[WIP] OLS-3205: Single UI container image for all OCP versions

[kyoto]

• Replace the three-image approach with a single container image containing UI builds for all supported OCP versions (PF5, 4.19, main), using git submodules and a multi-stage Dockerfile
• Add entrypoint.sh that symlinks the correct build directory based on the OCP_VERSION env var set by the operator, defaulting to the main build for unrecognized versions
• Update Konflux pipelines to fetch submodules and prefetch npm dependencies from all three source directories

⚠️ Note: Integration tests temporarily target OCP 4.19 (last commit) for WIP testing

Summary by CodeRabbit

• Documentation

  • Updated system overview and project-structure docs to describe the new single-image deployment model bundling multiple OpenShift UI variants.

• Chores

  • Container image now includes multiple UI builds and selects the appropriate variant at startup via an OCP version setting.
  • CI/CD pipelines updated to fetch submodules and prefetch multiple source paths.
  • Added git submodule configuration for version-specific UI branches.

• Tests

  • Test setup now emits additional diagnostic cluster/log snapshots during global setup.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign xrajesh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR builds three UI variants into a single container image, tracks pf5 and 4.19 sources as submodules, updates Tekton to clone/prefetch those submodules, switches the Docker runtime to select a variant via OCP_VERSION in entrypoint.sh, and updates docs and test diagnostics.

Changes

Multi-Build Deployment Model

Layer / File(s)	Summary
Submodule Setup and Branch Tracking .gitmodules, branches/pf5, branches/4-19	Git submodules configured to track branches/pf5 (pattern-fly-5) and branches/4-19 (release-4.19); subproject pointers advanced.
Multi-stage Build and Runtime Selection Dockerfile, entrypoint.sh	Dockerfile adds three build stages (build-pf5, build-4-19, build-main) and installs each build into /builds/{pf5,4-19,main}; entrypoint.sh selects the appropriate build via OCP_VERSION and starts nginx.
CI/CD Pipeline Configuration .tekton/lightspeed-console-pull-request.yaml, .tekton/lightspeed-console-push.yaml, .tekton/integration-tests/*	Tekton PipelineRun manifests updated to include npm prefetch inputs for the root and branch directories and to set SUBMODULES: 'true' for git clone tasks; integration-tests pipeline now targets OpenShift 4.19. prefix.
System Documentation .ai/spec/how/project-structure.md, .ai/spec/what/system-overview.md	Documentation added/renumbered describing single-image deployment with multiple UI variants, submodule layout, multi-stage builds, and runtime variant selection.
Integration Test Diagnostics tests/support/global-setup.ts	Playwright global setup now runs oc diagnostics (pods, deployments, recent plugin logs) in a try/catch to aid CI debugging.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• JoaoFula
• syedriko

Poem

🐰 Three builds nest within one shell,
The entrypoint hums its choice so well,
Branches tracked and CI aligned,
Docs updated, logs defined,
A hop, a start — the variants dwell.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the main change: replacing three container images with a single image containing all OCP variants, which is the primary objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

.tekton/integration-tests/lightspeed-console-pre-commit.yaml (1)

61-61: WIP: temporary retarget to 4.19 — restore before merge.

Pinning both the provisioned cluster version (4.19.) and OCP_VERSION=4.19 exercises only the /builds/4-19 variant. Per the PR description this is intentional for WIP, but it leaves the default main build path untested in CI. Please restore (or parameterize across variants) before this leaves WIP.

Want me to open a tracking issue so this revert isn't forgotten before merge?

Also applies to: 236-237

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/integration-tests/lightspeed-console-pre-commit.yaml at line 61, The
pipeline temporarily pins the cluster/OCP version to "4.19." which forces the CI
to only exercise the /builds/4-19 variant; restore the original version (or make
it a parameter) so the default main build path is tested: update the value:
"4.19." entries and the OCP_VERSION setting referenced in this file (and the
related lines ~236-237) back to the previous/default version or replace them
with a pipeline parameter/variable that cycles across variants so CI covers the
main build path instead of only /builds/4-19.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.ai/spec/how/project-structure.md:
- Around line 122-132: Update the "CI/CD pipeline (`.tekton/`)" section to
document the pre-commit Tekton pipeline by adding an entry for
`.tekton/integration-tests/lightspeed-console-pre-commit.yaml`, explaining its
purpose (pre-commit checks) and noting that it also uses `git-clone-oci-ta` with
`SUBMODULES: "true"` and participates in the same Cachi2 `prefetch-input`
scheme; reference the existing push/PR entries and ensure the table now includes
the pre-commit pipeline so the `.tekton/` coverage is complete.

In @.tekton/lightspeed-console-pull-request.yaml:
- Around line 157-158: The SUBMODULES param is incorrectly cased for the
git-clone-oci-ta:0.1 task so submodules may not be fetched; change the pipeline
param name from SUBMODULES to submodules (keep the value 'true') in the task
params block that invokes git-clone-oci-ta:0.1 so the operator recognizes it and
optional submodulePaths will be honored during the subsequent COPY/npm prefetch
steps.

In `@tests/support/global-setup.ts`:
- Around line 269-276: The oc rollout wait is being killed by the global 180s
helper timeout in tests/support/fixtures.ts; update the oc invocation in
tests/support/global-setup.ts (the oc([... 'rollout','status',
`deployment/${deploymentName}`, ...]) call) to use a longer per-call timeout
instead of the default helper timeout—either extend the oc helper to accept an
explicit timeout argument or add a new helper (e.g., ocWithLongTimeout /
ocRolloutStatus) and call that for rollout status so the command's
'--timeout=5m' can complete without being terminated by the 180s process timeout
enforcement in tests/support/fixtures.ts.

---

Nitpick comments:
In @.tekton/integration-tests/lightspeed-console-pre-commit.yaml:
- Line 61: The pipeline temporarily pins the cluster/OCP version to "4.19."
which forces the CI to only exercise the /builds/4-19 variant; restore the
original version (or make it a parameter) so the default main build path is
tested: update the value: "4.19." entries and the OCP_VERSION setting referenced
in this file (and the related lines ~236-237) back to the previous/default
version or replace them with a pipeline parameter/variable that cycles across
variants so CI covers the main build path instead of only /builds/4-19.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8aa55cdd-dd43-40f1-9a4f-b817bb268c6c

📥 Commits

Reviewing files that changed from the base of the PR and between b2047b2 and 6064ae0.

📒 Files selected for processing (11)

• .ai/spec/how/project-structure.md
• .ai/spec/what/system-overview.md
• .gitmodules
• .tekton/integration-tests/lightspeed-console-pre-commit.yaml
• .tekton/lightspeed-console-pull-request.yaml
• .tekton/lightspeed-console-push.yaml
• Dockerfile
• branches/4-19
• branches/pf5
• entrypoint.sh
• tests/support/global-setup.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Include the pre-commit Tekton pipeline in the CI/CD section.

This section says “Both pipelines” and lists only push/PR, but this PR also updates .tekton/integration-tests/lightspeed-console-pre-commit.yaml. Please document it here so the .tekton/ coverage is complete.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ai/spec/how/project-structure.md around lines 122 - 132, Update the "CI/CD
pipeline (`.tekton/`)" section to document the pre-commit Tekton pipeline by
adding an entry for
`.tekton/integration-tests/lightspeed-console-pre-commit.yaml`, explaining its
purpose (pre-commit checks) and noting that it also uses `git-clone-oci-ta` with
`SUBMODULES: "true"` and participates in the same Cachi2 `prefetch-input`
scheme; reference the existing push/PR entries and ensure the table now includes
the pre-commit pipeline so the `.tekton/` coverage is complete.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

Konflux build-definitions git-clone-oci-ta 0.1 task submodules parameter name

💡 Result:

In the Konflux git-clone-oci-ta:0.1 task, the parameter name to specify specific submodule paths to initialize and fetch is submodulePaths [1][2]. To use this parameter, the main submodules parameter must be set to true [1][2]. The submodulePaths parameter accepts a comma-separated list of specific paths; if left as an empty string, all submodules are fetched [1][2].

Citations:

• 1: https://github.com/konflux-ci/build-definitions/blob/main/pipelines/docker-build-oci-ta/README.md
• 2: https://github.com/konflux-ci/build-definitions/blob/main/pipelines/fbc-builder/README.md

---

Fix SUBMODULES parameter casing for git-clone-oci-ta:0.1.

Konflux git-clone-oci-ta:0.1 declares the parameter as submodules (optionally submodulePaths), so - name: SUBMODULES won’t match and may cause submodule fetching to be skipped. Update the param at .tekton/lightspeed-console-pull-request.yaml (lines 157-158) to use submodules so the later COPY branches/... / npm prefetch for those paths works.

- name: SUBMODULES
  value: 'true'

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/lightspeed-console-pull-request.yaml around lines 157 - 158, The
SUBMODULES param is incorrectly cased for the git-clone-oci-ta:0.1 task so
submodules may not be fetched; change the pipeline param name from SUBMODULES to
submodules (keep the value 'true') in the task params block that invokes
git-clone-oci-ta:0.1 so the operator recognizes it and optional submodulePaths
will be honored during the subsequent COPY/npm prefetch steps.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Rollout wait can time out 2 minutes early due to oc helper timeout.

At Line 269, this uses oc(...), but tests/support/fixtures.ts enforces a 180s process timeout. That can kill oc rollout status --timeout=5m before rollout completes, causing flaky setup failures.

Proposed fix

-    oc([
-      'rollout',
-      'status',
-      `deployment/${deploymentName}`,
-      '-n',
-      OLS_NAMESPACE,
-      '--timeout=5m',
-    ]);
+    execFileSync(
+      'oc',
+      [
+        'rollout',
+        'status',
+        `deployment/${deploymentName}`,
+        '-n',
+        OLS_NAMESPACE,
+        '--timeout=5m',
+        '--kubeconfig',
+        KUBECONFIG!,
+      ],
+      { encoding: 'utf-8', timeout: 6 * MINUTE },
+    );

🧰 Tools

🪛 ESLint

[error] 269-276: Replace ⏎······'rollout',⏎······'status',⏎······deployment/${deploymentName},⏎······'-n',⏎······OLS_NAMESPACE,⏎······'--timeout=5m',⏎···· with 'rollout',·'status',·deployment/${deploymentName},·'-n',·OLS_NAMESPACE,·'--timeout=5m'

(prettier/prettier)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/support/global-setup.ts` around lines 269 - 276, The oc rollout wait is
being killed by the global 180s helper timeout in tests/support/fixtures.ts;
update the oc invocation in tests/support/global-setup.ts (the oc([...
'rollout','status', `deployment/${deploymentName}`, ...]) call) to use a longer
per-call timeout instead of the default helper timeout—either extend the oc
helper to accept an explicit timeout argument or add a new helper (e.g.,
ocWithLongTimeout / ocRolloutStatus) and call that for rollout status so the
command's '--timeout=5m' can complete without being terminated by the 180s
process timeout enforcement in tests/support/fixtures.ts.

[openshift-ci-robot]

@kyoto: This pull request references OLS-3206 which is a valid jira issue.

Details

In response to this:

• Replace the three-image approach with a single container image containing UI builds for all supported OCP versions (PF5, 4.19, main), using git submodules and a multi-stage Dockerfile
• Add entrypoint.sh that symlinks the correct build directory based on the OCP_VERSION env var set by the operator, defaulting to the main build for unrecognized versions
• Update Konflux pipelines to fetch submodules and prefetch npm dependencies from all three source directories

⚠️ Note: Integration tests temporarily target OCP 4.19 (last commit) for WIP testing

Summary by CodeRabbit

• Documentation

• Updated project structure and system overview documentation to describe the new single-image deployment model with runtime variant selection.

• New Features

• Single container image now includes pre-built UI variants for multiple OpenShift versions, with automatic selection at startup based on environment configuration, eliminating the previous multi-image deployment approach.

• Chores

• Enhanced CI/CD pipelines and build infrastructure to support multi-variant builds and associated test runtime configuration.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@kyoto: This pull request references OLS-3205 which is a valid jira issue.

Details

In response to this:

• Replace the three-image approach with a single container image containing UI builds for all supported OCP versions (PF5, 4.19, main), using git submodules and a multi-stage Dockerfile
• Add entrypoint.sh that symlinks the correct build directory based on the OCP_VERSION env var set by the operator, defaulting to the main build for unrecognized versions
• Update Konflux pipelines to fetch submodules and prefetch npm dependencies from all three source directories

⚠️ Note: Integration tests temporarily target OCP 4.19 (last commit) for WIP testing

Summary by CodeRabbit

• Documentation

• Updated docs to describe the new single-image deployment model and runtime variant selection.

• New Features

• Plugin now ships one container image that contains UI variants for multiple OpenShift versions and selects the appropriate variant at startup via environment configuration.

• Chores

• CI/CD and build pipelines updated to fetch submodules and prefetch multi-variant inputs; test/runtime configs now honor the chosen OpenShift version.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/support/global-setup.ts`:
- Around line 248-267: The wait loop currently ignores its timeout and may fall
through to oc(['set','env',...]) causing an opaque "deployment not found" error;
update the loop in global-setup.ts to track success with a boolean (e.g.,
foundDeployment) while waiting for deploymentName in namespace OLS_NAMESPACE
using the oc(...) call, and after the loop check that flag—if false, throw or
log a clear error (including deploymentName, OLS_NAMESPACE and the timeout
duration) or skip the env set to avoid the opaque failure; ensure references to
deploymentName, OLS_NAMESPACE and the oc invocation are used so the change is
applied to the correct block.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 63aea6aa-ad98-4df2-82e7-49f57b2f43d0

📥 Commits

Reviewing files that changed from the base of the PR and between cc7a4d2 and 62e9453.

📒 Files selected for processing (11)

• .ai/spec/how/project-structure.md
• .ai/spec/what/system-overview.md
• .gitmodules
• .tekton/integration-tests/lightspeed-console-pre-commit.yaml
• .tekton/lightspeed-console-pull-request.yaml
• .tekton/lightspeed-console-push.yaml
• Dockerfile
• branches/4-19
• branches/pf5
• entrypoint.sh
• tests/support/global-setup.ts

✅ Files skipped from review due to trivial changes (3)

• branches/4-19
• .tekton/integration-tests/lightspeed-console-pre-commit.yaml
• .ai/spec/how/project-structure.md

🚧 Files skipped from review as they are similar to previous changes (7)

• .tekton/lightspeed-console-push.yaml
• .tekton/lightspeed-console-pull-request.yaml
• branches/pf5
• .gitmodules
• entrypoint.sh
• .ai/spec/what/system-overview.md
• Dockerfile

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Wait loop ignores its own timeout, then fails opaquely.

If the deployment never appears within the 5-minute window, the loop exits silently and execution falls through to oc set env, which throws an unclear "deployment not found" error. Track success and fail (or skip) explicitly so the timeout is meaningful and the failure is diagnosable.

Proposed fix

     console.log(`Waiting for deployment/${deploymentName} to exist...`);
     const deadline = Date.now() + 5 * MINUTE;
+    let deploymentFound = false;
     while (Date.now() < deadline) {
       try {
         oc(['get', `deployment/${deploymentName}`, '-n', OLS_NAMESPACE]);
+        deploymentFound = true;
         break;
       } catch {
         console.log('Waiting for console plugin deployment...');
         execSync('sleep 10');
       }
     }
+    if (!deploymentFound) {
+      throw new Error(
+        `Timed out waiting for deployment/${deploymentName} in ${OLS_NAMESPACE}`,
+      );
+    }
     console.log(`Setting OCP_VERSION=${process.env.OCP_VERSION} on ${deploymentName}...`);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	console.log(`Waiting for deployment/${deploymentName} to exist...`);
	const deadline = Date.now() + 5 * MINUTE;
	while (Date.now() < deadline) {
	try {
	oc(['get', `deployment/${deploymentName}`, '-n', OLS_NAMESPACE]);
	break;
	} catch {
	console.log('Waiting for console plugin deployment...');
	execSync('sleep 10');
	}
	}
	console.log(`Setting OCP_VERSION=${process.env.OCP_VERSION} on ${deploymentName}...`);
	oc([
	'set',
	'env',
	`deployment/${deploymentName}`,
	'-n',
	OLS_NAMESPACE,
	`OCP_VERSION=${process.env.OCP_VERSION}`,
	]);
	console.log(`Waiting for deployment/${deploymentName} to exist...`);
	const deadline = Date.now() + 5 * MINUTE;
	let deploymentFound = false;
	while (Date.now() < deadline) {
	try {
	oc(['get', `deployment/${deploymentName}`, '-n', OLS_NAMESPACE]);
	deploymentFound = true;
	break;
	} catch {
	console.log('Waiting for console plugin deployment...');
	execSync('sleep 10');
	}
	}
	if (!deploymentFound) {
	throw new Error(
	`Timed out waiting for deployment/${deploymentName} in ${OLS_NAMESPACE}`,
	);
	}
	console.log(`Setting OCP_VERSION=${process.env.OCP_VERSION} on ${deploymentName}...`);
	oc([
	'set',
	'env',
	`deployment/${deploymentName}`,
	'-n',
	OLS_NAMESPACE,
	`OCP_VERSION=${process.env.OCP_VERSION}`,
	]);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/support/global-setup.ts` around lines 248 - 267, The wait loop
currently ignores its timeout and may fall through to oc(['set','env',...])
causing an opaque "deployment not found" error; update the loop in
global-setup.ts to track success with a boolean (e.g., foundDeployment) while
waiting for deploymentName in namespace OLS_NAMESPACE using the oc(...) call,
and after the loop check that flag—if false, throw or log a clear error
(including deploymentName, OLS_NAMESPACE and the timeout duration) or skip the
env set to avoid the opaque failure; ensure references to deploymentName,
OLS_NAMESPACE and the oc invocation are used so the change is applied to the
correct block.