Skip to content

Commit

Permalink
Make openshift-ci green 😇
Browse files Browse the repository at this point in the history
- Update Makefile
- Add required files (for openshift-ci to work)
- Update e2e to not do secrets management

Signed-off-by: Vincent Demeester <[email protected]>
  • Loading branch information
vdemeester committed Dec 5, 2023
1 parent 368754f commit 4cc47a1
Show file tree
Hide file tree
Showing 8 changed files with 194 additions and 9 deletions.
10 changes: 9 additions & 1 deletion .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -83,4 +83,12 @@ jobs:

# running end-to-end test target
- name: test-e2e
run: make test-e2e
run: |
set -Eeuo pipefail
kubectl delete secret regcred || true
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=$HOME/.docker/config.json \
--type=kubernetes.io/dockerconfigjson
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}'
make test-e2e
9 changes: 9 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,15 @@ clean:
test-e2e: install
$(BATS_CORE) $(BATS_FLAGS) $(ARGS) $(E2E_TESTS)

# Run all the end-to-end tests against the current openshift context.
# It is used mainly by the CI and ideally shouldn't differ that much from test-e2e
.PHONY: prepare-e2e-openshift
prepare-e2e-openshift:
./hack/install-osp.sh $(OSP_VERSION)
.PHONY: test-e2e-openshift
test-e2e-openshift: prepare-e2e-openshift
test-e2e-openshift: test-e2e

# act runs the github actions workflows, so by default only running the test workflow (integration
# and end-to-end) to avoid running the release workflow accidently
act: ARGS = --workflows=./.github/workflows/test.yaml
Expand Down
12 changes: 12 additions & 0 deletions ci/bin/entrypoint
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/sh -e

# This is documented here:
# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines

if ! whoami &>/dev/null; then
if [ -w /etc/passwd ]; then
echo "${USER_NAME}:x:$(id -u):$(id -g):${USER_NAME} user:${HOME}:/sbin/nologin" >> /etc/passwd
fi
fi

exec ${ENTRY_CMD} $@
14 changes: 14 additions & 0 deletions ci/bin/user_setup
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/sh
set -x

# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
mkdir -p ${HOME}
chown -R ${USER_UID}:0 ${HOME}
chmod ug+rwx ${HOME}
chmod -R uga+rw ${HOME}

# runtime user will need to be able to self-insert in /etc/passwd
chmod uga+rw /etc/passwd

# no need for this script to remain in the image after running
rm $0
22 changes: 22 additions & 0 deletions ci/ci.Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# This Docerfile is the environment where the test will be run in.
FROM registry.ci.openshift.org/openshift/release:golang-1.20

# Add kubernetes repository
ADD ci/kubernetes.repo /etc/yum.repos.d/

RUN yum install -y kubectl httpd-tools jq make git which
RUN rpm -Uvh https://github.com/tektoncd/cli/releases/download/v0.33.0/tektoncd-cli-0.33.0_Linux-64bit.rpm

# Serverless-Operator `make generated-files` needs helm
RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

RUN GOFLAGS='' go install github.com/mikefarah/yq/v3@latest

# go install creates $GOPATH/.cache with root permissions, we delete it here
# to avoid permission issues with the runtime users
RUN rm -rf $GOPATH/.cache

# Allow runtime users to add entries to /etc/passwd
RUN chmod g+rw /etc/passwd

ADD . .
7 changes: 7 additions & 0 deletions ci/kubernetes.repo
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
121 changes: 121 additions & 0 deletions hack/install-osp.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
#!/usr/bin/env bash
# Install OpenShift Pipelines on the current cluster

set -o errexit
set -o nounset
set -o pipefail

readonly export DEPLOYMENT_TIMEOUT="${DEPLOYMENT_TIMEOUT:-5m}"

function fail() {
echo "ERROR: ${*}" >&2
exit 1
}

function rollout_status() {
local namespace="${1}"
local deployment="${2}"

if ! kubectl --namespace="${namespace}" --timeout=${DEPLOYMENT_TIMEOUT} \
rollout status deployment "${deployment}"; then
fail "'${namespace}/${deployment}' is not deployed as expected!"
fi
}

function install_channel() {
local channel="${1}"
echo "Installing OpenShift Pipelines from channel ${channel}"
cat <<EOF | oc apply -f-
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: openshift-pipelines-operator-rh
namespace: openshift-operators
spec:
channel: ${channel}
name: openshift-pipelines-operator-rh
source: redhat-operators
sourceNamespace: openshift-marketplace
EOF
}

function install_nightly() {
oc patch operatorhub.config.openshift.io/cluster -p='{"spec":{"disableAllDefaultSources":true}}' --type=merge
sleep 2
# Add a custom catalog-source
cat <<EOF | oc apply -f-
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: custom-osp-nightly
namespace: openshift-marketplace
spec:
sourceType: grpc
image: quay.io/openshift-pipeline/openshift-pipelines-operator-index:1.10
displayName: "Custom OSP Nightly"
updateStrategy:
registryPoll:
interval: 30m
EOF
sleep 10
# Create the "correct" subscription
oc delete subscription pipelines -n openshift-operators || true
cat <<EOF | oc apply -f-
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: openshift-pipelines-operator
namespace: openshift-operators
spec:
channel: latest
name: openshift-pipelines-operator-rh
source: custom-osp-nightly
sourceNamespace: openshift-marketplace
EOF
}

OSP_VERSION=${1:-latest}
shift

case "$OSP_VERSION" in
nightly)
install_nightly
;;
latest)
install_channel latest
;;
*)
install_channel "pipelines-$OSP_VERSION"
;;
esac

# wait until tekton pipelines operator is created
echo "Waiting for OpenShift Pipelines Operator to be created..."
timeout 2m bash <<- EOF
until oc get deployment openshift-pipelines-operator -n openshift-operators; do
sleep 5
done
EOF
oc rollout status -n openshift-operators deployment/openshift-pipelines-operator --timeout 10m

# wait until clustertasks tekton CRD is properly deployed
timeout 10m bash <<- EOF
until oc get crd tasks.tekton.dev; do
sleep 5
done
EOF

timeout 2m bash <<- EOF
until oc get deployment tekton-pipelines-controller -n openshift-pipelines; do
sleep 5
done
EOF
rollout_status "openshift-pipelines" "tekton-pipelines-controller"
rollout_status "openshift-pipelines" "tekton-pipelines-webhook"

oc get -n openshift-pipelines pods
tkn version

# Make sure we are on the default project
oc new-project e2e-test
oc project e2e-test
8 changes: 0 additions & 8 deletions test/e2e/e2e.bats
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,6 @@ source ./test/helper/helper.sh
run kubectl delete taskrun --all
assert_success

kubectl delete secret regcred || true
run kubectl create secret generic regcred \
--from-file=.dockerconfigjson=$HOME/.docker/config.json \
--type=kubernetes.io/dockerconfigjson
assert_success
run kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}'
assert_success

run tkn task start openshift-client \
--param="SCRIPT=${E2E_OPENSHIFT_PARAMS_SCRIPT}" \
--use-param-defaults \
Expand Down

0 comments on commit 4cc47a1

Please sign in to comment.