add the cluster-manifest-verifier image to ci-tools-standalone config

[droslean]

Summary by CodeRabbit

This PR adds container image build configuration for the cluster-manifest-verifier tool to the CI infrastructure.

What changed:
The openshift-ci-tools-standalone-main.yaml configuration file was updated to include a new image build definition for cluster-manifest-verifier. This image will:

• Build using the Dockerfile in images/cluster-manifest-verifier/
• Use the UBI minimal base image (matching other tools in this configuration)
• Package the compiled cluster-manifest-verifier binary from the build into the container image

Impact:
The ci-tools-standalone component will now automatically build and publish a container image for the cluster-manifest-verifier tool as part of its CI pipeline. This makes the tool available as a standardized container artifact for deployment and distribution, alongside other CI tools in the standalone configuration.

Unlike some other images in this configuration, cluster-manifest-verifier is configured for single-architecture builds only (the primary architecture), suggesting it may not be required for arm64 at this time.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: de9f44c3-0b74-441f-affd-46fe65be9b13

📥 Commits

Reviewing files that changed from the base of the PR and between d9d831b and b9ec082.

⛔ Files ignored due to path filters (2)

• ci-operator/jobs/openshift/ci-tools-standalone/openshift-ci-tools-standalone-main-postsubmits.yaml is excluded by !ci-operator/jobs/**
• ci-operator/jobs/openshift/ci-tools-standalone/openshift-ci-tools-standalone-main-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (1)

• ci-operator/config/openshift/ci-tools-standalone/openshift-ci-tools-standalone-main.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• ci-operator/config/openshift/ci-tools-standalone/openshift-ci-tools-standalone-main.yaml

---

Walkthrough

A new cluster-manifest-verifier image build entry is added to the CI operator configuration for ci-tools-standalone. The entry specifies images/cluster-manifest-verifier/ as the build context, the os base image, and packages the binary from /go/bin/cluster-manifest-verifier into the output image.

Changes

cluster-manifest-verifier image build

Layer / File(s)	Summary
cluster-manifest-verifier image entry ci-operator/config/openshift/ci-tools-standalone/openshift-ci-tools-standalone-main.yaml	Adds a new images.items entry building the cluster-manifest-verifier image from images/cluster-manifest-verifier/, using from: os, with the binary sourced from /go/bin/cluster-manifest-verifier.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: adding the cluster-manifest-verifier image to the ci-tools-standalone configuration, which matches the changeset exactly.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR only modifies a YAML CI configuration file (openshift-ci-tools-standalone-main.yaml) to add a cluster-manifest-verifier image definition. No Ginkgo test files or test code was changed in th...
Test Structure And Quality	✅ Passed	PR adds YAML CI configuration for cluster-manifest-verifier image build, not Ginkgo test code. Check is not applicable.
Microshift Test Compatibility	✅ Passed	This PR adds only a YAML CI/CD configuration for the cluster-manifest-verifier image build, not any Ginkgo e2e tests. The check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds CI operator configuration for cluster-manifest-verifier image, not Ginkgo e2e tests; check for SNO test compatibility is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only modifies CI Operator build configuration (ci-tools-standalone-main.yaml), not deployment manifests or controllers. No scheduling constraints, pod affinity, topology spread, or node selector...
Ote Binary Stdout Contract	✅ Passed	PR only modifies YAML configuration files (adds cluster-manifest-verifier image config), not Go source code; OTE Binary Stdout Contract check applies only to Go code and is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR does not add any Ginkgo e2e tests - it only adds a Docker image build definition in a YAML CI configuration file. The custom check is not applicable.
No-Weak-Crypto	✅ Passed	The PR adds a cluster-manifest-verifier image definition to a CI configuration YAML file. No cryptographic code is introduced—only build configuration for a pre-compiled binary.
Container-Privileges	✅ Passed	No privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation, or root-related container privilege settings found in the modified CI-operator YAML configuration file.
No-Sensitive-Data-In-Logs	✅ Passed	The PR adds only cluster-manifest-verifier image configuration with paths and image names; no passwords, tokens, API keys, PII, session IDs, hostnames, or customer data are exposed.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[deepsm007]

/hold
feel free to unhold once ci-tools merges

[droslean]

/hold cancel

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@droslean: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-ci-tools-standalone-main-format	openshift/ci-tools-standalone	presubmit	Ci-operator config changed
pull-ci-openshift-ci-tools-standalone-main-images	openshift/ci-tools-standalone	presubmit	Ci-operator config changed
pull-ci-openshift-ci-tools-standalone-main-lint	openshift/ci-tools-standalone	presubmit	Ci-operator config changed
pull-ci-openshift-ci-tools-standalone-main-security	openshift/ci-tools-standalone	presubmit	Ci-operator config changed
pull-ci-openshift-ci-tools-standalone-main-unit	openshift/ci-tools-standalone	presubmit	Ci-operator config changed
pull-ci-openshift-ci-tools-standalone-main-validate-vendor	openshift/ci-tools-standalone	presubmit	Ci-operator config changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[deepsm007]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deepsm007, droslean

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/ci-tools-standalone/OWNERS [deepsm007,droslean]
• ci-operator/jobs/openshift/ci-tools-standalone/OWNERS [deepsm007,droslean]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[droslean]

/pj-rehearse ack

[openshift-merge-bot]

@droslean: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[droslean]

/refresh