Skip to content

Commit

Permalink
[ISV-3498][ISV-4140] E2E tests for community operator pipeline && Aut…
Browse files Browse the repository at this point in the history 
…henticated interceptor correctly triggers community hosted pipeline && Requests to github API from certified op hosted pipeline are authenticated (redhat-openshift-ecosystem#516)
  • Loading branch information
@ezopezo
ezopezo authored Oct 26, 2023
1 parent d9d32e6 commit 127933b
Show file tree
Hide file tree
Showing 12 changed files with 296 additions and 17 deletions.
70 changes: 61 additions & 9 deletions .github/workflows/integration-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ on: # yamllint disable-line rule:truthy
workflow_dispatch:

jobs:
run-integration-tests:
integration-tests-certified-operators:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
Expand All @@ -27,21 +27,25 @@ jobs:
# Install python dependencies
pip install --user openshift pygithub
echo ${{ secrets.VAULT_PASSWORD }} > $HOME/.vault-password
echo "${{ secrets.VAULT_PASSWORD }}" > "$HOME"/.vault-password
mkdir -p $HOME/.kube
# secret used also in hosted pipeline for enabling
# access to cluster for tkn command log accessing
mkdir -p "$HOME"/.kube
ansible-vault decrypt \
--vault-password-file $HOME/.vault-password \
--output $HOME/.kube/config \
--vault-password-file "$HOME"/.vault-password \
--output "$HOME"/.kube/config \
ansible/vaults/integration-tests/ci-pipeline-kubeconfig
mkdir -p $HOME/.ssh
# secret used also in hosted pipeline for enabling
# cloning of the repository
mkdir -p "$HOME"/.ssh
ansible-vault decrypt \
--vault-password-file $HOME/.vault-password \
--output $HOME/.ssh/id_rsa \
--vault-password-file "$HOME"/.vault-password \
--output "$HOME"/.ssh/id_rsa \
ansible/vaults/integration-tests/ci-pipeline-github-ssh-key
- name: Run the integration tests ansible playbook
- name: Run the certified operators integration tests ansible playbook
uses: dawidd6/action-ansible-playbook@v2
with:
playbook: playbooks/operator-pipeline-integration-tests.yml
Expand All @@ -55,3 +59,51 @@ jobs:
-e "operator_pipeline_image_tag=${{ github.sha }}"
-e "suffix=${{ steps.prepare.outputs.suffix }}"
-v
integration-tests-community-operators:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Prepare
id: prepare
run: |
echo "suffix=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
- name: Install dependencies
run: |
# Install python dependencies
pip install --user openshift pygithub
echo "${{ secrets.VAULT_PASSWORD }}" > "$HOME"/.vault-password
# secret used also in hosted pipeline for enabling
# access to cluster for tkn command log accessing
mkdir -p "$HOME"/.kube
ansible-vault decrypt \
--vault-password-file "$HOME"/.vault-password \
--output "$HOME"/.kube/config \
ansible/vaults/integration-tests/ci-pipeline-kubeconfig
# secret used also in hosted pipeline for enabling
# cloning of the repository
mkdir -p "$HOME"/.ssh
ansible-vault decrypt \
--vault-password-file "$HOME"/.vault-password \
--output "$HOME"/.ssh/id_rsa \
ansible/vaults/integration-tests/ci-pipeline-github-ssh-key
- name: Run the community operators integration tests ansible playbook
uses: dawidd6/action-ansible-playbook@v2
with:
playbook: playbooks/community-operators-integration-tests.yaml
directory: ./ansible
requirements: playbooks/requirements.yml
vault_password: ${{secrets.VAULT_PASSWORD}}
options: |
-i inventory/operator-pipeline-integration-tests
-e "oc_namespace=integration-tests-community-${{ github.run_number }}-${{ github.run_attempt }}"
-e "operator_bundle_version=0.1.${{ github.run_number }}-${{ github.run_attempt }}"
-e "operator_pipeline_image_tag=${{ github.sha }}"
-e "suffix=${{ steps.prepare.outputs.suffix }}"
-v
126 changes: 126 additions & 0 deletions ansible/playbooks/community-operators-integration-tests.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
---
- name: Execute integration tests
hosts: all
vars_files:
- ../vaults/{{ env }}/secret-vars.yml
- ../vaults/{{ env }}/ocp-token.yml
vars:
# Customized defaults for the test-e2e-community-operator package
git_upstream_repo: redhat-openshift-ecosystem/operator-pipelines-test
git_repo_url: "[email protected]:{{ git_upstream_repo }}.git"
git_upstream_branch: "{{ branch }}"
git_bundle_branch: "{{ branch }}-{{ operator_package_name }}-{{ operator_bundle_version }}"
src_operator_git_branch: e2e-community-test-operator
src_operator_bundle_version: 0.0.8
operator_package_name: test-e2e-community-operator
operator_pipeline_url: "https://community-operator-pipeline-{{ oc_namespace }}.apps.pipelines-stage.0ce8.p1.openshiftapps.com"
git_base_branch: community # contains config.yaml containing pointer to community-operators index
environment:
K8S_AUTH_API_KEY: '{{ ocp_token }}'
K8S_AUTH_HOST: '{{ ocp_host }}'

tasks:
- block:
- name: Install CLI tools
tags:
- prepare-tools
- test-community-hosted-pipeline
- test-community-release-pipeline
include_role:
name: integration-tests
tasks_from: tools
apply:
tags:
- prepare-tools
- test-community-hosted-pipeline
- test-community-release-pipeline

- name: Deploy operator pipelines
tags:
- deploy-operator-pipelines
include_role:
name: operator-pipeline
apply:
tags:
- deploy-operator-pipelines

- name: Prepare integration test data
tags:
- prepare-test-data
include_role:
name: integration-tests
tasks_from: test_data
apply:
tags:
- prepare-test-data

- name: Prepare ci.yaml in target branch
tags:
- prepare-test-data
include_role:
name: integration-tests
tasks_from: prepare_ci_file
apply:
tags:
- prepare-test-data

- name: Open pull request to trigger hosted pipeline
tags:
- open-pull-request
include_role:
name: integration-tests
tasks_from: open_pull_request
apply:
tags:
- open-pull-request

- name: Verify the Community hosted pipeline run succeeds
tags:
- test-community-hosted-pipeline
vars:
pipeline_name: community-hosted-pipeline
include_role:
name: integration-tests
tasks_from: check_pipeline_run
apply:
tags:
- test-community-hosted-pipeline

- name: Verify the Community release pipeline run succeeds
tags:
- test-community-release-pipeline
vars:
pipeline_name: community-release-pipeline
include_role:
name: integration-tests
tasks_from: check_pipeline_run
apply:
tags:
- test-community-release-pipeline
ignore_errors: yes # Enabling integration tests errors in ISV-4242
always:
- name: Cleanup test data
tags:
- clean
- clean-test-data
include_role:
name: integration-tests
tasks_from: clean
apply:
tags:
- clean
- clean-test-data

- name: Cleanup operator pipeline
tags:
- clean
- clean-deployment
include_role:
name: operator-pipeline
apply:
tags:
- clean
- clean-deployment
vars:
namespace_state: absent
github_webhook_state: absent
3 changes: 3 additions & 0 deletions ansible/roles/integration-tests/tasks/check_pipeline_run.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@
- "tekton.dev/pipeline={{ pipeline_name }}"
- "suffix={{ suffix }}"
register: pipeline_run
until: pipeline_run.resources | length > 0
retries: 5
delay: 5
failed_when: pipeline_run.resources | length == 0

- name: "Follow the {{ pipeline_name }} run logs"
Expand Down
21 changes: 21 additions & 0 deletions ansible/roles/integration-tests/tasks/open_pull_request.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
- name: Create a pull request
uri:
url: "https://api.github.com/repos/{{ git_upstream_repo }}/pulls"
method: POST
status_code: 201
headers:
Authorization: "token {{ ci_pipeline_github_personal_access_token }}"
Accept: application/vnd.github.v3+json
body_format: json
body:
title: "operator {{ operator_package_name }} ({{ operator_bundle_version }})"
body: E2e test for community operators
head: "{{ git_bundle_branch }}"
base: "{{ git_upstream_branch }}"
register: pr_response
no_log: true

- name: Display PR response
debug:
var: pr_response
25 changes: 25 additions & 0 deletions ansible/roles/integration-tests/tasks/prepare_ci_file.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
- include_tasks: tasks/clone.yml

- name: Prepare ci.yaml in target branch
tags:
- prepare-bundle
shell: |
UPSTREAM_BRANCH="{{ git_upstream_branch }}"
OPERATOR_PACKAGE_NAME="{{ operator_package_name }}"
SRC_BRANCH="{{ src_operator_git_branch }}"
git config user.name 'rh-operator-bundle-test-e2e'
git config user.email '[email protected]'
git checkout "$UPSTREAM_BRANCH"
# Fetch the ci.yaml from SRC_BRANCH and place it in the working directory
git checkout "origin/$SRC_BRANCH" -- "operators/$OPERATOR_PACKAGE_NAME/ci.yaml"
git add "operators/$OPERATOR_PACKAGE_NAME/ci.yaml"
git commit -m "Copied ci.yaml from $SRC_BRANCH"
git push origin "$UPSTREAM_BRANCH"
args:
executable: /bin/bash
chdir: "{{ git_temp_dir.path }}"
12 changes: 12 additions & 0 deletions ansible/roles/operator-pipeline/tasks/community-pipeline-event-listener.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@
- name: "addChangedFiles"
value:
enabled: true
personalAccessToken:
secretName: github-bot-token
secretKey: github_bot_token
- ref:
name: cel
params:
Expand Down Expand Up @@ -64,6 +67,9 @@
- name: "addChangedFiles"
value:
enabled: true
personalAccessToken:
secretName: github-bot-token
secretKey: github_bot_token
- ref:
name: cel
params:
Expand Down Expand Up @@ -96,6 +102,9 @@
- name: "addChangedFiles"
value:
enabled: true
personalAccessToken:
secretName: github-bot-token
secretKey: github_bot_token
- ref:
name: cel
params:
Expand Down Expand Up @@ -126,6 +135,9 @@
- name: "addChangedFiles"
value:
enabled: true
personalAccessToken:
secretName: github-bot-token
secretKey: github_bot_token
- ref:
name: cel
params:
Expand Down
8 changes: 8 additions & 0 deletions ansible/roles/operator-pipeline/templates/openshift/pipelines/operator-hosted-pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,10 @@ spec:
value: "$(tasks.get-cert-project-related-data.results.github_usernames)"
- name: operator_name
value: "$(tasks.validate-pr-title.results.operator_name)"
- name: github_token_secret_name
value: "$(params.github_token_secret_name)"
- name: github_token_secret_key
value: "$(params.github_token_secret_key)"
workspaces:
- name: source
workspace: repository
Expand Down Expand Up @@ -571,6 +575,10 @@ spec:
value: $(params.git_repo_url)
- name: base_branch
value: $(params.git_base_branch)
- name: github_token_secret_name
value: "$(params.github_token_secret_name)"
- name: github_token_secret_key
value: "$(params.github_token_secret_key)"

# Build images- bundle and index and push them to registry.
# Those steps are also a part of the CI pipeline.
Expand Down
2 changes: 1 addition & 1 deletion ansible/roles/operator-pipeline/templates/openshift/tasks/set-env-community.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
#! /usr/bin/env bash
set -xe
ENV="$(params.env)"
if ! [[ "$ENV" =~ ^(prod|stage|qa|dev)$ ]]; then
if ! [[ "$ENV" =~ ^(prod|stage|qa|dev|integration-tests)$ ]]; then
echo "Unknown environment."
exit 1
fi
Expand Down
16 changes: 16 additions & 0 deletions ansible/roles/operator-pipeline/templates/openshift/tasks/submission-validation.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,28 @@ spec:
description: List of accounts with permissions allowing operator submission
- name: operator_name
description: name of the submitted operator

- name: github_token_secret_name
description: |
The name of the Kubernetes Secret that contains the GitHub token.
default: github-bot-token

- name: github_token_secret_key
description: |
The key within the Kubernetes Secret that contains the GitHub token.
default: github_bot_token
workspaces:
- name: source
steps:
- name: submission-validation
workingDir: $(workspaces.source.path)
image: "$(params.pipeline_image)"
env:
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: "$(params.github_token_secret_name)"
key: "$(params.github_token_secret_key)"
script: |
#! /usr/bin/env bash
set -xe
Expand Down
Loading

0 comments on commit 127933b

Please sign in to comment.