adding cluster claim

[JoaoFula]

and changing getting kubeconfig, base url and password

Summary by CodeRabbit

• Chores
  • Switched integration testing to ephemeral cluster provisioning for improved resource efficiency and reliability.
• Tests
  • Rewired end-to-end test flow to consume cluster credentials (kubeconfig and admin password) via secrets and adjusted resource-gathering to use the new credential flow.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f571cef7-6756-4fc6-b2c8-0918e2f11d1e

📥 Commits

Reviewing files that changed from the base of the PR and between b998cfa and d3cbab5.

📒 Files selected for processing (1)

• .tekton/integration-tests/lightspeed-console-pre-commit.yaml

---

📝 Walkthrough

Walkthrough

The Tekton pipeline now uses a Konflux provision-ephemeral-cluster task to create an ephemeral cluster and passes the resulting credentials secretRef into ols-e2e-tests, which reads kubeconfig from that secret, writes it to disk, computes the console URL via oc, and adjusts resource-gathering inputs.

Changes

Ephemeral cluster provisioning migration

Layer / File(s)	Summary
New ephemeral cluster provisioning task .tekton/integration-tests/lightspeed-console-pre-commit.yaml	Replaced provision-cluster with provision-ephemeral-cluster (taskRef changed, clusterClaim payload added) and updated pipeline ordering.
Test task dependency and credential wiring .tekton/integration-tests/lightspeed-console-pre-commit.yaml	Rewired ols-e2e-tests to run after provision-ephemeral-cluster; added clusterCredentialsSecretRef parameter wired from provision-ephemeral-cluster.results.secretRef.
Credential parameter and script integration .tekton/integration-tests/lightspeed-console-pre-commit.yaml	run-e2e-tests now sources KUBECONFIG_VALUE and PASSWORD_VALUE from the provided credentials secret via secretKeyRef, writes kubeconfig to /credentials/kubeconfig, computes BASE_URL via oc using that file, uses the injected PASSWORD_VALUE for login, and updates gather-cluster-resources kubeconfig usage.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• kyoto

Suggested labels

lgtm

Poem

🐰 I swapped an old cluster for one that flies,

secrets tucked safe in ephemeral skies,
written to disk where oc learns the way,
tests wake and greet the new cluster's day,
a happy hop — the pipeline sighs.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'adding cluster claim' is vague and generic, using a non-descriptive phrase that doesn't convey meaningful information about the changeset.	Consider a more specific title like 'Replace provision-cluster with provision-ephemeral-cluster and update kubeconfig handling' that better describes the main changes.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign joaofula for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• .tekton/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.tekton/integration-tests/lightspeed-console-pre-commit.yaml (1)

233-243: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Critical: oc command used before it's downloaded.

Line 234 executes oc --kubeconfig to compute BASE_URL, but the oc client isn't downloaded until lines 240-243. The Playwright image does not include the OpenShift CLI. This will fail with "command not found".

Move the oc download before computing BASE_URL, or move the BASE_URL computation after the download.

Proposed fix: move BASE_URL computation after oc download

              echo "$KUBECONFIG_VALUE" > /credentials/kubeconfig
-              export BASE_URL=https://$(oc --kubeconfig "$KUBECONFIG_PATH" get route console -n openshift-console -o go-template --template="{{.spec.host}}")
              echo "COMMIT_SHA: ${COMMIT_SHA}"
-              echo "BASE_URL: ${BASE_URL}"
              echo "CONSOLE_IMAGE: ${CONSOLE_IMAGE}"
              echo "KUBECONFIG_PATH: ${KUBECONFIG_PATH}"
              echo "---------------------------------------------"
              wget --no-verbose -O oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest/openshift-client-linux.tar.gz \
                  && tar -xvzf oc.tar.gz \
                  && chmod +x kubectl oc \
                  && mv oc kubectl /usr/local/bin/
              echo "---------------------------------------------"
+              export BASE_URL=https://$(oc --kubeconfig "$KUBECONFIG_PATH" get route console -n openshift-console -o go-template --template="{{.spec.host}}")
+              echo "BASE_URL: ${BASE_URL}"
+              echo "---------------------------------------------"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/integration-tests/lightspeed-console-pre-commit.yaml around lines
233 - 243, The script computes BASE_URL using the oc binary (oc --kubeconfig
"$KUBECONFIG_PATH") before downloading/installing oc, causing a "command not
found" error; fix by moving the oc download/install block (the wget/tar/chmod/mv
sequence that installs kubectl and oc) to run before the export BASE_URL line
(or alternatively defer the export BASE_URL until after installation), ensuring
the oc client is available when computing BASE_URL using
KUBECONFIG_PATH/KUBECONFIG_VALUE.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.tekton/integration-tests/lightspeed-console-pre-commit.yaml:
- Around line 271-273: The LOGIN_PASSWORD is hardcoded to "placeholder" causing
auth failures; update the pipeline to read the real password from the secret
output exposed by the debug-secret-keys step and assign it to LOGIN_PASSWORD
(use the PASSWORD_VALUE variable referenced in the TODO) instead of the
placeholder. Locate the environment export for LOGIN_PASSWORD in the pre-commit
task and wire it to the secret output (or the pipeline/step result named by
debug-secret-keys) so LOGIN_PASSWORD is set from PASSWORD_VALUE at runtime
rather than a hardcoded string.
- Around line 40-49: The pipeline task block for provision-ephemeral-cluster is
using the wrong key; replace the top-level ref: block with taskRef: (keeping the
same resolver and params) so the task declaration matches how
eaas-provision-space is referenced; specifically update the
provision-ephemeral-cluster task block to use taskRef (with resolver: git and
the same url/revision/pathInRepo params) instead of ref.

---

Outside diff comments:
In @.tekton/integration-tests/lightspeed-console-pre-commit.yaml:
- Around line 233-243: The script computes BASE_URL using the oc binary (oc
--kubeconfig "$KUBECONFIG_PATH") before downloading/installing oc, causing a
"command not found" error; fix by moving the oc download/install block (the
wget/tar/chmod/mv sequence that installs kubectl and oc) to run before the
export BASE_URL line (or alternatively defer the export BASE_URL until after
installation), ensuring the oc client is available when computing BASE_URL using
KUBECONFIG_PATH/KUBECONFIG_VALUE.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9fbf07ee-9043-4c22-b2fa-b20e46bbefcb

📥 Commits

Reviewing files that changed from the base of the PR and between f62f15c and db6e7dd.

📒 Files selected for processing (1)

• .tekton/integration-tests/lightspeed-console-pre-commit.yaml

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.tekton/integration-tests/lightspeed-console-pre-commit.yaml (1)

233-243: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Install oc before the first route lookup.

Line 234 invokes oc before Lines 240-243 download it, so this step can fail before the install block ever runs. Move the client setup ahead of the BASE_URL lookup.

Proposed fix

             script: |
               echo "$KUBECONFIG_VALUE" > /credentials/kubeconfig
-              export BASE_URL=https://$(oc --kubeconfig "$KUBECONFIG_PATH" get route console -n openshift-console -o go-template --template="{{.spec.host}}")
-              echo "COMMIT_SHA: ${COMMIT_SHA}"
-              echo "BASE_URL: ${BASE_URL}"
-              echo "CONSOLE_IMAGE: ${CONSOLE_IMAGE}"
-              echo "KUBECONFIG_PATH: ${KUBECONFIG_PATH}"
-              echo "---------------------------------------------"
               wget --no-verbose -O oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest/openshift-client-linux.tar.gz \
                   && tar -xvzf oc.tar.gz \
                   && chmod +x kubectl oc \
                   && mv oc kubectl /usr/local/bin/
+              export BASE_URL=https://$(oc --kubeconfig "$KUBECONFIG_PATH" get route console -n openshift-console -o go-template --template="{{.spec.host}}")
+              echo "COMMIT_SHA: ${COMMIT_SHA}"
+              echo "BASE_URL: ${BASE_URL}"
+              echo "CONSOLE_IMAGE: ${CONSOLE_IMAGE}"
+              echo "KUBECONFIG_PATH: ${KUBECONFIG_PATH}"
               echo "---------------------------------------------"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/integration-tests/lightspeed-console-pre-commit.yaml around lines
233 - 243, The script sets BASE_URL using the oc command before oc is installed,
which can fail; move the oc client installation block (the wget/tar/chmod/mv
steps that download and install oc/kubectl) to run before the export
BASE_URL=... line so oc is available when you run oc --kubeconfig
"$KUBECONFIG_PATH" get route console -n openshift-console -o go-template
--template="{{.spec.host}}"; keep the KUBECONFIG write (echo "$KUBECONFIG_VALUE"
> /credentials/kubeconfig) in place and ensure KUBECONFIG_PATH is exported
before calling oc.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.tekton/integration-tests/lightspeed-console-pre-commit.yaml:
- Around line 233-243: The script sets BASE_URL using the oc command before oc
is installed, which can fail; move the oc client installation block (the
wget/tar/chmod/mv steps that download and install oc/kubectl) to run before the
export BASE_URL=... line so oc is available when you run oc --kubeconfig
"$KUBECONFIG_PATH" get route console -n openshift-console -o go-template
--template="{{.spec.host}}"; keep the KUBECONFIG write (echo "$KUBECONFIG_VALUE"
> /credentials/kubeconfig) in place and ensure KUBECONFIG_PATH is exported
before calling oc.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 14f7b0e5-c695-4a9f-83cd-d34bd00c6b82

📥 Commits

Reviewing files that changed from the base of the PR and between db6e7dd and b998cfa.

📒 Files selected for processing (1)

• .tekton/integration-tests/lightspeed-console-pre-commit.yaml

[JoaoFula]

/retest