Add an initial StepAction for ephemeral cluster provisioning

Signed-off-by: Alex Misstear <[email protected]>

README.md

@@ -41,6 +41,10 @@ There is a container which is used to support multiple set of tasks called `quay
 
 Shellspec tests can be run by invoking `hack/test-shellspec.sh`.
 
+### StepActions
+
+The StepActions can be found in the `stepactions` directory. StepActions are not yet bundled.
+
 ## Release
 
 Release is done by (better leave it to the [push pipeline](.tekton/push.yaml)):

hack/generate-readme.sh

@@ -1,13 +1,13 @@
 #!/bin/bash
 
-TASK=$1
-if [ ! -f "$TASK" ]; then
-  echo "Usage: $0 \$PATH_TO_TASK"
+RESOURCE=$1
+if [ ! -f "$RESOURCE" ]; then
+  echo "Usage: $0 \$PATH_TO_TASK_OR_STEPACTION"
   exit 1
 fi
-echo "# $(yq '.metadata.name' $TASK) task"
+echo "# $(yq '.metadata.name' $RESOURCE) $(yq '.kind | downcase' $RESOURCE)"
 echo
-yq '.spec.description' $TASK
+yq '.spec.description' $RESOURCE
 echo
 PARAMS=$(yq '
     .spec.params.[] |
@@ -17,7 +17,7 @@ PARAMS=$(yq '
         "|" + (.description // "" | sub("\n", " ")) +
         "|" + (.default // (.default != "*" | "")) +
         "|" + (.default != "*") + "|"
-    )' $TASK
+    )' $RESOURCE
 )
 if [ -n "$PARAMS" ]; then
   echo "## Parameters"
@@ -27,7 +27,7 @@ if [ -n "$PARAMS" ]; then
   echo
 fi
 
-RESULTS=$(yq '.spec.results.[] | ("|" + .name + "|" + (.description // "" | sub("\n", " ")) + "|")' $TASK)
+RESULTS=$(yq '.spec.results.[] | ("|" + .name + "|" + (.description // "" | sub("\n", " ")) + "|")' $RESOURCE)
 if [ -n "$RESULTS" ]; then
   echo "## Results"
   echo "|name|description|"
@@ -36,7 +36,7 @@ if [ -n "$RESULTS" ]; then
   echo
 fi
 
-WORKSPACES=$(yq '.spec.workspaces.[] | ("|" + .name + "|" + (.description // "" | sub("\n", " ")) + "|" + (.optional // "false") + "|")' $TASK)
+WORKSPACES=$(yq '.spec.workspaces.[] | ("|" + .name + "|" + (.description // "" | sub("\n", " ")) + "|" + (.optional // "false") + "|")' $RESOURCE)
 if [ -n "$WORKSPACES" ]; then
   echo "## Workspaces"
   echo "|name|description|optional|"

renovate.json

@@ -5,8 +5,13 @@
   ],
   "dependencyDashboard": false,
   "tekton": {
-      "fileMatch": ["\\.yaml$", "\\.yml$"],
-      "includePaths": [".tekton/**", "task/**", "pipelines/enterprise-contract*.yaml"]
+    "fileMatch": ["\\.yaml$", "\\.yml$"],
+    "includePaths": [
+      ".tekton/**",
+      "task/**",
+      "stepactions/**",
+      "pipelines/enterprise-contract*.yaml"
+    ]
   },
   "packageRules": [
     {

stepactions/get-supported-ephemeral-cluster-versions/0.1/README.md

@@ -0,0 +1,15 @@
+# get-supported-ephemeral-cluster-versions stepaction
+
+This StepAction queries the hub cluster used to provision ephemeral clusters for testing. It returns a list of supported versions stored in a hypershift ConfigMap.
+
+## Parameters
+|name|description|default value|required|
+|---|---|---|---|
+|kubeconfigSecretLabelSelector|A label selector used to identify the secret containing the EaaS hub cluster kubeconfig|toolchain.dev.openshift.com/spacerequest=eaas|false|
+|insecureSkipTLSVerify|Skip TLS verification when accessing the EaaS hub cluster|false|false|
+
+## Results
+|name|description|
+|---|---|
+|versions|List of supported minor versions from newest to oldest. E.g. ["4.15","4.14","4.13"]|
+

stepactions/get-supported-ephemeral-cluster-versions/0.1/get-supported-ephemeral-cluster-versions.yaml

@@ -0,0 +1,42 @@
+---
+apiVersion: tekton.dev/v1alpha1
+kind: StepAction
+metadata:
+  name: get-supported-ephemeral-cluster-versions
+spec:
+  description: >-
+    This StepAction queries the hub cluster used to provision ephemeral clusters for testing.
+    It returns a list of supported versions stored in a hypershift ConfigMap.
+  image: quay.io/redhat-appstudio/appstudio-utils@sha256:586149e3f18d966f681d956ab074b4e1d8433663d615ed86e19a3804ba952dfe
+  params:
+    - name: kubeconfigSecretLabelSelector
+      type: string
+      default: toolchain.dev.openshift.com/spacerequest=eaas
+      description: A label selector used to identify the secret containing the EaaS hub cluster kubeconfig
+    - name: insecureSkipTLSVerify
+      type: string
+      default: "false"
+      description: Skip TLS verification when accessing the EaaS hub cluster
+  env:
+    - name: LABEL_SELECTOR
+      value: "$(params.kubeconfigSecretLabelSelector)"
+    - name: INSECURE_SKIP_TLS_VERIFY
+      value: "$(params.insecureSkipTLSVerify)"
+  results:
+    - name: versions
+      type: array
+      description: List of supported minor versions from newest to oldest. E.g. ["4.15","4.14","4.13"]
+  script: |
+    #!/bin/bash
+    set -eo pipefail
+
+    TMP_KUBECONFIG=$(mktemp)
+    trap 'rm "$TMP_KUBECONFIG"' EXIT
+
+    oc get secret -l $LABEL_SELECTOR -o jsonpath="{.items[0].data.kubeconfig}" | base64 -d > $TMP_KUBECONFIG
+    OC=(oc --insecure-skip-tls-verify=$INSECURE_SKIP_TLS_VERIFY --kubeconfig=$TMP_KUBECONFIG)
+
+    SV=$(${OC[*]} get configmap supported-versions -n hypershift -o=jsonpath='{.data.supported-versions}')
+    VERSIONS=$(echo "$SV" | jq -c '.versions')
+    echo "Supported versions: $VERSIONS"
+    echo -n "$VERSIONS" > $(step.results.versions.path)

stepactions/get-supported-ephemeral-cluster-versions/OWNERS

@@ -0,0 +1,8 @@
+# See the OWNERS docs: https://go.k8s.io/owners
+
+approvers:
+- amisstea
+- oamsalem
+- avi-biton
+- yftacherzog
+- hmariset