Moved the script to generate prowjobs from GDocs to github

[hector-vido]

Summary by CodeRabbit

This PR adds hack/make-pjs.sh, a new Bash helper to generate ProwJob manifests from the openshift/release repository for running tests on CI/build clusters. It targets maintainers/operators who need to quickly produce triggered, cluster-targeted ProwJob YAMLs (for rehearsals or manual injection) from existing ci-operator/job and ci-operator/config sources.

What changed (practical terms)

• Introduces hack/make-pjs.sh which:
  • Reads job/config YAMLs from a checked-out RELEASE_REPO and uses the mkpj container image (path discovered in RELEASE_REPO/hack/images.sh) to render ProwJob manifests.
  • Post-processes each generated manifest to set .status.state="triggered", disable .spec.report, and set .spec.cluster to the provided CLUSTER value. For non-periodic jobs it also fabricates a refs.pull entry so the job appears as a PR-triggered run.
  • Writes generated manifests into a temporary output directory and prints that path.
• Supports two selection modes:
  • TYPE=e2e — scans a Prow jobs file (default: ci-operator/jobs/openshift/installer/openshift-installer-main-presubmits.yaml), selects jobs whose names contain "-e2e-", randomizes order, samples HOW_MANY, and generates manifests for those jobs.
  • TYPE=intranet — scans a ci-operator config (default: ci-operator/config/openshift/release/openshift-release-master__nightly-4.19.yaml), selects tests with restrict_network_access: false, matches job name suffixes in the repo’s job files (optionally filtering by variant), randomizes, samples HOW_MANY, and generates manifests.
• Discovers base branch SHA via git ls-remote against the target ORG/REPO/BRANCH and passes it to mkpj.
• Extracts ORG/REPO/BRANCH[/VARIANT] from conventional ci-operator file path patterns for logging and selection.

Defaults, requirements and failure modes

• Required environment variables: RELEASE_REPO, CLUSTER, HOW_MANY, TYPE — the script exits with an error if any are missing.
• Defaults:
  • PROWJOBS_CONFIG for e2e mode: ci-operator/jobs/openshift/installer/openshift-installer-main-presubmits.yaml
  • CI_OPERATOR_CONFIG for intranet mode: ci-operator/config/openshift/release/openshift-release-master__nightly-4.19.yaml
• Exits on unknown TYPE or when no matching tests are found.
• Uses podman to run the mkpj image; assumes yq/jq are available in the environment.

Notable implementation details

• New helper functions: branch_info, make_prowjobs, vpn_tests, e2e_tests, extract_test_info_from_config, extract_test_info_from_job, dump_test_info, entrypoint.
• Uses mkpj container via podman with --volume to mount RELEASE_REPO and --base-ref/--base-sha/--job to render a single job manifest per invocation.
• Generated manifests are converted between YAML/JSON using yq and jq for deterministic edits.

Impact

• Enables programmatic, reproducible generation of ProwJob manifests for build-cluster testing from repository-held job/config definitions, replacing manual GDoc-based workflows and making rehearsal/test job generation easier for CI operators.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 308163c1-e12e-4c4a-844d-dda71dcd34e5

📥 Commits

Reviewing files that changed from the base of the PR and between 4ea1745 and ab0e709.

📒 Files selected for processing (1)

• hack/make-pjs.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• hack/make-pjs.sh

---

Walkthrough

New Bash script hack/make-pjs.sh that selects tests (e2e or intranet), resolves branch SHA, runs a containerized mkpj renderer per test to produce ProwJob YAMLs, post-processes manifests to set status/reporting/cluster, and writes per-test YAML files.

Changes

ProwJobs manifest generation script

Layer / File(s)	Summary
Script initialization and branch resolution hack/make-pjs.sh	Script header with strict Bash settings and top-level variables (default ARCH); branch_info uses git ls-remote to fetch base SHA for ORG/REPO/BRANCH.
Manifest rendering and post-processing hack/make-pjs.sh	make_prowjobs creates temp output dir, derives mkpj container image, runs Podman per selected test to render YAML, then uses yq/jq to set .status.state=triggered, disable .spec.report, set .spec.cluster=CLUSTER, and saves ${base_dir}/${test}.yaml.
Intranet (VPN) test selection hack/make-pjs.sh	vpn_tests reads a ci-operator config with yq/jq, extracts variant from zz_generated_metadata, builds suffixes for tests where restrict_network_access is unset/false, and matches generated job names (optionally filtering by variant).
E2E test selection hack/make-pjs.sh	e2e_tests reads a ProwJobs jobs config and returns job names containing -e2e-.
Path metadata extraction and helpers hack/make-pjs.sh	extract_test_info_from_config parses ORG/REPO/BRANCH/VARIANT from ci-operator/config/...__...yaml paths; extract_test_info_from_job parses ORG/REPO/BRANCH from job filename patterns; dump_test_info prints parsed values.
Main orchestration and entrypoint hack/make-pjs.sh	entrypoint validates required env vars (RELEASE_REPO, CLUSTER, HOW_MANY, TYPE), selects mode (e2e or intranet), randomizes and samples tests, errors on empty matches, and invokes make_prowjobs; script calls entrypoint on execution.

Sequence Diagram(s)

sequenceDiagram
  participant User as CLI
  participant Script as hack/make-pjs.sh
  participant Git as git
  participant Podman
  participant MKPJ as mkpj_container
  participant YQJQ as yq/jq
  participant FS as OutputDir
  User->>Script: invoke with env vars
  Script->>Git: git ls-remote ORG/REPO BRANCH
  Script->>Podman: run mkpj_container render <test>
  Podman->>MKPJ: render job YAML
  MKPJ-->>YQJQ: raw manifest
  YQJQ-->>FS: set .status/.spec -> write per-test YAML
  Script-->>User: exit (files written)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested labels

lgtm

Suggested reviewers

• pruan-rht

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 75.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'Moved the script to generate prowjobs from GDocs to github' accurately describes the main change: adding a new script (hack/make-pjs.sh) that generates ProwJobs manifests, moving functionality from Google Docs to the GitHub repository.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR adds only a Bash script (hack/make-pjs.sh). No Ginkgo test definitions (It, Describe, Context, When) found. Custom check for Ginkgo test stability is not applicable.
Test Structure And Quality	✅ Passed	PR adds a bash script (hack/make-pjs.sh) for generating ProwJobs, not Ginkgo test code. Custom check for Ginkgo test quality is not applicable.
Microshift Test Compatibility	✅ Passed	PR adds only hack/make-pjs.sh, a Bash CI/build script for generating ProwJob manifests. No Ginkgo e2e tests are added, so MicroShift compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests were added in this PR. The PR only adds hack/make-pjs.sh, a Bash utility script for generating ProwJobs manifests. The SNO compatibility check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds only a Bash utility script for CI test manifest generation. Does not modify operator deployments or introduce topology-specific scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	The check is for OTE binary Go test code stdout contracts; the PR adds a bash utility script for generating ProwJob manifests, not a test binary or Go code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR adds only a Bash utility script that generates ProwJobs manifests from existing test configs. No new Ginkgo e2e tests are added, so the IPv6/disconnected network check is not applicable.
No-Weak-Crypto	✅ Passed	The new hack/make-pjs.sh script contains no weak crypto algorithms (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or non-constant-time secret comparisons.
Container-Privileges	✅ Passed	PR adds hack/make-pjs.sh script with no container privilege configurations (privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation) found in code.
No-Sensitive-Data-In-Logs	✅ Passed	All logging in hack/make-pjs.sh outputs only non-sensitive data: git SHAs, paths, org/repo/branch names, and test types. No credentials, tokens, or PII are exposed.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@hack/make-pjs.sh`:
- Around line 39-45: The bug is that the refs variable retains its value across
iterations, corrupting periodic tests; inside the loop that iterates over tests
in hack/make-pjs.sh (the block that references the test variable), ensure refs
is initialized/reset at the start of each iteration (e.g., set refs to an empty
string or unset refs) before the conditional that assigns it for non-periodic
tests so that periodic tests do not inherit a previous .spec.refs.pulls
modification.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2755277f-9fa4-4413-95da-2367e82fd93d

📥 Commits

Reviewing files that changed from the base of the PR and between 09f6faf and 4ea1745.

📒 Files selected for processing (1)

• hack/make-pjs.sh

[openshift-merge-bot]

@hector-vido, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

couldn't prepare candidate: couldn't checkout base SHA c9b8e314d01cdca646c8e23e7cd588fad9357d22: error checking out "c9b8e314d01cdca646c8e23e7cd588fad9357d22": exit status 128 fatal: unable to read tree (c9b8e314d01cdca646c8e23e7cd588fad9357d22)

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@hector-vido: no rehearsable tests are affected by this change

Note: If this PR includes changes to step registry files (ci-operator/step-registry/) and you expected jobs to be found, try rebasing your PR onto the base branch. This helps pj-rehearse accurately detect changes when the base branch has moved forward.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[danilo-gemoli]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danilo-gemoli, droslean, hector-vido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [danilo-gemoli,droslean,hector-vido]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@hector-vido: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.