Enable PR testing in a cluster in OpenShift CI

[jlebon]

For any given change, we want to be able to have CI build the base CoreOS image, then build a node image on to of that, and then take that node image and run a cluster test.

This is not possible right now because building that first base CoreOS image requires more privileges than available in the OpenShift builder. openshift/builder#410 was an attempt to work around that.

An idea I had for a crude way to work around this is to just build it in a different CI environment and push it somewhere, and then have the actual Containerfile for OpenShift CI "wait" for that CI build. Conveniently, Konflux pushes to a temporary repo built images, even on PRs. So this could be done on top of the Konflux work.

The Containerfile would look something like (pseudocode):

ARG COMMIT

FROM quay.io/fedora/fedora-coreos:latest
RUN # wait until quay.io/quay.io/redhat-user-workloads/coreos-tenant/coreos-assembler:on-pr-$COMMIT exists

FROM quay.io/konflux...:on-pr-$COMMIT exists
<build node image>

We would need OpenShift CI to auto-pass the git commit of the PR under test as a build arg, which may already be a thing it does.

[jlebon]

Just learned about https://github.com/openshift/konflux-tasks. I don't fully understand it, but presumably with this we could have our Konflux pipeline build RHCOS (now that it's buildable as a container image!) and then build a test release payload and then directly trigger a Prow test using Gangway.