prowgen: add skip_branches support to ProwgenOverrides

[redhat-chai-bot]

What

Adds a skip_branches field to TestStepConfiguration in the ci-operator config, allowing individual tests to exclude specific branch patterns from their generated presubmit jobs.

Why

Currently, prowgen and determinize unconditionally inject both exact-match (^main$) and feature-branch (^main-) regex patterns for every presubmit job. There is no way to opt out of the feature-branch pattern.

This causes problems for repos that use branch names like main-pf5 or main-pf4 with separate CI pipeline configurations — the main branch's presubmit jobs run on those branches too, interfering with their dedicated pipelines.

Upstream Prow already supports skip_branches on the Brancher struct (prow/pkg/config/jobs.go), but ci-tools did not plumb it through job generation until now.

How

• Added SkipBranches []string to TestStepConfiguration in pkg/api/types.go (per-test, not global)
• Updated handlePresubmit in pkg/prowgen/prowgen.go to read element.SkipBranches and populate Brancher.SkipBranches
• Added unit tests and test fixtures

The field is per-test so users can selectively skip branches for specific tests — e.g. skip main-pf5 for e2e-aws-ovn but not for e2e-gcp.

Usage

In the ci-operator config for a specific test:

tests:
- as: e2e-aws
  skip_branches:
  - ^main-pf5$
  - ^main-pf4$
  steps:
    workflow: openshift-e2e-aws

This will add those patterns to skip_branches on the generated presubmit job for e2e-aws, preventing it from triggering on branches matching those patterns while still running on main.

References

• Forum thread: https://redhat-internal.slack.com/archives/CBN38N3MW/p1748529358.123456
• Related Jira: DPTP-4910
• Upstream Prow support: https://github.com/kubernetes-sigs/prow/blob/a5e8739d619577677217de2c7620033ac9fe0ee5/pkg/config/jobs.go#L363

Feature: Per-Test Branch Exclusion for Presubmit Jobs

This pull request introduces skip_branches support to ci-operator's test configuration, enabling repositories to selectively exclude branch patterns from specific presubmit tests.

Problem Solved

Previously, ci-operator would unconditionally generate presubmit jobs that run on all branch patterns (exact matches like ^main$ and feature branches like ^main-). This caused conflicts for repositories using branch naming schemes like main-pf5 or main-pf4 with separate CI pipelines, as the main branch's presubmit jobs would incorrectly trigger on those branches.

What's New

CI operators can now specify skip_branches in their ci-operator configuration on a per-test basis:

tests:
- as: e2e-aws
  skip_branches:
  - ^main-pf5$
  - ^main-pf4$
  steps:
    workflow: openshift-e2e-aws

This prevents the e2e-aws test from running on matched branch patterns while still executing on the base main branch. The per-test design enables fine-grained control—for example, one test can skip main-pf5 while another test runs on it.

Technical Changes

• ci-operator configuration schema: Added SkipBranches field to TestStepConfiguration in pkg/api/types.go
• Prow job generation: Updated pkg/prowgen/prowgen.go to propagate the skip_branches configuration into Prow's Brancher.SkipBranches field on generated presubmit jobs
• Test coverage: Added test cases validating correct branch exclusion behavior in generated Prow configurations

The feature leverages existing upstream Prow support and maps directly to Prow's standard Brancher.SkipBranches mechanism.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• pkg/api/zz_generated.deepcopy.go is excluded by !**/zz_generated*

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 9bcf4032-657e-438d-937b-776f010d3e96

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a SkipBranches []string field to TestStepConfiguration in pkg/api/types.go. The field is threaded through generatePresubmitOptions and handlePresubmit in prowgen.go to set prowconfig.Brancher.SkipBranches on generated presubmit jobs. Two new test cases and two YAML fixtures verify the propagation.

Changes

SkipBranches for presubmit generation

Layer / File(s)	Summary
API field and prowgen wiring pkg/api/types.go, pkg/prowgen/prowgen.go	TestStepConfiguration gains SkipBranches []string (JSON: skip_branches). generatePresubmitOptions adds a matching skipBranches field; handlePresubmit copies element.SkipBranches into it; generatePresubmitForTest sets Brancher.SkipBranches from opts.skipBranches.
Tests and fixtures pkg/prowgen/prowgen_test.go, pkg/prowgen/testdata/zz_fixture_TestGeneratePresubmitForTest_presubmit_with_skip_branches.yaml, pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_presubmit_with_per_test_skip_branches.yaml	Two new table-driven cases cover unit-level presubmit generation with skipBranches and end-to-end job generation with per-test SkipBranches, each validated against a new YAML fixture.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 16 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (16 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding skip_branches support to Prowgen, which is demonstrated throughout the changeset with new TestStepConfiguration field, prowgen.go updates, and comprehensive test coverage.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Go Error Handling	✅ Passed	No error handling violations detected. Changes involve simple struct field assignments (skipBranches []string) with no error-returning functions, no ignored errors, panic calls, or unsafe pointer d...
Test Coverage For New Features	✅ Passed	New functionality has comprehensive test coverage: TestGeneratePresubmitForTest and TestGenerateJobs include table-driven test cases for skip_branches with fixture-based validation confirming corre...
Stable And Deterministic Test Names	✅ Passed	The PR does not contain any Ginkgo tests. All tests are standard Go testing.T table-driven tests using static, deterministic test case names: "presubmit with skip_branches" and "presubmit with per-...
Test Structure And Quality	✅ Passed	This repository uses standard Go testing (testing.T), not Ginkgo. The custom check for Ginkgo test code quality is not applicable to this PR, so it passes by non-applicability.
Microshift Test Compatibility	✅ Passed	This PR does not add Ginkgo e2e tests. It adds Go unit tests (prowgen_test.go using testing.T) for code generation logic and configuration changes. The check only applies to Ginkgo e2e tests.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. Changes are infrastructure-focused: struct field additions, code generation updates, and standard Go unit tests with YAML fixtures. The check is not applic...
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds skip_branches field to Prow job configuration for branch filtering—a job trigger control, not a scheduling constraint. No deployment manifests, operators, or pod scheduling logic introduced.
Ote Binary Stdout Contract	✅ Passed	This PR modifies ci-operator configuration tooling, not OTE test binaries. No stdout writes found in process-level code. Check is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests added. This PR modifies ci-operator job generation infrastructure (adds skip_branches support) with standard Go unit tests, not e2e tests.
No-Weak-Crypto	✅ Passed	PR adds branch filtering configuration field; no weak crypto, custom crypto, or insecure secret comparison patterns found.
Container-Privileges	✅ Passed	No privileged container settings, hostPID/hostNetwork/hostIPC, SYS_ADMIN capabilities, or allowPrivilegeEscalation flags found. PR adds skip_branches field for branch filtering in presubmit jobs.
No-Sensitive-Data-In-Logs	✅ Passed	The skip_branches feature handles only branch name regex patterns. No logging statements expose passwords, tokens, API keys, PII, or sensitive data.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @redhat-chai-bot. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[danilo-gemoli]

/ok-to-test

[danilo-gemoli]

/retest-required
/approve
/lgtm

[danilo-gemoli]

/test e2e

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 4788bfa and 2 for PR HEAD 28c5775 in total

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 4f3c202 and 1 for PR HEAD 28c5775 in total

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 97d3841 and 0 for PR HEAD 28c5775 in total

[openshift-merge-bot]

/hold

Revision 28c5775 was retested 3 times: holding

[deepsm007]

/lgtm
/unhold

[deepsm007]

/override ci/prow/e2e

[openshift-ci]

@deepsm007: Overrode contexts on behalf of deepsm007: ci/prow/e2e

Details

In response to this:

/override ci/prow/e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[memodi]

/test codegen

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 4220cce and 2 for PR HEAD 93b0213 in total

[deepsm007]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danilo-gemoli, deepsm007, redhat-chai-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [danilo-gemoli,deepsm007]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[memodi]

/test images

[openshift-merge-bot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e

[deepsm007]

/override ci/prow/e2e

[openshift-ci]

@deepsm007: Overrode contexts on behalf of deepsm007: ci/prow/e2e

Details

In response to this:

/override ci/prow/e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@redhat-chai-bot: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.