Add ATEX testing to the upstream CI workflows

[ggbecker]

Description:

• Add ATEX testing to the upstream CI workflows
• It posts the resulting tests link as a comment to the pull request when it finishes.

Rationale:

• This aims to replace existing testing farm individual checks to a centralized ATEX execution that can run all CI upstream tests for PRs and manage them accordingly.
• The PR as of now, runs only a single STIG hardening test on Centos Stream 8/9/10 to be served as a proof of concept. We should eventually extend to include more tests similarly as the current upstream CI.

[ggbecker]

From: https://github.com/ComplianceAsCode/content/actions/runs/19858710726/job/56915038821?pr=14203

   File "/usr/local/lib/python3.13/site-packages/atex/provisioner/testingfarm/api.py", line 507, in reserve
    if self.api.whoami()["token"]["ranch"] == "public":
       ~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.13/site-packages/atex/provisioner/testingfarm/api.py", line 122, in whoami
    raise ValueError("whoami() requires an auth token")
ValueError: whoami() requires an auth token

I'm afraid the token will only be allowed to be used when we merge the pull request

https://github.com/ComplianceAsCode/content/pull/14203/files#diff-9581118f6672453f95900179c8eccc554c1b111682dab06bd16317909fdaf295R109

The same code with the same token is working fine on my fork: ggbecker#41

[Mab879]

Suggested change

	#!/usr/bin/python3
	#!/usr/bin/env python3

[Mab879]

Dead code should be removed, we can keep in history if needed

[Mab879]

Suggested change

	#!/usr/bin/python3
	#!/usr/bin/env python3

[Mab879]

So both of these script work, but are not structured like our other scripts (main method, parse_args, etc). Any reason for that? I would prefer that these scripts follow format of our other scripts.

[Mab879]

Do we just want add pcre2 to test-requirements.txt?

[Mab879]

Use hashes, check latest version

[Mab879]

Use hashes, check latest version

[Mab879]

Use hashes, check latest version

[Mab879]

Consider adding a docstring for why this class is needed.

[Mab879]

IIRC, this will never be available since we are using pull_request.

We might need break this out into two jobs. One that builds using pull_request, then a second one that uses workflow_run to trigger the tests.

[ggbecker]

I've addressed all the feedback provided and split the jobs into two workflows, one with the workflow_run as suggested by @Mab879 . Let's see how it behaves.

[openshift-ci]

@ggbecker: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-openshift-platform-compliance	ccbbfcb	link	true	/test e2e-aws-openshift-platform-compliance
ci/prow/e2e-aws-openshift-node-compliance	ccbbfcb	link	true	/test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[Mab879]

use hash, this applies other places in the PR, but I will not repeat.

[Mab879]

Should this also be using the matrix? We do save this for all versions of RHEL.

[Mab879]

pcre2 should be in the requirements.txt file

[Mab879]

Checkout is on v6 let's upgrade to the latest. Please double check all versions of actions in this PR.

[Mab879]

Is issues: write really needed?