openshift · deepsm007 · May 21, 2026 · coderabbitai · May 21, 2026
diff --git a/pkg/api/promotion.go b/pkg/api/promotion.go
@@ -111,11 +111,11 @@ func ConsolidatedQuayPromotion(c *ReleaseBuildConfiguration) bool {
 	if c == nil {
 		return false
 	}
-	if c.ReleaseTagConfiguration != nil && releaseVersionEquals(c.ReleaseTagConfiguration.Name, 4, 12) {
+	if c.ReleaseTagConfiguration != nil && consolidatedQuayPromotionVersion(c.ReleaseTagConfiguration.Name) {
 		return true
 	}
 	for _, target := range PromotionTargets(c.PromotionConfiguration) {
-		if releaseVersionEquals(target.Name, 4, 12) {
+		if consolidatedQuayPromotionVersion(target.Name) {
 			return true
 		}
 	}
@@ -130,8 +130,23 @@ func releaseVersionEquals(name string, major, minor int) bool {
 	return gotMajor == major && gotMinor == minor
 }
 
+func ConsolidatedQuayPromotionStream(name string) bool {
+	return consolidatedQuayPromotionVersion(name)
+}
+
+func consolidatedQuayPromotionVersion(name string) bool {
+	if releaseVersionEquals(name, 4, 23) || releaseVersionEquals(name, 5, 0) {
+		return false
+	}
+	var major, minor int
+	if _, err := fmt.Sscanf(name, "%d.%d", &major, &minor); err != nil {
+		return false
+	}
+	return major == 4 && minor >= 11 && minor <= 22
+}
+
 func quayProxyStreamSuffix(tag ImageStreamTagReference) string {
-	if releaseVersionEquals(tag.Name, 4, 12) {
+	if consolidatedQuayPromotionVersion(tag.Name) {
 		return ""
 	}
 	return "-quay"

diff --git a/pkg/api/promotion_test.go b/pkg/api/promotion_test.go
@@ -215,7 +215,23 @@ func TestQuayCombinedMirrorFunc(t *testing.T) {
 			expected: map[string]string{
 				"quay.io/openshift/ci:ocp_4.22_ovn-kubernetes":                      "registry.build02.ci.openshift.org/ci-op-abc/pipeline@sha256:abc123",
 				"quay.io/openshift/ci:20241024102030_prune_ocp_4.22_ovn-kubernetes": "quay.io/openshift/ci:ocp_4.22_ovn-kubernetes",
-				"ocp/4.22-quay:ovn-kubernetes":                                      "quay-proxy.ci.openshift.org/openshift/ci@sha256:abc123",
+				"ocp/4.22:ovn-kubernetes":                                           "quay-proxy.ci.openshift.org/openshift/ci@sha256:abc123",
+			},
+		},
+		{
+			name:   "4.23 uses quay suffix",
+			source: "registry.build02.ci.openshift.org/ci-op-abc/pipeline@sha256:abc123",
+			target: "quay.io/openshift/ci:ocp_4.23_ovn-kubernetes",
+			tag: ImageStreamTagReference{
+				Namespace: "ocp",
+				Name:      "4.23",
+				Tag:       "ovn-kubernetes",
+			},
+			time: "20241024102030",
+			expected: map[string]string{
+				"quay.io/openshift/ci:ocp_4.23_ovn-kubernetes":                      "registry.build02.ci.openshift.org/ci-op-abc/pipeline@sha256:abc123",
+				"quay.io/openshift/ci:20241024102030_prune_ocp_4.23_ovn-kubernetes": "quay.io/openshift/ci:ocp_4.23_ovn-kubernetes",
+				"ocp/4.23-quay:ovn-kubernetes":                                      "quay-proxy.ci.openshift.org/openshift/ci@sha256:abc123",
 			},
 		},
 		{
@@ -245,7 +261,7 @@ func TestQuayCombinedMirrorFunc(t *testing.T) {
 			},
 			time: "",
 			expected: map[string]string{
-				"ocp/4.22-quay:installer": "quay-proxy.ci.openshift.org/openshift/ci@sha256:xyz789",
+				"ocp/4.22:installer": "quay-proxy.ci.openshift.org/openshift/ci@sha256:xyz789",
 			},
 		},
 		{
@@ -261,7 +277,7 @@ func TestQuayCombinedMirrorFunc(t *testing.T) {
 			expected: map[string]string{
 				"quay.io/openshift/ci:ocp_4.20_cluster-api":                      "registry.build02.ci.openshift.org/ci-op-abc/pipeline@sha256:111222",
 				"quay.io/openshift/ci:20241024104500_prune_ocp_4.20_cluster-api": "quay.io/openshift/ci:ocp_4.20_cluster-api",
-				"ocp/4.20-quay:cluster-api":                                      "quay-proxy.ci.openshift.org/openshift/ci@sha256:111222",
+				"ocp/4.20:cluster-api":                                           "quay-proxy.ci.openshift.org/openshift/ci@sha256:111222",
 			},
 		},
 		{
@@ -309,7 +325,7 @@ func TestQuayCombinedMirrorFunc(t *testing.T) {
 			expected: map[string]string{
 				"quay.io/openshift/ci:ocp_4.22_ovn-kubernetes":                      "registry.build02.ci.openshift.org/ci-op-abc/pipeline:some-tag",
 				"quay.io/openshift/ci:20241024102030_prune_ocp_4.22_ovn-kubernetes": "quay.io/openshift/ci:ocp_4.22_ovn-kubernetes",
-				"ocp/4.22-quay:ovn-kubernetes":                                      "registry.build02.ci.openshift.org/ci-op-abc/pipeline:some-tag",
+				"ocp/4.22:ovn-kubernetes":                                           "registry.build02.ci.openshift.org/ci-op-abc/pipeline:some-tag",
 			},
 		},
 	}

diff --git a/pkg/defaults/defaults_test.go b/pkg/defaults/defaults_test.go
@@ -1716,6 +1716,34 @@ func TestFromConfig(t *testing.T) {
 		promote:       true,
 		expectedSteps: []string{"[output-images]", "[images]"},
 		expectedPost:  []string{"[promotion-quay]"},
+	}, {
+		name: "promote 4.23 legacy quay",
+		config: api.ReleaseBuildConfiguration{
+			PromotionConfiguration: &api.PromotionConfiguration{
+				Targets: []api.PromotionTarget{{
+					Namespace: ns,
+					Name:      "4.23",
+					Tag:       "tag",
+				}},
+			},
+		},
+		promote:       true,
+		expectedSteps: []string{"[output-images]", "[images]"},
+		expectedPost:  []string{"[promotion]", "[promotion-quay]"},
+	}, {
+		name: "promote 5.0 legacy quay",
+		config: api.ReleaseBuildConfiguration{
+			PromotionConfiguration: &api.PromotionConfiguration{
+				Targets: []api.PromotionTarget{{
+					Namespace: ns,
+					Name:      "5.0",
+					Tag:       "tag",
+				}},
+			},
+		},
+		promote:       true,
+		expectedSteps: []string{"[output-images]", "[images]"},
+		expectedPost:  []string{"[promotion]", "[promotion-quay]"},
 	}, {
 		name: "duplicate input images",
 		config: api.ReleaseBuildConfiguration{

diff --git a/pkg/steps/release/create_release.go b/pkg/steps/release/create_release.go
@@ -334,18 +334,8 @@ func joinOcAdmReleaseNewCommand(config *api.ReleaseTagConfiguration, namespace,
 	return strings.Join(cmd, " ")
 }
 
-func hasExactVersion(config *api.ReleaseTagConfiguration, majorVersion, minorVersion int) bool {
-	var major, minor int
-	n, err := fmt.Sscanf(config.Name, "%d.%d", &major, &minor)
-	if err != nil || n != 2 {
-		logrus.Warnf("Could not parse release version from release tag configuration name=%q: %v", config.Name, err)
-		return false
-	}
-	return major == majorVersion && minor == minorVersion
-}
-
 func buildOcAdmReleaseNewCommand(config *api.ReleaseTagConfiguration, namespace, streamName, cvo, destination, version string) string {
-	if !hasExactVersion(config, 4, 12) {
+	if !api.ConsolidatedQuayPromotionStream(config.Name) {
 		return joinOcAdmReleaseNewCommand(config, namespace, cvo, destination, version, "--from-image-stream", streamName)
 	}
 	filePathVar := "${_CI_RELEASE_IS_FILE}"

diff --git a/pkg/steps/release/create_release_test.go b/pkg/steps/release/create_release_test.go
@@ -109,7 +109,7 @@ fi`
 		if diff := cmp.Diff(want, got); diff != "" {
 			t.Fatalf("buildOcAdmReleaseNewCommand() mismatch (-want +got):\n%s", diff)
 		}
-		got = buildOcAdmReleaseNewCommand(&api.ReleaseTagConfiguration{Name: "4.15", ReferencePolicy: &srcPol}, "test-ns", "stable", "cvo-pullspec", "dest:tag", "0.0.1-ver")
+		got = buildOcAdmReleaseNewCommand(&api.ReleaseTagConfiguration{Name: "4.23", ReferencePolicy: &srcPol}, "test-ns", "stable", "cvo-pullspec", "dest:tag", "0.0.1-ver")
 		want = "oc adm release new --max-per-registry=32 -n test-ns --from-image-stream stable --to-image-base cvo-pullspec --to-image dest:tag --name 0.0.1-ver --reference-mode=source --keep-manifest-list"
 		if diff := cmp.Diff(want, got); diff != "" {
 			t.Fatalf("buildOcAdmReleaseNewCommand() mismatch (-want +got):\n%s", diff)

diff --git a/pkg/steps/release/promote_test.go b/pkg/steps/release/promote_test.go
@@ -760,9 +760,9 @@ func TestGetPromotionPod(t *testing.T) {
 				"quay.io/openshift/ci:ocp_4.21_ovn-kubernetes":                        "registry.build02.ci.openshift.org/ci-op-y2n8rsh3/pipeline@sha256:aaa",
 				"quay.io/openshift/ci:ocp_4.21_ovn-kubernetes-base":                   "registry.build02.ci.openshift.org/ci-op-y2n8rsh3/pipeline@sha256:bbb",
 				"quay.io/openshift/ci:ocp_4.21_ovn-kubernetes-microshift":             "registry.build02.ci.openshift.org/ci-op-y2n8rsh3/pipeline@sha256:ccc",
-				"ocp/4.21-quay:ovn-kubernetes":                                        "quay-proxy.ci.openshift.org/openshift/ci@sha256:aaa",
-				"ocp/4.21-quay:ovn-kubernetes-base":                                   "quay-proxy.ci.openshift.org/openshift/ci@sha256:bbb",
-				"ocp/4.21-quay:ovn-kubernetes-microshift":                             "quay-proxy.ci.openshift.org/openshift/ci@sha256:ccc",
+				"ocp/4.21:ovn-kubernetes":                                             "quay-proxy.ci.openshift.org/openshift/ci@sha256:aaa",
+				"ocp/4.21:ovn-kubernetes-base":                                        "quay-proxy.ci.openshift.org/openshift/ci@sha256:bbb",
+				"ocp/4.21:ovn-kubernetes-microshift":                                  "quay-proxy.ci.openshift.org/openshift/ci@sha256:ccc",
 			},
 			namespace: "ci-op-9bdij1f6",
 		},
@@ -786,7 +786,7 @@ func TestGetPromotionPod(t *testing.T) {
 			nodeArchitectures: []string{"amd64"},
 			imageMirror: map[string]string{
 				"quay.io/openshift/ci:ocp_4.21_ovn-kubernetes":  "registry.build02.ci.openshift.org/ci-op-y2n8rsh3/pipeline@sha256:aaa",
-				"ocp/4.21-quay:ovn-kubernetes":                  "quay-proxy.ci.openshift.org/openshift/ci@sha256:aaa",
+				"ocp/4.21:ovn-kubernetes":                       "quay-proxy.ci.openshift.org/openshift/ci@sha256:aaa",
 				"quay.io/openshift/ci:ci_ci_sanitize-prow-jobs": "registry.build02.ci.openshift.org/ci-op-y2n8rsh3/pipeline@sha256:bbb",
 				"ci/ci-quay:sanitize-prow-jobs":                 "quay-proxy.ci.openshift.org/openshift/ci@sha256:bbb",
 			},

diff --git a/pkg/steps/release/testdata/zz_fixture_TestGetPromotionPod_promotion_quay.yaml b/pkg/steps/release/testdata/zz_fixture_TestGetPromotionPod_promotion_quay.yaml
@@ -12,8 +12,32 @@ spec:
       for r in {1..5}; do echo Mirror attempt $r; oc image mirror --loglevel=2 --keep-manifest-list --registry-config=/etc/push-secret/.dockerconfigjson --max-per-registry=10 registry.build02.ci.openshift.org/ci-op-y2n8rsh3/pipeline@sha256:bbb=quay.io/openshift/ci:ci_a_latest registry.build02.ci.openshift.org/ci-op-y2n8rsh3/pipeline@sha256:ddd=quay.io/openshift/ci:ci_c_latest && break; backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff; done
       set +e
       for r in {1..2}; do echo 'Tag attempt $r (all together)'; oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:ddd ci/${component}-quay:c quay-proxy.ci.openshift.org/openshift/ci@sha256:bbb ci/ci-quay:${component} && break; :; done
-      for r in {1..3}; do echo 'Tag attempt $r (individual)'; oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:ddd ci/${component}-quay:c && break; backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff; done
-      for r in {1..3}; do echo 'Tag attempt $r (individual)'; oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:bbb ci/ci-quay:${component} && break; backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff; done
+      tagged=false
+      for r in {1..3}; do
+        echo 'Tag attempt $r (individual)'
+        if oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:ddd ci/${component}-quay:c; then
+          tagged=true
+          break
+        fi
+        backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff
+      done
+      if [ "$tagged" != "true" ]; then
+        echo "failed to tag ci/${component}-quay:c after retries" >&2
+        exit 1
+      fi
+      tagged=false
+      for r in {1..3}; do
+        echo 'Tag attempt $r (individual)'
+        if oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:bbb ci/ci-quay:${component}; then
+          tagged=true
+          break
+        fi
+        backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff
+      done
+      if [ "$tagged" != "true" ]; then
+        echo "failed to tag ci/ci-quay:${component} after retries" >&2
+        exit 1
+      fi
       set -e
     command:
     - /bin/sh

diff --git a/pkg/steps/release/testdata/zz_fixture_TestGetPromotionPod_promotion_quay_4.12.yaml b/pkg/steps/release/testdata/zz_fixture_TestGetPromotionPod_promotion_quay_4.12.yaml
@@ -12,8 +12,32 @@ spec:
       for r in {1..5}; do echo Mirror attempt $r; oc image mirror --loglevel=2 --keep-manifest-list --registry-config=/etc/push-secret/.dockerconfigjson --max-per-registry=10 registry.build02.ci.openshift.org/ci-op-y2n8rsh3/pipeline@sha256:aaa=quay.io/openshift/ci:ocp_4.12_ovn-kubernetes registry.build02.ci.openshift.org/ci-op-y2n8rsh3/pipeline@sha256:bbb=quay.io/openshift/ci:ocp_4.12_ovn-kubernetes-base && break; backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff; done
       set +e
       for r in {1..2}; do echo 'Tag attempt $r (all together)'; oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:aaa ocp/4.12:ovn-kubernetes quay-proxy.ci.openshift.org/openshift/ci@sha256:bbb ocp/4.12:ovn-kubernetes-base && break; :; done
-      for r in {1..3}; do echo 'Tag attempt $r (individual)'; oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:aaa ocp/4.12:ovn-kubernetes && break; backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff; done
-      for r in {1..3}; do echo 'Tag attempt $r (individual)'; oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:bbb ocp/4.12:ovn-kubernetes-base && break; backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff; done
+      tagged=false
+      for r in {1..3}; do
+        echo 'Tag attempt $r (individual)'
+        if oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:aaa ocp/4.12:ovn-kubernetes; then
+          tagged=true
+          break
+        fi
+        backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff
+      done
+      if [ "$tagged" != "true" ]; then
+        echo "failed to tag ocp/4.12:ovn-kubernetes after retries" >&2
+        exit 1
+      fi
+      tagged=false
+      for r in {1..3}; do
+        echo 'Tag attempt $r (individual)'
+        if oc tag --source=docker --loglevel=2 --reference-policy='source' --import-mode='PreserveOriginal' --reference quay-proxy.ci.openshift.org/openshift/ci@sha256:bbb ocp/4.12:ovn-kubernetes-base; then
+          tagged=true
+          break
+        fi
+        backoff=$(($RANDOM % 120))s; echo Sleeping randomized $backoff before retry; sleep $backoff
+      done
+      if [ "$tagged" != "true" ]; then
+        echo "failed to tag ocp/4.12:ovn-kubernetes-base after retries" >&2
+        exit 1
+      fi
       set -e
     command:
     - /bin/sh