stackrox: add ocp-vm-scanning-e2e-tests job (testing)

[vikin91]

Summary

Adds CI config for the ocp-vm-scanning-e2e-tests job targeting the
piotr/ROX-29577-VM4VM-e2e-tests feature branch in stackrox/stackrox.

• Uses stackrox-automation-flavors-ocp-4-e2e workflow with OCP 4.21 candidate
• Temporary branch-specific config for testing; will be moved to master config after validation

Test plan

• CI rehearsal passes on this PR
• VM scanning e2e tests pass on the feature branch
• Once validated, replace with entry in stackrox-stackrox-master__ocp-4-21.yaml

Summary by CodeRabbit

• Chores
  • Added CI/CD configuration for automated test execution to improve testing infrastructure.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[vikin91]

/hold

[coderabbitai]

Warning

Rate limit exceeded

@vikin91 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 17 minutes and 58 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 17 minutes and 58 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: a8e7e80b-661f-4389-b2ec-93292ffff1a5

📥 Commits

Reviewing files that changed from the base of the PR and between 1e42d9c and 9dceaff.

📒 Files selected for processing (1)

• ci-operator/config/stackrox/stackrox/stackrox-stackrox-piotr-ROX-29577-VM4VM-e2e-tests__ocp-4-21.yaml

Walkthrough

A new CI/operator configuration YAML file is added for the stackrox project that defines a test execution pipeline for OCP 4.21, specifying base images, resource requests, environment variables pinned to OCP version 4.21, workflow assignment, optional test marking, and a 5-hour timeout.

Changes

Cohort / File(s)	Summary
CI Configuration ci-operator/config/stackrox/stackrox/stackrox-stackrox-piotr-ROX-29577-VM4VM-e2e-tests__ocp-4-21.yaml	Added new CI/operator configuration file with base image definitions, image stream tagging, resource requests, and test execution entry for ocp-vm-scanning-e2e-tests. Includes environment variable pinning for OCP version 4.21, workflow assignment, optional test marking, and 5-hour timeout.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 10

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding a new CI job configuration for ocp-vm-scanning-e2e-tests, which directly matches the added YAML file and its primary purpose.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	This PR contains only a CI configuration YAML file with no Ginkgo test code or test title definitions, making the custom check not applicable.
Test Structure And Quality	✅ Passed	This PR adds a CI configuration YAML file for OpenShift CI system test job execution. The custom check for Ginkgo test code quality is not applicable as the PR contains no Ginkgo test code or Go test files.
Microshift Test Compatibility	✅ Passed	The pull request adds a CI/Operator configuration file (YAML) that references a test workflow, but does not define any Ginkgo e2e tests directly.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR adds only CI/operator configuration YAML and contains no new Ginkgo e2e test code, making the SNO compatibility check not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	The added file is a ci-operator configuration for test orchestration, not a Kubernetes deployment manifest with scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	The OTE Binary Stdout Contract check is not applicable to declarative CI configuration files; the actual test binary code would be subject to this check when committed to stackrox/stackrox.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR only adds a CI configuration YAML file, not Ginkgo e2e test code, so the custom check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vikin91

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/stackrox/OWNERS [vikin91]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vikin91]

/test pj-rehearse-max

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

ci-operator/config/stackrox/stackrox/stackrox-stackrox-piotr-ROX-29577-VM4VM-e2e-tests__ocp-4-21.yaml (1)

23-23: Track removal of optional: true before promoting to master config.

For temporary branch validation this is fine, but carrying optional: true into stackrox-stackrox-master__ocp-4-21.yaml would reduce signal by not gating failures.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/config/stackrox/stackrox/stackrox-stackrox-piotr-ROX-29577-VM4VM-e2e-tests__ocp-4-21.yaml`
at line 23, This change temporarily sets the YAML flag "optional: true" which
must not be carried into the master config; before promoting to master, remove
the "optional: true" entry from the corresponding master config
(stackrox-stackrox-master__ocp-4-21.yaml) so failures are gated, and add a short
TODO/PR note or create a follow-up task referencing this branch so the removal
is tracked and verified prior to merge.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ci-operator/config/stackrox/stackrox/stackrox-stackrox-piotr-ROX-29577-VM4VM-e2e-tests__ocp-4-21.yaml`:
- Line 29: The job timeout is currently set to 5h0m0s but the step
"stackrox-stackrox-e2e-test" requires 7h0m0s; update the timeout value from
5h0m0s to at least 7h0m0s (e.g., timeout: 7h0m0s) in this job's YAML so the job
does not terminate before the step completes.

---

Nitpick comments:
In
`@ci-operator/config/stackrox/stackrox/stackrox-stackrox-piotr-ROX-29577-VM4VM-e2e-tests__ocp-4-21.yaml`:
- Line 23: This change temporarily sets the YAML flag "optional: true" which
must not be carried into the master config; before promoting to master, remove
the "optional: true" entry from the corresponding master config
(stackrox-stackrox-master__ocp-4-21.yaml) so failures are gated, and add a short
TODO/PR note or create a follow-up task referencing this branch so the removal
is tracked and verified prior to merge.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: d1ea32fd-086b-4065-bb32-92e188ae0a23

📥 Commits

Reviewing files that changed from the base of the PR and between 8fe4501 and 1e42d9c.

📒 Files selected for processing (1)

• ci-operator/config/stackrox/stackrox/stackrox-stackrox-piotr-ROX-29577-VM4VM-e2e-tests__ocp-4-21.yaml

[vikin91]

/test all

[vikin91]

/test all

[vikin91]

/test all

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@vikin91: no rehearsable tests are affected by this change

Note: If this PR includes changes to step registry files (ci-operator/step-registry/) and you expected jobs to be found, try rebasing your PR onto the base branch. This helps pj-rehearse accurately detect changes when the base branch has moved forward.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@vikin91: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/generated-config	9dceaff	link	true	/test generated-config

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.