ci(tikv/tikv): migrate all hub.pingcap.net image references to cloud-accessible registries

[Copilot]

Removes all hub.pingcap.net image references from tikv/tikv pipelines, replacing them with publicly accessible registry images on GHCR and Docker Hub.

Image mappings

Old	New	Branches
hub.pingcap.net/jenkins/tikv-ci:rocky8-base-cached-*	ghcr.io/pingcap-qe/cd/builders/tikv:v2025.8.17-13-ga5750d9	latest, 8.4, 8.5, 9.0-beta
hub.pingcap.net/jenkins/tikv-cached-release-X.Y:latest	ghcr.io/pingcap-qe/cd/builders/tikv:v2025.12.14-1-g33e22ac-centos7-devtoolset8	6.1–8.3 (centos7+devtoolset8)
hub.pingcap.net/jenkins/tikv-cached-master:latest	ghcr.io/pingcap-qe/cd/builders/tikv:v2025.8.17-13-ga5750d9	latest (integration)
hub.pingcap.net/jenkins/centos7_golang-{1.19,1.20,1.21}:latest	golang:{1.19,1.20,1.21}	integration tests
hub.pingcap.net/jenkins/network-multitool	wbitt/network-multitool	all unit tests
hub.pingcap.net/jenkins/ks3util	removed — see below	release-6.1 only

release-6.1 pipeline refactor

The ks3util container has no public equivalent; it was used to shuttle test artifacts via KingCloud S3 between a build pod and 20 parallel matrix test agents. Since release-6.1 is WIP/debug-only (optional: true, always_run: false, triggered via /debug), the pipeline was simplified:

• Artifacts stored locally in /home/jenkins/archives/ instead of being uploaded to KS3
• Matrix with 20 separate agent pods replaced by sequential chunk execution in the same pod
• Pipeline timeout raised from 50 → 150 min; test stage timeout set to 120 min

Original prompt

---

This section details on the original issue you should resolve

<issue_title>hub registry: migrate images for tikv/tikv</issue_title>
<issue_description>Replace hub.pingcap.net image pulls/pushes for tikv/tikv with a cloud-accessible registry.

Acceptance criteria:

• No hub.pingcap.net references in jobs/pipelines for tikv/tikv
• Image registry endpoints documented and validated
  </issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes hub registry: migrate images for tikv/tikv #4224

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[ti-chi-bot]

Hi @Copilot. Thanks for your PR.

I'm waiting for a PingCAP-QE member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from wuhuizuo. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• pipelines/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment