osc: add tide configs to trigger merge automation

[thejasn]

Add missing plugins and tide config to enable ease of merge..

This ensures all PR merges have a multi step approval process before merging. (as documented here)

Summary by CodeRabbit

• Chores
  • Updated pull request automation configuration for the sandboxed-containers-operator repository with new approval requirements and merge policies.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: thejasn
Once this PR has been reviewed and has the lgtm label, please assign snir911 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• core-services/prow/02_config/openshift/sandboxed-containers-operator/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

This PR adds Prow plugin and merge configurations for the openshift/sandboxed-containers-operator repository, enabling self-approval and configuring automated merge behavior with specific label requirements.

Changes

Cohort / File(s)	Summary
Prow Configuration for sandboxed-containers-operator core-services/prow/02_config/openshift/sandboxed-containers-operator/_pluginconfig.yaml, core-services/prow/02_config/openshift/sandboxed-containers-operator/_prowconfig.yaml	Added approve plugin configuration with self-approval enabled and ignore_review_state: true. Added tide configuration specifying merge method and label requirements (approved, lgtm) with exclusions for specific labels (do-not-merge/*, jira/invalid-bug, needs-rebase, etc.).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 10

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'osc: add tide configs to trigger merge automation' directly and clearly describes the main change: adding tide configuration to enable merge automation for the openshift/sandboxed-containers-operator repository.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	Custom check for stable and deterministic Ginkgo test names is not applicable as the PR only modifies infrastructure configuration files without any Go test code.
Test Structure And Quality	✅ Passed	The PR only modifies Prow configuration YAML files, not Ginkgo test code, so the custom test structure check is not applicable.
Microshift Test Compatibility	✅ Passed	PR contains only Prow configuration YAML files and OWNERS file, no Ginkgo e2e tests, so custom check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This check assesses SNO test compatibility for new Ginkgo e2e tests. The PR only adds Prow configuration files with no Ginkgo test code, so the check is not applicable and passes.
Topology-Aware Scheduling Compatibility	✅ Passed	Pull request adds Prow CI/CD configuration files that define plugin settings and merge automation policies, not Kubernetes deployment manifests, operator code, or controllers with scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	The pull request modifies only YAML configuration files with no executable code that could write to stdout.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds only Prow configuration YAML files, not Ginkgo e2e test files, so the custom check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@thejasn: no rehearsable tests are affected by this change

Note: If this PR includes changes to step registry files (ci-operator/step-registry/) and you expected jobs to be found, try rebasing your PR onto the base branch. This helps pj-rehearse accurately detect changes when the base branch has moved forward.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@core-services/prow/02_config/openshift/sandboxed-containers-operator/_pluginconfig.yaml`:
- Around line 7-10: The repository entry
"openshift/sandboxed-containers-operator" incorrectly nests a "plugins:" key;
remove that nested key and place the flat list of plugin names directly under
the repository key so the "approve" plugin is defined as a top-level list item
for openshift/sandboxed-containers-operator. Update the block that references
"openshift/sandboxed-containers-operator" to have a single plugins list
containing "approve" (no inner "plugins:" object), ensuring it conforms to
Prow's sigs.k8s.io/prow/pkg/plugins schema.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 95a08bd2-afd7-4a26-be88-955906a29cfe

📥 Commits

Reviewing files that changed from the base of the PR and between ff508ec and e50c156.

📒 Files selected for processing (2)

• core-services/prow/02_config/openshift/sandboxed-containers-operator/_pluginconfig.yaml
• core-services/prow/02_config/openshift/sandboxed-containers-operator/_prowconfig.yaml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify plugin map structure used across repository plugin configs.
# Expected pattern examples: plugins: <repo>: - approve

set -euo pipefail

echo "== Files containing nested repo.plugins key under pluginconfig =="
rg -n -C2 '^(\s{2,}|\t+)plugins:\s*$' $(fd '_pluginconfig\.yaml$')

echo
echo "== Files containing direct repo -> list form in pluginconfig =="
rg -n -C2 '^plugins:\n(\s{2,}|\t+)[^:\n]+/[^:\n]+:\n(\s{2,}|\t+)-\s+\w+' $(fd '_pluginconfig\.yaml$') || true

Repository: openshift/release

Length of output: 50583

---

🏁 Script executed:

# Look at the specific file being reviewed to confirm its exact structure
cat core-services/prow/02_config/openshift/sandboxed-containers-operator/_pluginconfig.yaml

Repository: openshift/release

Length of output: 309

---

🌐 Web query:

Prow plugin configuration schema nested plugins structure YAML format

💡 Result:

The Prow plugin configuration is defined in a YAML file named plugins.yaml. This file specifies which plugins are enabled for specific organizations and repositories, along with plugin-specific configurations. There is no formal JSON schema available in the official documentation, but the structure is defined by the Go struct in sigs.k8s.io/prow/pkg/plugins.Configuration, which can be viewed in Go documentation or source code. Key structure elements from official sources: - Top-level keys are plugin names (e.g., triggers, lgtm, size, config_updater, external_plugins). - Plugins are enabled per org or org/repo with lists of plugin names. - Plugin-specific configs are nested maps under each plugin name. Example from kubernetes/test-infra config/prow/plugins.yaml (master branch): plugins: kubernetes-sigs: - assign - trigger - label - mergecommitblocker - size - skip - wip triggers: - repos: - kubernetes-sigs/cluster-api # ... more repos join_org_url: "https://git.k8s.io/community/community-membership.md#member" only_org_members: true lgtm: - repos: - bazelbuild - kubernetes-sigs/aws-ebs-csi-driver # ... more repos review_acts_as_lgtm: true size: s: 10 m: 30 l: 100 xl: 500 config_updater: maps: config/prow/plugins.yaml: name: plugin external_plugins: org-foo/repo-bar: - name: refresh-remote endpoint: https://my-refresh-plugin.com events: - issue_comment The configuration is loaded and validated by Prow's ConfigAgent.Load function, which unmarshals YAML into the Configuration struct and checks for unknown plugins if enabled. For full field descriptions, refer to the GoDoc at https://godoc.org/sigs.k8s.io/prow/pkg/plugins or pkg.go.dev. Nested structure refers to: 1. Hierarchical enabling: org-level plugins apply to all repos unless excluded via excluded_repos; repo-specific overrides. 2. Plugin configs as nested objects (e.g., triggers.repos list, lgtm.review_acts_as_lgtm bool). 3. External plugins as nested lists under external_plugins. No evidence of deeply recursive "nested plugins" (plugins containing plugins); structure is flat lists with nested config objects per plugin type.

Citations:

• 1: https://github.com/kubernetes/test-infra/blob/master/config/prow/plugins.yaml
• 2: https://docs.prow.k8s.io/docs/components/plugins/
• 3: https://github.com/kubernetes-sigs/prow/blob/main/pkg/plugins/plugins.go
• 4: https://docs.prow.k8s.io/docs/components/plugins
• 5: https://godoc.org/sigs.k8s.io/prow/pkg/plugins

---

Remove nested plugins: key to match Prow's plugin configuration schema.

The nested plugins: at line 9 is invalid. According to Prow's official plugin configuration schema (from sigs.k8s.io/prow/pkg/plugins), repository-scoped plugins must be a flat list directly under the repository key, not a nested object. The current structure will prevent the approve plugin from loading.

Proposed fix

 plugins:
   openshift/sandboxed-containers-operator:
-    plugins:
-    - approve
+  - approve

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	plugins:
	openshift/sandboxed-containers-operator:
	plugins:
	- approve
	plugins:
	openshift/sandboxed-containers-operator:
	- approve

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@core-services/prow/02_config/openshift/sandboxed-containers-operator/_pluginconfig.yaml`
around lines 7 - 10, The repository entry
"openshift/sandboxed-containers-operator" incorrectly nests a "plugins:" key;
remove that nested key and place the flat list of plugin names directly under
the repository key so the "approve" plugin is defined as a top-level list item
for openshift/sandboxed-containers-operator. Update the block that references
"openshift/sandboxed-containers-operator" to have a single plugins list
containing "approve" (no inner "plugins:" object), ensuring it conforms to
Prow's sigs.k8s.io/prow/pkg/plugins schema.

[openshift-ci]

@thejasn: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.