Utilize clonerefs sparse checkout

cmd/ci-operator-prowgen/testdata/zz_fixture_postsubmit_TestFromCIOperatorConfigToProwYaml_Custom_test_timeout.yaml

@@ -25,7 +25,8 @@ postsubmits:
     - ^branch$
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci-operator.openshift.io/is-promotion: "true"
       ci.openshift.io/generator: prowgen

cmd/ci-operator-prowgen/testdata/zz_fixture_postsubmit_TestFromCIOperatorConfigToProwYaml_Input_is_YAML_and_it_is_correctly_processed.yaml

@@ -25,7 +25,8 @@ postsubmits:
     - ^branch$
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci-operator.openshift.io/is-promotion: "true"
       ci.openshift.io/generator: prowgen

cmd/ci-operator-prowgen/testdata/zz_fixture_postsubmit_TestFromCIOperatorConfigToProwYaml_Using_a_variant_config__one_test_and_images__one_existing_job._Expect_one_presubmit__pre_post_submit_images_jobs._Existing_job_should_not_be_changed..yaml

@@ -27,7 +27,8 @@ postsubmits:
     - ^branch$
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci-operator.openshift.io/is-promotion: "true"
       ci-operator.openshift.io/variant: rhel

cmd/ci-operator-prowgen/testdata/zz_fixture_postsubmit_TestFromCIOperatorConfigToProwYaml_one_test_and_images__no_previous_jobs._Expect_test_presubmit__pre_post_submit_images_jobs.yaml

@@ -6,7 +6,8 @@ postsubmits:
     - ^branch$
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci-operator.openshift.io/is-promotion: "true"
       ci.openshift.io/generator: prowgen

cmd/ci-operator-prowgen/testdata/zz_fixture_presubmit_TestFromCIOperatorConfigToProwYaml_Custom_test_timeout.yaml

@@ -8,7 +8,8 @@ presubmits:
     context: ci/prow/images
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci.openshift.io/generator: prowgen
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
@@ -62,7 +63,8 @@ presubmits:
     context: ci/prow/unit
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
       timeout: 8h0m0s
     labels:
       ci.openshift.io/generator: prowgen

cmd/ci-operator-prowgen/testdata/zz_fixture_presubmit_TestFromCIOperatorConfigToProwYaml_Input_is_YAML_and_it_is_correctly_processed.yaml

@@ -8,7 +8,8 @@ presubmits:
     context: ci/prow/images
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci.openshift.io/generator: prowgen
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
@@ -62,7 +63,8 @@ presubmits:
     context: ci/prow/unit
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci.openshift.io/generator: prowgen
       pj-rehearse.openshift.io/can-be-rehearsed: "true"

cmd/ci-operator-prowgen/testdata/zz_fixture_presubmit_TestFromCIOperatorConfigToProwYaml_Using_a_variant_config__one_test_and_images__one_existing_job._Expect_one_presubmit__pre_post_submit_images_jobs._Existing_job_should_not_be_changed..yaml

@@ -8,7 +8,8 @@ presubmits:
     context: ci/prow/rhel-images
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci-operator.openshift.io/variant: rhel
       ci.openshift.io/generator: prowgen
@@ -64,7 +65,8 @@ presubmits:
     context: ci/prow/rhel-unit
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci-operator.openshift.io/variant: rhel
       ci.openshift.io/generator: prowgen

cmd/ci-operator-prowgen/testdata/zz_fixture_presubmit_TestFromCIOperatorConfigToProwYaml_one_test_and_images__no_previous_jobs._Expect_test_presubmit__pre_post_submit_images_jobs.yaml

@@ -8,7 +8,8 @@ presubmits:
     context: ci/prow/images
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci.openshift.io/generator: prowgen
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
@@ -62,7 +63,8 @@ presubmits:
     context: ci/prow/unit
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci.openshift.io/generator: prowgen
       pj-rehearse.openshift.io/can-be-rehearsed: "true"

pkg/prowgen/jobbase.go

@@ -1,9 +1,11 @@
 package prowgen
 
 import (
+	"path"
 	"time"
 
-	utilpointer "k8s.io/utils/pointer"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/utils/ptr"
 	prowv1 "sigs.k8s.io/prow/pkg/apis/prowjobs/v1"
 	prowconfig "sigs.k8s.io/prow/pkg/config"
 
@@ -20,22 +22,40 @@ type prowJobBaseBuilder struct {
 	testName string
 }
 
-// If any included buildRoot uses from_repository we must not skip cloning
-func skipCloning(configSpec *cioperatorapi.ReleaseBuildConfiguration) bool {
-	buildRoots := configSpec.BuildRootImages
-	if buildRoots == nil {
-		buildRoots = make(map[string]cioperatorapi.BuildRootImageConfiguration)
-	}
-	if configSpec.BuildRootImage != nil {
-		buildRoots[""] = *configSpec.BuildRootImage
+func fromRepositorySet(configSpec *cioperatorapi.ReleaseBuildConfiguration) bool {
+	if configSpec.BuildRootImage != nil && configSpec.BuildRootImage.FromRepository {
+		return true
 	}
-	for _, buildRoot := range buildRoots {
+	for _, buildRoot := range configSpec.BuildRootImages {
 		if buildRoot.FromRepository {
-			return false
+			return true
 		}
 	}
+	return false
+}
 
-	return true
+func sparseCheckoutFiles(configSpec *cioperatorapi.ReleaseBuildConfiguration) []string {
+	files := sets.New[string]()
+	if fromRepositorySet(configSpec) {
+		files.Insert(cioperatorapi.CIOperatorInrepoConfigFileName)
+	}
+	for _, image := range configSpec.Images.Items {
+		if image.DockerfileLiteral != nil {
+			continue
+		}
+		if image.Ref != "" {
+			continue
+		}
+		dockerfilePath := image.DockerfilePath
+		if dockerfilePath == "" {
+			dockerfilePath = "Dockerfile"
+		}
+		if image.ContextDir != "" {
+			dockerfilePath = path.Join(image.ContextDir, dockerfilePath)
+		}
+		files.Insert(dockerfilePath)
+	}
+	return sets.List(files)
 }
 
 func hasNoBuilds(c *cioperatorapi.ReleaseBuildConfiguration, info *ProwgenInfo) bool {
@@ -63,18 +83,24 @@ func NewProwJobBaseBuilder(configSpec *cioperatorapi.ReleaseBuildConfiguration,
 			Agent:  string(prowv1.KubernetesAgent),
 			Labels: map[string]string{},
 			UtilityConfig: prowconfig.UtilityConfig{
-				Decorate: utilpointer.Bool(true),
+				Decorate:         ptr.To(true),
+				DecorationConfig: &prowv1.DecorationConfig{},
 			},
 		},
 	}
 
 	private := info.Config.Private || (configSpec.Prowgen != nil && configSpec.Prowgen.Private)
 	expose := info.Config.Expose || (configSpec.Prowgen != nil && configSpec.Prowgen.Expose)
 
-	if skipCloning(configSpec) {
-		b.base.UtilityConfig.DecorationConfig = &prowv1.DecorationConfig{SkipCloning: utilpointer.Bool(true)}
-	} else if private {
-		b.base.UtilityConfig.DecorationConfig = &prowv1.DecorationConfig{OauthTokenSecret: &prowv1.OauthTokenSecret{Key: cioperatorapi.OauthTokenSecretKey, Name: cioperatorapi.OauthTokenSecretName}}
+	sparseFiles := sparseCheckoutFiles(configSpec)
+	shouldSkipCloning := len(sparseFiles) == 0
+	if shouldSkipCloning {
+		b.base.UtilityConfig.DecorationConfig.SkipCloning = ptr.To(true)
+	} else {
+		b.base.UtilityConfig.DecorationConfig.SparseCheckoutFiles = sparseFiles
+		if private {
+			b.base.UtilityConfig.DecorationConfig.OauthTokenSecret = &prowv1.OauthTokenSecret{Key: cioperatorapi.OauthTokenSecretKey, Name: cioperatorapi.OauthTokenSecretName}
+		}
 	}
 
 	if len(info.Variant) > 0 {
@@ -93,7 +119,7 @@ func NewProwJobBaseBuilder(configSpec *cioperatorapi.ReleaseBuildConfiguration,
 
 	b.PodSpec.Add(Variant(info.Variant))
 	if private {
-		b.PodSpec.Add(GitHubToken(!skipCloning(configSpec)))
+		b.PodSpec.Add(GitHubToken(!shouldSkipCloning))
 	}
 
 	if configSpec.CanonicalGoRepository != nil {

pkg/prowgen/prowgen.go

@@ -447,6 +447,9 @@ func GeneratePeriodicForTest(jobBaseBuilder *prowJobBaseBuilder, info *ProwgenIn
 	if opts.PathAlias != nil {
 		ref.PathAlias = *opts.PathAlias
 	}
+	if dc := base.UtilityConfig.DecorationConfig; dc != nil && len(dc.SparseCheckoutFiles) > 0 {
+		ref.SparseCheckoutFiles = dc.SparseCheckoutFiles
+	}
 	base.ExtraRefs = append([]prowv1.Refs{ref}, base.ExtraRefs...)
 	if opts.ReleaseController {
 		opts.Interval = ""

pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_Promotion_configuration_causes_promote_job_with_unique_targets.yaml

@@ -6,7 +6,8 @@ postsubmits:
     - ^branch$
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       ci-operator.openshift.io/is-promotion: "true"
     max_concurrency: 1
@@ -69,7 +70,8 @@ presubmits:
     context: ci/prow/images
     decorate: true
     decoration_config:
-      skip_cloning: true
+      sparse_checkout_files:
+      - Dockerfile
     labels:
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
     name: pull-ci-organization-repository-branch-images

pkg/prowgen/testdata/zz_fixture_TestGenerateJobs_promotion_postsubmit_and_periodic_.yaml

@@ -3,11 +3,14 @@ periodics:
   cron: 5 4 * * *
   decorate: true
   decoration_config:
-    skip_cloning: true
+    sparse_checkout_files:
+    - Dockerfile
   extra_refs:
   - base_ref: branch
     org: organization
     repo: repository
+    sparse_checkout_files:
+    - Dockerfile
   labels:
     ci-operator.openshift.io/is-promotion: "true"
   max_concurrency: 1

pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_simple_container_based_test_with_timeout_and_no_decoration.yaml

@@ -1,6 +1,8 @@
 agent: kubernetes
 decorate: true
 decoration_config:
+  sparse_checkout_files:
+  - .ci-operator.yaml
   timeout: 1s
 name: prefix-ci-o-r-b-simple
 spec:

pkg/prowgen/testdata/zz_fixture_TestProwJobBaseBuilder_job_with_image_builds_in_of_openshift_release_main__does_not_have_no_builds__label.yaml

@@ -1,5 +1,6 @@
 agent: kubernetes
 decorate: true
 decoration_config:
-  skip_cloning: true
+  sparse_checkout_files:
+  - Dockerfile
 name: default-ci-openshift-release-main-

pkg/prowgen/testdata/zz_fixture_TestProwJobBaseBuilder_private_job_with_cloning__including_podspec.yaml

@@ -4,6 +4,8 @@ decoration_config:
   oauth_token_secret:
     key: oauth
     name: github-credentials-openshift-ci-robot-private-git-cloner
+  sparse_checkout_files:
+  - .ci-operator.yaml
 hidden: true
 name: default-ci-vorg-vrepo-vbranch-
 spec:

pkg/rehearse/jobs.go

@@ -166,6 +166,9 @@ func makeRehearsalPresubmit(source *prowconfig.Presubmit, repo string, refs *pja
 				rehearsal.CloneURI = ""
 				rehearsal.SkipSubmodules = false
 				rehearsal.CloneDepth = 0
+				if rehearsal.DecorationConfig != nil {
+					rehearsal.DecorationConfig.SparseCheckoutFiles = nil
+				}
 			}
 			ghContext += repo + "/"
 		}

pkg/steps/source.go

@@ -223,6 +223,10 @@ func createBuild(config api.SourceStepConfiguration, jobSpec *api.JobSpec, clone
 		}
 	}
 
+	for i := range refs {
+		refs[i].SparseCheckoutFiles = nil
+	}
+
 	dockerfile := sourceDockerfile(config.From, decorate.DetermineWorkDir(gopath, refs), cloneAuthConfig)
 	buildSource := buildapi.BuildSource{
 		Type:       buildapi.BuildSourceDockerfile,

test/integration/ci-operator-prowgen/output/jobs/private-org/super/private-org-super-master-presubmits.yaml

@@ -11,6 +11,8 @@ presubmits:
       oauth_token_secret:
         key: oauth
         name: github-credentials-openshift-ci-robot-private-git-cloner
+      sparse_checkout_files:
+      - .ci-operator.yaml
     hidden: true
     labels:
       ci.openshift.io/generator: prowgen

test/integration/ci-operator-prowgen/output/jobs/private/duper/private-duper-master-periodics.yaml

@@ -3,11 +3,17 @@ periodics:
   cron: '@yearly'
   decorate: true
   decoration_config:
-    skip_cloning: true
+    oauth_token_secret:
+      key: oauth
+      name: github-credentials-openshift-ci-robot-private-git-cloner
+    sparse_checkout_files:
+    - Dockerfile
   extra_refs:
   - base_ref: master
     org: private
     repo: duper
+    sparse_checkout_files:
+    - Dockerfile
   hidden: true
   labels:
     ci.openshift.io/generator: prowgen
@@ -55,9 +61,6 @@ periodics:
         readOnly: true
     serviceAccountName: ci-operator
     volumes:
-    - name: github-credentials-openshift-ci-robot-private-git-cloner
-      secret:
-        secretName: github-credentials-openshift-ci-robot-private-git-cloner
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

test/integration/ci-operator-prowgen/output/jobs/private/duper/private-duper-master-postsubmits.yaml

@@ -6,7 +6,11 @@ postsubmits:
     - ^master$
     decorate: true
     decoration_config:
-      skip_cloning: true
+      oauth_token_secret:
+        key: oauth
+        name: github-credentials-openshift-ci-robot-private-git-cloner
+      sparse_checkout_files:
+      - Dockerfile
     hidden: true
     labels:
       ci-operator.openshift.io/is-promotion: "true"
@@ -52,9 +56,6 @@ postsubmits:
           readOnly: true
       serviceAccountName: ci-operator
       volumes:
-      - name: github-credentials-openshift-ci-robot-private-git-cloner
-        secret:
-          secretName: github-credentials-openshift-ci-robot-private-git-cloner
       - name: manifest-tool-local-pusher
         secret:
           secretName: manifest-tool-local-pusher