Original edivisive algorithm

[vishnuchalla]

Description

Adding original edivisive for experimental purposes.

Testing

Will be verified through PR rehearsals.

Summary by CodeRabbit

Release Notes

• New Features
  • Introduced experimental testing variant with alternative Orion binary execution, enabling expanded test configuration options without impacting existing workflows.

[coderabbitai]

Walkthrough

This pull request adds an experimental code block to the Orion CI script that downloads and executes an alternative "original e-divisive" Orion binary in parallel with the existing flow. The main Orion execution remains unchanged; the experimental block runs in isolation and will not block the job if it fails.

Changes

Experimental Orion Binary Execution

Layer / File(s)	Summary
Experimental Block Implementation ci-operator/step-registry/openshift-qe/orion/openshift-qe-orion-commands.sh	Adds a non-fatal subshell block that downloads the orion-original-edivisive binary, executes it with the same ORION_CONFIG and EXTRA_FLAGS, captures logs to ARTIFACT_DIR/orion-original-edivisive, and copies non-XML results to an experimental directory.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Original edivisive algorithm' directly relates to the main change: adding an experimental block that uses an alternative Orion binary based on the original e-divisive algorithm alongside the main execution flow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR modifies a Bash shell script (openshift-qe-orion-commands.sh) containing no Ginkgo tests. The custom check for stable test names is not applicable to CI operational scripts.
Test Structure And Quality	✅ Passed	PR modifies a bash shell script, not Ginkgo test code. The custom check for test structure is not applicable to shell scripts.
Microshift Test Compatibility	✅ Passed	The custom check applies only to Ginkgo e2e test files. This PR modifies a CI operator shell script (openshift-qe-orion-commands.sh), not a Go test file. No Ginkgo tests are added or modified.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. The PR modifies a bash CI script to add experimental Orion binary execution. This check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR modifies a CI bash script, not deployment manifests, operator code, or controllers. It introduces no Kubernetes scheduling constraints or topology-specific configuration.
Ote Binary Stdout Contract	✅ Passed	This PR modifies a bash orchestration script, not an OTE binary. The OTE stdout check applies only to Go-based OTE binaries with Ginkgo test setup. Check is not applicable here.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR modifies a bash shell script, not Ginkgo e2e tests. The custom check applies only to new Ginkgo tests. No Go test files with Ginkgo patterns are present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vishnuchalla

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/step-registry/openshift-qe/OWNERS [vishnuchalla]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vishnuchalla]

/hold

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ci-operator/step-registry/openshift-qe/orion/openshift-qe-orion-commands.sh`:
- Around line 317-321: The script downloads an experimental binary directly into
$EXP_BINARY and makes it executable without any integrity checks; modify the
block that uses curl
"https://github.com/cloud-bulldozer/orion/releases/download/orig-edivisive-exp/orion-amd64"
to also download a signed artifact or checksum (e.g., .sha256 or .asc), verify
the checksum with sha256sum -c or verify the GPG signature with gpg --verify
against a trusted key, and only proceed to chmod +x "$EXP_BINARY" and execute
the binary if the verification succeeds; ensure failure paths exit non-zero and
remove the downloaded file on verification failure to avoid executing tampered
artifacts.
- Around line 324-327: The experiment is run in the shared workspace and then
glob-copied, which can mix unrelated files into EXP_DIR; instead, create and use
an isolated run directory (e.g., a subdir under EXP_DIR) before invoking the
experiment binary (referencing EXP_BINARY, EXP_DIR, FILENAME, EXTRA_FLAGS), run
the command from that isolated directory (or direct its outputs there), and
change the cp step to copy only from that isolated run directory into the
experimental artifacts folder; ensure you clean up or keep the isolated
directory name deterministic per run to avoid collisions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 999a2921-672a-4260-9a26-be8e2f3e5ae7

📥 Commits

Reviewing files that changed from the base of the PR and between eb34031 and 899850b.

📒 Files selected for processing (1)

• ci-operator/step-registry/openshift-qe/orion/openshift-qe-orion-commands.sh

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add integrity verification before executing the downloaded binary.

The block on Line 317 downloads and executes a binary with no checksum/signature validation. That creates a supply-chain execution risk in CI.

Suggested hardening

+    EXP_SHA256="${ORION_ORIG_EDIVISIVE_SHA256:-}"
     echo "Downloading experimental orion binary..."
     if ! curl -fsSL "https://github.com/cloud-bulldozer/orion/releases/download/orig-edivisive-exp/orion-amd64" -o "$EXP_BINARY"; then
         echo "Failed to download experimental orion binary, skipping."
         exit 0
     fi
+    if [[ -n "$EXP_SHA256" ]]; then
+        echo "${EXP_SHA256}  ${EXP_BINARY}" | sha256sum -c - || {
+            echo "Checksum verification failed for experimental binary, skipping."
+            exit 0
+        }
+    else
+        echo "No ORION_ORIG_EDIVISIVE_SHA256 provided; skipping experimental binary execution."
+        exit 0
+    fi
     chmod +x "$EXP_BINARY"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ci-operator/step-registry/openshift-qe/orion/openshift-qe-orion-commands.sh`
around lines 317 - 321, The script downloads an experimental binary directly
into $EXP_BINARY and makes it executable without any integrity checks; modify
the block that uses curl
"https://github.com/cloud-bulldozer/orion/releases/download/orig-edivisive-exp/orion-amd64"
to also download a signed artifact or checksum (e.g., .sha256 or .asc), verify
the checksum with sha256sum -c or verify the GPG signature with gpg --verify
against a trusted key, and only proceed to chmod +x "$EXP_BINARY" and execute
the binary if the verification succeeds; ensure failure paths exit non-zero and
remove the downloaded file on verification failure to avoid executing tampered
artifacts.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Isolate experimental outputs from the main workspace.

Running on Line 324 in the shared directory and then glob-copying on Line 327 can mix unrelated artifacts into orion-original-edivisive, making results harder to trust.

Suggested isolation approach

+    EXP_WORKDIR="$(mktemp -d /tmp/orion-orig-edivisive.XXXXXX)"
+    pushd "$EXP_WORKDIR" >/dev/null
     echo "Running experimental orion (original e-divisive)..."
-    "$EXP_BINARY" --node-count ${IGNORE_JOB_ITERATIONS} --config ${ORION_CONFIG} ${EXTRA_FLAGS} --viz | tee "$EXP_DIR/${FILENAME}.txt" || true
+    "$EXP_BINARY" --node-count ${IGNORE_JOB_ITERATIONS} --config ${ORION_CONFIG} ${EXTRA_FLAGS} --viz | tee "$EXP_DIR/${FILENAME}.txt" || true

     # Copy all results except .xml files into the experimental artifacts subdirectory
-    cp *.csv *.json *.txt *.html "$EXP_DIR/" 2>/dev/null || true
+    cp ./*.csv ./*.json ./*.txt ./*.html "$EXP_DIR/" 2>/dev/null || true
+    popd >/dev/null
+    rm -rf "$EXP_WORKDIR"

🧰 Tools

🪛 Shellcheck (0.11.0)

[info] 324-324: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 324-324: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 324-324: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 327-327: Use ./glob or -- glob so names with dashes won't become options.

(SC2035)

---

[info] 327-327: Use ./glob or -- glob so names with dashes won't become options.

(SC2035)

---

[info] 327-327: Use ./glob or -- glob so names with dashes won't become options.

(SC2035)

---

[info] 327-327: Use ./glob or -- glob so names with dashes won't become options.

(SC2035)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ci-operator/step-registry/openshift-qe/orion/openshift-qe-orion-commands.sh`
around lines 324 - 327, The experiment is run in the shared workspace and then
glob-copied, which can mix unrelated files into EXP_DIR; instead, create and use
an isolated run directory (e.g., a subdir under EXP_DIR) before invoking the
experiment binary (referencing EXP_BINARY, EXP_DIR, FILENAME, EXTRA_FLAGS), run
the command from that isolated directory (or direct its outputs there), and
change the cp step to copy only from that isolated run directory into the
experimental artifacts folder; ensure you clean up or keep the isolated
directory name deterministic per run to avoid collisions.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@vishnuchalla: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-netobserv-flowlogs-pipeline-main-flp-node-density-heavy-25nodes	netobserv/flowlogs-pipeline	presubmit	Registry content changed
pull-ci-netobserv-netobserv-ebpf-agent-main-ebpf-node-density-heavy-25nodes	netobserv/netobserv-ebpf-agent	presubmit	Registry content changed
periodic-ci-openshift-ols-load-generator-main-mcp-ols-load-test-100workers-mcp	N/A	periodic	Registry content changed
periodic-ci-netobserv-netobserv-perf-tests-main-netobserv-aws-5.0-nightly-x86-node-density-heavy-25nodes-service-without-loki	N/A	periodic	Registry content changed
periodic-ci-openshift-ols-load-generator-main-mcp-ols-load-test-25workers-mcp	N/A	periodic	Registry content changed
periodic-ci-netobserv-netobserv-perf-tests-main-netobserv-aws-4.22-nightly-x86-node-density-heavy-25nodes-service-without-loki	N/A	periodic	Registry content changed
periodic-ci-openshift-ols-load-generator-main-ols-load-test-10workers	N/A	periodic	Registry content changed
periodic-ci-netobserv-netobserv-perf-tests-main-netobserv-aws-5.0-nightly-x86-node-density-heavy-25nodes	N/A	periodic	Registry content changed
periodic-ci-quay-quay-tests-master-quay-performance-quay-e2e-tests-quayio-stage-performance-test	N/A	periodic	Registry content changed
periodic-ci-netobserv-netobserv-perf-tests-main-netobserv-aws-5.0-nightly-x86-cluster-density-v2-250nodes	N/A	periodic	Registry content changed
periodic-ci-quay-quay-tests-master-quay-performance-quay-e2e-tests-quay317-performance-test	N/A	periodic	Registry content changed
periodic-ci-openshift-ols-load-generator-main-ols-load-test-1000workers	N/A	periodic	Registry content changed
periodic-ci-netobserv-netobserv-perf-tests-main-netobserv-aws-4.22-nightly-x86-node-density-heavy-25nodes	N/A	periodic	Registry content changed
periodic-ci-openshift-ols-load-generator-main-mcp-ols-load-test-10workers-mcp	N/A	periodic	Registry content changed
periodic-ci-openshift-ols-load-generator-main-mcp-ols-load-test-50workers-mcp	N/A	periodic	Registry content changed
periodic-ci-openshift-ols-load-generator-main-ols-load-test-50workers	N/A	periodic	Registry content changed
periodic-ci-openshift-ols-load-generator-main-ols-load-test-25workers	N/A	periodic	Registry content changed
periodic-ci-openshift-ols-load-generator-main-ols-load-test-100workers	N/A	periodic	Registry content changed
periodic-ci-openshift-ols-load-generator-main-mcp-ols-load-test-1000workers-mcp	N/A	periodic	Registry content changed
periodic-ci-netobserv-netobserv-perf-tests-main-netobserv-aws-4.22-nightly-x86-cluster-density-v2-250nodes	N/A	periodic	Registry content changed

Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[vishnuchalla]

/pj-rehearse periodic-ci-netobserv-netobserv-perf-tests-main-netobserv-aws-4.22-nightly-x86-node-density-heavy-25nodes

[openshift-merge-bot]

@vishnuchalla: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@vishnuchalla: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/periodic-ci-netobserv-netobserv-perf-tests-main-netobserv-aws-4.22-nightly-x86-node-density-heavy-25nodes	899850b	link	unknown	/pj-rehearse periodic-ci-netobserv-netobserv-perf-tests-main-netobserv-aws-4.22-nightly-x86-node-density-heavy-25nodes

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.