CMP-4329: Use aws-stackrox for CO aws arm results

[vickeybrown]

CO is a core piece of ACS functionality. Attempting to move CI into the
stackrox cluster profile for AWS testing.

Summary by CodeRabbit

This PR updates the OpenShift CI configuration for the ComplianceAsCode/compliance-operator repository, specifically targeting the ARM64 AWS e2e test jobs (e2e-aws-parallel-arm and e2e-aws-serial-arm).

The changes switch the test execution environment from the quay-aws cluster profile to aws-stackrox, and update the base domain from quay.devcluster.openshift.com to perfscale.rox.systems. This allows the Compliance Operator's ARM-based AWS tests to run in an AWS cluster that has StackRox (an ACS component) preconfigured, creating a test environment that more accurately reflects production ACS deployments and improving test fidelity for ACS-related validations.

[openshift-ci-robot]

@vickeybrown: This pull request references CMP-4329 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

CO is a core piece of ACS functionality. Attempting to move CI into the
stackrox cluster profile for AWS testing.

This PR updates the OpenShift CI configuration for the Compliance Operator (ComplianceAsCode/compliance-operator) so its AWS parallel-arm and serial-arm tests run in the StackRox-enabled AWS cluster profile.

What changed:

The e2e-aws-parallel-arm and e2e-aws-serial-arm job configuration was modified to use the aws-stackrox cluster_profile instead of quay-aws.
The job environment BASE_DOMAIN was updated from quay.devcluster.openshift.com to perfscale.rox.systems.
Impact:

Compliance Operator's AWS parallel-arm and serial-arm test runs will execute against an AWS cluster profile with StackRox preconfigured, improving fidelity for ACS-related testing and ensuring the tests run in an environment that more closely matches ACS deployments.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Two ARM64 AWS e2e jobs in the ComplianceAsCode compliance operator CI configuration are updated to target a new cluster infrastructure. The jobs e2e-aws-parallel-arm and e2e-aws-serial-arm now use the aws-stackrox cluster profile and perfscale.rox.systems as their base domain.

Changes

ARM64 AWS e2e job cluster migration

Layer / File(s)	Summary
Update ARM64 e2e jobs to aws-stackrox cluster ci-operator/config/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master.yaml	Both e2e-aws-parallel-arm and e2e-aws-serial-arm jobs are reconfigured to use the aws-stackrox cluster profile and set BASE_DOMAIN to perfscale.rox.systems, replacing the previous quay-aws profile and quay.devcluster.openshift.com domain.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• openshift/release#79978: Updates the same ComplianceAsCode e2e AWS jobs to migrate from quay-aws to aws-stackrox cluster profile and change BASE_DOMAIN configuration.
• openshift/release#76333: Updates the ComplianceAsCode compliance operator YAML configuration with AWS e2e job modifications including cluster profile and BASE_DOMAIN changes.

Suggested labels

lifecycle/active

Suggested reviewers

• yuumasato
• rhmdnd
• Anna-Koudelkova

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating ARM64 AWS e2e jobs to use the aws-stackrox cluster profile instead of quay-aws.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR only modifies YAML CI configuration; no Ginkgo test names are declared or modified. Custom check is not applicable to CI configuration files.
Test Structure And Quality	✅ Passed	PR modifies only CI configuration YAML files (49k+ files) in openshift/release repository. No Ginkgo test code exists in this repository, making the test quality check not applicable.
Microshift Test Compatibility	✅ Passed	PR modifies CI configuration only (YAML files), not adding any new Ginkgo e2e tests. The check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR modifies only CI configuration YAML, not adding any new Ginkgo e2e tests (It(), Describe(), Context(), etc.). The check for SNO test compatibility does not apply to non-test code.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only CI operator configuration (cluster profile and base domain for test jobs), not deployment manifests, operator code, or controllers. No scheduling constraints are introduced.
Ote Binary Stdout Contract	✅ Passed	PR modifies only YAML CI configuration files with no source code changes; OTE Binary Stdout Contract check applies only to executable code, not configuration.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only modifies CI/CD configuration YAML to change cluster profile and domain for existing tests; no new Ginkgo e2e tests are added, so the check does not apply.
No-Weak-Crypto	✅ Passed	The PR modifies a YAML CI configuration file with no cryptographic code, weak crypto patterns, custom crypto implementations, or insecure secret comparisons detected.
Container-Privileges	✅ Passed	The PR modifies only CI configuration. Comprehensive search found no privileged: true, hostPID, hostNetwork, hostIPC, SYS_ADMIN, runAsUser:0, or allowPrivilegeEscalation settings in the file.
No-Sensitive-Data-In-Logs	✅ Passed	The PR contains only CI configuration changes to cluster profiles and domain names. No logging statements, secrets, credentials, or sensitive data are introduced in the YAML file.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vickeybrown
Once this PR has been reviewed and has the lgtm label, please assign anna-koudelkova for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• ci-operator/config/ComplianceAsCode/compliance-operator/OWNERS
• ci-operator/jobs/ComplianceAsCode/compliance-operator/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@vickeybrown: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-ComplianceAsCode-compliance-operator-master-e2e-aws-parallel-arm	ComplianceAsCode/compliance-operator	presubmit	Ci-operator config changed
pull-ci-ComplianceAsCode-compliance-operator-master-e2e-aws-serial-arm	ComplianceAsCode/compliance-operator	presubmit	Ci-operator config changed

Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@vickeybrown: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.