ROSAENG-60057: Add alert silence pre/post steps for production FVT

[dustman9000]

Summary

• Adds rosa-e2e-silence-alerts (pre) and rosa-e2e-unsilence-alerts (post) step registry refs
• Pre-step creates regex-based alertmanager silences on all production RHOBS cells via the new gateway silence API
• Post-step expires the silences after the job completes
• Uses existing OIDC client credentials (same auth pattern as telemetry collection)
• Wired into the weekly cs-rosa-hcp-ad-production-main FVT job

Context: Production FVT clusters (cs-ci-longname-*) were triggering RHOBS alerts and paging on-call SREs. This automates the silence/unsilence lifecycle through the gateway API.

Test plan

• Verified RHOBS gateway silence API works (POST create, GET list, DELETE expire) on stage
• pj-rehearse validates the production FVT job with silence steps
• Verify next Monday production FVT run creates/expires silences

Jira: https://redhat.atlassian.net/browse/ROSAENG-60057

Summary by CodeRabbit

This PR introduces automated alert silence management for production ROSA (Red Hat OpenShift Service on AWS) FVT (Functional Verification Test) runs in the OpenShift CI infrastructure.

What's Changing

The PR wires two new automation steps into the weekly production FVT job (ocm-fvt-periodic-cs-rosa-hcp-ad-production-main):

1. Pre-step (rosa-e2e-silence-alerts): Creates regex-based alertmanager silences in the production RHOBS (Red Hat Observability) environment before tests begin. The step targets clusters matching the pattern cs-ci-* (the FVT test clusters) and creates silences across all regional cells via the RHOBS gateway silence API. It uses existing OIDC client credentials for authentication and records silence IDs for later cleanup.

2. Post-step (rosa-e2e-unsilence-alerts): Expires the silences created by the pre-step after the FVT job completes, ensuring proper cleanup.

Why It Matters

This automation prevents production FVT test clusters from triggering RHOBS alerts and alerting on-call SREs during testing. Previously, FVT runs could generate alerts despite being test activity, creating noise for production monitoring. By automating silence creation and expiration through the gateway API, the solution ensures:

• Alerts are suppressed during the controlled test window (configurable duration, default 6 hours)
• Silences are automatically cleaned up after testing, preventing indefinite suppression
• No manual intervention required for each FVT run

Implementation Details

The PR adds:

• Updated job configuration with pre/post step hooks and allow_best_effort_post_steps: true flag
• New rosa/e2e/silence-alerts step registry with RHOBS silence creation logic
• New rosa/e2e/unsilence-alerts step registry with silence expiration logic
• Supporting OWNERS files and metadata for both steps

Both steps are configurable via environment variables (RHOBS environment target, alert matcher criteria, silence duration) and handle authentication gracefully, failing non-critically if credentials are unavailable.

[openshift-ci-robot]

@dustman9000: This pull request references ROSAENG-60057 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• Adds rosa-e2e-silence-alerts (pre) and rosa-e2e-unsilence-alerts (post) step registry refs
• Pre-step creates regex-based alertmanager silences on all production RHOBS cells via the new gateway silence API
• Post-step expires the silences after the job completes
• Uses existing OIDC client credentials (same auth pattern as telemetry collection)
• Wired into the weekly cs-rosa-hcp-ad-production-main FVT job

Context: Production FVT clusters (cs-ci-longname-*) were triggering RHOBS alerts and paging on-call SREs. This automates the silence/unsilence lifecycle through the gateway API.

Test plan

• Verified RHOBS gateway silence API works (POST create, GET list, DELETE expire) on stage
• pj-rehearse validates the production FVT job with silence steps
• Verify next Monday production FVT run creates/expires silences

Jira: https://redhat.atlassian.net/browse/ROSAENG-60057

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Two new CI step-registry steps are introduced: rosa-e2e-silence-alerts (a pre-step that POSTs Alertmanager silences to all RHOBS cells and saves their IDs) and rosa-e2e-unsilence-alerts (a post-step that DELETEs those silences). Both steps are then wired into the existing ROSA HCP production job config.

Changes

ROSA E2E Alertmanager Silence/Unsilence CI Steps

Layer / File(s)	Summary
silence-alerts step definition and script ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-ref.yaml, ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-commands.sh, ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-ref.metadata.json, ci-operator/step-registry/rosa/e2e/silence-alerts/OWNERS	New step that uses ocp/4.18:cli, mounts ci/rhobs-oidc-production credentials, fetches an OIDC token, computes a UTC time window, POSTs a silence payload to each configured RHOBS cell, and appends CELL:silenceID entries to ${SHARED_DIR}/silence-ids. Configurable via RHOBS_ENV, SILENCE_MATCHER_NAME, SILENCE_MATCHER_VALUE, and SILENCE_DURATION_HOURS.
unsilence-alerts step definition and script ci-operator/step-registry/rosa/e2e/unsilence-alerts/rosa-e2e-unsilence-alerts-ref.yaml, ci-operator/step-registry/rosa/e2e/unsilence-alerts/rosa-e2e-unsilence-alerts-commands.sh, ci-operator/step-registry/rosa/e2e/unsilence-alerts/rosa-e2e-unsilence-alerts-ref.metadata.json, ci-operator/step-registry/rosa/e2e/unsilence-alerts/OWNERS	New post-step that reads ${SHARED_DIR}/silence-ids, obtains an OIDC token with the same credentials mount, and issues HTTP DELETE calls to expire each recorded silence via the RHOBS gateway API. Exits successfully (allowing natural expiry) if token retrieval fails.
CI job pre/post hook integration ci-operator/config/openshift-online/rosa-e2e/openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-production.yaml	Sets allow_best_effort_post_steps: true on the ocm-fvt-periodic-cs-rosa-hcp-ad-production-main job and adds rosa-e2e-record-start-time + rosa-e2e-silence-alerts as pre steps and rosa-e2e-unsilence-alerts as a post step.

Sequence Diagram

sequenceDiagram
  rect rgba(100, 149, 237, 0.5)
    Note over CIJob,SharedDir: Pre-step: rosa-e2e-silence-alerts
    CIJob->>OIDCEndpoint: POST client_credentials (rhobs-oidc-production)
    OIDCEndpoint-->>CIJob: access_token
    loop each RHOBS cell
      CIJob->>RHOBSCell: POST /api/metrics/v1/hcp/am/api/v2/silences
      RHOBSCell-->>CIJob: silenceID
      CIJob->>SharedDir: append CELL:silenceID
    end
  end
  rect rgba(144, 238, 144, 0.5)
    Note over CIJob,SharedDir: Main test execution
    CIJob->>CIJob: ocm-fvt-periodic-cs-rosa-hcp-ad-production-main runs
  end
  rect rgba(255, 165, 0, 0.5)
    Note over CIJob,SharedDir: Post-step: rosa-e2e-unsilence-alerts
    CIJob->>SharedDir: read silence-ids
    CIJob->>OIDCEndpoint: POST client_credentials
    OIDCEndpoint-->>CIJob: access_token
    loop each CELL:SILENCE_ID
      CIJob->>RHOBSCell: DELETE /api/metrics/v1/hcp/am/api/v2/silences/{silenceID}
      RHOBSCell-->>CIJob: 200 OK
    end
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• ravitri

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding alert silence pre/post steps for production FVT runs, which is the core objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR contains no Ginkgo test definitions. It adds CI/CD configuration files (YAML), bash scripts, and OWNERS files for alert silencing automation, none of which contain Go test code with Ginkgo...
Test Structure And Quality	✅ Passed	This PR contains no Ginkgo test code. Changes consist of CI configuration, shell scripts, metadata, and OWNERS files—not test code requiring Ginkgo quality assessment.
Microshift Test Compatibility	✅ Passed	This PR adds no Ginkgo e2e tests. It only adds Bash scripts and CI configuration files (YAML/JSON/OWNERS). The custom check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests added in this PR. Changes consist of YAML CI configs and bash infrastructure scripts for alert silence automation only.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR only modifies CI infrastructure files (CI config, step registry definitions, and automation scripts) with no scheduling constraints. The check is designed for deployment manifests and opera...
Ote Binary Stdout Contract	✅ Passed	PR contains only CI configuration YAML, Bash scripts, and JSON metadata files. No Go code is added that could violate the OTE Binary Stdout Contract check, which applies only to Go test binaries.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds no Ginkgo e2e tests—only Bash automation scripts, YAML step definitions, and CI configuration. The custom check applies to Ginkgo test code only.
No-Weak-Crypto	✅ Passed	PR contains no weak crypto (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), no custom crypto implementations, and no non-constant-time secret comparisons. Uses standard OAuth2/OIDC authentication with H...
Container-Privileges	✅ Passed	No privileged configurations found in container/K8s manifests. No privileged: true, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation: true, or root user runs detected.
No-Sensitive-Data-In-Logs	✅ Passed	Both scripts securely handle credentials: tokens are extracted directly from curl output via JSON parsing (not logged), and CLIENT_ID/CLIENT_SECRET are only passed via curl form data (not visible i...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@dustman9000: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-production-ocm-fvt-periodic-cs-rosa-hcp-ad-production-main	N/A	periodic	Ci-operator config changed

Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dustman9000

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift-online/rosa-e2e/OWNERS [dustman9000]
• ci-operator/step-registry/rosa/e2e/OWNERS [dustman9000]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@dustman9000: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/step-registry-shellcheck	04292e7	link	true	/test step-registry-shellcheck

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-ref.yaml (1)

69-69: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Fix standalone redirection syntax.

Line 69 uses a standalone redirection without a command, which shellcheck flags as SC2188. While many shells accept this, it's non-portable and should be written with an explicit no-op command.

🔧 Proposed fix

-> "${SHARED_DIR}/silence-ids"
+: > "${SHARED_DIR}/silence-ids"

Alternatively, use true > or echo -n >.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-ref.yaml`
at line 69, The standalone redirection syntax on line 69 of
rosa-e2e-silence-alerts-ref.yaml is flagged as SC2188 by shellcheck and is
non-portable. Replace the standalone redirection with an explicit no-op command
followed by the redirection operator, such as using `true >` or `echo -n >` to
make the syntax portable across different shells while maintaining the same
behavior.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/config/openshift-online/rosa-e2e/openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-production.yaml`:
- Around line 31-39: After modifying the
openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-production.yaml configuration
file to add allow_best_effort_post_steps and update the pre and post step
references, you must run the `make update` command in the repository root to
regenerate the downstream Prow job definitions and metadata artifacts. This
ensures that all generated configurations stay synchronized with the source CI
operator configuration changes.

In
`@ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-ref.yaml`:
- Line 12: The timeout field in the rosa-e2e-silence-alerts step is set too low
at 2m0s to accommodate the sequential RHOBS cell requests. Increase the timeout
value from 2m0s to either 3m or 5m to provide adequate margin for the 9
sequential curl requests (each with up to 10-second max-time) plus OIDC token
acquisition and JSON parsing overhead. Consider using 5m as a safe value similar
to the collect-cs-telemetry step, or a minimum of 3m if a tighter constraint is
preferred.

In
`@ci-operator/step-registry/rosa/e2e/unsilence-alerts/rosa-e2e-unsilence-alerts-commands.sh`:
- Around line 28-41: The while loop on line 28 uses a colon as the IFS delimiter
to split CELL and SILENCE_ID, but since CELL is a URL containing colons (e.g.,
https://...), the read command incorrectly splits on all colons rather than just
the separator between CELL and SILENCE_ID, causing malformed DELETE requests on
line 35. Change the IFS delimiter from colon to a character that won't appear in
URLs, such as a pipe character, and update the corresponding separator in the
input file to match so that CELL and SILENCE_ID are parsed correctly.

---

Outside diff comments:
In
`@ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-ref.yaml`:
- Line 69: The standalone redirection syntax on line 69 of
rosa-e2e-silence-alerts-ref.yaml is flagged as SC2188 by shellcheck and is
non-portable. Replace the standalone redirection with an explicit no-op command
followed by the redirection operator, such as using `true >` or `echo -n >` to
make the syntax portable across different shells while maintaining the same
behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 1a66ed23-289a-4987-a435-9f987d0d71fe

📥 Commits

Reviewing files that changed from the base of the PR and between b854cd1 and 04292e7.

📒 Files selected for processing (9)

• ci-operator/config/openshift-online/rosa-e2e/openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-production.yaml
• ci-operator/step-registry/rosa/e2e/silence-alerts/OWNERS
• ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-commands.sh
• ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-ref.metadata.json
• ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-ref.yaml
• ci-operator/step-registry/rosa/e2e/unsilence-alerts/OWNERS
• ci-operator/step-registry/rosa/e2e/unsilence-alerts/rosa-e2e-unsilence-alerts-commands.sh
• ci-operator/step-registry/rosa/e2e/unsilence-alerts/rosa-e2e-unsilence-alerts-ref.metadata.json
• ci-operator/step-registry/rosa/e2e/unsilence-alerts/rosa-e2e-unsilence-alerts-ref.yaml

[coderabbitai]

📐 Maintainability & Code Quality | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check if make update produces any diff for this config

# Show what make update would generate
make update 2>&1 | head -50

# Check if corresponding job file exists and would be updated
fd -t f 'openshift-online-rosa-e2e.*ocm-fvt.*production' ci-operator/jobs/

Repository: openshift/release

Length of output: 193

---

🏁 Script executed:

# Check if the config file exists and examine its structure
fd -t f 'openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-production.yaml' ci-operator/config/

Repository: openshift/release

Length of output: 265

---

🏁 Script executed:

# Search for any corresponding job files in ci-operator/jobs/
fd -t f 'openshift-online-rosa-e2e' ci-operator/jobs/ | head -20

Repository: openshift/release

Length of output: 334

---

🏁 Script executed:

# Check if the config file contains metadata fields that should be generated
cd ci-operator/config && find . -name '*openshift-online-rosa-e2e*' -type f | xargs grep -l 'zz_generated'

Repository: openshift/release

Length of output: 1018

---

🏁 Script executed:

# Examine the config file to check for zz_generated_metadata fields
cat ci-operator/config/openshift-online/rosa-e2e/openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-production.yaml | head -60

Repository: openshift/release

Length of output: 1135

---

🏁 Script executed:

# Check the job file to see if it references this config
cat ci-operator/jobs/openshift-online/rosa-e2e/openshift-online-rosa-e2e-main-periodics.yaml | grep -A 5 -B 5 'ocm-fvt-rosa-hcp-production' | head -20

Repository: openshift/release

Length of output: 1034

---

Run make update to regenerate downstream artifacts.

Modifications to CI operator configuration files under ci-operator/config/ require running make update after changes to regenerate Prow jobs and metadata. This file was modified to add allow_best_effort_post_steps and update pre/post step references, which impacts generated job definitions.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/config/openshift-online/rosa-e2e/openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-production.yaml`
around lines 31 - 39, After modifying the
openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-production.yaml configuration
file to add allow_best_effort_post_steps and update the pre and post step
references, you must run the `make update` command in the repository root to
regenerate the downstream Prow job definitions and metadata artifacts. This
ensures that all generated configurations stay synchronized with the source CI
operator configuration changes.

Source: Coding guidelines

[coderabbitai]

🩺 Stability & Availability | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Find other RHOBS or multi-cell API step timeouts for comparison

rg -n -A3 -B3 'timeout.*[0-9]+m' ci-operator/step-registry/rosa/e2e/ | head -40

Repository: openshift/release

Length of output: 3965

---

🏁 Script executed:

cat -n ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-commands.sh | sed -n '70,100p'

Repository: openshift/release

Length of output: 1317

---

🏁 Script executed:

find ci-operator/step-registry/rosa/e2e -name "*-commands.sh" -type f -exec wc -l {} + | sort -n

Repository: openshift/release

Length of output: 793

---

🏁 Script executed:

# Check git history for any timeout-related failures or adjustments
cd ci-operator/step-registry/rosa/e2e && git log --oneline -20 -- silence-alerts/ unsilence-alerts/ collect-cs-telemetry/

Repository: openshift/release

Length of output: 232

---

🏁 Script executed:

cat -n ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-commands.sh

Repository: openshift/release

Length of output: 4506

---

🏁 Script executed:

cat -n ci-operator/step-registry/rosa/e2e/unsilence-alerts/rosa-e2e-unsilence-alerts-commands.sh

Repository: openshift/release

Length of output: 1811

---

Increase timeout to accommodate 9 sequential RHOBS cell requests.

The 2m timeout is tight for the multi-cell silence creation workflow. The script makes sequential curl requests with --max-time 10 to 9 production RHOBS cells (lines 13-23: us-east-1-0/1/2, us-west-2-0, eu-west-1-0, eu-central-1-0, sa-east-1-0, ap-northeast-1-0, ap-southeast-2-0), which alone approaches 90 seconds in the worst case (all cells responding at their max 10s timeout). This leaves minimal buffer for OIDC token acquisition and JSON parsing overhead. The related unsilence-alerts step uses the same 2m timeout but follows a similar sequential pattern, while broader telemetry collection (collect-cs-telemetry) uses 5m. Consider increasing to 3m or 5m to provide adequate margin for variable network conditions.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/rosa/e2e/silence-alerts/rosa-e2e-silence-alerts-ref.yaml`
at line 12, The timeout field in the rosa-e2e-silence-alerts step is set too low
at 2m0s to accommodate the sequential RHOBS cell requests. Increase the timeout
value from 2m0s to either 3m or 5m to provide adequate margin for the 9
sequential curl requests (each with up to 10-second max-time) plus OIDC token
acquisition and JSON parsing overhead. Consider using 5m as a safe value similar
to the collect-cs-telemetry step, or a minimum of 3m if a tighter constraint is
preferred.

[coderabbitai]

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Fix CELL:SILENCE_ID parsing to handle URL colons.

Line 28 splits on :, but CELL is a URL (e.g., https://...) from the upstream writer, so CELL/SILENCE_ID are parsed incorrectly and DELETE requests at Line 35 can be malformed.

💡 Proposed fix

-while IFS=: read -r CELL SILENCE_ID; do
-  [[ -z "$CELL" || -z "$SILENCE_ID" ]] && continue
+while IFS= read -r LINE; do
+  [[ -z "$LINE" ]] && continue
+  SILENCE_ID="${LINE##*:}"
+  CELL="${LINE%:*}"
+  [[ -z "$CELL" || -z "$SILENCE_ID" || "$CELL" == "$LINE" ]] && continue
   TOTAL=$((TOTAL + 1))
 
   if curl -sf --max-time 10 \
     -X DELETE \
     -H "Authorization: Bearer $TOKEN" \
     "${CELL}/api/metrics/v1/hcp/am/api/v2/silence/${SILENCE_ID}" 2>/dev/null; then
@@
-done < "$SILENCE_FILE"
+done < "$SILENCE_FILE"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/rosa/e2e/unsilence-alerts/rosa-e2e-unsilence-alerts-commands.sh`
around lines 28 - 41, The while loop on line 28 uses a colon as the IFS
delimiter to split CELL and SILENCE_ID, but since CELL is a URL containing
colons (e.g., https://...), the read command incorrectly splits on all colons
rather than just the separator between CELL and SILENCE_ID, causing malformed
DELETE requests on line 35. Change the IFS delimiter from colon to a character
that won't appear in URLs, such as a pipe character, and update the
corresponding separator in the input file to match so that CELL and SILENCE_ID
are parsed correctly.