From 12993874088b8f7d8fb11049dd05e4e416c655bf Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Wed, 17 Apr 2024 12:05:34 +0300
Subject: [PATCH] e2e: Run tests for OpenShift v4.14 and v4.15

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 .github/workflows/e2e-openshift.yaml | 22 +++++++++++++---------
 manifests/openshift/scc.yaml         |  3 ++-
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/e2e-openshift.yaml b/.github/workflows/e2e-openshift.yaml
index 3c19128425..607477e502 100644
--- a/.github/workflows/e2e-openshift.yaml
+++ b/.github/workflows/e2e-openshift.yaml
@@ -11,6 +11,11 @@ permissions:
 jobs:
   e2e-openshift:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # Keep this list up-to-date with https://endoflife.date/red-hat-openshift
+        OPENSHIFT_VERSION: [ 4.14.0-okd, 4.15.0-okd ]
+      fail-fast: false
     steps:
       - name: Checkout
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
@@ -24,8 +29,11 @@ jobs:
       - name: Prepare
         id: prep
         run: |
-          ID=${GITHUB_SHA:0:7}-$(date +%s)
-          echo "cluster=fluxcd-openshift-${ID}" >> $GITHUB_OUTPUT
+          ID=${GITHUB_SHA:0:7}-${{ matrix.OPENSHIFT_VERSION }}-$(date +%s)
+          PSEUDO_RAND_SUFFIX=$(echo "${ID}" | shasum | awk '{print $1}')
+          echo "cluster=flux2-openshift-${PSEUDO_RAND_SUFFIX}" >> $GITHUB_OUTPUT
+          KUBECONFIG_PATH="$(git rev-parse --show-toplevel)/bin/kubeconfig.yaml"
+          echo "kubeconfig-path=${KUBECONFIG_PATH}" >> $GITHUB_OUTPUT
       - name: Setup Kustomize
         uses: fluxcd/pkg/actions/kustomize@main
       - name: Build
@@ -41,15 +49,11 @@ jobs:
         with:
           api-token: ${{ secrets.REPLICATED_API_TOKEN }}
           kubernetes-distribution: "openshift"
-          kubernetes-version: "4.15.0-okd"
+          kubernetes-version: ${{ matrix.OPENSHIFT_VERSION }}
           ttl: 20m
           cluster-name: "${{ steps.prep.outputs.cluster }}"
-      - name: Create kubeconfig
-        id: kubeconfig
-        run: |
-          KPATH="$(git rev-parse --show-toplevel)/bin/kubeconfig.yaml"
-          echo "::add-mask::${{ steps.create-cluster.outputs.cluster-kubeconfig }}" > $KPATH
-          echo "KUBECONFIG=$KPATH" >> $GITHUB_ENV
+          kubeconfig-path: ${{ steps.prep.outputs.kubeconfig-path }}
+          export-kubeconfig: true
       - name: Run flux bootstrap
         run: |
           ./bin/flux bootstrap git --manifests ./manifests/openshift/ \
diff --git a/manifests/openshift/scc.yaml b/manifests/openshift/scc.yaml
index da8bcd9966..6a25f70bde 100644
--- a/manifests/openshift/scc.yaml
+++ b/manifests/openshift/scc.yaml
@@ -1,4 +1,5 @@
----
+# Allow Flux controllers to run as non-root on OpenShift
+# Docs: https://fluxcd.io/flux/installation/configuration/openshift/
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata: