operator/step-registry/openshift-pipelines/cleanup/README.md
@@ -0,0 +1,46 @@
+# openshift-pipelines-cleanup<!-- omit from toc -->
+
+## Table of Contents<!-- omit from toc -->
+- [Purpose](#purpose)
+- [Process](#process)
+- [Prerequisite(s)](#prerequisites)
+  - [Infrastructure](#infrastructure)
+  - [Environment Variables](#environment-variables)
+
+## Purpose
+
+Post-test best-effort cleanup step for OpenShift Pipelines e2e jobs.
+Removes PipelineRuns, PersistentVolumeClaims, and test namespaces that carry the
+label `openshift-pipelines.tekton.dev/test=true`.
+
+Because the step is marked `best_effort: true`, any failure here will **not**
+cause the overall CI job to fail — the cleanup result is informational only.
+
+## Process
+
+1. Set `KUBECONFIG` from `$SHARED_DIR/kubeconfig`.
+2. Collect all namespaces labelled `openshift-pipelines.tekton.dev/test=true`.
+3. If `CLEANUP_PIPELINERUNS=true`: delete all PipelineRuns in every labelled
+   namespace (`--ignore-not-found=true`); log warnings on error.
+4. If `CLEANUP_PVCS=true`: delete all PVCs in every labelled namespace;
+   log warnings on error.
+5. If `CLEANUP_NAMESPACES=true`: delete every labelled namespace
+   (`--wait=false`) then wait up to 120 s for deletion; log warnings on error.
+
+> **Note**: `set -o errexit` is intentionally **not** set. Every `oc` call is
+> followed by `|| echo WARNING` so that a single failure does not abort the
+> remainder of the cleanup.
+
+## Prerequisite(s)
+
+### Infrastructure
+
+- A cluster that was targeted by the e2e test step (kubeconfig in `$SHARED_DIR`).
+
+### Environment Variables
+
+| Variable | Default | Description |
+|---|---|---|
+| `CLEANUP_PIPELINERUNS` | `true` | Delete all PipelineRuns in labelled test namespaces. |
+| `CLEANUP_PVCS` | `true` | Delete all PersistentVolumeClaims in labelled test namespaces. |
+| `CLEANUP_NAMESPACES` | `true` | Delete all namespaces labelled `openshift-pipelines.tekton.dev/test=true`. |
diff --git a/...perator/step-registry/openshift-pipelines/cleanup/openshift-pipelines-cleanup-commands.sh b/...perator/step-registry/openshift-pipelines/cleanup/openshift-pipelines-cleanup-commands.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# Best-effort cleanup — intentionally no set -o errexit
+set -o nounset
+set -o pipefail
+
+export KUBECONFIG="${SHARED_DIR}/kubeconfig"
+
+LABEL_SELECTOR="openshift-pipelines.tekton.dev/test=true"
+
+# Collect all namespaces that carry the test label
+mapfile -t TEST_NAMESPACES < <(oc get namespace -l "${LABEL_SELECTOR}" -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' 2>/dev/null || true)
+
+if [[ "${CLEANUP_PIPELINERUNS}" == "true" ]]; then
+  echo "Cleaning up PipelineRuns in labelled namespaces..."
+  for ns in "${TEST_NAMESPACES[@]}"; do
+    [[ -z "${ns}" ]] && continue
+    echo "  Deleting PipelineRuns in namespace: ${ns}"
+    oc delete pipelineruns --all -n "${ns}" --ignore-not-found=true || \
+      echo "WARNING: failed to delete PipelineRuns in namespace ${ns}" >&2
+  done
+fi
+
+if [[ "${CLEANUP_PVCS}" == "true" ]]; then
+  echo "Cleaning up PersistentVolumeClaims in labelled namespaces..."
+  for ns in "${TEST_NAMESPACES[@]}"; do
+    [[ -z "${ns}" ]] && continue
+    echo "  Deleting PVCs in namespace: ${ns}"
+    oc delete pvc --all -n "${ns}" --ignore-not-found=true || \
+      echo "WARNING: failed to delete PVCs in namespace ${ns}" >&2
+  done
+fi
+
+if [[ "${CLEANUP_NAMESPACES}" == "true" ]]; then
+  echo "Cleaning up labelled test namespaces..."
+  for ns in "${TEST_NAMESPACES[@]}"; do
+    [[ -z "${ns}" ]] && continue
+    echo "  Deleting namespace: ${ns}"
+    oc delete namespace "${ns}" --ignore-not-found=true --wait=false || \
+      echo "WARNING: failed to delete namespace ${ns}" >&2
+    oc wait namespace "${ns}" --for=delete --timeout=120s || \
+      echo "WARNING: timed out waiting for namespace ${ns} to be deleted" >&2
+  done
+fi
+
+echo "Cleanup complete."
diff --git a/...r/step-registry/openshift-pipelines/cleanup/openshift-pipelines-cleanup-ref.metadata.json b/...r/step-registry/openshift-pipelines/cleanup/openshift-pipelines-cleanup-ref.metadata.json
@@ -0,0 +1,11 @@
+{
+	"path": "openshift-pipelines/cleanup/openshift-pipelines-cleanup-ref.yaml",
+	"owners": {
+		"approvers": [
+			"srivickynesh"
+		],
+		"reviewers": [
+			"srivickynesh"
+		]
+	}
+}
diff --git a/ci-operator/step-registry/openshift-pipelines/cleanup/openshift-pipelines-cleanup-ref.yaml b/ci-operator/step-registry/openshift-pipelines/cleanup/openshift-pipelines-cleanup-ref.yaml
@@ -0,0 +1,25 @@
+ref:
+  as: openshift-pipelines-cleanup
+  from: openshift-pipelines-runner
+  commands: openshift-pipelines-cleanup-commands.sh
+  best_effort: true
+  grace_period: 60s
+  timeout: 10m0s
+  resources:
+    requests:
+      cpu: '1'
+      memory: 200Mi
+  env:
+  - name: CLEANUP_PIPELINERUNS
+    default: "true"
+    documentation: When "true", delete all PipelineRuns in labelled test namespaces.
+  - name: CLEANUP_PVCS
+    default: "true"
+    documentation: When "true", delete all PersistentVolumeClaims in labelled test namespaces.
+  - name: CLEANUP_NAMESPACES
+    default: "true"
+    documentation: When "true", delete all labelled test namespaces.
+  documentation: |-
+    Post-test cleanup. Removes PipelineRuns, PVCs, and test namespaces
+    labelled openshift-pipelines.tekton.dev/test=true. All actions are
+    best-effort; failures are logged but do not fail the overall job.
diff --git a/ci-operator/step-registry/openshift-pipelines/e2e-tests/OWNERS b/ci-operator/step-registry/openshift-pipelines/e2e-tests/OWNERS
@@ -0,0 +1,5 @@
+approvers:
+- srivickynesh
+options: {}
+reviewers:
+- srivickynesh