stackrox: Add 3h timeout to ocp-4-create step

[davdhacs]

The ocp-4-create step had no explicit timeout, inheriting the 2h default from the Prow entrypoint. If the first provisioning attempt fails late in startup or otherwise takes >60min and the retry script starts a second attempt, 2h is not enough for two full OCP provisioning cycles. This caused nightly UI E2E tests to be killed mid-provisioning on the retry.

3h accommodates two full provisioning cycles.

/uncc

Summary by CodeRabbit

This PR updates the CI configuration for StackRox's OpenShift 4 end-to-end tests. Specifically, it adds an explicit 3-hour timeout to the ocp-4-create step in the stackrox-automation-flavors-ocp-4-e2e workflow.

Practical Impact:
Previously, this step inherited a 2-hour default timeout from Prow, which was insufficient when the initial cluster provisioning failed late in the startup sequence. In such cases, a retry script would attempt a second provisioning cycle, but the remaining time wouldn't accommodate a full second attempt, causing nightly UI E2E tests to be killed mid-provisioning.

The explicit 3-hour timeout ensures that two complete OpenShift 4 provisioning cycles can complete, allowing retry attempts to succeed even when the initial provisioning takes significant time.

File Changed:

• ci-operator/step-registry/stackrox/automation-flavors/ocp-4-e2e/stackrox-automation-flavors-ocp-4-e2e-workflow.yaml — Added timeout: 3h0m0s to the ocp-4-create pre-step

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 75b5b5c9-28a0-4bd5-9d47-bf4dbd68c6fa

📥 Commits

Reviewing files that changed from the base of the PR and between 9ba331c and 3f6a4c2.

📒 Files selected for processing (1)

• ci-operator/step-registry/stackrox/automation-flavors/ocp-4-e2e/stackrox-automation-flavors-ocp-4-e2e-workflow.yaml

---

Walkthrough

The StackRox automation flavors OCP-4-E2E workflow is updated to increase the timeout for the ocp-4-create step to 3 hours, allowing longer-running cluster creation operations to complete without timing out.

Changes

CI Workflow Configuration

Layer / File(s)	Summary
OCP-4-E2E workflow timeout update ci-operator/step-registry/stackrox/automation-flavors/ocp-4-e2e/stackrox-automation-flavors-ocp-4-e2e-workflow.yaml	The timeout for the ocp-4-create step is updated to 3h0m0s.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the primary change: adding a 3-hour timeout to the ocp-4-create step in the stackrox workflow configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR 80452 changes only stackrox-automation-flavors-ocp-4-e2e-workflow.yaml by adding timeout: 3h0m0s to ocp-4-create; no Ginkgo test titles were modified.
Test Structure And Quality	✅ Passed	PR changes workflow timeout (ocp-4-create timeout: 3h0m0s); no modified Ginkgo test code found—changed Go/_test.go files contain no onsi/ginkgo imports.
Microshift Test Compatibility	✅ Passed	PR #80452 only adds timeout: 3h0m0s to the ocp-4-create step in a workflow YAML; no new Ginkgo e2e tests or test code were added, so MicroShift API checks are not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR #80452 changes only ci-operator workflow YAML (adds timeout: 3h0m0s to ocp-4-create); no new Ginkgo e2e tests were added, so no SNO assumptions to flag.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds only requests.timeout: 3h0m0s to the ocp-4-create workflow step; no added affinity/nodeSelector/topology-spread/replica scheduling constraints detected. citeturn2view0turn3view0
Ote Binary Stdout Contract	✅ Passed	PR #80452 changes only ci-operator/…/stackrox-automation-flavors-ocp-4-e2e-workflow.yaml by adding timeout: 3h0m0s (+1/-0); no OTE binary code or process-level stdout writes are modified.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR #80452 modifies only the stackrox-automation-flavors-ocp-4-e2e workflow YAML (adds timeout 3h0m0s); no new Ginkgo e2e tests were introduced, so no IPv4/IPv6/external-connectivity assumptions to...
No-Weak-Crypto	✅ Passed	Checked workflow file for weak-crypto tokens (MD5/SHA1/DES/RC4/3DES/Blowfish/ECB) and crypto/comparison patterns; none found. PR change is only the ocp-4-create timeout.
Container-Privileges	✅ Passed	In ocp-4-e2e-workflow.yaml, the only change is setting ocp-4-create timeout to 3h0m0s; scanning the file shows no privileged/hostPID/hostNetwork/hostIPC/SYS_ADMIN/allowPrivilegeEscalation/run-as-ro...
No-Sensitive-Data-In-Logs	✅ Passed	PR changes only add timeout: 3h0m0s to the ocp-4-create step; the workflow logs just echo OCP_VERSION and run openshift-ci.sh, with no passwords/tokens/PII added.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[davdhacs]

/pj-rehearse

[openshift-merge-bot]

@davdhacs: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[davdhacs]

/cc @tommartensen @msugakov

[davdhacs]

/pj-rehearse pull-ci-stackrox-stackrox-master-ocp-4-22-qa-e2e-tests

[openshift-merge-bot]

@davdhacs: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@davdhacs: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-stackrox-stackrox-master-ocp-dev-preview-qa-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-dev-preview-scanner-v4-install-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-dev-preview-operator-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-dev-preview-ui-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-dev-preview-fips-qa-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-dev-preview-compliance-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-dev-preview-nongroovy-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-21-qa-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-21-scanner-v4-install-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-21-operator-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-21-ui-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-21-fips-qa-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-21-compliance-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-21-nongroovy-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-21-vm-scanning-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-12-qa-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-12-scanner-v4-install-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-12-operator-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-12-ui-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-12-compliance-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-4-12-nongroovy-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-stable-scanner-v4-install-qa-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-stable-scanner-v4-install-scanner-v4-install-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-stable-scanner-v4-install-operator-e2e-tests	stackrox/stackrox	presubmit	Registry content changed
pull-ci-stackrox-stackrox-master-ocp-stable-scanner-v4-install-ui-e2e-tests	stackrox/stackrox	presubmit	Registry content changed

A total of 191 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[msugakov]

/lgtm

[msugakov]

I do not object for this to be merged. We can do it and see how it goes.
Although, I think we should remain where we are. 1 hour provisioning of the cluster is already long. The chances that one gets a healthy cluster after two long attempts aren't great.
Having timeouts is a healthy thing.

[tommartensen]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davdhacs, msugakov, tommartensen

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/step-registry/stackrox/OWNERS [davdhacs,msugakov,tommartensen]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment