e2e: remove non-caib build and output logs

[bennyz]

Remove old building test, switch one build to package mode and drop bootc test to remove flakiness and speed up the e2e

Summary by CodeRabbit

• Tests
  • Refactored end-to-end test infrastructure with streamlined build and deployment verification procedures
  • Enhanced test setup and cleanup processes for improved reliability
  • Improved diagnostic output formatting

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR refactors end-to-end tests to replace real automotive image builds with a CAIB-based image build flow. It introduces setup for local registry, operator deployment, port-forwarding to Build API, health checks, service account/token management, and build verification within a unified test context.

Changes

Cohort / File(s)	Summary
E2E Test Refactoring test/e2e/e2e_test.go	Replaced old image build test with new CAIB-driven flow including local registry setup, operator deployment, port-forwarding to Build API, health checks, service account creation, token management, single container build execution, and CAIB build verification via verifyCaibList helper.
Gomega Configuration test/e2e/e2e_suite_test.go	Added Gomega format import and disabled line truncation by setting MaxLength to 0 for complete output display in test reporting.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• test: add e2e-test for build bootc image #58: Modifies the same e2e test file to implement CAIB-driven image build flow with port-forwarding and build verification logic.
• fix golangci lint #32: Modifies the same e2e test files (e2e_test.go and e2e_suite_test.go) with related test utilities changes.

Suggested reviewers

• bkhizgiy

Poem

🐰 Hops past the old paths with glee,
CAIB now flows where tests decree,
Registry, tokens, and ports align,
Each build flows smooth, oh so fine!
The rabbit approves—automation divine! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: removal of non-caib build tests and addition of output log formatting (MaxLength = 0 for Gomega logs).
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/e2e_test.go`:
- Around line 322-330: Replace the hard-coded localhost:8080 checks and kubectl
port-forward mapping by allocating a free ephemeral local port (use
net.Listen("tcp", "localhost:0") to get the OS-assigned port, read the
listener.Addr().(*net.TCPAddr).Port, then close the listener) and reuse that
port for both the health-check/dial and the port-forward command (build the
port-forward argument as "<localPort>:8080" when constructing portForwardCmd)
and for setting CAIB_SERVER/any health-check URLs; update the places using the
literal "8080" (the connection check, kubectl port-forward creation where
portForwardCmd is set, and subsequent CAIB_SERVER/health-check usage) to use the
dynamically chosen port variable.
- Around line 219-300: The BeforeAll block in test/e2e/e2e_test.go runs in the
same Ordered Describe and namespace as earlier tests, so change the setup to use
an isolated namespace or explicitly reset existing resources: create a fresh
namespace (or derive a new name variable) before the label/patch/deploy steps
and use it for subsequent kubectl commands (refer to the BeforeAll function and
namespace variable), or add explicit deletes for OperatorConfig "config",
deployment "ado-build-api", and Task "push-artifact-registry" (the same
resources touched by the patch and waitForPushTask closure) to ensure a clean
slate before calling waitForPushTask and waiting for deployments; ensure new
namespace is labeled with PSA labels and used in LoadImageToKindClusterWithName,
kubectl apply/patch/wait invocations so the waits validate the CAIB bootstrap
path from a fresh context.
- Around line 314-320: Replace the brittle bash|jq|kubectl replace pipeline in
the test with a robust, validated patch: either use kubectl patch (JSONPatch or
strategic merge) to inject "--plain-http --disable-path-validation" into the
task step script and set spec.steps[0].securityContext.runAsUser=0, or if you
must edit JSON, first fetch the task via kubectl get -o json, apply the edit in
Go (unmarshal, modify the spec.steps[0].script and securityContext), marshal and
kubectl apply the result, and then assert by running kubectl get task
push-artifact-registry -n <namespace> -o json and using ExpectWithOffset to
verify the script contains "--plain-http" and runAsUser==0 before continuing;
update the code around exec.Command, utils.Run and ExpectWithOffset to perform
these checked operations and remove the undocumented jq dependency.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5307425d-ee4d-4eb3-919d-ac4ea617f094

📥 Commits

Reviewing files that changed from the base of the PR and between f392035 and 2c2aee6.

📒 Files selected for processing (2)

• test/e2e/e2e_suite_test.go
• test/e2e/e2e_test.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Isolate the CAIB setup from the earlier Operator spec.

This BeforeAll runs in the same Describe(..., Ordered) and namespace as the earlier It("should run successfully"), so OperatorConfig, ado-build-api, and push-artifact-registry can already exist before this setup starts. That makes the waits here capable of passing on leftover state instead of proving the CAIB bootstrap path works from a clean slate. Please give this context a fresh namespace or explicitly reset those resources before the waits.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 219 - 300, The BeforeAll block in
test/e2e/e2e_test.go runs in the same Ordered Describe and namespace as earlier
tests, so change the setup to use an isolated namespace or explicitly reset
existing resources: create a fresh namespace (or derive a new name variable)
before the label/patch/deploy steps and use it for subsequent kubectl commands
(refer to the BeforeAll function and namespace variable), or add explicit
deletes for OperatorConfig "config", deployment "ado-build-api", and Task
"push-artifact-registry" (the same resources touched by the patch and
waitForPushTask closure) to ensure a clean slate before calling waitForPushTask
and waiting for deployments; ensure new namespace is labeled with PSA labels and
used in LoadImageToKindClusterWithName, kubectl apply/patch/wait invocations so
the waits validate the CAIB bootstrap path from a fresh context.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Use a dynamic local port for the Build API tunnel.

Failing when localhost:8080 is busy makes this suite flaky on shared runners and developer machines. The test should allocate a free local port and reuse it for both the health check and CAIB_SERVER instead of depending on a globally fixed port.

Also applies to: 337-348, 383-384

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 322 - 330, Replace the hard-coded
localhost:8080 checks and kubectl port-forward mapping by allocating a free
ephemeral local port (use net.Listen("tcp", "localhost:0") to get the
OS-assigned port, read the listener.Addr().(*net.TCPAddr).Port, then close the
listener) and reuse that port for both the health-check/dial and the
port-forward command (build the port-forward argument as "<localPort>:8080" when
constructing portForwardCmd) and for setting CAIB_SERVER/any health-check URLs;
update the places using the literal "8080" (the connection check, kubectl
port-forward creation where portForwardCmd is set, and subsequent
CAIB_SERVER/health-check usage) to use the dynamically chosen port variable.

[coderabbitai]

♻️ Duplicate comments (3)

test/e2e/e2e_test.go (3)

314-320: ⚠️ Potential issue | 🟠 Major

Avoid the bash | jq | kubectl replace task rewrite.

This still adds a jq dependency to the e2e environment and relies on a string substitution of the task script, so a small upstream script change can turn the patch into a silent no-op. Prefer a structured patch in Go or kubectl patch, and at minimum assert that the stored task now contains --plain-http and runAsUser: 0 before continuing.

#!/bin/bash
set -euo pipefail

echo "=== Current e2e patch logic ==="
sed -n '308,320p' test/e2e/e2e_test.go

echo
echo "=== Task/script references in repo ==="
rg -n -C2 'push-artifact-registry|disable-path-validation|plain-http' .

echo
echo "=== jq references in repo/docs ==="
rg -n -C2 '\bjq\b' .

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 314 - 320, Replace the current
exec.Command("bash", "-c", ...) jq-based rewrite of the Tekton Task
"push-artifact-registry" with a structured patch using kubectl patch or the Go
Kubernetes client to modify .spec.steps[0].script and
.spec.steps[0].securityContext (referencing the cmd variable and the task name
"push-artifact-registry" and namespace), then use utils.Run or the client to
apply it and finally fetch the Task (same name/namespace) and Assert via
ExpectWithOffset that the stored Task's step script contains "--plain-http" and
the securityContext includes runAsUser: 0 before proceeding; remove jq/binary
dependency and keep error checks identical to the existing ExpectWithOffset
usage.

---

219-300: ⚠️ Potential issue | 🟠 Major

Run the CAIB bootstrap in a fresh namespace.

This BeforeAll still reuses automotive-dev-operator-system inside the same Ordered container as Line 93-209, so the waits for operatorconfig/config, deployment/ado-build-api, and task/push-artifact-registry can succeed on leftovers from the earlier test instead of proving the CAIB bootstrap path from scratch. Please give this context its own namespace or explicitly delete those resources before the waits.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 219 - 300, The BeforeAll setup reuses the
existing namespace and can pass due to leftover resources; update the BeforeAll
block to create and use a fresh namespace (or explicitly delete
operatorconfig/config, deployment/ado-build-api, and
task/push-artifact-registry) before proceeding: modify the BeforeAll function to
either call a helper that creates a unique namespace and assigns it to the
namespace variable (and labels it for privileged PSA) or run kubectl delete for
the specific resources (operatorconfig/config, deployment/ado-build-api,
task/push-artifact-registry) and wait for their removal before the patch/wait
steps (references: BeforeAll, operatorconfig/config, deployment/ado-build-api,
task/push-artifact-registry, waitForPushTask).

---

322-330: ⚠️ Potential issue | 🟠 Major

Use an ephemeral local port for the Build API tunnel.

Hard-coding localhost:8080 still makes this suite flaky on shared runners and developer machines where that port is already taken. Reserve a free local port once and reuse it for the port-forward, the health probe, and CAIB_SERVER.

Suggested fix

+				listener, err := net.Listen("tcp", "127.0.0.1:0")
+				ExpectWithOffset(1, err).NotTo(HaveOccurred())
+				localPort := listener.Addr().(*net.TCPAddr).Port
+				ExpectWithOffset(1, listener.Close()).To(Succeed())
+				portForwardAddr := fmt.Sprintf("127.0.0.1:%d", localPort)
-
-				By("ensuring port 8080 is free before starting port-forward")
-				if conn, dialErr := net.DialTimeout("tcp", "localhost:8080", 500*time.Millisecond); dialErr == nil {
-					_ = conn.Close()
-					Fail("port 8080 is already in use; cannot set up port-forward to Build API")
-				}
 
 				By("setting up port-forward to Build API")
 				portForwardCmd = exec.Command("kubectl", "port-forward",
-					"-n", namespace, "svc/ado-build-api", "8080:8080")
+					"-n", namespace, "svc/ado-build-api", fmt.Sprintf("%d:8080", localPort))
 				err = portForwardCmd.Start()
 				ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
 				By("waiting for Build API to respond on port-forward")
 				httpClient := &http.Client{Timeout: 2 * time.Second}
 				waitForBuildAPI := func() error {
-					resp, httpErr := httpClient.Get("http://localhost:8080/v1/healthz")
+					resp, httpErr := httpClient.Get(fmt.Sprintf("http://%s/v1/healthz", portForwardAddr))
 					if httpErr != nil {
 						return httpErr
 					}
@@
-				setErr = os.Setenv("CAIB_SERVER", "http://localhost:8080")
+				setErr = os.Setenv("CAIB_SERVER", fmt.Sprintf("http://%s", portForwardAddr))
 				ExpectWithOffset(1, setErr).NotTo(HaveOccurred())

Also applies to: 337-348, 383-384

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 322 - 330, The test currently hard-codes
localhost:8080 causing flakes; change to reserve an ephemeral local port by
creating a listener on "localhost:0" (e.g., l, _ := net.Listen("tcp",
"localhost:0")), extract the port from l.Addr().(*net.TCPAddr).Port, close the
listener, then use that port in the port-forward command (portForwardCmd), the
health probe dial/URL, and the CAIB_SERVER value instead of "8080"; update the
net.DialTimeout check to use the reserved port string and adjust code paths that
reference port 8080 (portForwardCmd, health probe helper, and any CAIB_SERVER
assignment) to format "localhost:<ephemeralPort>" so the test consistently uses
a free local port.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@test/e2e/e2e_test.go`:
- Around line 314-320: Replace the current exec.Command("bash", "-c", ...)
jq-based rewrite of the Tekton Task "push-artifact-registry" with a structured
patch using kubectl patch or the Go Kubernetes client to modify
.spec.steps[0].script and .spec.steps[0].securityContext (referencing the cmd
variable and the task name "push-artifact-registry" and namespace), then use
utils.Run or the client to apply it and finally fetch the Task (same
name/namespace) and Assert via ExpectWithOffset that the stored Task's step
script contains "--plain-http" and the securityContext includes runAsUser: 0
before proceeding; remove jq/binary dependency and keep error checks identical
to the existing ExpectWithOffset usage.
- Around line 219-300: The BeforeAll setup reuses the existing namespace and can
pass due to leftover resources; update the BeforeAll block to create and use a
fresh namespace (or explicitly delete operatorconfig/config,
deployment/ado-build-api, and task/push-artifact-registry) before proceeding:
modify the BeforeAll function to either call a helper that creates a unique
namespace and assigns it to the namespace variable (and labels it for privileged
PSA) or run kubectl delete for the specific resources (operatorconfig/config,
deployment/ado-build-api, task/push-artifact-registry) and wait for their
removal before the patch/wait steps (references: BeforeAll,
operatorconfig/config, deployment/ado-build-api, task/push-artifact-registry,
waitForPushTask).
- Around line 322-330: The test currently hard-codes localhost:8080 causing
flakes; change to reserve an ephemeral local port by creating a listener on
"localhost:0" (e.g., l, _ := net.Listen("tcp", "localhost:0")), extract the port
from l.Addr().(*net.TCPAddr).Port, close the listener, then use that port in the
port-forward command (portForwardCmd), the health probe dial/URL, and the
CAIB_SERVER value instead of "8080"; update the net.DialTimeout check to use the
reserved port string and adjust code paths that reference port 8080
(portForwardCmd, health probe helper, and any CAIB_SERVER assignment) to format
"localhost:<ephemeralPort>" so the test consistently uses a free local port.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8955d85c-fa68-41d9-969f-91d5100de51c

📥 Commits

Reviewing files that changed from the base of the PR and between 2c2aee6 and 72035f5.

📒 Files selected for processing (2)

• test/e2e/e2e_suite_test.go
• test/e2e/e2e_test.go

[coderabbitai]

♻️ Duplicate comments (3)

test/e2e/e2e_test.go (3)

307-319: ⚠️ Potential issue | 🟠 Major

Avoid the bash | jq | kubectl replace task rewrite.

This patch path is brittle and adds a hidden jq dependency to the suite, and it never verifies that the task actually ended up with --plain-http and runAsUser: 0. Prefer a structured kubectl patch/Go-side JSON mutation, then assert the mutated fields before continuing.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 307 - 319, Replace the brittle shell
pipeline that rewrites the push-artifact-registry Task (the exec.Command
invocations that run "bash -c" with jq and kubectl replace) with a structured
mutation using "kubectl patch" (or perform the JSON patch in Go and call the
Kubernetes API), targeting the Task named "push-artifact-registry" in the test's
namespace; patch the step script to include "--plain-http
--disable-path-validation" and set the step securityContext.runAsUser to 0, then
use utils.Run or the Kubernetes client to apply the patch and add an explicit
assertion (e.g., a kubectl get -o jsonpath check or a Go-side read of the Task)
to verify the Task's spec.steps[0].script contains "--plain-http" and
spec.steps[0].securityContext.runAsUser == 0 before proceeding.

---

321-329: ⚠️ Potential issue | 🟠 Major

Use an ephemeral local port for the Build API tunnel.

Hard-coding localhost:8080 makes this spec flaky on shared runners and developer machines. Allocate a free local port once and reuse it for the port-forward mapping, the health check URL, and CAIB_SERVER instead of failing whenever 8080 is busy.

Also applies to: 333-347, 382-382

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 321 - 329, The test currently hard-codes
localhost:8080 and fails if that port is busy; change to allocate an ephemeral
local port by creating a temporary listener (net.Listen("tcp", "127.0.0.1:0")),
read the assigned port from listener.Addr(), close the listener, and reuse that
port for the connection check (net.DialTimeout), the kubectl port-forward
command (set local mapping as fmt.Sprintf("%d:8080", localPort) when building
portForwardCmd), and any health-check URL / CAIB_SERVER environment value used
elsewhere; update uses of net.DialTimeout, portForwardCmd
(exec.Command("kubectl","port-forward", ...)), and the CAIB_SERVER/health-check
assignments accordingly (also apply identical changes in the other occurrences
noted around the later blocks).

---

218-299: ⚠️ Potential issue | 🟠 Major

Run the CAIB bootstrap from a clean state.

This BeforeAll still reuses the same Ordered container and automotive-dev-operator-system namespace as the earlier operator smoke test. The waits here can therefore succeed on leftover OperatorConfig, ado-build-api, and push-artifact-registry state instead of proving this CAIB path actually provisions them. Please give this context its own namespace or explicitly delete/reset those resources before starting.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 218 - 299, The BeforeAll is reusing the
existing test namespace and resources so residual
OperatorConfig/ado-build-api/push-artifact-registry can make waits pass; modify
the BeforeAll (and any kubectl commands that use namespace) to either create and
use a fresh namespace (e.g., generate a unique namespace variable like
namespaceCAIB and kubectl create namespace before tests) or explicitly
delete/reset the prior resources before proceeding (run kubectl delete
--ignore-not-found for OperatorConfig named "config", deployment
"ado-build-api", and task "push-artifact-registry" in the current namespace and
wait for their removal). Update references to namespace in the BeforeAll setup
(the BeforeAll block, all kubectl apply/patch/wait invocations, and the
waitForPushTask closure) so they target the new namespace or the cleaned state.

🧹 Nitpick comments (1)

test/e2e/e2e_test.go (1)

436-443: Don't drop the CAIB logs on timeout.

utils.RunSafe only returns the buffered command output after the process exits. If the deadline fires first, this branch fails immediately and never reads that result, so the most useful build logs are lost exactly on timeout failures. Cancel first and print the goroutine result, or stream stdout/stderr to GinkgoWriter while the build runs.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 436 - 443, The timeout branch currently
drops CAIB build logs because utils.RunSafe buffers output until the goroutine
exits; modify the select handling around containerCh and ctx.Done() so that on
timeout you first cancel the build (call the cancel function used to create ctx)
and then still drain containerCh to capture and write cr.output/cr.err to
GinkgoWriter before failing; alternatively, change the build invocation to
stream stdout/stderr into GinkgoWriter as it runs (replace utils.RunSafe
buffering with a streaming variant) and ensure references to containerCh,
ctx.Done(), caibBuildTimeout and the goroutine that pushes cr are updated so the
logs are always emitted on timeout.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@test/e2e/e2e_test.go`:
- Around line 307-319: Replace the brittle shell pipeline that rewrites the
push-artifact-registry Task (the exec.Command invocations that run "bash -c"
with jq and kubectl replace) with a structured mutation using "kubectl patch"
(or perform the JSON patch in Go and call the Kubernetes API), targeting the
Task named "push-artifact-registry" in the test's namespace; patch the step
script to include "--plain-http --disable-path-validation" and set the step
securityContext.runAsUser to 0, then use utils.Run or the Kubernetes client to
apply the patch and add an explicit assertion (e.g., a kubectl get -o jsonpath
check or a Go-side read of the Task) to verify the Task's spec.steps[0].script
contains "--plain-http" and spec.steps[0].securityContext.runAsUser == 0 before
proceeding.
- Around line 321-329: The test currently hard-codes localhost:8080 and fails if
that port is busy; change to allocate an ephemeral local port by creating a
temporary listener (net.Listen("tcp", "127.0.0.1:0")), read the assigned port
from listener.Addr(), close the listener, and reuse that port for the connection
check (net.DialTimeout), the kubectl port-forward command (set local mapping as
fmt.Sprintf("%d:8080", localPort) when building portForwardCmd), and any
health-check URL / CAIB_SERVER environment value used elsewhere; update uses of
net.DialTimeout, portForwardCmd (exec.Command("kubectl","port-forward", ...)),
and the CAIB_SERVER/health-check assignments accordingly (also apply identical
changes in the other occurrences noted around the later blocks).
- Around line 218-299: The BeforeAll is reusing the existing test namespace and
resources so residual OperatorConfig/ado-build-api/push-artifact-registry can
make waits pass; modify the BeforeAll (and any kubectl commands that use
namespace) to either create and use a fresh namespace (e.g., generate a unique
namespace variable like namespaceCAIB and kubectl create namespace before tests)
or explicitly delete/reset the prior resources before proceeding (run kubectl
delete --ignore-not-found for OperatorConfig named "config", deployment
"ado-build-api", and task "push-artifact-registry" in the current namespace and
wait for their removal). Update references to namespace in the BeforeAll setup
(the BeforeAll block, all kubectl apply/patch/wait invocations, and the
waitForPushTask closure) so they target the new namespace or the cleaned state.

---

Nitpick comments:
In `@test/e2e/e2e_test.go`:
- Around line 436-443: The timeout branch currently drops CAIB build logs
because utils.RunSafe buffers output until the goroutine exits; modify the
select handling around containerCh and ctx.Done() so that on timeout you first
cancel the build (call the cancel function used to create ctx) and then still
drain containerCh to capture and write cr.output/cr.err to GinkgoWriter before
failing; alternatively, change the build invocation to stream stdout/stderr into
GinkgoWriter as it runs (replace utils.RunSafe buffering with a streaming
variant) and ensure references to containerCh, ctx.Done(), caibBuildTimeout and
the goroutine that pushes cr are updated so the logs are always emitted on
timeout.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0a67cf8a-b96a-46c0-ba76-b904148fd2dd

📥 Commits

Reviewing files that changed from the base of the PR and between 1e8de15 and f7251b4.

📒 Files selected for processing (1)

• test/e2e/e2e_test.go

[maboras-rh]

why are we dropping this test? Shouldn't we still test the scenario of building images via CRDs and controllers?

[bennyz]

caib image build already triggers this flow anyway, and it takes a non trivial amount so no point in keeping it

[maboras-rh]

lgtm - approved with short comment.