add fips-scan for 4.18 nightlies

ci-operator/config/openshift/release/openshift-release-master__konflux-nightly-4.18.yaml

@@ -51,6 +51,17 @@ tests:
       enable:
       - observers-resource-watch
     workflow: openshift-e2e-azure-csi
+- as: fips-payload-scan
+  cron: '@yearly'
+  steps:
+    cluster_profile: aws
+    env:
+      FIPS_ENABLED: "true"
+      MAJOR_MINOR: "4.18"
+    test:
+    - ref: fips-check-node-scan
+    - ref: fips-check-art-fips
+    workflow: ipi-aws
 zz_generated_metadata:
   branch: master
   org: openshift

ci-operator/jobs/openshift/release/openshift-release-master-periodics.yaml

@@ -49694,6 +49694,82 @@ periodics:
     - name: result-aggregator
       secret:
         secretName: result-aggregator
+- agent: kubernetes
+  cluster: build07
+  cron: '@yearly'
+  decorate: true
+  decoration_config:
+    skip_cloning: true
+  extra_refs:
+  - base_ref: master
+    org: openshift
+    repo: release
+  labels:
+    ci-operator.openshift.io/cloud: aws
+    ci-operator.openshift.io/cloud-cluster-profile: aws
+    ci-operator.openshift.io/variant: konflux-nightly-4.18
+    ci.openshift.io/generator: prowgen
+    ci.openshift.io/no-builds: "true"
+    job-release: "4.18"
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-openshift-release-master-konflux-nightly-4.18-fips-payload-scan
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --lease-server-credentials-file=/etc/boskos/credentials
+      - --report-credentials-file=/etc/report/credentials
+      - --secret-dir=/secrets/ci-pull-credentials
+      - --target=fips-payload-scan
+      - --variant=konflux-nightly-4.18
+      command:
+      - ci-operator
+      image: ci-operator:latest
+      imagePullPolicy: Always
+      name: ""
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /etc/boskos
+        name: boskos
+        readOnly: true
+      - mountPath: /secrets/ci-pull-credentials
+        name: ci-pull-credentials
+        readOnly: true
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: boskos
+      secret:
+        items:
+        - key: credentials
+          path: credentials
+        secretName: boskos-credentials
+    - name: ci-pull-credentials
+      secret:
+        secretName: ci-pull-credentials
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator
 - agent: kubernetes
   cluster: build07
   cron: '@yearly'

core-services/release-controller/_releases/release-konflux-ocp-4.18.json

@@ -20,6 +20,12 @@
       "prowJob": {
         "name": "periodic-ci-openshift-release-master-konflux-nightly-4.18-e2e-aws-ovn-serial"
       }
+    },
+     "fips-scan": {
+      "maxRetries": 2,
+      "prowJob": {
+        "name": "periodic-ci-openshift-release-master-konflux-nightly-4.18-fips-payload-scan"
+      }
     }
   }
 }