CNF-25270: Export LCA git coordinates to image-based remote scripts

[fontivan]

• Wire Prow PR metadata into ib-orchestrate-vm remote scripts so lifecycle-agent presubmits checkout the correct source during LCA deploy.

Assisted-by: Cursor/auto
AI-attribution: AIA,Primarily AI-generated,Human-initiated,Reviewed,Cursor/auto,v1.0
For more information on AI attribution statements, see: https://aiattribution.github.io/

Summary by CodeRabbit

This PR adds functionality to propagate Prow PR metadata into image-based remote scripts for OpenShift image-based upgrade testing workflows.

What changed:
The PR modifies two CI step registry scripts that orchestrate image-based upgrades using seed and target VMs:

• openshift-image-based-upgrade-seed-create-commands.sh
• openshift-image-based-upgrade-target-commands.sh

Both scripts now detect when they are running in the context of a openshift-kni/lifecycle-agent repository PR and extract Git coordinates from Prow environment variables:

• LCA_GIT_REF: The PR head commit SHA (from PULL_PULL_SHA)
• LCA_GIT_PULL: The PR number (from PULL_NUMBER)
• LCA_GIT_BRANCH: The target branch (from PULL_BASE_REF)

These Git coordinates are then exported as environment variables into the downstream remote scripts (create_seed.sh and upgrade_from_seed.sh) that execute on remote VMs via SSH. The remote ib-orchestrate-vm scripts receive the lifecycle-agent Git repository URL and can use these coordinates to checkout and test the exact source code being validated in the PR.

Impact:
This enables lifecycle-agent presubmit jobs to properly test against the correct PR code during image-based orchestration VM deployment and upgrade testing. For other repositories sharing these CI workflows, the variables default to empty strings and the remote scripts fall back to their default behavior.

Lines changed: +18 in each script (36 total)

[openshift-ci-robot]

@fontivan: This pull request references CNF-25270 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "5.0.0" version, but no target version was set.

Details

In response to this:

• Wire Prow PR metadata into ib-orchestrate-vm remote scripts so lifecycle-agent presubmits checkout the correct source during LCA deploy.

Assisted-by: Cursor/auto
AI-attribution: AIA,Primarily AI-generated,Human-initiated,Reviewed,Cursor/auto,v1.0
For more information on AI attribution statements, see: https://aiattribution.github.io/

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[fontivan]

/hold

Depends on rh-ecosystem-edge/ib-orchestrate-vm#117 being merged first

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 81835965-798e-40e4-8887-0a05c79b5d49

📥 Commits

Reviewing files that changed from the base of the PR and between 9a8ee7f and 93d67de.

📒 Files selected for processing (2)

• ci-operator/step-registry/openshift/image-based/upgrade/seed/create/openshift-image-based-upgrade-seed-create-commands.sh
• ci-operator/step-registry/openshift/image-based/upgrade/target/openshift-image-based-upgrade-target-commands.sh

---

Walkthrough

Two CI step shell scripts (seed-create and target-upgrade) are updated to detect when the running workflow targets the openshift-kni/lifecycle-agent repository and, in that case, derive LCA_GIT_REF, LCA_GIT_PULL, and LCA_GIT_BRANCH from Prow environment variables, then export those values plus LCA_GIT_REPO into their respective generated remote scripts.

Changes

LCA Git coordinate propagation in CI step scripts

Layer / File(s)	Summary
Seed create: LCA Git coordinate detection and export ci-operator/step-registry/openshift/image-based/upgrade/seed/create/openshift-image-based-upgrade-seed-create-commands.sh	Initializes LCA_GIT_REF, LCA_GIT_PULL, and LCA_GIT_BRANCH to empty strings, conditionally populates them from PULL_PULL_SHA, PULL_NUMBER, and PULL_BASE_REF when REPO_OWNER/REPO_NAME matches openshift-kni/lifecycle-agent, and extends the create_seed.sh heredoc to export all four LCA_GIT_* variables with branch defaulting to main.
Target upgrade: LCA Git coordinate detection and export ci-operator/step-registry/openshift/image-based/upgrade/target/openshift-image-based-upgrade-target-commands.sh	Applies the same conditional Prow variable detection pattern and extends the upgrade_from_seed.sh heredoc to export LCA_GIT_REF, LCA_GIT_PULL, LCA_GIT_REPO, and a main-defaulted LCA_GIT_BRANCH.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: exporting LCA (lifecycle-agent) git coordinates to image-based remote scripts, which aligns with the actual code modifications in both seed and target scripts.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The custom check for stable Ginkgo test names is not applicable to this PR. The PR modifies only bash shell scripts for CI/CD automation that contain no Ginkgo test definitions.
Test Structure And Quality	✅ Passed	This custom check is designed to review Ginkgo test code, but the PR only modifies shell scripts for CI/CD orchestration, not test code. The check is not applicable to this PR.
Microshift Test Compatibility	✅ Passed	PR does not add any Ginkgo e2e tests. It only modifies shell scripts for CI configuration, which are outside the scope of the MicroShift test compatibility check.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	The PR modifies shell scripts for CI infrastructure, not Ginkgo e2e tests. No Ginkgo test patterns (It(), Describe(), etc.) are added, so SNO compatibility check does not apply.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only CI automation scripts (Prow step-registry shell scripts) that export git coordinates; introduces no deployment manifests, operator code, or scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	OTE Binary Stdout Contract check only applies to Go test binaries. The PR modifies only bash shell scripts (*.sh), which are not subject to this check and have no OTE JSON communication requirements.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only modifies CI orchestration bash shell scripts, not Ginkgo e2e tests. No It(), Describe(), Context(), When() patterns added anywhere in the PR.
No-Weak-Crypto	✅ Passed	PR adds Git coordinate exports to CI scripts with no weak crypto algorithms (MD5/SHA1/DES/RC4/3DES/Blowfish/ECB), custom crypto implementations, or insecure secret comparisons detected.
Container-Privileges	✅ Passed	PR modifies only shell scripts that export environment variables. No container privileges, hostPID/Network/IPC, SYS_ADMIN capabilities, or allowPrivilegeEscalation settings are present.
No-Sensitive-Data-In-Logs	✅ Passed	The PR introduces git coordinate variables (LCA_GIT_REF, LCA_GIT_PULL, LCA_GIT_BRANCH) that hold non-sensitive metadata (commit SHA, PR number, branch name). These variables are not logged via echo...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: fontivan
Once this PR has been reviewed and has the lgtm label, please assign jogeo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• ci-operator/step-registry/openshift/image-based/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@fontivan: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-kni-lifecycle-agent-main-ibi-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-main-ibi-e2e-flow-v4v6	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-main-ibi-e2e-flow-v6v4	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.22-ibi-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.22-ibi-e2e-flow-v4v6	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.22-ibi-e2e-flow-v6v4	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.21-ibi-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.20-ibi-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.19-ibi-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.18-ibi-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-main-ipc-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-main-ipc-e2e-flow-v4v6	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-main-ipc-e2e-flow-v6v4	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.22-ipc-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.22-ipc-e2e-flow-v4v6	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.22-ipc-e2e-flow-v6v4	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.21-ipc-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.20-ipc-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-main-ibu-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-main-ibu-e2e-flow-v4v6	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-main-ibu-e2e-flow-v6v4	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.22-ibu-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.22-ibu-e2e-flow-v4v6	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.22-ibu-e2e-flow-v6v4	openshift-kni/lifecycle-agent	presubmit	Registry content changed
pull-ci-openshift-kni-lifecycle-agent-release-4.21-ibu-e2e-flow	openshift-kni/lifecycle-agent	presubmit	Registry content changed

A total of 132 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here
Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@fontivan: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.