Skip to content

virt-platform-autopilot: add periodic e2e test on Azure with CNV #80925

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rlobillo wants to merge 2 commits into
base: main
Choose a base branch
from
+175 −0
Open

virt-platform-autopilot: add periodic e2e test on Azure with CNV #80925

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ef81d37
virt-platform-autopilot: add periodic e2e test on Azure with CNV
rlobillo Jun 23, 2026
6877520
virt-platform-autopilot: switch CNV version to 4.23
rlobillo Jun 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 91 additions & 0 deletions ...-platform-autopilot/openshift-virtualization-virt-platform-autopilot-main__periodics.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
build_root:
image_stream_tag:
name: release
namespace: openshift
tag: rhel-9-release-golang-1.26-openshift-5.0
releases:
latest:
candidate:
product: ocp
stream: nightly
version: "5.0"
resources:
'*':
limits:
memory: 4Gi
requests:
cpu: 100m
memory: 600Mi
tests:
- as: e2e-azure
cron: 0 6 * * 1-5
steps:
cluster_profile: azure-virtualization
env:
BASE_DOMAIN: cnv-devel.azure.devcluster.openshift.com
COMPUTE_NODE_TYPE: Standard_D4s_v5
observers:
enable:
- observers-resource-watch
test:
- as: install-cnv
cli: latest
commands: |
curl -L https://github.com/openshift-cnv/cnv-ci/tarball/master -o /tmp/cnv-ci.tgz
mkdir -p /tmp/cnv-ci
tar -xvzf /tmp/cnv-ci.tgz -C /tmp/cnv-ci --strip-components=1
cd /tmp/cnv-ci
make update_pull_secret set_imagedigestmirrorset deploy_cnv
oc patch hco kubevirt-hyperconverged -n openshift-cnv --type=json -p='[{"op": "add", "path": "/spec/defaultCPUModel", "value": "Broadwell"}]'
credentials:
- mount_path: /var/run/cnv-ci-brew-pull-secret
name: cnv-ci-brew-pull-secret
namespace: test-credentials
- mount_path: /var/run/cnv-ci-konflux-pull-secret
name: konflux-pull-secret
namespace: test-credentials
env:
- default: '|7820aea2-0d75-11e7-9259-28d244ea5a6d.hhav.f63e13'
name: BREW_IMAGE_REGISTRY_USERNAME
- default: /var/run/cnv-ci-brew-pull-secret/token
name: BREW_IMAGE_REGISTRY_TOKEN_PATH
- default: openshift-virtualization+konflux_ro_bot
name: KONFLUX_REGISTRY_USERNAME
- default: /var/run/cnv-ci-konflux-pull-secret/token
name: KONFLUX_REGISTRY_TOKEN_PATH
- default: "5.0"
name: OCP_VERSION
- default: "4.23"
name: CNV_VERSION
Comment on lines +34 to +59

@coderabbitai coderabbitai Bot Jun 23, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE="ci-operator/config/openshift-virtualization/virt-platform-autopilot/openshift-virtualization-virt-platform-autopilot-main__periodics.yaml"

echo "1) Verify current tarball source in config:"
rg -n 'cnv-ci/tarball|CNV_VERSION|OCP_VERSION' "$FILE"

echo
echo "2) Verify release tarball endpoints resolve:"
CNV_VERSION="$(awk '/name: CNV_VERSION/{getline; gsub(/"/,"",$2); print $2}' "$FILE")"
OCP_VERSION="$(awk '/name: OCP_VERSION/{getline; gsub(/"/,"",$2); print $2}' "$FILE")"

echo "Checking release-\${CNV_VERSION}: ${CNV_VERSION}"
curl -sSI "https://github.com/openshift-cnv/cnv-ci/tarball/release-${CNV_VERSION}" | head -n 1

echo "Checking release-\${OCP_VERSION}: ${OCP_VERSION}"
curl -sSI "https://github.com/openshift-cnv/cnv-ci/tarball/release-${OCP_VERSION}" | head -n 1

Repository: openshift/release

Length of output: 506

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE="ci-operator/config/openshift-virtualization/virt-platform-autopilot/openshift-virtualization-virt-platform-autopilot-main__periodics.yaml"

echo "=== Full file content for context ==="
cat -n "$FILE"

echo
echo "=== Check for other cnv-ci tarball references in codebase ==="
rg 'cnv-ci/tarball' --type yaml -A 2 -B 2 | head -60

Repository: openshift/release

Length of output: 3555

Pin cnv-ci tarball to the declared CNV_VERSION.

Line 34 hardcodes tarball/master, but the job declares CNV_VERSION: "4.99" and OCP_VERSION: "5.0" (lines 56–59). This creates nondeterminism—the test infrastructure diverges from the declared release versions, causing unpredictable failures.

Suggested fix 
-        curl -L https://github.com/openshift-cnv/cnv-ci/tarball/master -o /tmp/cnv-ci.tgz
+        curl -fsSL "https://github.com/openshift-cnv/cnv-ci/tarball/release-${CNV_VERSION}" -o /tmp/cnv-ci.tgz
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
curl -L https://github.com/openshift-cnv/cnv-ci/tarball/master -o /tmp/cnv-ci.tgz
mkdir -p /tmp/cnv-ci
tar -xvzf /tmp/cnv-ci.tgz -C /tmp/cnv-ci --strip-components=1
cd /tmp/cnv-ci
make update_pull_secret set_imagedigestmirrorset deploy_cnv
oc patch hco kubevirt-hyperconverged -n openshift-cnv --type=json -p='[{"op": "add", "path": "/spec/defaultCPUModel", "value": "Broadwell"}]'
credentials:
- mount_path: /var/run/cnv-ci-brew-pull-secret
name: cnv-ci-brew-pull-secret
namespace: test-credentials
- mount_path: /var/run/cnv-ci-konflux-pull-secret
name: konflux-pull-secret
namespace: test-credentials
env:
- default: '|7820aea2-0d75-11e7-9259-28d244ea5a6d.hhav.f63e13'
name: BREW_IMAGE_REGISTRY_USERNAME
- default: /var/run/cnv-ci-brew-pull-secret/token
name: BREW_IMAGE_REGISTRY_TOKEN_PATH
- default: openshift-virtualization+konflux_ro_bot
name: KONFLUX_REGISTRY_USERNAME
- default: /var/run/cnv-ci-konflux-pull-secret/token
name: KONFLUX_REGISTRY_TOKEN_PATH
- default: "5.0"
name: OCP_VERSION
- default: "4.99"
name: CNV_VERSION
curl -fsSL "https://github.com/openshift-cnv/cnv-ci/tarball/release-${CNV_VERSION}" -o /tmp/cnv-ci.tgz
mkdir -p /tmp/cnv-ci
tar -xvzf /tmp/cnv-ci.tgz -C /tmp/cnv-ci --strip-components=1
cd /tmp/cnv-ci
make update_pull_secret set_imagedigestmirrorset deploy_cnv
oc patch hco kubevirt-hyperconverged -n openshift-cnv --type=json -p='[{"op": "add", "path": "/spec/defaultCPUModel", "value": "Broadwell"}]'
credentials:
- mount_path: /var/run/cnv-ci-brew-pull-secret
name: cnv-ci-brew-pull-secret
namespace: test-credentials
- mount_path: /var/run/cnv-ci-konflux-pull-secret
name: konflux-pull-secret
namespace: test-credentials
env:
- default: '|7820aea2-0d75-11e7-9259-28d244ea5a6d.hhav.f63e13'
name: BREW_IMAGE_REGISTRY_USERNAME
- default: /var/run/cnv-ci-brew-pull-secret/token
name: BREW_IMAGE_REGISTRY_TOKEN_PATH
- default: openshift-virtualization+konflux_ro_bot
name: KONFLUX_REGISTRY_USERNAME
- default: /var/run/cnv-ci-konflux-pull-secret/token
name: KONFLUX_REGISTRY_TOKEN_PATH
- default: "5.0"
name: OCP_VERSION
- default: "4.99"
name: CNV_VERSION
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/config/openshift-virtualization/virt-platform-autopilot/openshift-virtualization-virt-platform-autopilot-main__periodics.yaml`
around lines 34 - 59, The curl command downloading the cnv-ci tarball is
hardcoded to fetch from `tarball/master`, but the job declares a specific
`CNV_VERSION: "4.99"`. Replace the hardcoded `master` reference in the curl URL
with a reference to the `CNV_VERSION` variable so the tarball version matches
the declared release version. This ensures the test infrastructure version
remains synchronized with the declared release versions rather than always
pulling from the master branch.

- default: /tmp/artifacts
name: ARTIFACTS_DIR
- default: openshift-cnv
name: TARGET_NAMESPACE
- default: "false"
name: PRODUCTION_RELEASE
from: src
resources:
requests:
cpu: 100m
memory: 600Mi
timeout: 1h0m0s
- as: e2e-test
cli: latest
commands: |
trap 'cp -r _output/* ${ARTIFACTS_DIR}/ || true' EXIT
make run-e2e-tests-only
env:
- default: /tmp/artifacts
name: ARTIFACTS_DIR
from: src
grace_period: 30m0s
resources:
requests:
cpu: 100m
memory: 600Mi
workflow: ipi-azure
zz_generated_metadata:
branch: main
org: openshift-virtualization
repo: virt-platform-autopilot
variant: periodics
84 changes: 84 additions & 0 deletions ...t-platform-autopilot/openshift-virtualization-virt-platform-autopilot-main-periodics.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
periodics:
- agent: kubernetes
cluster: build01
cron: 0 6 * * 1-5
decorate: true
decoration_config:
skip_cloning: true
extra_refs:
- base_ref: main
org: openshift-virtualization
repo: virt-platform-autopilot
labels:
ci-operator.openshift.io/cloud: azure4
ci-operator.openshift.io/cloud-cluster-profile: azure-virtualization
ci-operator.openshift.io/variant: periodics
ci.openshift.io/generator: prowgen
job-release: "5.0"
pj-rehearse.openshift.io/can-be-rehearsed: "true"
name: periodic-ci-openshift-virtualization-virt-platform-autopilot-main-periodics-e2e-azure
spec:
containers:
- args:
- --gcs-upload-secret=/secrets/gcs/service-account.json
- --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
- --lease-server-credentials-file=/etc/boskos/credentials
- --report-credentials-file=/etc/report/credentials
- --secret-dir=/secrets/ci-pull-credentials
- --target=e2e-azure
- --variant=periodics
command:
- ci-operator
env:
- name: HTTP_SERVER_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
imagePullPolicy: Always
name: ""
ports:
- containerPort: 8080
name: http
resources:
requests:
cpu: 10m
volumeMounts:
- mountPath: /etc/boskos
name: boskos
readOnly: true
- mountPath: /secrets/ci-pull-credentials
name: ci-pull-credentials
readOnly: true
- mountPath: /secrets/gcs
name: gcs-credentials
readOnly: true
- mountPath: /secrets/manifest-tool
name: manifest-tool-local-pusher
readOnly: true
- mountPath: /etc/pull-secret
name: pull-secret
readOnly: true
- mountPath: /etc/report
name: result-aggregator
readOnly: true
serviceAccountName: ci-operator
volumes:
- name: boskos
secret:
items:
- key: credentials
path: credentials
secretName: boskos-credentials
- name: ci-pull-credentials
secret:
secretName: ci-pull-credentials
- name: manifest-tool-local-pusher
secret:
secretName: manifest-tool-local-pusher
- name: pull-secret
secret:
secretName: registry-pull-credentials
- name: result-aggregator
secret:
secretName: result-aggregator