Skip to content

Commit 89927ef

Browse files
authored
feat(ISV-7390): Add AGENTS.md and basic skills (#981)
Added: 1. AGENTS.md 2. skill for running units tests and other quality gates 3. skill for getting information on running integration tests - setting a recommendation for not running them using agents, but manually 4. agents-md tox env to verify AGENTS.md lines count to be <= 60 (CI enforced) Tried to provide only the most impactful information including important file paths, exact commands, etc. Co-Assisted-By: Claude Opus 4.6 Signed-off-by: Jakub Durkac <jdurkac@redhat.com>
1 parent 974f55d commit 89927ef

8 files changed

Lines changed: 180 additions & 2 deletions

File tree

.claude/skills

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
../skills

.github/workflows/build-and-test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
strategy:
1919
fail-fast: false
2020
matrix:
21-
tox-env: [test, black, yamllint, bandit, mypy, pylint, ansible-lint]
21+
tox-env: [test, black, yamllint, bandit, mypy, pylint, ansible-lint, agents-md]
2222
steps:
2323
- name: Checkout repository
2424
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

AGENTS.md

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
# operator-pipelines
2+
3+
For a concise summary of the project's purpose, read [pipelines overview](docs/users/pipelines_overview.md).
4+
5+
**Toolchain:** Python, Poetry, tox, Ansible, Tekton (OpenShift Pipelines)
6+
7+
## Architecture
8+
9+
- **Tekton pipelines** (`ansible/roles/operator-pipeline/templates/openshift/pipelines/`) define the end-to-end flows. The main pipelines are:
10+
- `operator-ci-pipeline.yml` — ISV CI pipeline for partners to test operators on their own infrastructure without submitting to Red Hat.
11+
- `operator-hosted-pipeline.yml` — Hosted pipeline that accepts operator submissions, runs linting, static checks and dynamic tests (preflight checks), and communicates with Red Hat internal systems to control certification flow. Used for both ISV and community operators.
12+
- `operator-release-pipeline.yml` — Release pipeline that distributes operators to index images (community-operator-index, certified-operator-index, redhat-marketplace-index).
13+
- **Tekton tasks** (`ansible/roles/operator-pipeline/templates/openshift/tasks/`) are the individual pipeline steps. Tasks typically invoke a Python entrypoint as its container command. See `apply-test-waivers.yml` for a minimal example.
14+
- **Python core logic** (`operatorcert/` covered by unit tests in structurally matching `tests/` folder) — Entrypoints in `operatorcert/entrypoints` registered in `pyproject.toml` as `[project.scripts]` are directly used by Tekton tasks. The `operatorcert` also includes Pyxis, IIB, GitHub, OPM clients and bundle/catalog models used by entrypoints.
15+
- **Documentation** (`docs/`, user-facing `docs/user/`)
16+
17+
## Conventions for making changes to the pipelines
18+
19+
- Avoid including credentials within Task scripts.
20+
- Avoid the use of `set -x` in shell scripts which _could_ expose credentials
21+
to the console.
22+
- Don't use workspaces for passing secrets. Use `secretKeyRef` and `volumeMount`
23+
with secret and key names instead.
24+
- Reason: It adds unnecessary complexity to `tkn` commands.
25+
- Use images from trusted registries/namespaces.
26+
- registry.redhat.io
27+
- registry.access.redhat.com
28+
- quay.io/redhat-isv
29+
- quay.io/opdev
30+
- Use image pull specs with digests instead of tags wherever possible.
31+
- Tasks must implement their own skipping behavior, if needed.
32+
- Reason: If a task is not executed, any dependent tasks will not be
33+
executed either.
34+
- Don't use ClusterTasks or upstream tasks. All tasks are defined in this repo.
35+
- Document all params, especially pipeline params.
36+
- Output human readable logs.
37+
- Use reasonable defaults for params wherever possible.
38+
39+
## PR Conventions
40+
41+
- Run `tox` (all environments) before submitting. For all the details about the tox environments including unit testing, linting, type checking, formatting, etc. use `skills/running-tests-and-quality-gates`. This includes single-file verification commands, like `poetry run black --check path/to/file.py`, `poetry run mypy --strict --ignore-missing-imports path/to/file.py`, etc.
42+
- Integration tests should NOT be run by an agent as they can take a lot of time to finish and generate extensive logs. Upon asking, agent should inform the developer about the integration tests setup and how to run them manually using `skills/integration-tests/`.
43+
- Test coverage of code should remain at 100%.
44+
- All of the quality gates above are enforced in CI.

CLAUDE.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
AGENTS.md

skills/SKILLS.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
# Skills
2+
3+
Pattern references and workflow guides for operator-pipelines. Each skill lives in `skills/<name>/SKILL.md`.
4+
5+
For Claude Code, `.claude/skills` symlinks here for auto-discovery.
6+
7+
| Skill | Use when… |
8+
|-------|-----------|
9+
| [running-tests-and-quality-gates](running-tests-and-quality-gates/SKILL.md) | Use when running or interacting with unit tests, code formatters, linters, type checks, pip audit or other quality gates. |
10+
| [integration-tests](integration-tests/SKILL.md) | Use when setting up or running integration tests for operator-pipelines. Agents should NOT run these — guide the user through manual setup and execution instead. |

skills/integration-tests/SKILL.md

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
---
2+
name: integration-tests
3+
description: Use when setting up or running integration tests for operator-pipelines. Agents should NOT run these — guide the user through manual setup and execution instead.
4+
---
5+
6+
# Integration Tests
7+
8+
## Overview
9+
10+
Integration tests create a PR in repository https://github.com/redhat-openshift-ecosystem/operator-pipelines-test. This PR creation triggers the hosted pipeline that tests compatibility of an added operator version in various ways. After success, PR is merged automatically and a release pipeline is triggered that adds the operator to an index image. The tests take up to tens of minutes and produce extensive Ansible logs. **Agents should not run them** — instead, help the user prepare and point them to the right resources.
11+
12+
### Prerequisites
13+
14+
1. Be logged in to an OpenShift stage cluster:
15+
```shell
16+
oc login --server=https://api.pipelines-stage.0ce8.p1.openshiftapps.com:6443 --token=<token>
17+
```
18+
2. Have stage Ansible vault password available in `ansible/vault-password`.
19+
3. Built image is pushed to $PIPELINE_IMAGE_REPO that defaults to `quay.io/redhat-isv/operator-pipelines-test-image`. Either get access to this repo or set up your own repository to store test images.
20+
21+
### Deployment
22+
23+
```bash
24+
# build and deploy the project to a playground namespace
25+
make build-and-deploy-playground
26+
```
27+
28+
### Running Tests
29+
30+
Before running each test:
31+
```bash
32+
# export new release version of a test operator based on previous successfully
33+
# released versions (may look at operator-pipelines-test closed PRs)
34+
export OPERATOR_VERSION_RELEASE="402-1"
35+
```
36+
37+
Then, run any of the available test flows. Passing all of them is required by the CI:
38+
```bash
39+
make build-and-test-isv # ISV operator flow
40+
make build-and-test-community # Community operator flow
41+
make build-and-test-isv-fbc-bundle # ISV FBC bundle flow
42+
make build-and-test-isv-fbc-catalog # ISV FBC catalog flow
43+
```
44+
45+
More information about the specific env variables and commands used to run these tests is available in the project's `Makefile`.
46+
47+
### Debugging
48+
Recommended tools for basic interaction with running pipelines are `tkn`, `oc` CLI, and OpenShift Console UI.
49+
50+
## Optional setup
51+
In case the developer wants to create and test a custom situation, refer to `docs/local-dev-environment.md`
52+
which provides steps to fork the operator repositories, create webhooks and create custom PRs that trigger
53+
pipelines in the playground namespace.
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
---
2+
name: running-tests-and-quality-gates
3+
description: Use when running or interacting with unit tests, code formatters, linters, type checks, pip audit or other quality gates.
4+
---
5+
6+
# Running Tests and Quality Gates
7+
8+
## Quick reference
9+
10+
| Check | Command | Single-file alternative |
11+
|---|---|---|
12+
| Unit tests (all) | `tox -e test` ||
13+
| Unit tests (single file) || `tox -e test -- tests/path/to/test_file.py --no-cov` |
14+
| Unit tests (single test) || `tox -e test -- -k test_name --no-cov` |
15+
| Unit tests (by path) || `tox -e test -- tests/path/to/test_file.py::test_name --no-cov` |
16+
| Format check | `tox -e black` | `poetry run black --check path/to/file.py` |
17+
| Auto-format | `tox -e black-format` | `poetry run black path/to/file.py` |
18+
| Type check (strict) | `tox -e mypy` | `poetry run mypy --strict --ignore-missing-imports path/to/file.py` |
19+
| Static analysis | `tox -e pylint` ||
20+
| Security scan | `tox -e bandit` ||
21+
| YAML lint | `tox -e yamllint` ||
22+
| Ansible lint | `tox -e ansible-lint` ||
23+
| Dockerfile lint | `tox -e hadolint` ||
24+
| Dependency audit | `tox -e pip-audit` ||
25+
| All checks | `tox` ||
26+
27+
Use `--no-cov` when running single test files or functions — the 100% coverage gate measures the whole package and will fail on partial runs.
28+
29+
Single-file format/type checks use `poetry run` directly — tox envs other than `test` do not pass `{posargs}` to the underlying tool.
30+
31+
## Fast feedback loop
32+
33+
For tight iteration, run scoped checks after each change:
34+
35+
```bash
36+
tox -e test -- tests/path/to/test_file.py --no-cov # single test file
37+
poetry run black --check path/to/file.py # format check
38+
poetry run mypy --strict --ignore-missing-imports path/to/file.py # type check
39+
```
40+
41+
Run the full suite (`tox`) before opening a PR.
42+
43+
## Test layout
44+
45+
Tests mirror the source tree under `tests/`:
46+
47+
```
48+
tests/entrypoints/ # mirrors operatorcert/entrypoints/
49+
tests/static_tests/ # mirrors operatorcert/static_tests/
50+
tests/operator_repo/ # mirrors operatorcert/operator_repo/
51+
tests/catalog/ # mirrors operatorcert/catalog/
52+
...
53+
```
54+
55+
Place new test files in the matching subdirectory. Name them `test_<module_name>.py`.
56+
57+
## Constraints
58+
59+
- **100% unit test coverage enforced** (`--cov-fail-under 100`) — new code needs tests
60+
- **mypy runs in strict mode** — all functions need type annotations, `Any` usage must be explicit

tox.ini

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,8 @@ envlist = test,
1313
mypy,
1414
pylint,
1515
hadolint,
16-
ansible-lint
16+
ansible-lint,
17+
agents-md
1718
skipsdist = True
1819

1920
[testenv]
@@ -91,6 +92,14 @@ commands = ansible-galaxy collection install -r ansible/playbooks/requirements.y
9192
--exclude ansible/roles/config_ocp_cluster/files \
9293
ansible/roles/index_signature_verification/files
9394

95+
[testenv:agents-md]
96+
commands =
97+
{envpython} -c "from pathlib import Path; \
98+
p = Path('AGENTS.md'); \
99+
assert p.is_file(), 'AGENTS.md missing'; \
100+
n = len(p.read_text(encoding='utf-8').splitlines()); \
101+
assert n <= 60, f'AGENTS.md has {n} lines (max 60)'"
102+
94103
# Tekton lint is experimental and may not be supported in the future.
95104
# However, it is useful to have it here for now for manual testing.
96105
# It is not included in the default testenv and is not triggered by the

0 commit comments

Comments
 (0)