From 9193f67cb552489b2e43e62519914710e762de97 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 1 Dec 2023 13:51:42 +0100 Subject: [PATCH 1/2] =?UTF-8?q?Add=20test-e2e-openshift=20and=20make=20it?= =?UTF-8?q?=20green=E2=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit … even if it's fake. Signed-off-by: Vincent Demeester --- Makefile | 9 ++++++ ci/bin/entrypoint | 12 ++++++++ ci/bin/user_setup | 14 +++++++++ ci/ci.Dockerfile | 22 +++++++++++++++ ci/kubernetes.repo | 7 +++++ hack/install-osp.sh | 69 +++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 133 insertions(+) create mode 100755 ci/bin/entrypoint create mode 100755 ci/bin/user_setup create mode 100644 ci/ci.Dockerfile create mode 100644 ci/kubernetes.repo create mode 100755 hack/install-osp.sh diff --git a/Makefile b/Makefile index 0a6e863..c0eaad7 100644 --- a/Makefile +++ b/Makefile @@ -64,6 +64,15 @@ test-integration: test-e2e: install $(BATS_CORE) $(BATS_FLAGS) $(ARGS) $(E2E_TESTS) +# Run all the end-to-end tests against the current openshift context. +# It is used mainly by the CI and ideally shouldn't differ that much from test-e2e +.PHONY: prepare-e2e-openshift +prepare-e2e-openshift: + ./hack/install-osp.sh $(OSP_VERSION) +.PHONY: test-e2e-openshift +test-e2e-openshift: prepare-e2e-openshift +test-e2e-openshift: test-e2e + # act runs the github actions workflows, so by default only running the test workflow (integration # and end-to-end) to avoid running the release workflow accidently act: ARGS = --workflows=./.github/workflows/test.yaml diff --git a/ci/bin/entrypoint b/ci/bin/entrypoint new file mode 100755 index 0000000..2803400 --- /dev/null +++ b/ci/bin/entrypoint @@ -0,0 +1,12 @@ +#!/bin/sh -e + +# This is documented here: +# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines + +if ! whoami &>/dev/null; then + if [ -w /etc/passwd ]; then + echo "${USER_NAME}:x:$(id -u):$(id -g):${USER_NAME} user:${HOME}:/sbin/nologin" >> /etc/passwd + fi +fi + +exec ${ENTRY_CMD} $@ diff --git a/ci/bin/user_setup b/ci/bin/user_setup new file mode 100755 index 0000000..0b87071 --- /dev/null +++ b/ci/bin/user_setup @@ -0,0 +1,14 @@ +#!/bin/sh +set -x + +# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be) +mkdir -p ${HOME} +chown -R ${USER_UID}:0 ${HOME} +chmod ug+rwx ${HOME} +chmod -R uga+rw ${HOME} + +# runtime user will need to be able to self-insert in /etc/passwd +chmod uga+rw /etc/passwd + +# no need for this script to remain in the image after running +rm $0 diff --git a/ci/ci.Dockerfile b/ci/ci.Dockerfile new file mode 100644 index 0000000..6eab75c --- /dev/null +++ b/ci/ci.Dockerfile @@ -0,0 +1,22 @@ +# This Docerfile is the environment where the test will be run in. +FROM registry.ci.openshift.org/openshift/release:golang-1.20 + +# Add kubernetes repository +ADD ci/kubernetes.repo /etc/yum.repos.d/ + +RUN yum install -y kubectl httpd-tools jq make git which +RUN rpm -Uvh https://github.com/tektoncd/cli/releases/download/v0.33.0/tektoncd-cli-0.33.0_Linux-64bit.rpm + +# Serverless-Operator `make generated-files` needs helm +RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + +RUN GOFLAGS='' go install github.com/mikefarah/yq/v3@latest + +# go install creates $GOPATH/.cache with root permissions, we delete it here +# to avoid permission issues with the runtime users +RUN rm -rf $GOPATH/.cache + +# Allow runtime users to add entries to /etc/passwd +RUN chmod g+rw /etc/passwd + +ADD . . diff --git a/ci/kubernetes.repo b/ci/kubernetes.repo new file mode 100644 index 0000000..795626e --- /dev/null +++ b/ci/kubernetes.repo @@ -0,0 +1,7 @@ +[kubernetes] +name=Kubernetes +baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg diff --git a/hack/install-osp.sh b/hack/install-osp.sh new file mode 100755 index 0000000..3380238 --- /dev/null +++ b/hack/install-osp.sh @@ -0,0 +1,69 @@ +#!/usr/bin/env bash +# Install OpenShift Pipelines on the current cluster + +set -o errexit +set -o nounset +set -o pipefail + +readonly export DEPLOYMENT_TIMEOUT="${DEPLOYMENT_TIMEOUT:-5m}" + +function fail() { + echo "ERROR: ${*}" >&2 + exit 1 +} + +function rollout_status() { + local namespace="${1}" + local deployment="${2}" + + if ! kubectl --namespace="${namespace}" --timeout=${DEPLOYMENT_TIMEOUT} \ + rollout status deployment "${deployment}"; then + fail "'${namespace}/${deployment}' is not deployed as expected!" + fi +} + +OSP_VERSION=${1:-latest} +shift + +CHANNEL="" + +case "$OSP_VERSION" in + nightly) + echo "Not supporting nightly just yet" + # FIXME add support for it + exit 0 + ;; + latest) + CHANNEL="latest" + ;; + *) + CHANNEL="pipelines-$OSP_VERSION" + ;; +esac + +echo "Installing OpenShift Pipelines from channel ${CHANNEL}" +cat < Date: Fri, 1 Dec 2023 14:09:40 +0100 Subject: [PATCH 2/2] .github: move regcred secret out of e2e Signed-off-by: Vincent Demeester --- .github/workflows/test.yaml | 9 ++++++++- test/e2e/e2e.bats | 8 -------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 16208a3..f26ffad 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -65,4 +65,11 @@ jobs: # running end-to-end test target - name: test-e2e - run: make test-e2e + run: | + set -Eeuo pipefail + kubectl delete secret regcred || true + kubectl create secret generic regcred \ + --from-file=.dockerconfigjson=$HOME/.docker/config.json \ + --type=kubernetes.io/dockerconfigjson + kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}' + make test-e2e diff --git a/test/e2e/e2e.bats b/test/e2e/e2e.bats index 08d6744..b9fc15a 100644 --- a/test/e2e/e2e.bats +++ b/test/e2e/e2e.bats @@ -7,14 +7,6 @@ source ./test/helper/helper.sh run kubectl delete taskrun --all assert_success - - kubectl delete secret regcred || true - run kubectl create secret generic regcred \ - --from-file=.dockerconfigjson=$HOME/.docker/config.json \ - --type=kubernetes.io/dockerconfigjson - assert_success - run kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}' - assert_success run tkn task start git \ --param="URL=https://github.com/tektoncd/community.git" \