OLS-3205: Single UI container image for all OCP versions

[kyoto]

• Replace the three-image approach with a single container image containing UI builds for all supported OCP versions (PF5, 4.19, main), using git submodules and a multi-stage Dockerfile
• Add entrypoint.sh that symlinks the correct build directory based on the OCP_VERSION env var set by the operator, defaulting to the main build for unrecognized versions
• Update Konflux pipelines to fetch submodules and prefetch npm dependencies from all three source directories

Summary by CodeRabbit

• Documentation

  • Updated system overview and project-structure docs to describe the new single-image deployment model bundling multiple OpenShift UI variants.

• Chores

  • Container image now includes multiple UI builds and selects the appropriate variant at startup via an OCP version setting.
  • CI/CD pipelines updated to fetch submodules and prefetch multiple source paths.
  • Added git submodule configuration for version-specific UI branches.

• Tests

  • Test setup now emits additional diagnostic cluster/log snapshots during global setup.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR builds three UI variants into a single container image, tracks pf5 and 4.19 sources as submodules, updates Tekton to clone/prefetch those submodules, switches the Docker runtime to select a variant via OCP_VERSION in entrypoint.sh, and updates docs and test diagnostics.

Changes

Multi-Build Deployment Model

Layer / File(s)	Summary
Submodule Setup and Branch Tracking .gitmodules, branches/pf5, branches/4-19	Git submodules configured to track branches/pf5 (pattern-fly-5) and branches/4-19 (release-4.19); subproject pointers advanced.
Multi-stage Build and Runtime Selection Dockerfile, entrypoint.sh	Dockerfile adds three build stages (build-pf5, build-4-19, build-main) and installs each build into /builds/{pf5,4-19,main}; entrypoint.sh selects the appropriate build via OCP_VERSION and starts nginx.
CI/CD Pipeline Configuration .tekton/lightspeed-console-pull-request.yaml, .tekton/lightspeed-console-push.yaml, .tekton/integration-tests/*	Tekton PipelineRun manifests updated to include npm prefetch inputs for the root and branch directories and to set SUBMODULES: 'true' for git clone tasks; integration-tests pipeline now targets OpenShift 4.19. prefix.
System Documentation .ai/spec/how/project-structure.md, .ai/spec/what/system-overview.md	Documentation added/renumbered describing single-image deployment with multiple UI variants, submodule layout, multi-stage builds, and runtime variant selection.
Integration Test Diagnostics tests/support/global-setup.ts	Playwright global setup now runs oc diagnostics (pods, deployments, recent plugin logs) in a try/catch to aid CI debugging.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• JoaoFula
• syedriko

Poem

🐰 Three builds nest within one shell,
The entrypoint hums its choice so well,
Branches tracked and CI aligned,
Docs updated, logs defined,
A hop, a start — the variants dwell.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The pull request title accurately summarizes the primary change: replacing a multi-image approach with a single container image for all OCP versions.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

.tekton/integration-tests/lightspeed-console-pre-commit.yaml (1)

61-61: WIP: temporary retarget to 4.19 — restore before merge.

Pinning both the provisioned cluster version (4.19.) and OCP_VERSION=4.19 exercises only the /builds/4-19 variant. Per the PR description this is intentional for WIP, but it leaves the default main build path untested in CI. Please restore (or parameterize across variants) before this leaves WIP.

Want me to open a tracking issue so this revert isn't forgotten before merge?

Also applies to: 236-237

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/integration-tests/lightspeed-console-pre-commit.yaml at line 61, The
pipeline temporarily pins the cluster/OCP version to "4.19." which forces the CI
to only exercise the /builds/4-19 variant; restore the original version (or make
it a parameter) so the default main build path is tested: update the value:
"4.19." entries and the OCP_VERSION setting referenced in this file (and the
related lines ~236-237) back to the previous/default version or replace them
with a pipeline parameter/variable that cycles across variants so CI covers the
main build path instead of only /builds/4-19.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.ai/spec/how/project-structure.md:
- Around line 122-132: Update the "CI/CD pipeline (`.tekton/`)" section to
document the pre-commit Tekton pipeline by adding an entry for
`.tekton/integration-tests/lightspeed-console-pre-commit.yaml`, explaining its
purpose (pre-commit checks) and noting that it also uses `git-clone-oci-ta` with
`SUBMODULES: "true"` and participates in the same Cachi2 `prefetch-input`
scheme; reference the existing push/PR entries and ensure the table now includes
the pre-commit pipeline so the `.tekton/` coverage is complete.

In @.tekton/lightspeed-console-pull-request.yaml:
- Around line 157-158: The SUBMODULES param is incorrectly cased for the
git-clone-oci-ta:0.1 task so submodules may not be fetched; change the pipeline
param name from SUBMODULES to submodules (keep the value 'true') in the task
params block that invokes git-clone-oci-ta:0.1 so the operator recognizes it and
optional submodulePaths will be honored during the subsequent COPY/npm prefetch
steps.

In `@tests/support/global-setup.ts`:
- Around line 269-276: The oc rollout wait is being killed by the global 180s
helper timeout in tests/support/fixtures.ts; update the oc invocation in
tests/support/global-setup.ts (the oc([... 'rollout','status',
`deployment/${deploymentName}`, ...]) call) to use a longer per-call timeout
instead of the default helper timeout—either extend the oc helper to accept an
explicit timeout argument or add a new helper (e.g., ocWithLongTimeout /
ocRolloutStatus) and call that for rollout status so the command's
'--timeout=5m' can complete without being terminated by the 180s process timeout
enforcement in tests/support/fixtures.ts.

---

Nitpick comments:
In @.tekton/integration-tests/lightspeed-console-pre-commit.yaml:
- Line 61: The pipeline temporarily pins the cluster/OCP version to "4.19."
which forces the CI to only exercise the /builds/4-19 variant; restore the
original version (or make it a parameter) so the default main build path is
tested: update the value: "4.19." entries and the OCP_VERSION setting referenced
in this file (and the related lines ~236-237) back to the previous/default
version or replace them with a pipeline parameter/variable that cycles across
variants so CI covers the main build path instead of only /builds/4-19.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8aa55cdd-dd43-40f1-9a4f-b817bb268c6c

📥 Commits

Reviewing files that changed from the base of the PR and between b2047b2 and 6064ae0.

📒 Files selected for processing (11)

• .ai/spec/how/project-structure.md
• .ai/spec/what/system-overview.md
• .gitmodules
• .tekton/integration-tests/lightspeed-console-pre-commit.yaml
• .tekton/lightspeed-console-pull-request.yaml
• .tekton/lightspeed-console-push.yaml
• Dockerfile
• branches/4-19
• branches/pf5
• entrypoint.sh
• tests/support/global-setup.ts

[openshift-ci-robot]

@kyoto: This pull request references OLS-3206 which is a valid jira issue.

Details

In response to this:

• Replace the three-image approach with a single container image containing UI builds for all supported OCP versions (PF5, 4.19, main), using git submodules and a multi-stage Dockerfile
• Add entrypoint.sh that symlinks the correct build directory based on the OCP_VERSION env var set by the operator, defaulting to the main build for unrecognized versions
• Update Konflux pipelines to fetch submodules and prefetch npm dependencies from all three source directories

⚠️ Note: Integration tests temporarily target OCP 4.19 (last commit) for WIP testing

Summary by CodeRabbit

• Documentation

• Updated project structure and system overview documentation to describe the new single-image deployment model with runtime variant selection.

• New Features

• Single container image now includes pre-built UI variants for multiple OpenShift versions, with automatic selection at startup based on environment configuration, eliminating the previous multi-image deployment approach.

• Chores

• Enhanced CI/CD pipelines and build infrastructure to support multi-variant builds and associated test runtime configuration.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@kyoto: This pull request references OLS-3205 which is a valid jira issue.

Details

In response to this:

• Replace the three-image approach with a single container image containing UI builds for all supported OCP versions (PF5, 4.19, main), using git submodules and a multi-stage Dockerfile
• Add entrypoint.sh that symlinks the correct build directory based on the OCP_VERSION env var set by the operator, defaulting to the main build for unrecognized versions
• Update Konflux pipelines to fetch submodules and prefetch npm dependencies from all three source directories

⚠️ Note: Integration tests temporarily target OCP 4.19 (last commit) for WIP testing

Summary by CodeRabbit

• Documentation

• Updated docs to describe the new single-image deployment model and runtime variant selection.

• New Features

• Plugin now ships one container image that contains UI variants for multiple OpenShift versions and selects the appropriate variant at startup via environment configuration.

• Chores

• CI/CD and build pipelines updated to fetch submodules and prefetch multi-variant inputs; test/runtime configs now honor the chosen OpenShift version.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/support/global-setup.ts`:
- Around line 248-267: The wait loop currently ignores its timeout and may fall
through to oc(['set','env',...]) causing an opaque "deployment not found" error;
update the loop in global-setup.ts to track success with a boolean (e.g.,
foundDeployment) while waiting for deploymentName in namespace OLS_NAMESPACE
using the oc(...) call, and after the loop check that flag—if false, throw or
log a clear error (including deploymentName, OLS_NAMESPACE and the timeout
duration) or skip the env set to avoid the opaque failure; ensure references to
deploymentName, OLS_NAMESPACE and the oc invocation are used so the change is
applied to the correct block.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 63aea6aa-ad98-4df2-82e7-49f57b2f43d0

📥 Commits

Reviewing files that changed from the base of the PR and between cc7a4d2 and 62e9453.

📒 Files selected for processing (11)

• .ai/spec/how/project-structure.md
• .ai/spec/what/system-overview.md
• .gitmodules
• .tekton/integration-tests/lightspeed-console-pre-commit.yaml
• .tekton/lightspeed-console-pull-request.yaml
• .tekton/lightspeed-console-push.yaml
• Dockerfile
• branches/4-19
• branches/pf5
• entrypoint.sh
• tests/support/global-setup.ts

✅ Files skipped from review due to trivial changes (3)

• branches/4-19
• .tekton/integration-tests/lightspeed-console-pre-commit.yaml
• .ai/spec/how/project-structure.md

🚧 Files skipped from review as they are similar to previous changes (7)

• .tekton/lightspeed-console-push.yaml
• .tekton/lightspeed-console-pull-request.yaml
• branches/pf5
• .gitmodules
• entrypoint.sh
• .ai/spec/what/system-overview.md
• Dockerfile

[blublinsky]

🟡 Suggestion: Add defensive mkdir -p for /tmp/nginx

The entrypoint relies on /tmp/nginx existing from the Dockerfile's build-time mkdir -p. If a container runtime mounts a tmpfs at /tmp, that directory is wiped and ln -sfn fails immediately (with set -eu the container exits with a cryptic error).

A one-line addition makes the entrypoint self-contained:

Suggested change

	ln -sfn "$BUILD_DIR" /tmp/nginx/html
	mkdir -p /tmp/nginx
	ln -sfn "$BUILD_DIR" /tmp/nginx/html
	exec nginx -g 'daemon off;' -e stderr

[kyoto]

👍 Done

[blublinsky]

🟡 Suggestion: Log the selected build variant at startup

The entrypoint silently picks a variant with no output. When debugging deployment issues (wrong UI served, missing env var, operator misconfiguration), there's no visibility into what happened. A single echo before the exec would show up in container logs:

Suggested change

	exec nginx -g 'daemon off;' -e stderr
	ln -sfn "$BUILD_DIR" /tmp/nginx/html
	echo "OCP_VERSION=${OCP_VERSION:-unset} -- serving $BUILD_DIR"
	exec nginx -g 'daemon off;' -e stderr

[kyoto]

👍 Done

[blublinsky]

🟡 Suggestion: Consider prefix matching for OCP_VERSION

The case requires exact major.minor matches. If the operator ever sets OCP_VERSION to a patch version (4.19.3), prefixed form (v4.19), or pre-release (4.19-rc1), the match silently falls through to main, serving the wrong variant.

Prefix matching would be more resilient:

Suggested change

	esac
	4.16*|4.17*|4.18*) BUILD_DIR=/builds/pf5 ;;
	4.19*|4.20*|4.21*) BUILD_DIR=/builds/4-19 ;;

If exact matching is intentional (strict contract with the operator), a comment documenting that assumption would help future maintainers.

[kyoto]

👍 Done

[blublinsky]

🟢 Nit: Test directories table references Cypress, but the project uses Playwright

The "Test directories" table at the bottom of this file still lists tests/ as "Cypress e2e test specs" and includes cypress/ and cypress.config.ts, but the project moved to Playwright — there's no Cypress config or directory anywhere in the repo. Since this spec file is being updated in this PR anyway, it would be a good opportunity to fix it:

• tests/ → Playwright e2e test specs
• Remove the cypress/ and cypress.config.ts rows
• Add playwright.config.ts instead

[kyoto]

👍 Done

[blublinsky]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment