Skip to content

Update/sync prow config for Core Networking repos#82026

Open
danwinship wants to merge 3 commits into
openshift:mainfrom
danwinship:networking-prow-config
Open

Update/sync prow config for Core Networking repos#82026
danwinship wants to merge 3 commits into
openshift:mainfrom
danwinship:networking-prow-config

Conversation

@danwinship

@danwinship danwinship commented Jul 16, 2026

Copy link
Copy Markdown
Contributor
  • Remove explicit approve/lgtm config. (In particular, don't (unintentionally?) override the openshift-wide lgtm==approve default; it's weird for it to work differently only in some repos.)
  • Drop the cherry-pick-approved stuff, since it's no longer used anywhere and it's dumb to cc a ton of current/former QE people on backport bugs for no reason.
  • Update the lists of people who can set backport-risk-assessed to mostly the same as the CNO list in all repos except ovn-kubernetes. Also, remove ex team members.

/assign @tssurya

Summary by CodeRabbit

  • Standardizes approval behavior for Core Networking repositories by removing local approve/lgtm overrides and relying on OpenShift-wide defaults.
  • Removes obsolete cherry-pick-approved rules and notifications.
  • Aligns backport-risk-assessed permissions with CNO conventions, including an ovn-kubernetes-specific allowlist.
  • Updates maintainership allowlists across the affected repositories and removes former team members.

Use the standard config (in particular, lgtm=approve) everywhere.
We aren't using cherry-pick-approved any more; there's no reason to
spam current and former QE team members about it.
Mostly synced from CNO, but ovn-kubernetes is slightly different.
@openshift-ci

openshift-ci Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: danwinship
Once this PR has been reviewed and has the lgtm label, please assign knobunc for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: fcc4f2b3-8a2c-451b-bca1-9385aee6845d

📥 Commits

Reviewing files that changed from the base of the PR and between 5c7b367 and 2734500.

📒 Files selected for processing (7)
  • core-services/prow/02_config/openshift/cloud-network-config-controller/_pluginconfig.yaml
  • core-services/prow/02_config/openshift/cluster-network-operator/_pluginconfig.yaml
  • core-services/prow/02_config/openshift/egress-router-cni/_pluginconfig.yaml
  • core-services/prow/02_config/openshift/ingress-node-firewall/_pluginconfig.yaml
  • core-services/prow/02_config/openshift/network-tools/_pluginconfig.yaml
  • core-services/prow/02_config/openshift/ovn-kubernetes/_pluginconfig.yaml
  • core-services/prow/02_config/openshift/sdn/_pluginconfig.yaml
💤 Files with no reviewable changes (3)
  • core-services/prow/02_config/openshift/ovn-kubernetes/_pluginconfig.yaml
  • core-services/prow/02_config/openshift/sdn/_pluginconfig.yaml
  • core-services/prow/02_config/openshift/cluster-network-operator/_pluginconfig.yaml

Walkthrough

Seven OpenShift Prow plugin configurations simplify restricted-label policies, remove approval and LGTM settings, and revise allowed user or team lists for backport label assignment.

Changes

Restricted label policy

Layer / File(s) Summary
Consolidate restricted-label policies
core-services/prow/02_config/openshift/*/_pluginconfig.yaml
Restricted-label rules retain or simplify backport-risk-assessed, remove cherry-pick-approved and related approval configuration, and update repository-specific user and team allowlists.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the PR’s main change: syncing Prow configuration across Core Networking repositories.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR changes only Prow pluginconfig YAMLs; no test files or Ginkgo titles are present to evaluate.
Test Structure And Quality ✅ Passed Only Prow YAML plugin configs changed; no Ginkgo test code was added or modified, so the checklist is not applicable.
Microshift Test Compatibility ✅ Passed PR changes only Prow _pluginconfig.yaml files; no new Ginkgo tests or runtime API usage were added, so the MicroShift check is not applicable.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PR only changes prow _pluginconfig.yaml files; no Ginkgo e2e tests were added or modified, so SNO compatibility review isn't applicable.
Topology-Aware Scheduling Compatibility ✅ Passed PR only edits Prow _pluginconfig.yaml files; no deployment, controller, or scheduling constraints were added or modified.
Ote Binary Stdout Contract ✅ Passed PR only changes prow YAML config; no process-level code/main or suite setup was added, so there’s no stdout contract risk.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No Ginkgo/e2e test code changed; the PR only edits Prow _pluginconfig.yaml files, so IPv4/disconnected-network test compatibility is not applicable.
No-Weak-Crypto ✅ Passed The PR only changes Prow YAML config; the diff shows no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret comparisons.
Container-Privileges ✅ Passed PR only changes Prow pluginconfig YAMLs; no container/K8s manifests or privilege settings (privileged, hostPID/network/IPC, SYS_ADMIN, allowPrivilegeEscalation) are present.
No-Sensitive-Data-In-Logs ✅ Passed Changed files are Prow YAML allowlist updates only; no logging code or sensitive secrets/PII appear in the diff.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@danwinship

Copy link
Copy Markdown
Contributor Author

Summary by CodeRabbit

Thank you for repeating what I just said, except with more words and less information.

@openshift-merge-bot openshift-merge-bot Bot added the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label Jul 16, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

[REHEARSALNOTIFIER]
@danwinship: no rehearsable tests are affected by this change

Note: If this PR includes changes to step registry files (ci-operator/step-registry/) and you expected jobs to be found, try rebasing your PR onto the base branch. This helps pj-rehearse accurately detect changes when the base branch has moved forward.

@openshift-ci

openshift-ci Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

@danwinship: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

rehearsals-ack Signifies that rehearsal jobs have been acknowledged

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants