add image updater job

Author: hbhushan3

ci-operator/config/Azure/ARO-HCP/Azure-ARO-HCP-main__image-updater.yaml

@@ -0,0 +1,126 @@
+base_images:
+  prcreator:
+    name: prcreator
+    namespace: ci
+    tag: latest
+build_root:
+  image_stream_tag:
+    name: builder
+    namespace: ocp
+    tag: rhel-9-golang-1.24-openshift-4.20
+images:
+- dockerfile_literal: |
+    FROM src
+    RUN cat /etc/dnf/dnf.conf || true
+    RUN rpm --import https://packages.microsoft.com/keys/microsoft.asc
+    RUN dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm
+    RUN ln -s /etc/yum.repos.d/microsoft-prod.repo /etc/yum.repos.art/ci/
+    RUN dnf install -y azure-cli libicu git
+    ADD prcreator /usr/bin/prcreator
+  from: src
+  inputs:
+    prcreator:
+      paths:
+      - destination_dir: .
+        source_path: /usr/bin/prcreator
+  to: image-updater-base
+resources:
+  '*':
+    requests:
+      cpu: 500m
+      memory: 1Gi
+tests:
+- as: image-updater-all-components
+  cron: 0 2 * * 1-5
+  steps:
+    test:
+    - as: update-images
+      commands: |
+        #!/bin/bash
+        set -o errexit
+        set -o nounset
+        set -o pipefail
+
+        echo "===== Configure Azure Authentication ====="
+        export AZURE_CLIENT_ID; AZURE_CLIENT_ID=$(cat /var/run/hcp-integration-credentials/client-id)
+        export AZURE_CLIENT_SECRET; AZURE_CLIENT_SECRET=$(cat /var/run/hcp-integration-credentials/client-secret)
+        export AZURE_TENANT_ID; AZURE_TENANT_ID=$(cat /var/run/hcp-integration-credentials/tenant)
+
+        echo "===== Sync Go workspace vendor directory ====="
+        go work vendor
+
+        # Configure git
+        git config user.name "openshift-ci-robot"
+        git config user.email "[email protected]"
+
+        echo "===== Building image-updater ====="
+        cd tooling/image-updater
+        make build
+
+        echo "===== Running image-updater for all components ====="
+        ./image-updater update --config config.yaml
+
+        # Check if there are any changes
+        if [[ $(git status --porcelain) == "" ]]; then
+          echo "No image updates needed for any components"
+          exit 0
+        fi
+
+        git add .
+        git commit -m "Ran image-updater for all components"
+
+        cd ../..
+
+        echo "===== Materializing configuration ====="
+        make -C config materialize
+
+        echo "===== Changes detected ====="
+        git status --short
+
+        echo "===== Creating PR ====="
+        /usr/bin/prcreator \
+          -github-token-path=/etc/github/oauth \
+          -organization=Azure \
+          -repo=ARO-HCP \
+          -branch=main \
+          -git-message="Ran materialize" \
+          -pr-title="Automated - Update all component image digests" \
+          -pr-message="This automated PR updates all ARO-HCP container image digests to the latest versions from registries.
+
+        **Components Updated:**
+        - \`maestro\` - Maestro operator (quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro)
+        - \`hypershift\` - HyperShift operator (quay.io/acm-d/rhtap-hypershift-operator)
+        - \`pko-package\` - Package Operator package (quay.io/package-operator/package-operator-package)
+        - \`pko-manager\` - Package Operator manager (quay.io/package-operator/package-operator-manager)
+        - \`pko-remote-phase-manager\` - Remote Phase Manager (quay.io/package-operator/remote-phase-manager)
+        - \`arohcpfrontend\` - Frontend service (arohcpsvcdev.azurecr.io/arohcpfrontend)
+        - \`arohcpbackend\` - Backend service (arohcpsvcdev.azurecr.io/arohcpbackend)
+
+        **Schedule:** Monday through Friday at 2 AM UTC
+
+        **Generated by:** [periodic-ci-Azure-ARO-HCP-main-image-updater-all-components](https://prow.ci.openshift.org/?job=periodic-ci-Azure-ARO-HCP-main-image-updater-all-components)
+
+        ---
+
+        /cc @hbhushan @geoberle @mmazur @roivaz @venkateshsredhat @bennerv @mbarnes @SudoBrendan
+
+        Please review the image digest changes and merge if CI passes."
+      credentials:
+      - collection: ""
+        mount_path: /etc/github
+        name: github-credentials-openshift-ci-robot-private-git-cloner
+        namespace: ci
+      - collection: ""
+        mount_path: /var/run/hcp-integration-credentials
+        name: hcp-integration-credentials
+        namespace: test-credentials
+      from: image-updater-base
+      resources:
+        requests:
+          cpu: 500m
+          memory: 1Gi
+zz_generated_metadata:
+  branch: main
+  org: Azure
+  repo: ARO-HCP
+  variant: image-updater

ci-operator/config/Azure/ARO-HCP/Azure-ARO-HCP-main__periodic.config.prowgen

@@ -8,6 +8,7 @@ slack_reporter:
   - create-aro-hcp-in-integration
   - integration-e2e-parallel
   - delete-expired-integration-resource-groups
+  - image-updater-all-components
 - channel: "#aro-hcp-prow-failures-stg"
   job_states_to_report:
   - failure

ci-operator/config/Azure/ARO-HCP/README.md

@@ -1,3 +1,13 @@
+# ARO-HCP CI Configuration
+
+This directory contains CI/CD configuration for the Azure ARO-HCP (Hosted Control Plane) project.
+
+## Configuration Files
+
+- **`Azure-ARO-HCP-main.yaml`** - Presubmit and postsubmit jobs (runs on PRs and merges)
+- **`Azure-ARO-HCP-main__periodic.yaml`** - Scheduled periodic jobs (cluster creation, E2E tests, cleanup)
+- **`Azure-ARO-HCP-main__image-updater.yaml`** - Automated image digest update job - Mon-Fri
+
 # Adding New Production Regions to ARO-HCP Testing
 
 This guide shows how to add periodic CI tests for new ARO-HCP production regions.