diff --git a/.tekton/integration-tests/integration-test-scenarios/e2e-tests.yaml b/.tekton/integration-tests/integration-test-scenarios/e2e-tests.yaml deleted file mode 100644 index 8b2f1c247..000000000 --- a/.tekton/integration-tests/integration-test-scenarios/e2e-tests.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: appstudio.redhat.com/v1beta1 -kind: IntegrationTestScenario -metadata: - name: ols-e2e-tests-416 - namespace: crt-nshift-lightspeed-tenant - labels: - test.appstudio.openshift.io/optional: "true" -spec: - application: ols - contexts: - - description: bundle testing - name: component_bundle - resolverRef: - resolver: git - params: - - name: url - value: https://github.com/openshift/lightspeed-operator - - name: revision - value: main - - name: pathInRepo - value: /.tekton/integration-tests/pipelines/lightspeed-integration-test-pipeline.yaml diff --git a/.tekton/integration-tests/integration-test-scenarios/konflux-integration-test-scenarios.yaml b/.tekton/integration-tests/integration-test-scenarios/konflux-integration-test-scenarios.yaml new file mode 100644 index 000000000..63c9f3b47 --- /dev/null +++ b/.tekton/integration-tests/integration-test-scenarios/konflux-integration-test-scenarios.yaml @@ -0,0 +1,687 @@ +# IntegrationTestScenario resources for Konflux (appstudio.redhat.com/v1beta2). +# Apply to your tenant namespace (e.g. crt-nshift-lightspeed-tenant). Each scenario points at the +# per-minor pipeline file in this repo (stable pathInRepo for Konflux) and passes pipeline parameters. +# +# Bundle builds: contexts name component_bundle, install-mode defaults to bundle on the Pipeline. +# Operator image builds: *-direct scenarios use component_lightspeed-operator and install-mode direct +# (same pathInRepo as the matching bundle scenario; IMG from lightspeed-operator in the snapshot). +# +# Resolver paths are relative to repo root (leading slash optional; Konflux accepts both). +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-e2e-tests-416 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator bundle e2e on OCP 4.16 + name: component_bundle + params: + - name: test-name + value: ols-e2e-tests-4.16 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.16." + - name: artifact-oci-tag-prefix + value: "416" + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-416.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-e2e-tests-417 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator bundle e2e on OCP 4.17 + name: component_bundle + params: + - name: test-name + value: ols-e2e-tests-4.17 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.17." + - name: artifact-oci-tag-prefix + value: "" + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-417.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-e2e-tests-418 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator bundle e2e on OCP 4.18 + name: component_bundle + params: + - name: test-name + value: ols-e2e-tests-4.18 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.18." + - name: artifact-oci-tag-prefix + value: "" + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-418.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-e2e-tests-419 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator bundle e2e on OCP 4.19 + name: component_bundle + params: + - name: test-name + value: ols-e2e-tests-4.19 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.19." + - name: artifact-oci-tag-prefix + value: "" + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-419.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-upgrade-e2e-tests-416 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator upgrade e2e on OCP 4.16 + name: component_bundle + params: + - name: test-name + value: ols-upgrade-e2e-tests-4.16 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.16." + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-419.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-upgrade-e2e-tests-417 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator upgrade e2e on OCP 4.17 + name: component_bundle + params: + - name: test-name + value: ols-upgrade-e2e-tests-4.17 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.17." + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-419.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-upgrade-e2e-tests-418 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator upgrade e2e on OCP 4.18 + name: component_bundle + params: + - name: test-name + value: ols-upgrade-e2e-tests-4.18 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.18." + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-419.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-upgrade-e2e-tests-419 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator upgrade e2e on OCP 4.19 + name: component_bundle + params: + - name: test-name + value: ols-upgrade-e2e-tests-4.19 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.19." + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-419.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-upgrade-e2e-tests-420 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator upgrade e2e on OCP 4.20 + name: component_bundle + params: + - name: test-name + value: ols-upgrade-e2e-tests-4.20 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.20." + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-420.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: service-integration-tests-416 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Lightspeed service integration on OCP 4.16 + name: component_bundle + params: + - name: test-name + value: ols-e2e-tests-4.16 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.16." + - name: artifact-oci-tag-prefix + value: "416" + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.16.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: service-integration-tests-417 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Lightspeed service integration on OCP 4.17 + name: component_bundle + params: + - name: test-name + value: ols-e2e-tests-4.17 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.17." + - name: artifact-oci-tag-prefix + value: "" + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.17.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: service-integration-tests-418 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Lightspeed service integration on OCP 4.18 + name: component_bundle + params: + - name: test-name + value: ols-e2e-tests-4.18 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.18." + - name: artifact-oci-tag-prefix + value: "" + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.18.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: service-integration-tests-419 + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Lightspeed service integration on OCP 4.19 + name: component_bundle + params: + - name: test-name + value: ols-e2e-tests-4.19 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.19." + - name: artifact-oci-tag-prefix + value: "" + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.19.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-e2e-tests-416-direct + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator e2e on OCP 4.16 (direct deploy; lightspeed-operator snapshot) + name: component_lightspeed-operator + params: + - name: test-name + value: ols-e2e-tests-4.16 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.16." + - name: artifact-oci-tag-prefix + value: "416" + - name: install-mode + value: direct + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-416.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-e2e-tests-417-direct + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator e2e on OCP 4.17 (direct deploy; lightspeed-operator snapshot) + name: component_lightspeed-operator + params: + - name: test-name + value: ols-e2e-tests-4.17 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.17." + - name: artifact-oci-tag-prefix + value: "" + - name: install-mode + value: direct + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-417.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-e2e-tests-418-direct + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator e2e on OCP 4.18 (direct deploy; lightspeed-operator snapshot) + name: component_lightspeed-operator + params: + - name: test-name + value: ols-e2e-tests-4.18 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.18." + - name: artifact-oci-tag-prefix + value: "" + - name: install-mode + value: direct + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-418.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: operator-e2e-tests-419-direct + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Operator e2e on OCP 4.19 (direct deploy; lightspeed-operator snapshot) + name: component_lightspeed-operator + params: + - name: test-name + value: ols-e2e-tests-4.19 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.19." + - name: artifact-oci-tag-prefix + value: "" + - name: install-mode + value: direct + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-419.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: service-integration-tests-416-direct + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Lightspeed service integration on OCP 4.16 (direct deploy; lightspeed-operator snapshot) + name: component_lightspeed-operator + params: + - name: test-name + value: ols-e2e-tests-4.16 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.16." + - name: artifact-oci-tag-prefix + value: "416" + - name: install-mode + value: direct + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.16.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: service-integration-tests-417-direct + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Lightspeed service integration on OCP 4.17 (direct deploy; lightspeed-operator snapshot) + name: component_lightspeed-operator + params: + - name: test-name + value: ols-e2e-tests-4.17 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.17." + - name: artifact-oci-tag-prefix + value: "" + - name: install-mode + value: direct + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.17.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: service-integration-tests-418-direct + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Lightspeed service integration on OCP 4.18 (direct deploy; lightspeed-operator snapshot) + name: component_lightspeed-operator + params: + - name: test-name + value: ols-e2e-tests-4.18 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.18." + - name: artifact-oci-tag-prefix + value: "" + - name: install-mode + value: direct + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.18.yaml +--- +apiVersion: appstudio.redhat.com/v1beta2 +kind: IntegrationTestScenario +metadata: + name: service-integration-tests-419-direct + namespace: crt-nshift-lightspeed-tenant + labels: + test.appstudio.openshift.io/optional: "true" +spec: + application: ols + contexts: + - description: Lightspeed service integration on OCP 4.19 (direct deploy; lightspeed-operator snapshot) + name: component_lightspeed-operator + params: + - name: test-name + value: ols-e2e-tests-4.19 + - name: namespace + value: openshift-lightspeed + - name: openshift-version-prefix + value: "4.19." + - name: artifact-oci-tag-prefix + value: "" + - name: install-mode + value: direct + resolverRef: + resolver: git + resourceKind: pipeline + params: + - name: url + value: https://github.com/openshift/lightspeed-operator + - name: revision + value: main + - name: pathInRepo + value: .tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.19.yaml diff --git a/.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml b/.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml index 19c7fbe50..2fd58b227 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml @@ -5,10 +5,9 @@ metadata: name: ols-console-pre-commits spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed console e2e (Cypress) on a Konflux ephemeral OpenShift cluster (EaaS). + Provisions the cluster, installs the operator bundle from the snapshot, runs console tests, + collects artifacts, then deprovisions. params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -77,7 +76,7 @@ spec: - name: instanceType value: "m5.large" - name: ols-install - description: Task to install bundle onto ephemeral namespace + description: Install operator bundle; record SNAPSHOT containerImage and commit for console tests. runAfter: - provision-cluster params: @@ -104,17 +103,21 @@ spec: env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "bundle image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle index image)." - name: commit type: string description: "commit sha to be used in console tests" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-e2e-tests description: Task to run tests from service repository runAfter: @@ -187,78 +190,26 @@ spec: value: "$(params.bundle-image)" image: cypress/browsers:24.13.0 script: | - apt update && apt install -y jq - echo "COMMIT_SHA: ${COMMIT_SHA}" - echo "CYPRESS_BASE_URL: ${CYPRESS_BASE_URL}" - echo "CYPRESS_CONSOLE_IMAGE: ${CYPRESS_CONSOLE_IMAGE}" - echo "CYPRESS_KUBECONFIG_PATH: ${CYPRESS_KUBECONFIG_PATH}" - echo "---------------------------------------------" - cat "${CYPRESS_KUBECONFIG_PATH}" - echo "---------------------------------------------" - export CYPRESS_LOGIN_PASSWORD=$(cat ${PASSWORD_PATH}) - echo "${CYPRESS_LOGIN_PASSWORD}" - echo "---------------------------------------------" - echo "---------------------------------------------" - wget --no-verbose -O oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest/openshift-client-linux.tar.gz \ - && tar -xvzf oc.tar.gz \ - && chmod +x kubectl oc \ - && mv oc kubectl /usr/local/bin/ - echo "---------------------------------------------" - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - wget --no-verbose -O /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - echo "---------------------------------------------" - operator-sdk version - echo "---------------------------------------------" - mkdir -pv ~/.cache/xdgr - export XDG_RUNTIME_DIR=$PATH:~/.cache/xdgr - echo "---------------------------------------------" + set -euo pipefail + apt update && apt install -y jq git curl cd /home git init lightspeed-operator cd lightspeed-operator git remote add origin https://github.com/openshift/lightspeed-operator.git - git fetch --depth=1 --filter=blob:none origin ${COMMIT_SHA} - TEST_SOURCE_COMMIT=$( - git show ${COMMIT_SHA}:related_images.json | - jq -r '.[] | select(.name=="lightspeed-console-plugin-pf5") | .revision' - ) - cd /home - rm -rf lightspeed-console - git init lightspeed-console - cd lightspeed-console - git remote add origin https://github.com/openshift/lightspeed-console.git - git fetch --depth=1 --filter=blob:none origin ${TEST_SOURCE_COMMIT} - git checkout ${TEST_SOURCE_COMMIT} - echo "---------------------------------------------" - echo "npm version: $(npm -v)" - echo "---------------------------------------------" - NODE_OPTIONS=--max-old-space-size=4096 npm ci --omit=optional --no-fund - echo "---------------------------------------------" - export CYPRESS_LOGIN_PASSWORD=$(cat ${PASSWORD_PATH}) - set +e - NO_COLOR=1 npx cypress run - err_status=$? - echo -n "${err_status}" > /workspace/cypress-exit-code - echo "---------------------------------------------" - ls ./gui_test_screenshots - mv ./gui_test_screenshots /workspace/artifacts/ - set -e - echo "Cypress exit code: ${err_status}" - exit ${err_status} - echo "---------------------------------------------" + git fetch --depth=1 --filter=blob:none origin "${COMMIT_SHA}" + git checkout "${COMMIT_SHA}" + git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-console-cypress-tests.sh" | bash -s -- "lightspeed-console-plugin-pf5" "latest-4.18" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -266,6 +217,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/artifacts/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue diff --git a/.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf6.yaml b/.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf6.yaml index 9c2be5a91..40b6e44e6 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf6.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf6.yaml @@ -5,10 +5,9 @@ metadata: name: ols-console-pre-commits spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed console e2e (Cypress) on a Konflux ephemeral OpenShift cluster (EaaS). + Provisions the cluster, installs the operator bundle from the snapshot, runs console tests, + collects artifacts, then deprovisions. params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -77,7 +76,7 @@ spec: - name: instanceType value: "m5.large" - name: ols-install - description: Task to install bundle onto ephemeral namespace + description: Install operator bundle; record SNAPSHOT containerImage and commit for console tests. runAfter: - provision-cluster params: @@ -104,17 +103,21 @@ spec: env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "bundle image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle index image)." - name: commit type: string description: "commit sha to be used in console tests" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-e2e-tests description: Task to run tests from service repository runAfter: @@ -187,78 +190,26 @@ spec: value: "$(params.bundle-image)" image: cypress/browsers:24.13.0 script: | - apt update && apt install -y jq - echo "COMMIT_SHA: ${COMMIT_SHA}" - echo "CYPRESS_BASE_URL: ${CYPRESS_BASE_URL}" - echo "CYPRESS_CONSOLE_IMAGE: ${CYPRESS_CONSOLE_IMAGE}" - echo "CYPRESS_KUBECONFIG_PATH: ${CYPRESS_KUBECONFIG_PATH}" - echo "---------------------------------------------" - cat "${CYPRESS_KUBECONFIG_PATH}" - echo "---------------------------------------------" - export CYPRESS_LOGIN_PASSWORD=$(cat ${PASSWORD_PATH}) - echo "${CYPRESS_LOGIN_PASSWORD}" - echo "---------------------------------------------" - echo "---------------------------------------------" - wget --no-verbose -O oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest/openshift-client-linux.tar.gz \ - && tar -xvzf oc.tar.gz \ - && chmod +x kubectl oc \ - && mv oc kubectl /usr/local/bin/ - echo "---------------------------------------------" - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - wget --no-verbose -O /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - echo "---------------------------------------------" - operator-sdk version - echo "---------------------------------------------" - mkdir -pv ~/.cache/xdgr - export XDG_RUNTIME_DIR=$PATH:~/.cache/xdgr - echo "---------------------------------------------" + set -euo pipefail + apt update && apt install -y jq git curl cd /home git init lightspeed-operator cd lightspeed-operator git remote add origin https://github.com/openshift/lightspeed-operator.git - git fetch --depth=1 --filter=blob:none origin ${COMMIT_SHA} - TEST_SOURCE_COMMIT=$( - git show ${COMMIT_SHA}:related_images.json | - jq -r '.[] | select(.name=="lightspeed-console-plugin") | .revision' - ) - cd /home - rm -rf lightspeed-console - git init lightspeed-console - cd lightspeed-console - git remote add origin https://github.com/openshift/lightspeed-console.git - git fetch --depth=1 --filter=blob:none origin ${TEST_SOURCE_COMMIT} - git checkout ${TEST_SOURCE_COMMIT} - echo "---------------------------------------------" - echo "npm version: $(npm -v)" - echo "---------------------------------------------" - NODE_OPTIONS=--max-old-space-size=4096 npm ci --omit=optional --no-fund - echo "---------------------------------------------" - export CYPRESS_LOGIN_PASSWORD=$(cat ${PASSWORD_PATH}) - set +e - NO_COLOR=1 npx cypress run - err_status=$? - echo -n "${err_status}" > /workspace/cypress-exit-code - echo "---------------------------------------------" - ls ./gui_test_screenshots - mv ./gui_test_screenshots /workspace/artifacts/ - set -e - echo "Cypress exit code: ${err_status}" - exit ${err_status} - echo "---------------------------------------------" + git fetch --depth=1 --filter=blob:none origin "${COMMIT_SHA}" + git checkout "${COMMIT_SHA}" + git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-console-cypress-tests.sh" | bash -s -- "lightspeed-console-plugin" "latest-4.19" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -266,6 +217,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/artifacts/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue diff --git a/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-416.yaml b/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-416.yaml index 3da61be84..8b0bd2c16 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-416.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-416.yaml @@ -7,10 +7,13 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed operator e2e tests on a Konflux ephemeral OpenShift cluster (EaaS). + Provisions the cluster, installs the operator (OLM bundle or direct/kustomize per install-mode), + runs tests from the snapshot commit, collects artifacts, then deprovisions. + + Per OpenShift minor: set params.openshift-version-prefix (e.g. 4.16.) and params.test-name + (Konflux integration test id). For OpenShift 4.16 only, set params.artifact-oci-tag-prefix to "416" + so pushed artifacts use tag 416; leave artifact-oci-tag-prefix empty for other versions. params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -19,9 +22,23 @@ spec: - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' default: 'ols-e2e-tests-4.16' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.16.' + type: string + - name: artifact-oci-tag-prefix + description: 'Prepended to commit SHA in ols-operator-artifacts Quay tag. Use "416" for OCP 4.16; empty for other minors.' + default: '416' + type: string + - name: install-mode + description: 'Operator install: bundle (OLM) or direct (kustomize; IMG from lightspeed-operator in SNAPSHOT).' + type: string + default: 'bundle' tasks: - name: eaas-provision-space taskRef: @@ -43,7 +60,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +83,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.16." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -79,7 +102,7 @@ spec: - name: instanceType value: "m5.large" - name: ols-install - description: Task to install bundle onto ephemeral namespace + description: Install operator (OLM bundle or direct); record SNAPSHOT containerImage and commit for downstream tasks. runAfter: - provision-cluster params: @@ -87,16 +110,21 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: install-mode + value: $(params.install-mode) taskSpec: results: - name: bundle-image - value: "$(steps.get-bundle-image.results.bundle-image)" + value: "$(steps.get-snapshot-component.results.bundle-image)" - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace type: string + - name: install-mode + type: string + default: "bundle" volumes: - name: credentials emptyDir: {} @@ -128,58 +156,60 @@ spec: fieldPath: metadata.labels['appstudio.openshift.io/component'] - name: KUBECONFIG value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" volumeMounts: - name: credentials mountPath: /credentials image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - dnf -y install jq python3-pip - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" - oc create namespace $(params.namespace) - oc label namespaces $(params.namespace) openshift.io/cluster-monitoring=true --overwrite=true - echo "---------------------------------------------" - echo ${KONFLUX_COMPONENT_NAME} - export BUNDLE_IMAGE="$(jq -r --arg component_name "$KONFLUX_COMPONENT_NAME" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" - echo "${BUNDLE_IMAGE}" - echo "---------------------------------------------" - operator-sdk run bundle --timeout=30m --namespace "$(params.namespace)" "$BUNDLE_IMAGE" --verbose - echo "---------------------------------------------" - oc get deployment lightspeed-operator-controller-manager -n "$(params.namespace)" - - name: get-bundle-image + set -euo pipefail + dnf -y install jq python3-pip git curl make golang + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh "$(params.install-mode)" + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "service image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle or operator manager image)." - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-operator-tests description: Task to run tests from operator repository params: - name: commit value: $(tasks.ols-install.results.commit) + - name: artifact-oci-tag-prefix + value: $(params.artifact-oci-tag-prefix) runAfter: - ols-install taskSpec: params: - name: commit + - name: artifact-oci-tag-prefix + type: string + default: "" volumes: - name: azure-openai-token secret: @@ -256,50 +286,23 @@ spec: value: "/workspace" image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" dnf -y install git make golang jq gpgme-devel git init lightspeed-operator cd lightspeed-operator git remote add origin https://github.com/openshift/lightspeed-operator.git git fetch --depth=1 --filter=blob:none origin ${COMMIT_SHA} - TEST_SOURCE_COMMIT=$( - git show ${COMMIT_SHA}:related_images.json | - jq -r '.[] | select(.name=="lightspeed-operator") | .revision' - ) - git fetch --depth=1 --filter=blob:none origin ${TEST_SOURCE_COMMIT} - git checkout ${TEST_SOURCE_COMMIT} - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export LLM_TOKEN=$(cat ${OPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-e2e - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" - export LLM_TOKEN=$(cat ${AZUREOPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="azure_openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-e2e + git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-operator-e2e-tests.sh" | bash -s -- "latest-4.16" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -307,6 +310,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue @@ -330,7 +335,7 @@ spec: - name: workdir-path value: /workspace - name: oci-ref - value: "quay.io/openshift-lightspeed/ols-operator-artifacts:416$(params.commit)" + value: "quay.io/openshift-lightspeed/ols-operator-artifacts:$(params.artifact-oci-tag-prefix)$(params.commit)" - name: credentials-volume-name value: ols-konflux-artifacts-bot-creds - name: fail-if-any-step-failed diff --git a/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-417.yaml b/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-417.yaml index d126dc886..071e53b23 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-417.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-417.yaml @@ -7,10 +7,13 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed operator e2e tests on a Konflux ephemeral OpenShift cluster (EaaS). + Provisions the cluster, installs the operator (OLM bundle or direct/kustomize per install-mode), + runs tests from the snapshot commit, collects artifacts, then deprovisions. + + Per OpenShift minor: set params.openshift-version-prefix (e.g. 4.16.) and params.test-name + (Konflux integration test id). For OpenShift 4.16 only, set params.artifact-oci-tag-prefix to "416" + so pushed artifacts use tag 416; leave artifact-oci-tag-prefix empty for other versions. params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -18,10 +21,24 @@ spec: type: string - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' - default: 'ols-e2e-tests-4.17' + default: 'ols-e2e-tests-4.19' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.19.' + type: string + - name: artifact-oci-tag-prefix + description: 'Prepended to commit SHA in ols-operator-artifacts Quay tag. Use "416" for OCP 4.16; empty for other minors.' + default: '' + type: string + - name: install-mode + description: 'Operator install: bundle (OLM) or direct (kustomize; IMG from lightspeed-operator in SNAPSHOT).' + type: string + default: 'bundle' tasks: - name: eaas-provision-space taskRef: @@ -43,7 +60,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +83,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.17." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -79,7 +102,7 @@ spec: - name: instanceType value: "m5.large" - name: ols-install - description: Task to install bundle onto ephemeral namespace + description: Install operator (OLM bundle or direct); record SNAPSHOT containerImage and commit for downstream tasks. runAfter: - provision-cluster params: @@ -87,16 +110,21 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: install-mode + value: $(params.install-mode) taskSpec: results: - name: bundle-image - value: "$(steps.get-bundle-image.results.bundle-image)" + value: "$(steps.get-snapshot-component.results.bundle-image)" - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace type: string + - name: install-mode + type: string + default: "bundle" volumes: - name: credentials emptyDir: {} @@ -128,58 +156,60 @@ spec: fieldPath: metadata.labels['appstudio.openshift.io/component'] - name: KUBECONFIG value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" volumeMounts: - name: credentials mountPath: /credentials image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - dnf -y install jq python3-pip - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" - oc create namespace $(params.namespace) - oc label namespaces $(params.namespace) openshift.io/cluster-monitoring=true --overwrite=true - echo "---------------------------------------------" - echo ${KONFLUX_COMPONENT_NAME} - export BUNDLE_IMAGE="$(jq -r --arg component_name "$KONFLUX_COMPONENT_NAME" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" - echo "${BUNDLE_IMAGE}" - echo "---------------------------------------------" - operator-sdk run bundle --timeout=30m --namespace "$(params.namespace)" "$BUNDLE_IMAGE" --verbose - echo "---------------------------------------------" - oc get deployment lightspeed-operator-controller-manager -n "$(params.namespace)" - - name: get-bundle-image + set -euo pipefail + dnf -y install jq python3-pip git curl make golang + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh "$(params.install-mode)" + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "service image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle or operator manager image)." - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-operator-tests description: Task to run tests from operator repository params: - name: commit value: $(tasks.ols-install.results.commit) + - name: artifact-oci-tag-prefix + value: $(params.artifact-oci-tag-prefix) runAfter: - ols-install taskSpec: params: - name: commit + - name: artifact-oci-tag-prefix + type: string + default: "" volumes: - name: azure-openai-token secret: @@ -256,50 +286,23 @@ spec: value: "/workspace" image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" dnf -y install git make golang jq gpgme-devel git init lightspeed-operator cd lightspeed-operator git remote add origin https://github.com/openshift/lightspeed-operator.git git fetch --depth=1 --filter=blob:none origin ${COMMIT_SHA} - TEST_SOURCE_COMMIT=$( - git show ${COMMIT_SHA}:related_images.json | - jq -r '.[] | select(.name=="lightspeed-operator") | .revision' - ) - git fetch --depth=1 --filter=blob:none origin ${TEST_SOURCE_COMMIT} - git checkout ${TEST_SOURCE_COMMIT} - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export LLM_TOKEN=$(cat ${OPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-e2e - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" - export LLM_TOKEN=$(cat ${AZUREOPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="azure_openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-e2e + git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-operator-e2e-tests.sh" | bash -s -- "latest-4.17" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -307,6 +310,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue @@ -330,7 +335,7 @@ spec: - name: workdir-path value: /workspace - name: oci-ref - value: "quay.io/openshift-lightspeed/ols-operator-artifacts:$(params.commit)" + value: "quay.io/openshift-lightspeed/ols-operator-artifacts:$(params.artifact-oci-tag-prefix)$(params.commit)" - name: credentials-volume-name value: ols-konflux-artifacts-bot-creds - name: fail-if-any-step-failed diff --git a/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-418.yaml b/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-418.yaml index c0a29500b..38ad06abf 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-418.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-418.yaml @@ -7,10 +7,13 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed operator e2e tests on a Konflux ephemeral OpenShift cluster (EaaS). + Provisions the cluster, installs the operator (OLM bundle or direct/kustomize per install-mode), + runs tests from the snapshot commit, collects artifacts, then deprovisions. + + Per OpenShift minor: set params.openshift-version-prefix (e.g. 4.16.) and params.test-name + (Konflux integration test id). For OpenShift 4.16 only, set params.artifact-oci-tag-prefix to "416" + so pushed artifacts use tag 416; leave artifact-oci-tag-prefix empty for other versions. params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -18,10 +21,24 @@ spec: type: string - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' - default: 'ols-e2e-tests-4.18' + default: 'ols-e2e-tests-4.19' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.19.' + type: string + - name: artifact-oci-tag-prefix + description: 'Prepended to commit SHA in ols-operator-artifacts Quay tag. Use "416" for OCP 4.16; empty for other minors.' + default: '' + type: string + - name: install-mode + description: 'Operator install: bundle (OLM) or direct (kustomize; IMG from lightspeed-operator in SNAPSHOT).' + type: string + default: 'bundle' tasks: - name: eaas-provision-space taskRef: @@ -43,7 +60,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +83,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.18." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -79,7 +102,7 @@ spec: - name: instanceType value: "m5.large" - name: ols-install - description: Task to install bundle onto ephemeral namespace + description: Install operator (OLM bundle or direct); record SNAPSHOT containerImage and commit for downstream tasks. runAfter: - provision-cluster params: @@ -87,16 +110,21 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: install-mode + value: $(params.install-mode) taskSpec: results: - name: bundle-image - value: "$(steps.get-bundle-image.results.bundle-image)" + value: "$(steps.get-snapshot-component.results.bundle-image)" - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace type: string + - name: install-mode + type: string + default: "bundle" volumes: - name: credentials emptyDir: {} @@ -128,58 +156,60 @@ spec: fieldPath: metadata.labels['appstudio.openshift.io/component'] - name: KUBECONFIG value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" volumeMounts: - name: credentials mountPath: /credentials image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - dnf -y install jq python3-pip - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" - oc create namespace $(params.namespace) - oc label namespaces $(params.namespace) openshift.io/cluster-monitoring=true --overwrite=true - echo "---------------------------------------------" - echo ${KONFLUX_COMPONENT_NAME} - export BUNDLE_IMAGE="$(jq -r --arg component_name "$KONFLUX_COMPONENT_NAME" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" - echo "${BUNDLE_IMAGE}" - echo "---------------------------------------------" - operator-sdk run bundle --timeout=30m --namespace "$(params.namespace)" "$BUNDLE_IMAGE" --verbose - echo "---------------------------------------------" - oc get deployment lightspeed-operator-controller-manager -n "$(params.namespace)" - - name: get-bundle-image + set -euo pipefail + dnf -y install jq python3-pip git curl make golang + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh "$(params.install-mode)" + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "service image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle or operator manager image)." - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-operator-tests description: Task to run tests from operator repository params: - name: commit value: $(tasks.ols-install.results.commit) + - name: artifact-oci-tag-prefix + value: $(params.artifact-oci-tag-prefix) runAfter: - ols-install taskSpec: params: - name: commit + - name: artifact-oci-tag-prefix + type: string + default: "" volumes: - name: azure-openai-token secret: @@ -256,50 +286,23 @@ spec: value: "/workspace" image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" dnf -y install git make golang jq gpgme-devel git init lightspeed-operator cd lightspeed-operator git remote add origin https://github.com/openshift/lightspeed-operator.git git fetch --depth=1 --filter=blob:none origin ${COMMIT_SHA} - TEST_SOURCE_COMMIT=$( - git show ${COMMIT_SHA}:related_images.json | - jq -r '.[] | select(.name=="lightspeed-operator") | .revision' - ) - git fetch --depth=1 --filter=blob:none origin ${TEST_SOURCE_COMMIT} - git checkout ${TEST_SOURCE_COMMIT} - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export LLM_TOKEN=$(cat ${OPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-e2e - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" - export LLM_TOKEN=$(cat ${AZUREOPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="azure_openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-e2e + git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-operator-e2e-tests.sh" | bash -s -- "latest-4.18" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -307,6 +310,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue @@ -330,7 +335,7 @@ spec: - name: workdir-path value: /workspace - name: oci-ref - value: "quay.io/openshift-lightspeed/ols-operator-artifacts:$(params.commit)" + value: "quay.io/openshift-lightspeed/ols-operator-artifacts:$(params.artifact-oci-tag-prefix)$(params.commit)" - name: credentials-volume-name value: ols-konflux-artifacts-bot-creds - name: fail-if-any-step-failed diff --git a/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-419.yaml b/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-419.yaml index c002b0ebf..5d5d7fa88 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-419.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-operator-e2e-test-pipeline-419.yaml @@ -7,10 +7,13 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed operator e2e tests on a Konflux ephemeral OpenShift cluster (EaaS). + Provisions the cluster, installs the operator (OLM bundle or direct/kustomize per install-mode), + runs tests from the snapshot commit, collects artifacts, then deprovisions. + + Per OpenShift minor: set params.openshift-version-prefix (e.g. 4.16.) and params.test-name + (Konflux integration test id). For OpenShift 4.16 only, set params.artifact-oci-tag-prefix to "416" + so pushed artifacts use tag 416; leave artifact-oci-tag-prefix empty for other versions. params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -19,9 +22,23 @@ spec: - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' default: 'ols-e2e-tests-4.19' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.19.' + type: string + - name: artifact-oci-tag-prefix + description: 'Prepended to commit SHA in ols-operator-artifacts Quay tag. Use "416" for OCP 4.16; empty for other minors.' + default: '' + type: string + - name: install-mode + description: 'Operator install: bundle (OLM) or direct (kustomize; IMG from lightspeed-operator in SNAPSHOT).' + type: string + default: 'bundle' tasks: - name: eaas-provision-space taskRef: @@ -43,7 +60,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +83,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.19." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -79,7 +102,7 @@ spec: - name: instanceType value: "m5.large" - name: ols-install - description: Task to install bundle onto ephemeral namespace + description: Install operator (OLM bundle or direct); record SNAPSHOT containerImage and commit for downstream tasks. runAfter: - provision-cluster params: @@ -87,16 +110,21 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: install-mode + value: $(params.install-mode) taskSpec: results: - name: bundle-image - value: "$(steps.get-bundle-image.results.bundle-image)" + value: "$(steps.get-snapshot-component.results.bundle-image)" - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace type: string + - name: install-mode + type: string + default: "bundle" volumes: - name: credentials emptyDir: {} @@ -128,58 +156,60 @@ spec: fieldPath: metadata.labels['appstudio.openshift.io/component'] - name: KUBECONFIG value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" volumeMounts: - name: credentials mountPath: /credentials image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - dnf -y install jq python3-pip - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" - oc create namespace $(params.namespace) - oc label namespaces $(params.namespace) openshift.io/cluster-monitoring=true --overwrite=true - echo "---------------------------------------------" - echo ${KONFLUX_COMPONENT_NAME} - export BUNDLE_IMAGE="$(jq -r --arg component_name "$KONFLUX_COMPONENT_NAME" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" - echo "${BUNDLE_IMAGE}" - echo "---------------------------------------------" - operator-sdk run bundle --timeout=30m --namespace "$(params.namespace)" "$BUNDLE_IMAGE" --verbose - echo "---------------------------------------------" - oc get deployment lightspeed-operator-controller-manager -n "$(params.namespace)" - - name: get-bundle-image + set -euo pipefail + dnf -y install jq python3-pip git curl make golang + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh "$(params.install-mode)" + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "service image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle or operator manager image)." - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-operator-tests description: Task to run tests from operator repository params: - name: commit value: $(tasks.ols-install.results.commit) + - name: artifact-oci-tag-prefix + value: $(params.artifact-oci-tag-prefix) runAfter: - ols-install taskSpec: params: - name: commit + - name: artifact-oci-tag-prefix + type: string + default: "" volumes: - name: azure-openai-token secret: @@ -256,50 +286,23 @@ spec: value: "/workspace" image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" dnf -y install git make golang jq gpgme-devel git init lightspeed-operator cd lightspeed-operator git remote add origin https://github.com/openshift/lightspeed-operator.git git fetch --depth=1 --filter=blob:none origin ${COMMIT_SHA} - TEST_SOURCE_COMMIT=$( - git show ${COMMIT_SHA}:related_images.json | - jq -r '.[] | select(.name=="lightspeed-operator") | .revision' - ) - git fetch --depth=1 --filter=blob:none origin ${TEST_SOURCE_COMMIT} - git checkout ${TEST_SOURCE_COMMIT} - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export LLM_TOKEN=$(cat ${OPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-e2e - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" - export LLM_TOKEN=$(cat ${AZUREOPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="azure_openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-e2e + git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-operator-e2e-tests.sh" | bash -s -- "latest-4.19" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -307,6 +310,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue @@ -330,7 +335,7 @@ spec: - name: workdir-path value: /workspace - name: oci-ref - value: "quay.io/openshift-lightspeed/ols-operator-artifacts:$(params.commit)" + value: "quay.io/openshift-lightspeed/ols-operator-artifacts:$(params.artifact-oci-tag-prefix)$(params.commit)" - name: credentials-volume-name value: ols-konflux-artifacts-bot-creds - name: fail-if-any-step-failed diff --git a/.tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-419.yaml b/.tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-419.yaml index b51689bdd..241fd7a92 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-419.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-419.yaml @@ -7,10 +7,14 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed operator upgrade e2e tests on a Konflux ephemeral OpenShift cluster (EaaS): + provision cluster, OLM-install the second-newest catalog bundle (latest-1 semver among bundle-v*.yaml; avoids + known-bad upgrade chains from very old bases), skip final bundle in ols-install, run make test-upgrade to + bundle-upgrade to the snapshot bundle, gather artifacts, deprovision. + + Per OpenShift minor: set params.openshift-version-prefix (e.g. 4.16.) and params.test-name (Konflux integration + test id). Base bundle is the penultimate semver in lightspeed-catalog-; upgrade targets the snapshot + bundle (SNAPSHOT + component label). params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -19,9 +23,15 @@ spec: - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' default: 'ols-upgrade-e2e-tests-4.19' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.19.' + type: string tasks: - name: eaas-provision-space taskRef: @@ -43,7 +53,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +76,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.19." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -79,7 +95,7 @@ spec: - name: instanceType value: "m5.large" - name: ols-install - description: Task to install bundle onto ephemeral namespace + description: Install operator bundle (upgrade base + snapshot); record SNAPSHOT commit for tests. runAfter: - provision-cluster params: @@ -87,40 +103,103 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: results: - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace + - name: openshift-version-prefix type: string volumes: - name: credentials emptyDir: {} steps: - - name: get-bundle-image + - name: get-kubeconfig + ref: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/build-definitions.git + - name: revision + value: main + - name: pathInRepo + value: stepactions/eaas-get-ephemeral-cluster-credentials/0.1/eaas-get-ephemeral-cluster-credentials.yaml + params: + - name: eaasSpaceSecretRef + value: $(tasks.eaas-provision-space.results.secretRef) + - name: clusterName + value: "$(tasks.provision-cluster.results.clusterName)" + - name: credentials + value: credentials + - name: install-operator + env: + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] + - name: KUBECONFIG + value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" + - name: UPGRADE_E2E_INSTALL_OLD_BASE_FROM_CATALOG + value: "$(params.openshift-version-prefix)" + volumeMounts: + - name: credentials + mountPath: /credentials + image: registry.redhat.io/openshift4/ose-cli:latest + script: | + set -euo pipefail + dnf -y install jq python3-pip git curl yq + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh bundle + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-operator-tests description: Task to run tests from operator repository params: - name: commit value: $(tasks.ols-install.results.commit) + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) + - name: SNAPSHOT + value: $(params.SNAPSHOT) runAfter: - ols-install taskSpec: params: - name: commit + - name: openshift-version-prefix + type: string + - name: SNAPSHOT + type: string volumes: - name: azure-openai-token secret: @@ -188,62 +267,34 @@ spec: value: "/var/run/watsonx/token" - name: COMMIT_SHA value: "$(params.commit)" + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] - name: ARTIFACT_DIR value: "/workspace" - image: registry.fedoraproject.org/fedora:latest + image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - dnf -y install git make golang yq jq gpgme-devel - curl -L -o oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.17/openshift-client-linux-amd64-rhel9.tar.gz \ - && tar -xvzf oc.tar.gz \ - && chmod +x kubectl oc \ - && mv oc kubectl /usr/local/bin/ - git clone https://github.com/openshift/lightspeed-operator.git + dnf -y install git make golang jq gpgme-devel yq + git init lightspeed-operator cd lightspeed-operator - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${COMMIT_SHA} - git checkout ${COMMIT_SHA} - echo "---------------------------------------------" - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" - oc create namespace $(params.namespace) - oc label namespaces $(params.namespace) openshift.io/cluster-monitoring=true --overwrite=true - BUNDLE_COUNT=$(ls -d lightspeed-catalog-4.19/bundle-v* 2>/dev/null | wc -l) - if [ "$BUNDLE_COUNT" -lt 2 ]; then - echo "ERROR: need at least 2 bundles to test an upgrade, found $BUNDLE_COUNT" - exit 1 - fi - PREVIOUS_BUNDLE=$(ls lightspeed-catalog-4.19/bundle-v* | sort -V -r | head -n 2 | tail -n 1) - export BUNDLE_IMAGE=$(cat $PREVIOUS_BUNDLE | yq '.relatedImages[] | select(.name == "lightspeed-operator-bundle") | .image') - echo "installing ${PREVIOUS_BUNDLE} bundle image" - operator-sdk run bundle --timeout=30m --namespace "$(params.namespace)" "$BUNDLE_IMAGE" --verbose - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export LLM_TOKEN=$(cat ${OPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-upgrade + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth=1 --filter=blob:none origin "${COMMIT_SHA}" + git checkout "${COMMIT_SHA}" + git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-operator-upgrade-tests.sh" | bash -s -- "$(params.openshift-version-prefix)" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -251,6 +302,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue diff --git a/.tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-420.yaml b/.tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-420.yaml index 0a83e93bf..480ed1342 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-420.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-operator-upgrade-e2e-test-pipeline-420.yaml @@ -7,10 +7,14 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed operator upgrade e2e tests on a Konflux ephemeral OpenShift cluster (EaaS): + provision cluster, OLM-install the second-newest catalog bundle (latest-1 semver among bundle-v*.yaml; avoids + known-bad upgrade chains from very old bases), skip final bundle in ols-install, run make test-upgrade to + bundle-upgrade to the snapshot bundle, gather artifacts, deprovision. + + Per OpenShift minor: set params.openshift-version-prefix (e.g. 4.16.) and params.test-name (Konflux integration + test id). Base bundle is the penultimate semver in lightspeed-catalog-; upgrade targets the snapshot + bundle (SNAPSHOT + component label). params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -19,9 +23,15 @@ spec: - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' default: 'ols-upgrade-e2e-tests-4.20' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.20.' + type: string tasks: - name: eaas-provision-space taskRef: @@ -43,7 +53,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +76,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.20." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -79,7 +95,7 @@ spec: - name: instanceType value: "m5.large" - name: ols-install - description: Task to install bundle onto ephemeral namespace + description: Install operator bundle (upgrade base + snapshot); record SNAPSHOT commit for tests. runAfter: - provision-cluster params: @@ -87,40 +103,103 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: results: - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace + - name: openshift-version-prefix type: string volumes: - name: credentials emptyDir: {} steps: - - name: get-bundle-image + - name: get-kubeconfig + ref: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/build-definitions.git + - name: revision + value: main + - name: pathInRepo + value: stepactions/eaas-get-ephemeral-cluster-credentials/0.1/eaas-get-ephemeral-cluster-credentials.yaml + params: + - name: eaasSpaceSecretRef + value: $(tasks.eaas-provision-space.results.secretRef) + - name: clusterName + value: "$(tasks.provision-cluster.results.clusterName)" + - name: credentials + value: credentials + - name: install-operator + env: + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] + - name: KUBECONFIG + value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" + - name: UPGRADE_E2E_INSTALL_OLD_BASE_FROM_CATALOG + value: "$(params.openshift-version-prefix)" + volumeMounts: + - name: credentials + mountPath: /credentials + image: registry.redhat.io/openshift4/ose-cli:latest + script: | + set -euo pipefail + dnf -y install jq python3-pip git curl yq + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh bundle + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-operator-tests description: Task to run tests from operator repository params: - name: commit value: $(tasks.ols-install.results.commit) + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) + - name: SNAPSHOT + value: $(params.SNAPSHOT) runAfter: - ols-install taskSpec: params: - name: commit + - name: openshift-version-prefix + type: string + - name: SNAPSHOT + type: string volumes: - name: azure-openai-token secret: @@ -188,62 +267,34 @@ spec: value: "/var/run/watsonx/token" - name: COMMIT_SHA value: "$(params.commit)" + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] - name: ARTIFACT_DIR value: "/workspace" - image: registry.fedoraproject.org/fedora:latest + image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - dnf -y install git make golang yq jq gpgme-devel - curl -L -o oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.17/openshift-client-linux-amd64-rhel9.tar.gz \ - && tar -xvzf oc.tar.gz \ - && chmod +x kubectl oc \ - && mv oc kubectl /usr/local/bin/ - git clone https://github.com/openshift/lightspeed-operator.git + dnf -y install git make golang jq gpgme-devel yq + git init lightspeed-operator cd lightspeed-operator - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${COMMIT_SHA} - git checkout ${COMMIT_SHA} - echo "---------------------------------------------" - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" - oc create namespace $(params.namespace) - oc label namespaces $(params.namespace) openshift.io/cluster-monitoring=true --overwrite=true - BUNDLE_COUNT=$(ls -d lightspeed-catalog-4.20/bundle-v* 2>/dev/null | wc -l) - if [ "$BUNDLE_COUNT" -lt 2 ]; then - echo "ERROR: need at least 2 bundles to test an upgrade, found $BUNDLE_COUNT" - exit 1 - fi - PREVIOUS_BUNDLE=$(ls lightspeed-catalog-4.20/bundle-v* | sort -V -r | head -n 2 | tail -n 1) - export BUNDLE_IMAGE=$(cat $PREVIOUS_BUNDLE | yq '.relatedImages[] | select(.name == "lightspeed-operator-bundle") | .image') - echo "installing ${PREVIOUS_BUNDLE} bundle image" - operator-sdk run bundle --timeout=30m --namespace "$(params.namespace)" "$BUNDLE_IMAGE" --verbose - echo "---------------------------------------------" - echo "---------------------------------------------" - echo "---------------------------------------------" - export LLM_TOKEN=$(cat ${OPENAI_PROVIDER_KEY_PATH}) - export LLM_PROVIDER="openai" - export LLM_MODEL="gpt-4o-mini" - echo "starting tests for $LLM_PROVIDER $LLM_MODEL" - make test-upgrade + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth=1 --filter=blob:none origin "${COMMIT_SHA}" + git checkout "${COMMIT_SHA}" + git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-operator-upgrade-tests.sh" | bash -s -- "$(params.openshift-version-prefix)" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -251,6 +302,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue diff --git a/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.16.yaml b/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.16.yaml index de311c136..3475b857f 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.16.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.16.yaml @@ -7,10 +7,16 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed service integration tests on a Konflux ephemeral OpenShift cluster (EaaS): + provision cluster, install the operator via ols-install (OLM bundle or direct per install-mode), + then clone operator + service at related_images + revisions and run tests/scripts/test-e2e-cluster.sh, push artifacts. + + Per OpenShift minor: set openshift-version-prefix (e.g. 4.16.) and test-name. For OCP 4.16 only, + set artifact-oci-tag-prefix to "416" so ols-service-artifacts uses tag 416; leave empty + for other versions. The run step bootstraps git then runs + .tekton/integration-tests/scripts/run-service-integration-tests.sh (openshift-version-prefix + is passed through; install-oc-if-missing.sh supplies the oc client for latest-). params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -19,9 +25,23 @@ spec: - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' default: 'ols-e2e-tests-4.16' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.16.' + type: string + - name: artifact-oci-tag-prefix + description: 'Prepended to commit SHA in ols-service-artifacts Quay tag. Use "416" for OCP 4.16; empty for other minors.' + default: '416' + type: string + - name: install-mode + description: 'Operator install: bundle (OLM) or direct (kustomize; IMG from lightspeed-operator in SNAPSHOT).' + type: string + default: 'bundle' tasks: - name: eaas-provision-space taskRef: @@ -43,7 +63,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +86,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.16." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -78,8 +104,8 @@ spec: value: "$(steps.pick-version.results.version)" - name: instanceType value: "m5.large" - - name: get-bundle-images - description: Task to install bundle onto ephemeral namespace + - name: ols-install + description: Install operator (OLM bundle or direct); record SNAPSHOT image ref and commit for service tests. runAfter: - provision-cluster params: @@ -87,56 +113,120 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: install-mode + value: $(params.install-mode) taskSpec: results: - name: bundle-image - value: "$(steps.get-bundle-image.results.bundle-image)" + value: "$(steps.get-snapshot-component.results.bundle-image)" - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace type: string + - name: install-mode + type: string + default: "bundle" volumes: - name: credentials emptyDir: {} steps: - - name: get-bundle-image + - name: get-kubeconfig + ref: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/build-definitions.git + - name: revision + value: main + - name: pathInRepo + value: stepactions/eaas-get-ephemeral-cluster-credentials/0.1/eaas-get-ephemeral-cluster-credentials.yaml + params: + - name: eaasSpaceSecretRef + value: $(tasks.eaas-provision-space.results.secretRef) + - name: clusterName + value: "$(tasks.provision-cluster.results.clusterName)" + - name: credentials + value: credentials + - name: install-operator + env: + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] + - name: KUBECONFIG + value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" + volumeMounts: + - name: credentials + mountPath: /credentials + image: registry.redhat.io/openshift4/ose-cli:latest + script: | + set -euo pipefail + dnf -y install jq python3-pip git curl make golang + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh "$(params.install-mode)" + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "service image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle or operator manager image)." - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-service-tests description: Task to run tests from service repository params: - name: SNAPSHOT value: $(params.SNAPSHOT) - name: bundleimage - value: $(tasks.get-bundle-images.results.bundle-image) + value: $(tasks.ols-install.results.bundle-image) - name: commit - value: $(tasks.get-bundle-images.results.commit) + value: $(tasks.ols-install.results.commit) - name: namespace value: "$(params.namespace)" + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) + - name: artifact-oci-tag-prefix + value: $(params.artifact-oci-tag-prefix) runAfter: - - get-bundle-images + - ols-install taskSpec: params: - name: SNAPSHOT - name: bundleimage + description: SNAPSHOT containerImage for the labeled Konflux component (bundle or operator manager image). - name: commit - name: namespace type: string + - name: openshift-version-prefix + type: string + - name: artifact-oci-tag-prefix + type: string volumes: - name: azure-openai-token secret: @@ -225,58 +315,29 @@ spec: value: "$(params.bundleimage)" - name: BUNDLE_COMMIT_SHA value: "$(params.commit)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" image: registry.access.redhat.com/ubi9/ubi-minimal script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - echo "$KONFLUX_BOOL" - echo "---------------------------------------------" - echo "$BUNDLE_IMAGE" - echo "---------------------------------------------" - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" + set -euo pipefail microdnf -y install git make python3.11 python3.11-devel python3.11-pip shadow-utils tar jq - curl -L -o oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.16/openshift-client-linux-amd64-rhel9.tar.gz \ - && tar -xvzf oc.tar.gz \ - && chmod +x kubectl oc \ - && mv oc kubectl /usr/local/bin/ - git clone https://github.com/openshift/lightspeed-operator.git + git init lightspeed-operator cd lightspeed-operator - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${BUNDLE_COMMIT_SHA} - git checkout ${BUNDLE_COMMIT_SHA} - export SERVICE_SHA=$(cat related_images.json | jq '.[] | select(.name=="lightspeed-service-api")' | jq '.revision' | tr -d '"' ) - git clone https://github.com/openshift/lightspeed-service.git - cd lightspeed-service - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${SERVICE_SHA} - git checkout ${SERVICE_SHA} - pip3.11 install --no-cache-dir --upgrade pip pdm - pdm config python.use_venv false - export CP_OFFLINE_TOKEN=$(cat /var/run/insights-stage-upload-offline-token/token) - export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" - tests/scripts/test-e2e-cluster.sh + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth=1 origin "${BUNDLE_COMMIT_SHA}" + git checkout "${BUNDLE_COMMIT_SHA}" + bash .tekton/integration-tests/scripts/run-service-integration-tests.sh "$(params.openshift-version-prefix)" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -284,6 +345,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue @@ -307,7 +370,7 @@ spec: - name: workdir-path value: /workspace - name: oci-ref - value: "quay.io/openshift-lightspeed/ols-service-artifacts:416$(params.commit)" + value: "quay.io/openshift-lightspeed/ols-service-artifacts:$(params.artifact-oci-tag-prefix)$(params.commit)" - name: credentials-volume-name value: ols-konflux-artifacts-bot-creds - name: fail-if-any-step-failed diff --git a/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.17.yaml b/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.17.yaml index 11a57cb81..0fb476a4b 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.17.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.17.yaml @@ -7,10 +7,16 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed service integration tests on a Konflux ephemeral OpenShift cluster (EaaS): + provision cluster, install the operator via ols-install (OLM bundle or direct per install-mode), + then clone operator + service at related_images + revisions and run tests/scripts/test-e2e-cluster.sh, push artifacts. + + Per OpenShift minor: set openshift-version-prefix (e.g. 4.16.) and test-name. For OCP 4.16 only, + set artifact-oci-tag-prefix to "416" so ols-service-artifacts uses tag 416; leave empty + for other versions. The run step bootstraps git then runs + .tekton/integration-tests/scripts/run-service-integration-tests.sh (openshift-version-prefix + is passed through; install-oc-if-missing.sh supplies the oc client for latest-). params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -18,10 +24,24 @@ spec: type: string - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' - default: 'ols-e2e-tests-4.17' + default: 'ols-e2e-tests-4.19' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.19.' + type: string + - name: artifact-oci-tag-prefix + description: 'Prepended to commit SHA in ols-service-artifacts Quay tag. Use "416" for OCP 4.16; empty for other minors.' + default: '' + type: string + - name: install-mode + description: 'Operator install: bundle (OLM) or direct (kustomize; IMG from lightspeed-operator in SNAPSHOT).' + type: string + default: 'bundle' tasks: - name: eaas-provision-space taskRef: @@ -43,7 +63,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +86,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.17." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -78,8 +104,8 @@ spec: value: "$(steps.pick-version.results.version)" - name: instanceType value: "m5.large" - - name: get-bundle-images - description: Task to install bundle onto ephemeral namespace + - name: ols-install + description: Install operator (OLM bundle or direct); record SNAPSHOT image ref and commit for service tests. runAfter: - provision-cluster params: @@ -87,56 +113,120 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: install-mode + value: $(params.install-mode) taskSpec: results: - name: bundle-image - value: "$(steps.get-bundle-image.results.bundle-image)" + value: "$(steps.get-snapshot-component.results.bundle-image)" - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace type: string + - name: install-mode + type: string + default: "bundle" volumes: - name: credentials emptyDir: {} steps: - - name: get-bundle-image + - name: get-kubeconfig + ref: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/build-definitions.git + - name: revision + value: main + - name: pathInRepo + value: stepactions/eaas-get-ephemeral-cluster-credentials/0.1/eaas-get-ephemeral-cluster-credentials.yaml + params: + - name: eaasSpaceSecretRef + value: $(tasks.eaas-provision-space.results.secretRef) + - name: clusterName + value: "$(tasks.provision-cluster.results.clusterName)" + - name: credentials + value: credentials + - name: install-operator + env: + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] + - name: KUBECONFIG + value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" + volumeMounts: + - name: credentials + mountPath: /credentials + image: registry.redhat.io/openshift4/ose-cli:latest + script: | + set -euo pipefail + dnf -y install jq python3-pip git curl make golang + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh "$(params.install-mode)" + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "service image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle or operator manager image)." - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-service-tests description: Task to run tests from service repository params: - name: SNAPSHOT value: $(params.SNAPSHOT) - name: bundleimage - value: $(tasks.get-bundle-images.results.bundle-image) + value: $(tasks.ols-install.results.bundle-image) - name: commit - value: $(tasks.get-bundle-images.results.commit) + value: $(tasks.ols-install.results.commit) - name: namespace value: "$(params.namespace)" + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) + - name: artifact-oci-tag-prefix + value: $(params.artifact-oci-tag-prefix) runAfter: - - get-bundle-images + - ols-install taskSpec: params: - name: SNAPSHOT - name: bundleimage + description: SNAPSHOT containerImage for the labeled Konflux component (bundle or operator manager image). - name: commit - name: namespace type: string + - name: openshift-version-prefix + type: string + - name: artifact-oci-tag-prefix + type: string volumes: - name: azure-openai-token secret: @@ -225,58 +315,29 @@ spec: value: "$(params.bundleimage)" - name: BUNDLE_COMMIT_SHA value: "$(params.commit)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" image: registry.access.redhat.com/ubi9/ubi-minimal script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - echo "$KONFLUX_BOOL" - echo "---------------------------------------------" - echo "$BUNDLE_IMAGE" - echo "---------------------------------------------" - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" + set -euo pipefail microdnf -y install git make python3.11 python3.11-devel python3.11-pip shadow-utils tar jq - curl -L -o oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.17/openshift-client-linux-amd64-rhel9.tar.gz \ - && tar -xvzf oc.tar.gz \ - && chmod +x kubectl oc \ - && mv oc kubectl /usr/local/bin/ - git clone https://github.com/openshift/lightspeed-operator.git + git init lightspeed-operator cd lightspeed-operator - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${BUNDLE_COMMIT_SHA} - git checkout ${BUNDLE_COMMIT_SHA} - export SERVICE_SHA=$(cat related_images.json | jq '.[] | select(.name=="lightspeed-service-api")' | jq '.revision' | tr -d '"' ) - git clone https://github.com/openshift/lightspeed-service.git - cd lightspeed-service - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${SERVICE_SHA} - git checkout ${SERVICE_SHA} - pip3.11 install --no-cache-dir --upgrade pip pdm - pdm config python.use_venv false - export CP_OFFLINE_TOKEN=$(cat /var/run/insights-stage-upload-offline-token/token) - export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" - tests/scripts/test-e2e-cluster.sh + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth=1 origin "${BUNDLE_COMMIT_SHA}" + git checkout "${BUNDLE_COMMIT_SHA}" + bash .tekton/integration-tests/scripts/run-service-integration-tests.sh "$(params.openshift-version-prefix)" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -284,6 +345,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue @@ -307,7 +370,7 @@ spec: - name: workdir-path value: /workspace - name: oci-ref - value: "quay.io/openshift-lightspeed/ols-service-artifacts:$(params.commit)" + value: "quay.io/openshift-lightspeed/ols-service-artifacts:$(params.artifact-oci-tag-prefix)$(params.commit)" - name: credentials-volume-name value: ols-konflux-artifacts-bot-creds - name: fail-if-any-step-failed diff --git a/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.18.yaml b/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.18.yaml index 600b27f86..0fb476a4b 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.18.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.18.yaml @@ -7,10 +7,16 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed service integration tests on a Konflux ephemeral OpenShift cluster (EaaS): + provision cluster, install the operator via ols-install (OLM bundle or direct per install-mode), + then clone operator + service at related_images + revisions and run tests/scripts/test-e2e-cluster.sh, push artifacts. + + Per OpenShift minor: set openshift-version-prefix (e.g. 4.16.) and test-name. For OCP 4.16 only, + set artifact-oci-tag-prefix to "416" so ols-service-artifacts uses tag 416; leave empty + for other versions. The run step bootstraps git then runs + .tekton/integration-tests/scripts/run-service-integration-tests.sh (openshift-version-prefix + is passed through; install-oc-if-missing.sh supplies the oc client for latest-). params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -18,10 +24,24 @@ spec: type: string - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' - default: 'ols-e2e-tests-4.18' + default: 'ols-e2e-tests-4.19' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.19.' + type: string + - name: artifact-oci-tag-prefix + description: 'Prepended to commit SHA in ols-service-artifacts Quay tag. Use "416" for OCP 4.16; empty for other minors.' + default: '' + type: string + - name: install-mode + description: 'Operator install: bundle (OLM) or direct (kustomize; IMG from lightspeed-operator in SNAPSHOT).' + type: string + default: 'bundle' tasks: - name: eaas-provision-space taskRef: @@ -43,7 +63,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +86,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.18." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -78,8 +104,8 @@ spec: value: "$(steps.pick-version.results.version)" - name: instanceType value: "m5.large" - - name: get-bundle-images - description: Task to install bundle onto ephemeral namespace + - name: ols-install + description: Install operator (OLM bundle or direct); record SNAPSHOT image ref and commit for service tests. runAfter: - provision-cluster params: @@ -87,56 +113,120 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: install-mode + value: $(params.install-mode) taskSpec: results: - name: bundle-image - value: "$(steps.get-bundle-image.results.bundle-image)" + value: "$(steps.get-snapshot-component.results.bundle-image)" - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace type: string + - name: install-mode + type: string + default: "bundle" volumes: - name: credentials emptyDir: {} steps: - - name: get-bundle-image + - name: get-kubeconfig + ref: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/build-definitions.git + - name: revision + value: main + - name: pathInRepo + value: stepactions/eaas-get-ephemeral-cluster-credentials/0.1/eaas-get-ephemeral-cluster-credentials.yaml + params: + - name: eaasSpaceSecretRef + value: $(tasks.eaas-provision-space.results.secretRef) + - name: clusterName + value: "$(tasks.provision-cluster.results.clusterName)" + - name: credentials + value: credentials + - name: install-operator + env: + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] + - name: KUBECONFIG + value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" + volumeMounts: + - name: credentials + mountPath: /credentials + image: registry.redhat.io/openshift4/ose-cli:latest + script: | + set -euo pipefail + dnf -y install jq python3-pip git curl make golang + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh "$(params.install-mode)" + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "service image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle or operator manager image)." - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-service-tests description: Task to run tests from service repository params: - name: SNAPSHOT value: $(params.SNAPSHOT) - name: bundleimage - value: $(tasks.get-bundle-images.results.bundle-image) + value: $(tasks.ols-install.results.bundle-image) - name: commit - value: $(tasks.get-bundle-images.results.commit) + value: $(tasks.ols-install.results.commit) - name: namespace value: "$(params.namespace)" + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) + - name: artifact-oci-tag-prefix + value: $(params.artifact-oci-tag-prefix) runAfter: - - get-bundle-images + - ols-install taskSpec: params: - name: SNAPSHOT - name: bundleimage + description: SNAPSHOT containerImage for the labeled Konflux component (bundle or operator manager image). - name: commit - name: namespace type: string + - name: openshift-version-prefix + type: string + - name: artifact-oci-tag-prefix + type: string volumes: - name: azure-openai-token secret: @@ -225,58 +315,29 @@ spec: value: "$(params.bundleimage)" - name: BUNDLE_COMMIT_SHA value: "$(params.commit)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" image: registry.access.redhat.com/ubi9/ubi-minimal script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - echo "$KONFLUX_BOOL" - echo "---------------------------------------------" - echo "$BUNDLE_IMAGE" - echo "---------------------------------------------" - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" + set -euo pipefail microdnf -y install git make python3.11 python3.11-devel python3.11-pip shadow-utils tar jq - curl -L -o oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.18/openshift-client-linux-amd64-rhel9.tar.gz \ - && tar -xvzf oc.tar.gz \ - && chmod +x kubectl oc \ - && mv oc kubectl /usr/local/bin/ - git clone https://github.com/openshift/lightspeed-operator.git + git init lightspeed-operator cd lightspeed-operator - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${BUNDLE_COMMIT_SHA} - git checkout ${BUNDLE_COMMIT_SHA} - export SERVICE_SHA=$(cat related_images.json | jq '.[] | select(.name=="lightspeed-service-api")' | jq '.revision' | tr -d '"' ) - git clone https://github.com/openshift/lightspeed-service.git - cd lightspeed-service - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${SERVICE_SHA} - git checkout ${SERVICE_SHA} - pip3.11 install --no-cache-dir --upgrade pip pdm - pdm config python.use_venv false - export CP_OFFLINE_TOKEN=$(cat /var/run/insights-stage-upload-offline-token/token) - export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" - tests/scripts/test-e2e-cluster.sh + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth=1 origin "${BUNDLE_COMMIT_SHA}" + git checkout "${BUNDLE_COMMIT_SHA}" + bash .tekton/integration-tests/scripts/run-service-integration-tests.sh "$(params.openshift-version-prefix)" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -284,6 +345,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue @@ -307,7 +370,7 @@ spec: - name: workdir-path value: /workspace - name: oci-ref - value: "quay.io/openshift-lightspeed/ols-service-artifacts:$(params.commit)" + value: "quay.io/openshift-lightspeed/ols-service-artifacts:$(params.artifact-oci-tag-prefix)$(params.commit)" - name: credentials-volume-name value: ols-konflux-artifacts-bot-creds - name: fail-if-any-step-failed diff --git a/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.19.yaml b/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.19.yaml index 3980ded52..0fb476a4b 100644 --- a/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.19.yaml +++ b/.tekton/integration-tests/pipelines/lightspeed-service-integration-test-pipeline-4.19.yaml @@ -7,10 +7,16 @@ metadata: name: ols-integration-tests-pipeline spec: description: | - This pipeline automates the process of running end-to-end tests for OpenShift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the OpenShift Lightspeed operator using the installer, runs the tests, collects artifacts, - and finally deprovisions the ROSA cluster. + Runs OpenShift Lightspeed service integration tests on a Konflux ephemeral OpenShift cluster (EaaS): + provision cluster, install the operator via ols-install (OLM bundle or direct per install-mode), + then clone operator + service at related_images + revisions and run tests/scripts/test-e2e-cluster.sh, push artifacts. + + Per OpenShift minor: set openshift-version-prefix (e.g. 4.16.) and test-name. For OCP 4.16 only, + set artifact-oci-tag-prefix to "416" so ols-service-artifacts uses tag 416; leave empty + for other versions. The run step bootstraps git then runs + .tekton/integration-tests/scripts/run-service-integration-tests.sh (openshift-version-prefix + is passed through; install-oc-if-missing.sh supplies the oc client for latest-). params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -19,9 +25,23 @@ spec: - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' default: 'ols-e2e-tests-4.19' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.19.)' + default: '4.19.' + type: string + - name: artifact-oci-tag-prefix + description: 'Prepended to commit SHA in ols-service-artifacts Quay tag. Use "416" for OCP 4.16; empty for other minors.' + default: '' + type: string + - name: install-mode + description: 'Operator install: bundle (OLM) or direct (kustomize; IMG from lightspeed-operator in SNAPSHOT).' + type: string + default: 'bundle' tasks: - name: eaas-provision-space taskRef: @@ -43,7 +63,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +86,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.19." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -78,8 +104,8 @@ spec: value: "$(steps.pick-version.results.version)" - name: instanceType value: "m5.large" - - name: get-bundle-images - description: Task to install bundle onto ephemeral namespace + - name: ols-install + description: Install operator (OLM bundle or direct); record SNAPSHOT image ref and commit for service tests. runAfter: - provision-cluster params: @@ -87,56 +113,120 @@ spec: value: $(params.SNAPSHOT) - name: namespace value: "$(params.namespace)" + - name: install-mode + value: $(params.install-mode) taskSpec: results: - name: bundle-image - value: "$(steps.get-bundle-image.results.bundle-image)" + value: "$(steps.get-snapshot-component.results.bundle-image)" - name: commit - value: "$(steps.get-bundle-image.results.commit)" + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace type: string + - name: install-mode + type: string + default: "bundle" volumes: - name: credentials emptyDir: {} steps: - - name: get-bundle-image + - name: get-kubeconfig + ref: + resolver: git + params: + - name: url + value: https://github.com/konflux-ci/build-definitions.git + - name: revision + value: main + - name: pathInRepo + value: stepactions/eaas-get-ephemeral-cluster-credentials/0.1/eaas-get-ephemeral-cluster-credentials.yaml + params: + - name: eaasSpaceSecretRef + value: $(tasks.eaas-provision-space.results.secretRef) + - name: clusterName + value: "$(tasks.provision-cluster.results.clusterName)" + - name: credentials + value: credentials + - name: install-operator + env: + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] + - name: KUBECONFIG + value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" + volumeMounts: + - name: credentials + mountPath: /credentials + image: registry.redhat.io/openshift4/ose-cli:latest + script: | + set -euo pipefail + dnf -y install jq python3-pip git curl make golang + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh "$(params.install-mode)" + - name: get-snapshot-component image: registry.redhat.io/openshift4/ose-cli:latest env: - name: SNAPSHOT value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] results: - name: bundle-image type: string - description: "service image from snapshot" + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle or operator manager image)." - name: commit type: string description: "commit sha to be used to store artifacts" script: | dnf -y install jq - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) - echo -n "$(jq -r --arg component_name "ols-bundle" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: ols-service-tests description: Task to run tests from service repository params: - name: SNAPSHOT value: $(params.SNAPSHOT) - name: bundleimage - value: $(tasks.get-bundle-images.results.bundle-image) + value: $(tasks.ols-install.results.bundle-image) - name: commit - value: $(tasks.get-bundle-images.results.commit) + value: $(tasks.ols-install.results.commit) - name: namespace value: "$(params.namespace)" + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) + - name: artifact-oci-tag-prefix + value: $(params.artifact-oci-tag-prefix) runAfter: - - get-bundle-images + - ols-install taskSpec: params: - name: SNAPSHOT - name: bundleimage + description: SNAPSHOT containerImage for the labeled Konflux component (bundle or operator manager image). - name: commit - name: namespace type: string + - name: openshift-version-prefix + type: string + - name: artifact-oci-tag-prefix + type: string volumes: - name: azure-openai-token secret: @@ -225,58 +315,29 @@ spec: value: "$(params.bundleimage)" - name: BUNDLE_COMMIT_SHA value: "$(params.commit)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" image: registry.access.redhat.com/ubi9/ubi-minimal script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - echo "$KONFLUX_BOOL" - echo "---------------------------------------------" - echo "$BUNDLE_IMAGE" - echo "---------------------------------------------" - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" + set -euo pipefail microdnf -y install git make python3.11 python3.11-devel python3.11-pip shadow-utils tar jq - curl -L -o oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.19/openshift-client-linux-amd64-rhel9.tar.gz \ - && tar -xvzf oc.tar.gz \ - && chmod +x kubectl oc \ - && mv oc kubectl /usr/local/bin/ - git clone https://github.com/openshift/lightspeed-operator.git + git init lightspeed-operator cd lightspeed-operator - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${BUNDLE_COMMIT_SHA} - git checkout ${BUNDLE_COMMIT_SHA} - export SERVICE_SHA=$(cat related_images.json | jq '.[] | select(.name=="lightspeed-service-api")' | jq '.revision' | tr -d '"' ) - git clone https://github.com/openshift/lightspeed-service.git - cd lightspeed-service - git config --global user.email olsci@redhat.com - git config --global user.name olsci - git fetch origin ${SERVICE_SHA} - git checkout ${SERVICE_SHA} - pip3.11 install --no-cache-dir --upgrade pip pdm - pdm config python.use_venv false - export CP_OFFLINE_TOKEN=$(cat /var/run/insights-stage-upload-offline-token/token) - export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" - export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" - tests/scripts/test-e2e-cluster.sh + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth=1 origin "${BUNDLE_COMMIT_SHA}" + git checkout "${BUNDLE_COMMIT_SHA}" + bash .tekton/integration-tests/scripts/run-service-integration-tests.sh "$(params.openshift-version-prefix)" - name: gather-cluster-resources onError: continue ref: resolver: git params: - name: url - value: https://github.com/konflux-ci/tekton-integration-catalog + value: https://github.com/openshift/lightspeed-operator - name: revision - value: main + value: $(params.commit) - name: pathInRepo - value: stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml + value: .tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml params: - name: credentials value: "credentials" @@ -284,6 +345,8 @@ spec: value: "$(steps.get-kubeconfig.results.kubeconfig)" - name: artifact-dir value: "/workspace/konflux-artifacts" + - name: gather-script-url + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/$(params.commit)/.tekton/integration-tests/scripts/gather-extra.sh" # validate that the cluster resources are available in another tekton step - name: list-artifacts onError: continue @@ -307,7 +370,7 @@ spec: - name: workdir-path value: /workspace - name: oci-ref - value: "quay.io/openshift-lightspeed/ols-service-artifacts:$(params.commit)" + value: "quay.io/openshift-lightspeed/ols-service-artifacts:$(params.artifact-oci-tag-prefix)$(params.commit)" - name: credentials-volume-name value: ols-konflux-artifacts-bot-creds - name: fail-if-any-step-failed diff --git a/.tekton/integration-tests/pipelines/rapidast-scan.yaml b/.tekton/integration-tests/pipelines/rapidast-scan.yaml index e0c18149c..0633ba988 100644 --- a/.tekton/integration-tests/pipelines/rapidast-scan.yaml +++ b/.tekton/integration-tests/pipelines/rapidast-scan.yaml @@ -7,10 +7,13 @@ metadata: name: rapidast-tests-pipeline spec: description: | - This pipeline automates the process of running Rapidast tests for Openshift Lightspeed - using a ROSA (Red Hat OpenShift Service on AWS) cluster. The pipeline provisions - the ROSA cluster, installs the openshift lightspeed operator using the installer, runs the Rapidast tests, - and finally deprovisions the ROSA cluster. + Runs product security Rapidast against OpenShift Lightspeed on a Konflux ephemeral OpenShift + cluster (EaaS). The pipeline provisions the cluster, installs the operator with OLM via + operator-sdk run bundle (snapshot bundle image), executes Ginkgo tests labeled Rapidast, + runs the Rapidast container against the cluster, then deprovisions. + + Set params.openshift-version-prefix (e.g. 4.16.) to pick the z-stream; set params.test-name + to the Konflux integration test id. params.namespace is the target namespace (default openshift-lightspeed). params: - name: SNAPSHOT description: 'The JSON string representing the snapshot of the application under test.' @@ -19,9 +22,15 @@ spec: - name: test-name description: 'The name of the test corresponding to a defined Konflux integration test.' default: 'ols-operator-e2e-tests' + type: string - name: namespace description: 'Namespace to run tests in' default: 'openshift-lightspeed' + type: string + - name: openshift-version-prefix + description: 'Minor line prefix for eaas-get-latest-openshift-version-by-prefix (include trailing dot, e.g. 4.16.)' + default: '4.16.' + type: string tasks: - name: eaas-provision-space taskRef: @@ -43,7 +52,13 @@ spec: - name: provision-cluster runAfter: - eaas-provision-space + params: + - name: openshift-version-prefix + value: $(params.openshift-version-prefix) taskSpec: + params: + - name: openshift-version-prefix + type: string results: - name: clusterName value: "$(steps.create-cluster.results.clusterName)" @@ -60,7 +75,7 @@ spec: value: stepactions/eaas-get-latest-openshift-version-by-prefix/0.1/eaas-get-latest-openshift-version-by-prefix.yaml params: - name: prefix - value: "4.16." + value: "$(params.openshift-version-prefix)" - name: create-cluster ref: resolver: git @@ -79,7 +94,7 @@ spec: - name: instanceType value: "m5.large" - name: ols-install - description: Task to install bundle onto ephemeral namespace + description: Install operator via OLM bundle (Rapidast); calls run-konflux-operator-install.sh bundle only. runAfter: - provision-cluster params: @@ -88,6 +103,11 @@ spec: - name: namespace value: "$(params.namespace)" taskSpec: + results: + - name: bundle-image + value: "$(steps.get-snapshot-component.results.bundle-image)" + - name: commit + value: "$(steps.get-snapshot-component.results.commit)" params: - name: SNAPSHOT - name: namespace @@ -113,6 +133,26 @@ spec: value: "$(tasks.provision-cluster.results.clusterName)" - name: credentials value: credentials + - name: get-snapshot-component + image: registry.redhat.io/openshift4/ose-cli:latest + env: + - name: SNAPSHOT + value: $(params.SNAPSHOT) + - name: KONFLUX_COMPONENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/component'] + results: + - name: bundle-image + type: string + description: "SNAPSHOT containerImage for the PipelineRun-labeled Konflux component (bundle index image)." + - name: commit + type: string + description: "Git revision from SNAPSHOT for the labeled Konflux component (tests checkout)." + script: | + dnf -y install jq + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" > $(step.results.bundle-image.path) + echo -n "$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" > $(step.results.commit.path) - name: install-operator env: - name: SNAPSHOT @@ -123,40 +163,38 @@ spec: fieldPath: metadata.labels['appstudio.openshift.io/component'] - name: KUBECONFIG value: "/credentials/$(steps.get-kubeconfig.results.kubeconfig)" + - name: OLS_NAMESPACE + value: "$(params.namespace)" + - name: IMAGE_DIGEST_MIRROR_SET_URL + value: "https://raw.githubusercontent.com/openshift/lightspeed-operator/main/config/manager/imagedigestmirrorset.yaml" volumeMounts: - name: credentials mountPath: /credentials image: registry.redhat.io/openshift4/ose-cli:latest script: | - echo "---------------------------------------------" - cat $KUBECONFIG - echo "---------------------------------------------" - dnf -y install jq python3-pip - export OPERATOR_SDK_VERSION=1.36.1 - export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) - export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION} - curl -Lo /usr/local/bin/operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH} - chmod +x /usr/local/bin/operator-sdk - operator-sdk version - echo "---------------------------------------------" - oc create namespace $(params.namespace) - oc label namespaces $(params.namespace) openshift.io/cluster-monitoring=true --overwrite=true - export IMAGE_DIGEST_MIRROR_SET=https://raw.githubusercontent.com/openshift/lightspeed-operator/main/config/manager/imagedigestmirrorset.yaml - curl -Lo /usr/tmp/imagedigestmirrorset "$IMAGE_DIGEST_MIRROR_SET" - oc apply -f /usr/tmp/imagedigestmirrorset - echo "---------------------------------------------" - echo ${KONFLUX_COMPONENT_NAME} - export BUNDLE_IMAGE="$(jq -r --arg component_name "$KONFLUX_COMPONENT_NAME" '.components[] | select(.name == $component_name) | .containerImage' <<< "$SNAPSHOT")" - echo "${BUNDLE_IMAGE}" - echo "---------------------------------------------" - operator-sdk run bundle --timeout=30m --namespace "$(params.namespace)" "$BUNDLE_IMAGE" --verbose - echo "---------------------------------------------" - oc get deployment lightspeed-operator-controller-manager -n "$(params.namespace)" + set -euo pipefail + dnf -y install jq python3-pip git curl + COMMIT="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" '.components[] | select(.name == $component_name) | .source.git.revision' <<< "$SNAPSHOT")" + echo "Cloning lightspeed-operator@${COMMIT} for Konflux operator install" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT}" + git checkout -q FETCH_HEAD + ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh bundle - name: ols-e2e-tests - description: Task to run tests from service repository + description: Run Rapidast-tagged operator e2e tests and the Rapidast scan container at the snapshot commit. + params: + - name: commit + value: $(tasks.ols-install.results.commit) runAfter: - ols-install taskSpec: + params: + - name: commit + type: string volumes: - name: openai-token secret: @@ -194,21 +232,31 @@ spec: value: "$(steps.get-kubeconfig.results.consoleURL)" - name: LLM_TOKEN_PATH value: "/var/run/openai/token" + - name: COMMIT_SHA + value: "$(params.commit)" image: registry.redhat.io/openshift4/ose-cli:latest script: | + set -euo pipefail echo "---------------------------------------------" export LLM_TOKEN=$(cat ${LLM_TOKEN_PATH}) echo $CONSOLE_URL echo "---------------------------------------------" - dnf -y install git make + dnf -y install git make jq curl -Lo /go.tar.gz https://go.dev/dl/go1.23.4.linux-amd64.tar.gz tar -C /usr/local -xzf /go.tar.gz export PATH=$PATH:/usr/local/go/bin go version - git clone https://github.com/openshift/lightspeed-operator.git - cd lightspeed-operator + echo "Cloning lightspeed-operator@${COMMIT_SHA} for Rapidast e2e (matches snapshot)" + rm -rf /workspace/lightspeed-operator + mkdir -p /workspace/lightspeed-operator + cd /workspace/lightspeed-operator + git init -q + git remote add origin https://github.com/openshift/lightspeed-operator.git + git fetch --depth 1 origin "${COMMIT_SHA}" + git checkout -q FETCH_HEAD echo "---------------------------------------------" - go test ./test/e2e -timeout=120m --ginkgo.label-filter="Rapidast" -ginkgo.v -test.v -ginkgo.show-node-events + # Build tags: keep in sync with Makefile E2E_GO_TAGS (minimal images / no gpgme CGO). + go test -tags=exclude_graphdriver_btrfs,containers_image_openpgp ./test/e2e -timeout=120m --ginkgo.label-filter="Rapidast" -ginkgo.v -test.v -ginkgo.show-node-events echo "---------------------------------------------" dnf -y install podman podman run -v ./ols-rapidast-config-updated.yaml:/opt/rapidast/config/config.yaml:Z quay.io/redhatproductsecurity/rapidast:latest ./rapidast.py diff --git a/.tekton/integration-tests/scripts/gather-extra.sh b/.tekton/integration-tests/scripts/gather-extra.sh new file mode 100644 index 000000000..3e881e1db --- /dev/null +++ b/.tekton/integration-tests/scripts/gather-extra.sh @@ -0,0 +1,200 @@ +#!/bin/bash +# Vendored from konflux-ci/tekton-integration-catalog (scripts/gather-extra.sh). +# Delta: only run `oc logs -p` when the container restartCount is > 0, plus one cached +# `oc get pods -A -o json`, to avoid BadRequest noise and flaky runs when previous logs +# do not exist. Upstream: https://github.com/konflux-ci/tekton-integration-catalog + +function queue() { + local TARGET="${1}" + shift + local LIVE + LIVE="$(jobs | wc -l)" + while [[ "${LIVE}" -ge 45 ]]; do + sleep 1 + LIVE="$(jobs | wc -l)" + done + echo "${@}" + if [[ -n "${FILTER:-}" ]]; then + "${@}" | "${FILTER}" >"${TARGET}" & + else + "${@}" >"${TARGET}" & + fi +} + +export ARTIFACT_DIR="${ARTIFACT_DIR:-.}" + +# Ensure the directory exists +mkdir -p "$ARTIFACT_DIR" + +echo "Gathering artifacts ..." +mkdir -p ${ARTIFACT_DIR}/pods + +oc --insecure-skip-tls-verify --request-timeout=5s get nodes -o jsonpath --template '{range .items[*]}{.metadata.name}{"\n"}{end}' > /tmp/nodes +oc --insecure-skip-tls-verify --request-timeout=5s get pods --all-namespaces --template '{{ range .items }}{{ $name := .metadata.name }}{{ $ns := .metadata.namespace }}{{ range .spec.containers }}-n {{ $ns }} {{ $name }} -c {{ .name }}{{ "\n" }}{{ end }}{{ range .spec.initContainers }}-n {{ $ns }} {{ $name }} -c {{ .name }}{{ "\n" }}{{ end }}{{ end }}' > /tmp/containers +oc --insecure-skip-tls-verify --request-timeout=5s get pods -l openshift.io/component=api --all-namespaces --template '{{ range .items }}-n {{ .metadata.namespace }} {{ .metadata.name }}{{ "\n" }}{{ end }}' > /tmp/pods-api + +queue ${ARTIFACT_DIR}/apiservices.json oc --insecure-skip-tls-verify --request-timeout=5s get apiservices -o json +queue ${ARTIFACT_DIR}/clusteroperators.json oc --insecure-skip-tls-verify --request-timeout=5s get clusteroperators -o json +queue ${ARTIFACT_DIR}/clusterversion.json oc --insecure-skip-tls-verify --request-timeout=5s get clusterversion -o json +queue ${ARTIFACT_DIR}/configmaps.json oc --insecure-skip-tls-verify --request-timeout=5s get configmaps --all-namespaces -o json +queue ${ARTIFACT_DIR}/credentialsrequests.json oc --insecure-skip-tls-verify --request-timeout=5s get credentialsrequests --all-namespaces -o json +queue ${ARTIFACT_DIR}/csr.json oc --insecure-skip-tls-verify --request-timeout=5s get csr -o json +queue ${ARTIFACT_DIR}/endpoints.json oc --insecure-skip-tls-verify --request-timeout=5s get endpoints --all-namespaces -o json +FILTER=gzip queue ${ARTIFACT_DIR}/deployments.json.gz oc --insecure-skip-tls-verify --request-timeout=5s get deployments --all-namespaces -o json +FILTER=gzip queue ${ARTIFACT_DIR}/daemonsets.json.gz oc --insecure-skip-tls-verify --request-timeout=5s get daemonsets --all-namespaces -o json +queue ${ARTIFACT_DIR}/events.json oc --insecure-skip-tls-verify --request-timeout=5s get events --all-namespaces -o json +queue ${ARTIFACT_DIR}/kubeapiserver.json oc --insecure-skip-tls-verify --request-timeout=5s get kubeapiserver -o json +queue ${ARTIFACT_DIR}/kubecontrollermanager.json oc --insecure-skip-tls-verify --request-timeout=5s get kubecontrollermanager -o json +queue ${ARTIFACT_DIR}/machineconfigpools.json oc --insecure-skip-tls-verify --request-timeout=5s get machineconfigpools -o json +queue ${ARTIFACT_DIR}/machineconfigs.json oc --insecure-skip-tls-verify --request-timeout=5s get machineconfigs -o json +queue ${ARTIFACT_DIR}/controlplanemachinesets.json oc --insecure-skip-tls-verify --request-timeout=5s get controlplanemachinesets -A -o json +queue ${ARTIFACT_DIR}/machinesets.json oc --insecure-skip-tls-verify --request-timeout=5s get machinesets -A -o json +queue ${ARTIFACT_DIR}/machines.json oc --insecure-skip-tls-verify --request-timeout=5s get machines -A -o json +queue ${ARTIFACT_DIR}/namespaces.json oc --insecure-skip-tls-verify --request-timeout=5s get namespaces -o json +queue ${ARTIFACT_DIR}/nodes.json oc --insecure-skip-tls-verify --request-timeout=5s get nodes -o json +queue ${ARTIFACT_DIR}/openshiftapiserver.json oc --insecure-skip-tls-verify --request-timeout=5s get openshiftapiserver -o json +queue ${ARTIFACT_DIR}/persistentvolumes.json oc --insecure-skip-tls-verify --request-timeout=5s get persistentvolumes --all-namespaces -o json +queue ${ARTIFACT_DIR}/persistentvolumeclaims.json oc --insecure-skip-tls-verify --request-timeout=5s get persistentvolumeclaims --all-namespaces -o json +FILTER=gzip queue ${ARTIFACT_DIR}/replicasets.json.gz oc --insecure-skip-tls-verify --request-timeout=5s get replicasets --all-namespaces -o json +queue ${ARTIFACT_DIR}/rolebindings.json oc --insecure-skip-tls-verify --request-timeout=5s get rolebindings --all-namespaces -o json +queue ${ARTIFACT_DIR}/roles.json oc --insecure-skip-tls-verify --request-timeout=5s get roles --all-namespaces -o json +queue ${ARTIFACT_DIR}/services.json oc --insecure-skip-tls-verify --request-timeout=5s get services --all-namespaces -o json +FILTER=gzip queue ${ARTIFACT_DIR}/statefulsets.json.gz oc --insecure-skip-tls-verify --request-timeout=5s get statefulsets --all-namespaces -o json +queue ${ARTIFACT_DIR}/routes.json oc --insecure-skip-tls-verify --request-timeout=5s get routes --all-namespaces -o json +queue ${ARTIFACT_DIR}/subscriptions.json oc --insecure-skip-tls-verify --request-timeout=5s get subscriptions --all-namespaces -o json +queue ${ARTIFACT_DIR}/clusterserviceversions.json oc --insecure-skip-tls-verify --request-timeout=5s get clusterserviceversions --all-namespaces -o json +queue ${ARTIFACT_DIR}/releaseinfo.json oc --insecure-skip-tls-verify --request-timeout=5s adm release info -o json +queue ${ARTIFACT_DIR}/clusterrolebindings.json oc --insecure-skip-tls-verify --request-timeout=5s get clusterrolebindings --all-namespaces -o json + +# ArgoCD resources +queue ${ARTIFACT_DIR}/applications_argoproj.json oc --insecure-skip-tls-verify --request-timeout=5s get applications.argoproj.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/applicationsets.json oc --insecure-skip-tls-verify --request-timeout=5s get applicationsets.argoproj.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/appprojects.json oc --insecure-skip-tls-verify --request-timeout=5s get appprojects.argoproj.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/argocds.json oc --insecure-skip-tls-verify --request-timeout=5s get argocds.argoproj.io --all-namespaces -o json + +# Tekton resources +queue ${ARTIFACT_DIR}/repositories.json oc --insecure-skip-tls-verify --request-timeout=5s get repositories.pipelinesascode.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/pipelines.json oc --insecure-skip-tls-verify --request-timeout=5s get pipelines.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/eventlisteners.json oc --insecure-skip-tls-verify --request-timeout=5s get eventlisteners.triggers.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/triggerbindings.json oc --insecure-skip-tls-verify --request-timeout=5s get triggerbindings.triggers.tekton.dev --all-namespaces -o json + +# Appstudio resources +queue ${ARTIFACT_DIR}/applications_appstudio.json oc --insecure-skip-tls-verify --request-timeout=5s get applications.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/buildpipelineselectors.json oc --insecure-skip-tls-verify --request-timeout=5s get buildpipelineselectors.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/componentdetectionqueries.json oc --insecure-skip-tls-verify --request-timeout=5s get componentdetectionqueries.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/components.json oc --insecure-skip-tls-verify --request-timeout=5s get components.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/deploymenttargetclaims.json oc --insecure-skip-tls-verify --request-timeout=5s get deploymenttargetclaims.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/deploymenttargetclasses.json oc --insecure-skip-tls-verify --request-timeout=5s get deploymenttargetclasses.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/deploymenttargets.json oc --insecure-skip-tls-verify --request-timeout=5s get deploymenttargets.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/enterprisecontractpolicies.json oc --insecure-skip-tls-verify --request-timeout=5s get enterprisecontractpolicies.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/environments.json oc --insecure-skip-tls-verify --request-timeout=5s get environments.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/integrationtestscenarios.json oc --insecure-skip-tls-verify --request-timeout=5s get integrationtestscenarios.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/internalrequests.json oc --insecure-skip-tls-verify --request-timeout=5s get internalrequests.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/promotionruns.json oc --insecure-skip-tls-verify --request-timeout=5s get promotionruns.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/releaseplanadmissions.json oc --insecure-skip-tls-verify --request-timeout=5s get releaseplanadmissions.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/releaseplans.json oc --insecure-skip-tls-verify --request-timeout=5s get releaseplans.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/releases.json oc --insecure-skip-tls-verify --request-timeout=5s get releases.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/releasestrategies.json oc --insecure-skip-tls-verify --request-timeout=5s get releasestrategies.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/snapshotenvironmentbindings.json oc --insecure-skip-tls-verify --request-timeout=5s get snapshotenvironmentbindings.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/snapshots.json oc --insecure-skip-tls-verify --request-timeout=5s get snapshots.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/spiaccesschecks.json oc --insecure-skip-tls-verify --request-timeout=5s get spiaccesschecks.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/spiaccesstokenbindings.json oc --insecure-skip-tls-verify --request-timeout=5s get spiaccesstokenbindings.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/spiaccesstokendataupdates.json oc --insecure-skip-tls-verify --request-timeout=5s get spiaccesstokendataupdates.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/spiaccesstokens.json oc --insecure-skip-tls-verify --request-timeout=5s get spiaccesstokens.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/spifilecontentrequests.json oc --insecure-skip-tls-verify --request-timeout=5s get spifilecontentrequests.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/remotesecrets.json oc --insecure-skip-tls-verify --request-timeout=5s get remotesecrets.appstudio.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/imagerepositories.json oc --insecure-skip-tls-verify --request-timeout=5s get imagerepositories.appstudio.redhat.com --all-namespaces -o json + +# JBS resources (jvm-build-service) +queue ${ARTIFACT_DIR}/artifactbuilds.json oc --insecure-skip-tls-verify --request-timeout=5s get artifactbuilds.jvmbuildservice.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/dependencybuilds.json oc --insecure-skip-tls-verify --request-timeout=5s get dependencybuilds.jvmbuildservice.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/jbsconfigs.json oc --insecure-skip-tls-verify --request-timeout=5s get jbsconfigs.jvmbuildservice.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/rebuiltartifacts.json oc --insecure-skip-tls-verify --request-timeout=5s get rebuiltartifacts.jvmbuildservice.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/systemconfigs.json oc --insecure-skip-tls-verify --request-timeout=5s get systemconfigs.jvmbuildservice.io --all-namespaces -o json + +# ArgoCD resources +queue ${ARTIFACT_DIR}/applications_argoproj.json oc --insecure-skip-tls-verify --request-timeout=5s get applications.argoproj.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/applicationsets.json oc --insecure-skip-tls-verify --request-timeout=5s get applicationsets.argoproj.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/appprojects.json oc --insecure-skip-tls-verify --request-timeout=5s get appprojects.argoproj.io --all-namespaces -o json +queue ${ARTIFACT_DIR}/argocds.json oc --insecure-skip-tls-verify --request-timeout=5s get argocds.argoproj.io --all-namespaces -o json + +# Managed-gitops resources +queue ${ARTIFACT_DIR}/gitopsdeploymentmanagedenvironments.json oc --insecure-skip-tls-verify --request-timeout=5s get gitopsdeploymentmanagedenvironments.managed-gitops.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/gitopsdeploymentrepositorycredentials.json oc --insecure-skip-tls-verify --request-timeout=5s get gitopsdeploymentrepositorycredentials.managed-gitops.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/gitopsdeployments.json oc --insecure-skip-tls-verify --request-timeout=5s get gitopsdeployments.managed-gitops.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/gitopsdeploymentsyncruns.json oc --insecure-skip-tls-verify --request-timeout=5s get gitopsdeploymentsyncruns.managed-gitops.redhat.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/operations.json oc --insecure-skip-tls-verify --request-timeout=5s get operations.managed-gitops.redhat.com --all-namespaces -o json + +# Tekton resources +queue ${ARTIFACT_DIR}/repositories.json oc --insecure-skip-tls-verify --request-timeout=5s get repositories.pipelinesascode.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/resolutionrequests.json oc --insecure-skip-tls-verify --request-timeout=5s get resolutionrequests.resolution.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/pipelineresources.json oc --insecure-skip-tls-verify --request-timeout=5s get pipelineresources.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/pipelineruns.json oc --insecure-skip-tls-verify --request-timeout=5s get pipelineruns.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/pipelines.json oc --insecure-skip-tls-verify --request-timeout=5s get pipelines.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/runs.json oc --insecure-skip-tls-verify --request-timeout=5s get runs.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/taskruns.json oc --insecure-skip-tls-verify --request-timeout=5s get taskruns.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/tasks.json oc --insecure-skip-tls-verify --request-timeout=5s get tasks.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/eventlisteners.json oc --insecure-skip-tls-verify --request-timeout=5s get eventlisteners.triggers.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/triggerbindings.json oc --insecure-skip-tls-verify --request-timeout=5s get triggerbindings.triggers.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/triggers.json oc --insecure-skip-tls-verify --request-timeout=5s get triggers.triggers.tekton.dev --all-namespaces -o json +queue ${ARTIFACT_DIR}/triggertemplates.json oc --insecure-skip-tls-verify --request-timeout=5s get triggertemplates.triggers.tekton.dev --all-namespaces -o json + +# Toolchain resources +queue ${ARTIFACT_DIR}/bannedusers.json oc --insecure-skip-tls-verify --request-timeout=5s get bannedusers.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/masteruserrecords.json oc --insecure-skip-tls-verify --request-timeout=5s get masteruserrecords.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/memberoperatorconfigs.json oc --insecure-skip-tls-verify --request-timeout=5s get memberoperatorconfigs.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/memberstatuses.json oc --insecure-skip-tls-verify --request-timeout=5s get memberstatuses.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/notifications.json oc --insecure-skip-tls-verify --request-timeout=5s get notifications.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/nstemplatesets.json oc --insecure-skip-tls-verify --request-timeout=5s get nstemplatesets.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/nstemplatetiers.json oc --insecure-skip-tls-verify --request-timeout=5s get nstemplatetiers.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/socialevents.json oc --insecure-skip-tls-verify --request-timeout=5s get socialevents.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/spacebindings.json oc --insecure-skip-tls-verify --request-timeout=5s get spacebindings.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/spacerequests.json oc --insecure-skip-tls-verify --request-timeout=5s get spacerequests.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/spaces.json oc --insecure-skip-tls-verify --request-timeout=5s get spaces.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/tiertemplates.json oc --insecure-skip-tls-verify --request-timeout=5s get tiertemplates.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/toolchainclusters.json oc --insecure-skip-tls-verify --request-timeout=5s get toolchainclusters.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/toolchainconfigs.json oc --insecure-skip-tls-verify --request-timeout=5s get toolchainconfigs.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/toolchainstatuses.json oc --insecure-skip-tls-verify --request-timeout=5s get toolchainstatuses.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/useraccounts.json oc --insecure-skip-tls-verify --request-timeout=5s get useraccounts.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/usersignups.json oc --insecure-skip-tls-verify --request-timeout=5s get usersignups.toolchain.dev.openshift.com --all-namespaces -o json +queue ${ARTIFACT_DIR}/usertiers.json oc --insecure-skip-tls-verify --request-timeout=5s get usertiers.toolchain.dev.openshift.com --all-namespaces -o json + +# Non-namespaced resources +queue ${ARTIFACT_DIR}/idlers.json oc --insecure-skip-tls-verify --request-timeout=5s get idlers.toolchain.dev.openshift.com -o json +queue ${ARTIFACT_DIR}/tektonaddons.json oc --insecure-skip-tls-verify --request-timeout=5s get tektonaddons.operator.tekton.dev -o json +queue ${ARTIFACT_DIR}/tektonchains.json oc --insecure-skip-tls-verify --request-timeout=5s get tektonchains.operator.tekton.dev -o json +queue ${ARTIFACT_DIR}/tektonconfigs.json oc --insecure-skip-tls-verify --request-timeout=5s get tektonconfigs.operator.tekton.dev -o json +queue ${ARTIFACT_DIR}/tektonhubs.json oc --insecure-skip-tls-verify --request-timeout=5s get tektonhubs.operator.tekton.dev -o json +queue ${ARTIFACT_DIR}/tektoninstallersets.json oc --insecure-skip-tls-verify --request-timeout=5s get tektoninstallersets.operator.tekton.dev -o json +queue ${ARTIFACT_DIR}/tektonpipelines.json oc --insecure-skip-tls-verify --request-timeout=5s get tektonpipelines.operator.tekton.dev -o json +queue ${ARTIFACT_DIR}/tektontriggers.json oc --insecure-skip-tls-verify --request-timeout=5s get tektontriggers.operator.tekton.dev -o json +queue ${ARTIFACT_DIR}/clustertasks.json oc --insecure-skip-tls-verify --request-timeout=5s get clustertasks.tekton.dev -o json +queue ${ARTIFACT_DIR}/clusterinterceptors.json oc --insecure-skip-tls-verify --request-timeout=5s get clusterinterceptors.triggers.tekton.dev -o json +queue ${ARTIFACT_DIR}/clustertriggerbindings.json oc --insecure-skip-tls-verify --request-timeout=5s get clustertriggerbindings.triggers.tekton.dev -o json +queue ${ARTIFACT_DIR}/clusterregistrars.json oc --insecure-skip-tls-verify --request-timeout=5s get clusterregistrars.singapore.open-cluster-management.io -o json +queue ${ARTIFACT_DIR}/gitopsservices.json oc --insecure-skip-tls-verify --request-timeout=5s get gitopsservices.pipelines.openshift.io -o json + +# Must gather steps to collect OpenShift logs +FILTER=gzip queue ${ARTIFACT_DIR}/openapi.json.gz oc --insecure-skip-tls-verify --request-timeout=5s get --raw /openapi/v2 + +PODS_JSON="/tmp/pods_all_namespaces.json" +oc --insecure-skip-tls-verify --request-timeout=120s get pods --all-namespaces -o json >"${PODS_JSON}" 2>/dev/null || true + +while IFS= read -r i; do + file="$( echo "$i" | cut -d ' ' -f 2,3,5 | tr -s ' ' '_' )" + FILTER=gzip queue ${ARTIFACT_DIR}/pods/${file}.log.gz oc --insecure-skip-tls-verify logs --request-timeout=20s $i + ns=$(echo "$i" | awk '{print $2}') + pod=$(echo "$i" | awk '{print $3}') + cn=$(echo "$i" | awk '{print $5}') + restarts=0 + if [[ -s "${PODS_JSON}" ]] && command -v jq >/dev/null 2>&1; then + restarts=$(jq -r --arg ns "$ns" --arg pod "$pod" --arg c "$cn" ' + (.items[] | select(.metadata.namespace == $ns and .metadata.name == $pod)) as $p + | (($p.status.containerStatuses // []) + ($p.status.initContainerStatuses // []) + | map(select(.name == $c)) | if length > 0 then .[0].restartCount else 0 end) // 0' "${PODS_JSON}" 2>/dev/null) || restarts=0 + fi + case "${restarts}" in ''|*[!0-9]*) restarts=0 ;; esac + if [[ "${restarts}" -gt 0 ]]; then + FILTER=gzip queue ${ARTIFACT_DIR}/pods/${file}_previous.log.gz oc --insecure-skip-tls-verify logs --request-timeout=20s -p $i + fi +done < /tmp/containers diff --git a/.tekton/integration-tests/scripts/install-oc-if-missing.sh b/.tekton/integration-tests/scripts/install-oc-if-missing.sh new file mode 100755 index 000000000..ab47a0073 --- /dev/null +++ b/.tekton/integration-tests/scripts/install-oc-if-missing.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash +# Install OpenShift client (oc) when it is not already on PATH. +# Used by Konflux Tekton steps that may run on minimal images or run pytest +# harnesses that shell out to "oc". +# +# Tekton (after git fetch of the bundle commit, from repo root of clone): +# git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/install-oc-if-missing.sh" | bash -s -- "latest-4.17" +# +# Usage: install-oc-if-missing.sh +# Example: install-oc-if-missing.sh latest-4.17 +# +# Channel must match mirror layout, see: +# https://mirror.openshift.com/pub/openshift-v4//clients/ocp// + +set -euo pipefail + +channel="${1:?usage: $0 }" + +if command -v oc >/dev/null 2>&1; then + oc version --client + exit 0 +fi + +arch=$(uname -m) +case "${arch}" in +x86_64) ocp_arch=amd64 ;; +aarch64) ocp_arch=arm64 ;; +*) ocp_arch="${arch}" ;; +esac + +work=$(mktemp -d) +cleanup() { + rm -rf "${work}" +} +trap cleanup EXIT + +curl -fSL -o "${work}/oc.tgz" \ + "https://mirror.openshift.com/pub/openshift-v4/${ocp_arch}/clients/ocp/${channel}/openshift-client-linux-${ocp_arch}-rhel9.tar.gz" +tar -C "${work}" -xzf "${work}/oc.tgz" oc kubectl +cp -f "${work}/oc" "${work}/kubectl" /usr/local/bin/ +chmod 0755 /usr/local/bin/oc /usr/local/bin/kubectl +oc version --client diff --git a/.tekton/integration-tests/scripts/run-console-cypress-tests.sh b/.tekton/integration-tests/scripts/run-console-cypress-tests.sh new file mode 100755 index 000000000..100e2d801 --- /dev/null +++ b/.tekton/integration-tests/scripts/run-console-cypress-tests.sh @@ -0,0 +1,94 @@ +#!/usr/bin/env bash +# Konflux console Cypress: run from lightspeed-operator repo root at ${COMMIT_SHA} +# (Tekton performs apt + git init/fetch/checkout before piping this script). +# +# Usage (from Tekton, cwd = /home/lightspeed-operator): +# git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-console-cypress-tests.sh" \ +# | bash -s -- "" "" +# +# Args: +# $1 Name in related_images.json for the console plugin (e.g. lightspeed-console-plugin-pf5 or lightspeed-console-plugin) +# $2 OpenShift client channel for install-oc-if-missing.sh (e.g. latest-4.18), aligned with the ephemeral cluster minor +# +# Env: COMMIT_SHA, CYPRESS_BASE_URL, CYPRESS_CONSOLE_IMAGE, CYPRESS_KUBECONFIG_PATH, PASSWORD_PATH, etc. + +set -euo pipefail + +console_component="${1:?usage: $0 }" +ocp_channel="${2:?usage: $0 }" + +echo "COMMIT_SHA: ${COMMIT_SHA}" +echo "CYPRESS_BASE_URL: ${CYPRESS_BASE_URL:-}" +echo "CYPRESS_CONSOLE_IMAGE: ${CYPRESS_CONSOLE_IMAGE:-}" +echo "---------------------------------------------" +export CYPRESS_LOGIN_PASSWORD="$(cat "${PASSWORD_PATH}")" +echo "(CYPRESS_LOGIN_PASSWORD set from PASSWORD_PATH; not echoed)" +echo "---------------------------------------------" + +git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/install-oc-if-missing.sh" | bash -s -- "${ocp_channel}" + +echo "---------------------------------------------" +export OPERATOR_SDK_VERSION=1.36.1 +case "$(uname -m)" in +x86_64) ARCH=amd64 ;; +aarch64) ARCH=arm64 ;; +*) ARCH="$(uname -m)" ;; +esac +export OPERATOR_SDK_DL_URL="https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION}" +wget --no-verbose -O /usr/local/bin/operator-sdk "${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH}" +chmod +x /usr/local/bin/operator-sdk +echo "---------------------------------------------" +operator-sdk version +echo "---------------------------------------------" + +# Valid XDG path for Cypress/Electron; must not reuse $PATH (breaks browser runtime). +XDG_RUNTIME_DIR="${HOME:-/root}/.cache/xdgr" +mkdir -p "${XDG_RUNTIME_DIR}" +export XDG_RUNTIME_DIR +echo "---------------------------------------------" + +TEST_SOURCE_COMMIT="$( + git show "${COMMIT_SHA}:related_images.json" | + jq -r --arg n "${console_component}" '.[] | select(.name == $n) | .revision' +)" +cd /home +rm -rf lightspeed-console +git init lightspeed-console +cd lightspeed-console +git remote add origin https://github.com/openshift/lightspeed-console.git +git fetch --depth=1 --filter=blob:none origin "${TEST_SOURCE_COMMIT}" +git checkout "${TEST_SOURCE_COMMIT}" +echo "---------------------------------------------" +echo "npm version: $(npm -v)" +echo "---------------------------------------------" +NODE_OPTIONS=--max-old-space-size=4096 npm ci --omit=optional --no-fund +echo "---------------------------------------------" +export CYPRESS_LOGIN_PASSWORD="$(cat "${PASSWORD_PATH}")" +# Ephemeral clusters + console OAuth + plugin proxy are slow; before() often runs bundle then UI. +export CYPRESS_defaultCommandTimeout="${CYPRESS_defaultCommandTimeout:-120000}" +export CYPRESS_requestTimeout="${CYPRESS_requestTimeout:-120000}" +export CYPRESS_pageLoadTimeout="${CYPRESS_pageLoadTimeout:-180000}" +export CYPRESS_responseTimeout="${CYPRESS_responseTimeout:-180000}" +export CYPRESS_execTimeout="${CYPRESS_execTimeout:-600000}" + +run_cypress() { + NO_COLOR=1 npx cypress run "$@" +} + +set +e +run_cypress +err_status=$? +if [[ "${err_status}" -ne 0 ]]; then + echo "---------------------------------------------" + echo "Cypress exited ${err_status}; waiting 30s for console/plugin then retrying once..." + sleep 30 + run_cypress + err_status=$? +fi +echo -n "${err_status}" >/workspace/cypress-exit-code +echo "---------------------------------------------" +ls ./gui_test_screenshots +mv ./gui_test_screenshots /workspace/artifacts/ +set -e +echo "Cypress exit code: ${err_status}" +exit "${err_status}" diff --git a/.tekton/integration-tests/scripts/run-konflux-operator-install.sh b/.tekton/integration-tests/scripts/run-konflux-operator-install.sh new file mode 100755 index 000000000..e49fac715 --- /dev/null +++ b/.tekton/integration-tests/scripts/run-konflux-operator-install.sh @@ -0,0 +1,123 @@ +#!/usr/bin/env bash +# Konflux: install operator onto the ephemeral cluster after Tekton has cloned +# lightspeed-operator at the snapshot commit (cwd = repo root). +# +# Usage: +# ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh bundle +# ./.tekton/integration-tests/scripts/run-konflux-operator-install.sh direct +# +# Required env: +# SNAPSHOT — Konflux snapshot JSON +# KONFLUX_COMPONENT_NAME — component under test (bundle image selector for bundle mode) +# OLS_NAMESPACE — target namespace (e.g. openshift-lightspeed) +# KUBECONFIG — standard kubeconfig path +# +# Optional (direct mode — hack/install/install-operator-direct.sh): +# KONFLUX_OPERATOR_IMAGE_COMPONENT — snapshot component name for manager IMG (default: lightspeed-operator) +# +# Optional (bundle mode — hack/install/install-operator-bundle.sh): +# OPERATOR_SDK_VERSION +# PRE_BUNDLE_IMAGE — two-step install (upgrade pipelines) +# UPGRADE_E2E_INSTALL_OLD_BASE_FROM_CATALOG — e.g. "4.19."; sets PRE_BUNDLE_IMAGE from the second-newest +# semver (latest minus one) in lightspeed-catalog-/bundle-v*.yaml and +# SKIP_FINAL_BUNDLE_INSTALL (avoids very old bases with known bad upgrade chains) +# IMAGE_DIGEST_MIRROR_SET_URL — apply ImageDigestMirrorSet before bundle (e.g. Rapidast) + +set -euo pipefail + +INSTALL_MODE="${1:?usage: $0 }" + +: "${SNAPSHOT:?SNAPSHOT must be set}" +: "${KONFLUX_COMPONENT_NAME:?KONFLUX_COMPONENT_NAME must be set}" +: "${OLS_NAMESPACE:?OLS_NAMESPACE must be set}" +: "${KUBECONFIG:?KUBECONFIG must be set}" + +export OPERATOR_SDK_VERSION="${OPERATOR_SDK_VERSION:-1.36.1}" + +install_bundle() { + if [[ -n "${UPGRADE_E2E_INSTALL_OLD_BASE_FROM_CATALOG:-}" ]]; then + PV="${UPGRADE_E2E_INSTALL_OLD_BASE_FROM_CATALOG%.}" + catalog_dir="lightspeed-catalog-${PV}" + if [[ ! -d "${catalog_dir}" ]]; then + echo "error: catalog dir not found: ${catalog_dir} (cwd: $(pwd))" >&2 + exit 1 + fi + shopt -s nullglob + _bundle_files=("${catalog_dir}"/bundle-v*.yaml) + shopt -u nullglob + if [[ "${#_bundle_files[@]}" -lt 2 ]]; then + echo "error: need at least 2 bundle-v*.yaml in ${catalog_dir} for upgrade base (second-newest / latest-1 semver)" >&2 + exit 1 + fi + base_ver="$( + printf '%s\n' "${_bundle_files[@]}" | + sed -n 's/.*bundle-v\(.*\)\.yaml/\1/p' | + sort -V | + tail -n2 | + head -n1 + )" + base_file="${catalog_dir}/bundle-v${base_ver}.yaml" + if [[ ! -f "${base_file}" ]]; then + echo "error: could not resolve base bundle file ${base_file} in ${catalog_dir}" >&2 + exit 1 + fi + PRE_BUNDLE_IMAGE="$(yq '.relatedImages[] | select(.name == "lightspeed-operator-bundle") | .image' "${base_file}")" + export PRE_BUNDLE_IMAGE + export SKIP_FINAL_BUNDLE_INSTALL=true + echo "Upgrade e2e base install: second-newest catalog bundle (latest-1) ${base_file}" + echo "PRE_BUNDLE_IMAGE=${PRE_BUNDLE_IMAGE}" + fi + + echo "${KONFLUX_COMPONENT_NAME}" + export BUNDLE_IMAGE="$( + jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" \ + '.components[] | select(.name == $component_name) | .containerImage' <<<"${SNAPSHOT}" + )" + echo "${BUNDLE_IMAGE}" + if [[ -n "${PRE_BUNDLE_IMAGE:-}" ]]; then + echo "Upgrade path: PRE_BUNDLE_IMAGE=${PRE_BUNDLE_IMAGE} -> BUNDLE_IMAGE=${BUNDLE_IMAGE}" + fi + if [[ -n "${IMAGE_DIGEST_MIRROR_SET_URL:-}" ]]; then + echo "IMAGE_DIGEST_MIRROR_SET_URL=${IMAGE_DIGEST_MIRROR_SET_URL}" + fi + echo "---------------------------------------------" + ./hack/install/install-operator-bundle.sh + echo "---------------------------------------------" + verify_operator_deployment +} + +install_direct() { + local img_component="${KONFLUX_OPERATOR_IMAGE_COMPONENT:-lightspeed-operator}" + export IMG="$( + jq -r --arg n "${img_component}" \ + '.components[] | select(.name == $n) | .containerImage' <<<"${SNAPSHOT}" + )" + if [[ -z "${IMG}" || "${IMG}" == "null" ]]; then + echo "error: direct install: no containerImage for snapshot component \"${img_component}\" (set KONFLUX_OPERATOR_IMAGE_COMPONENT or ensure SNAPSHOT lists lightspeed-operator)" >&2 + exit 1 + fi + echo "Direct install: IMG from snapshot component \"${img_component}\": ${IMG}" + export SKIP_IDMS=1 + echo "---------------------------------------------" + ./hack/install/install-operator-direct.sh + echo "---------------------------------------------" + verify_operator_deployment +} + +verify_operator_deployment() { + echo "Verifying lightspeed-operator-controller-manager in namespace ${OLS_NAMESPACE}..." + if ! oc get deployment lightspeed-operator-controller-manager -n "${OLS_NAMESPACE}"; then + echo "error: operator deployment verification failed (not found or unreachable) in ${OLS_NAMESPACE}" >&2 + exit 1 + fi + echo "OK: operator deployment is present in ${OLS_NAMESPACE}." +} + +case "${INSTALL_MODE}" in +bundle) install_bundle ;; +direct) install_direct ;; +*) + echo "error: unknown install mode: ${INSTALL_MODE} (expected bundle or direct)" >&2 + exit 1 + ;; +esac diff --git a/.tekton/integration-tests/scripts/run-operator-e2e-tests.sh b/.tekton/integration-tests/scripts/run-operator-e2e-tests.sh new file mode 100755 index 000000000..c75f34b81 --- /dev/null +++ b/.tekton/integration-tests/scripts/run-operator-e2e-tests.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash +# Konflux operator integration: Tekton performs git init + fetch of ${COMMIT_SHA}; +# this script runs from inside that repo root afterward. +# +# Usage (from Tekton): +# git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/run-operator-e2e-tests.sh" | bash -s -- "latest-4.17" +# +# Env (set by Tekton): COMMIT_SHA, OPENAI_PROVIDER_KEY_PATH, AZUREOPENAI_PROVIDER_KEY_PATH, +# and standard paths for Azure Entra files under /var/run/azureopenai-entra-id/ + +set -euo pipefail + +ocp_client_channel="${1:?usage: $0 }" + +git show "${COMMIT_SHA}:.tekton/integration-tests/scripts/install-oc-if-missing.sh" | bash -s -- "${ocp_client_channel}" + +TEST_SOURCE_COMMIT="$( + git show "${COMMIT_SHA}:related_images.json" | + jq -r '.[] | select(.name=="lightspeed-operator") | .revision' +)" +git fetch --depth=1 --filter=blob:none origin "${TEST_SOURCE_COMMIT}" +git checkout "${TEST_SOURCE_COMMIT}" + +echo "---------------------------------------------" +echo "---------------------------------------------" +echo "---------------------------------------------" +export LLM_TOKEN="$(cat "${OPENAI_PROVIDER_KEY_PATH}")" +export LLM_PROVIDER="openai" +export LLM_MODEL="gpt-4o-mini" +echo "starting tests for ${LLM_PROVIDER} ${LLM_MODEL}" +make test-e2e +echo "---------------------------------------------" +echo "---------------------------------------------" +echo "---------------------------------------------" +export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" +export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" +export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" +export LLM_TOKEN="$(cat "${AZUREOPENAI_PROVIDER_KEY_PATH}")" +export LLM_PROVIDER="azure_openai" +export LLM_MODEL="gpt-4o-mini" +echo "starting tests for ${LLM_PROVIDER} ${LLM_MODEL}" +make test-e2e diff --git a/.tekton/integration-tests/scripts/run-operator-upgrade-tests.sh b/.tekton/integration-tests/scripts/run-operator-upgrade-tests.sh new file mode 100644 index 000000000..c19dbebff --- /dev/null +++ b/.tekton/integration-tests/scripts/run-operator-upgrade-tests.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash +# Konflux operator upgrade: Tekton checks out ${COMMIT_SHA}; checkout related_images operator +# revision; run make test-upgrade. BUNDLE_IMAGE for `operator-sdk run bundle-upgrade` must be +# newer than what is on the cluster: Konflux passes SNAPSHOT + KONFLUX_COMPONENT_NAME so we use +# the same bundle image the pipeline would install second (upgrade target). +# +# Usage (from Tekton, from repo root after checkout of "${COMMIT_SHA}"): +# bash .tekton/integration-tests/scripts/run-operator-upgrade-tests.sh "$(params.openshift-version-prefix)" +# +# Env (set by Tekton): COMMIT_SHA, OPENAI_PROVIDER_KEY_PATH, SNAPSHOT, KONFLUX_COMPONENT_NAME (optional +# but required together for Konflux). If SNAPSHOT is unset, BUNDLE_IMAGE must already be exported. + +set -euo pipefail + +openshift_version_prefix="${1:?usage: $0 }" + +: "${COMMIT_SHA:?COMMIT_SHA must be set}" + +# Same as run-operator-e2e-tests.sh: build/run tests from related_images "lightspeed-operator" +# revision so Makefile and CGO build tags match the snapshot. +TEST_SOURCE_COMMIT="$( + git show "${COMMIT_SHA}:related_images.json" | + jq -r '.[] | select(.name=="lightspeed-operator") | .revision' +)" +git fetch --depth=1 --filter=blob:none origin "${TEST_SOURCE_COMMIT}" +git checkout "${TEST_SOURCE_COMMIT}" + +if [[ -n "${SNAPSHOT:-}" && -n "${KONFLUX_COMPONENT_NAME:-}" ]]; then + BUNDLE_IMAGE="$(jq -r --arg component_name "${KONFLUX_COMPONENT_NAME}" \ + '.components[] | select(.name == $component_name) | .containerImage' <<<"${SNAPSHOT}")" + export BUNDLE_IMAGE + echo "Upgrade target BUNDLE_IMAGE from SNAPSHOT (bundle-upgrade): ${BUNDLE_IMAGE}" +elif [[ -n "${BUNDLE_IMAGE:-}" ]]; then + echo "Using pre-set BUNDLE_IMAGE: ${BUNDLE_IMAGE}" +else + PV="${openshift_version_prefix%.}" + catalog_dir="lightspeed-catalog-${PV}" + newest_ver="$(ls "${catalog_dir}"/bundle-v*.yaml | sed -n 's/.*bundle-v\(.*\)\.yaml/\1/p' | sort -V | tail -n1)" + newest_file="${catalog_dir}/bundle-v${newest_ver}.yaml" + BUNDLE_IMAGE="$(yq '.relatedImages[] | select(.name == "lightspeed-operator-bundle") | .image' "${newest_file}")" + export BUNDLE_IMAGE + echo "SNAPSHOT unset: using newest catalog bundle as upgrade target: ${newest_file}" + echo "${BUNDLE_IMAGE}" +fi +echo "---------------------------------------------" +echo "---------------------------------------------" +echo "---------------------------------------------" + +export LLM_TOKEN="$(cat "${OPENAI_PROVIDER_KEY_PATH}")" +export LLM_PROVIDER="openai" +export LLM_MODEL="gpt-4o-mini" +echo "starting tests for ${LLM_PROVIDER} ${LLM_MODEL}" +make test-upgrade diff --git a/.tekton/integration-tests/scripts/run-service-integration-tests.sh b/.tekton/integration-tests/scripts/run-service-integration-tests.sh new file mode 100755 index 000000000..abfdaeee1 --- /dev/null +++ b/.tekton/integration-tests/scripts/run-service-integration-tests.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash +# Konflux lightspeed-service integration: run from lightspeed-operator repo root +# at ${BUNDLE_COMMIT_SHA} (Tekton performs git init/fetch/checkout before piping this script). +# +# Usage (from Tekton, cwd = lightspeed-operator repo root after checkout): +# bash .tekton/integration-tests/scripts/run-service-integration-tests.sh "$(params.openshift-version-prefix)" +# +# Args: +# $1 openshift-version-prefix with trailing dot (e.g. 4.19.) — same as pipeline param +# +# Env (set by Tekton step): KUBECONFIG, KONFLUX_BOOL, BUNDLE_IMAGE (SNAPSHOT containerImage for the +# labeled Konflux component — bundle or operator image depending on scenario), BUNDLE_COMMIT_SHA, +# ARTIFACT_DIR, OLS_IMAGE, BAM_PROVIDER_KEY_PATH, AZUREOPENAI_PROVIDER_KEY_PATH, +# OPENAI_PROVIDER_KEY_PATH, WATSONX_PROVIDER_KEY_PATH, +# Azure Entra paths under /var/run/azureopenai-entra-id/ +# OLS_NAMESPACE — optional; default openshift-lightspeed (matches pipeline params.namespace) + +set -euo pipefail + +openshift_version_prefix="${1:?usage: $0 }" +ver="${openshift_version_prefix%.}" +ocp_channel="latest-${ver}" + +echo "---------------------------------------------" +echo "${KONFLUX_BOOL}" +echo "---------------------------------------------" +echo "${BUNDLE_IMAGE}" +echo "---------------------------------------------" + +bash .tekton/integration-tests/scripts/install-oc-if-missing.sh "${ocp_channel}" + +ols_ns="${OLS_NAMESPACE:-openshift-lightspeed}" +echo "Setting default namespace for oc (e2e harness uses commands without -n)" +oc project "${ols_ns}" + +# Prior Tekton task installs the operator only (OLM bundle or direct/kustomize per pipeline). +# lightspeed-app-server is created after an OLSConfig CR is applied — that happens inside +# tests/scripts/test-e2e-cluster.sh → pytest / service installer (e.g. apply_olsconfig), not here. +# Do not wait for that deployment before running the service harness or this step will time out. + +git config --global user.email olsci@redhat.com +git config --global user.name olsci + +SERVICE_SHA="$( + jq -r '.[] | select(.name=="lightspeed-service-api") | .revision' related_images.json +)" +git clone https://github.com/openshift/lightspeed-service.git +cd lightspeed-service +git fetch origin "${SERVICE_SHA}" +git checkout "${SERVICE_SHA}" +pip3.11 install --no-cache-dir --upgrade pip pdm +pdm config python.use_venv false +export CP_OFFLINE_TOKEN="$(cat /var/run/insights-stage-upload-offline-token/token)" +export AZUREOPENAI_ENTRA_ID_TENANT_ID="$(cat /var/run/azureopenai-entra-id/tenant_id)" +export AZUREOPENAI_ENTRA_ID_CLIENT_ID="$(cat /var/run/azureopenai-entra-id/client_id)" +export AZUREOPENAI_ENTRA_ID_CLIENT_SECRET="$(cat /var/run/azureopenai-entra-id/client_secret)" +tests/scripts/test-e2e-cluster.sh diff --git a/.tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml b/.tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml new file mode 100644 index 000000000..53ed4f063 --- /dev/null +++ b/.tekton/integration-tests/stepactions/gather-cluster-resources/0.1/gather-cluster-resources.yaml @@ -0,0 +1,78 @@ +# Vendored from konflux-ci/tekton-integration-catalog stepactions/gather-cluster-resources/0.1. +# Delta: param gather-script-url selects gather-extra.sh (default: main branch of this repo). +apiVersion: tekton.dev/v1alpha1 +kind: StepAction +metadata: + name: gather-cluster-resources + labels: + upstream-usable: "true" +spec: + description: >- + Gathers Konflux-related cluster resources and pod logs. Uses openshift/lightspeed-operator + gather-extra.sh by default (restart-aware previous logs). + image: quay.io/konflux-qe-incubator/konflux-qe-tools:latest + params: + - name: credentials + type: string + description: A volume containing credentials to the remote cluster + - name: kubeconfig + type: string + description: Relative path to the kubeconfig in the mounted cluster credentials volume + default: "" + - name: oc-login-command + type: string + description: Command to log in to the OpenShift cluster + default: "" + - name: gather-urls + type: array + description: A list of URLs for the custom resource gathering script + default: [] + - name: artifact-dir + type: string + description: Relative path to where you want the artifacts to be stored + default: "/workspace" + - name: gather-script-url + type: string + description: >- + URL to gather-extra.sh. When empty, uses openshift/lightspeed-operator main branch. + default: "" + args: + - $(params.gather-urls[*]) + workingDir: $(params.artifact-dir) + env: + - name: KUBECONFIG + value: "/credentials/$(params.kubeconfig)" + - name: ARTIFACT_DIR + value: "$(params.artifact-dir)" + - name: OC_LOGIN_COMMAND + value: "$(params.oc-login-command)" + # Param substitution in spec.script is rejected by the pipeline validating webhook; use env. + - name: GATHER_SCRIPT_URL + value: "$(params.gather-script-url)" + volumeMounts: + - name: "$(params.credentials)" + mountPath: /credentials + script: | + #!/bin/bash + set -x + export AUX=${KUBECONFIG#*"/credentials/"} + if [ -z "${AUX}" ]; then + unset KUBECONFIG + if [[ "${OC_LOGIN_COMMAND}" = *"oc login"* ]]; then + echo "${OC_LOGIN_COMMAND}" | bash + else + echo "Login error. Please provide a valid kubeconfig or a valid oc login command." + exit 1 + fi + fi + + if [ -z "${GATHER_SCRIPT_URL}" ]; then + export GATHER_SCRIPT_URL="https://raw.githubusercontent.com/openshift/lightspeed-operator/main/.tekton/integration-tests/scripts/gather-extra.sh" + fi + curl -fsSL "${GATHER_SCRIPT_URL}" | bash + for url in "$@"; do + if ! [ -z "${url}" ]; then + echo "curling ${url}" + curl -fsSL "${url}" | bash + fi + done diff --git a/.tekton/ols-bundle-pull-request.yaml b/.tekton/ols-bundle-pull-request.yaml index cba03e085..62b735b76 100644 --- a/.tekton/ols-bundle-pull-request.yaml +++ b/.tekton/ols-bundle-pull-request.yaml @@ -12,7 +12,7 @@ metadata: event == "pull_request" && target_branch == "main" && (".tekton/ols-bundle-pull-request.yaml".pathChanged() || "bundle/***".pathChanged() || "bundle.Dockerfile".pathChanged() || - ".tekton/integration-tests/*/*.yaml".pathChanged() || "related_images.json".pathChanged()) + "related_images.json".pathChanged()) creationTimestamp: labels: appstudio.openshift.io/application: ols-bundle diff --git a/.tekton/ols-bundle-push.yaml b/.tekton/ols-bundle-push.yaml index d02ed0546..d2706ea83 100644 --- a/.tekton/ols-bundle-push.yaml +++ b/.tekton/ols-bundle-push.yaml @@ -11,7 +11,7 @@ metadata: event == "push" && target_branch == "main" && (".tekton/ols-bundle-push.yaml".pathChanged() || "bundle/***".pathChanged() || "bundle.Dockerfile".pathChanged() || - ".tekton/integration-tests/*/*.yaml".pathChanged() || "related_images.json".pathChanged()) + "related_images.json".pathChanged()) creationTimestamp: labels: appstudio.openshift.io/application: ols-bundle diff --git a/Makefile b/Makefile index fa6bec096..8bf272cf1 100644 --- a/Makefile +++ b/Makefile @@ -109,6 +109,10 @@ help: ## Display this help. # Controller-gen paths exclude test/e2e to avoid loading containers/image and its CGO deps (gpgme, etc.) CONTROLLER_GEN_PATHS = paths=./api/... paths=./internal/... paths=./cmd/... +# test/e2e pulls containers/storage (optional btrfs graph driver) and containers/image. +# containers_image_openpgp avoids gpgme CGO so e2e builds on minimal images without gpgme-devel. +E2E_GO_TAGS := exclude_graphdriver_btrfs,containers_image_openpgp + .PHONY: manifests manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. $(CONTROLLER_GEN) rbac:roleName=manager-role crd:allowDangerousTypes=true webhook $(CONTROLLER_GEN_PATHS) output:crd:artifacts:config=config/crd/bases @@ -123,7 +127,7 @@ fmt: ## Run go fmt against code. .PHONY: vet vet: ## Run go vet against code. - go vet -tags=exclude_graphdriver_btrfs ./... + go vet -tags=$(E2E_GO_TAGS) ./... .PHONY: test test: manifests generate fmt vet envtest test-crds ## Run local tests. @@ -178,7 +182,7 @@ endif ifndef LLM_TOKEN $(error LLM_TOKEN environment variable is not set) endif - go test -tags=exclude_graphdriver_btrfs ./test/e2e -timeout=120m -ginkgo.v -test.v -ginkgo.show-node-events --ginkgo.label-filter="!Rapidast && !Upgrade && !AllFeatures" --ginkgo.timeout=2h + go test -tags=$(E2E_GO_TAGS) ./test/e2e -timeout=120m -ginkgo.v -test.v -ginkgo.show-node-events --ginkgo.label-filter="!Rapidast && !Upgrade && !AllFeatures" --ginkgo.timeout=2h .PHONY: test-upgrade test-upgrade: ## Run upgrade tests with an Openshift cluster. Requires KUBECONFIG, LLM_TOKEN and BUNDLE_IMAGE environment variables. @@ -191,7 +195,7 @@ endif ifndef BUNDLE_IMAGE $(error BUNDLE_IMAGE environment variable is not set) endif - go test -tags=exclude_graphdriver_btrfs ./test/e2e -timeout=120m -ginkgo.v -test.v -ginkgo.show-node-events --ginkgo.label-filter="Upgrade" --ginkgo.timeout=2h + go test -tags=$(E2E_GO_TAGS) ./test/e2e -timeout=120m -ginkgo.v -test.v -ginkgo.show-node-events --ginkgo.label-filter="Upgrade" --ginkgo.timeout=2h .PHONY: test-e2e-all-features test-e2e-all-features: ## Run comprehensive all-features E2E test. Requires KUBECONFIG and LLM_TOKEN environment variables. @@ -211,11 +215,11 @@ endif ifndef LLM_TOKEN $(error LLM_TOKEN environment variable is not set) endif - go test -tags=exclude_graphdriver_btrfs ./test/e2e -timeout=120m -ginkgo.v -test.v -ginkgo.show-node-events --ginkgo.label-filter="!Rapidast" --ginkgo.label-filter="!Database-Persistency" + go test -tags=$(E2E_GO_TAGS) ./test/e2e -timeout=120m -ginkgo.v -test.v -ginkgo.show-node-events --ginkgo.label-filter="!Rapidast" --ginkgo.label-filter="!Database-Persistency" .PHONY: lint lint: ## Run golangci-lint against code. - golangci-lint run --config=.golangci.yaml --build-tags "exclude_graphdriver_btrfs" + golangci-lint run --config=.golangci.yaml --build-tags "$(E2E_GO_TAGS)" .PHONY: lint-fix lint-fix: ## Fix found issues (if it's supported by the linter). @@ -350,7 +354,7 @@ ENVTEST_VERSION ?= release-0.19 ## Tool Binaries KUBECTL ?= kubectl KUSTOMIZE ?= $(LOCALBIN)/kustomize -CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen --load-build-tags=exclude_graphdriver_btrfs +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen --load-build-tags=$(E2E_GO_TAGS) ENVTEST ?= $(LOCALBIN)/setup-envtest .PHONY: kustomize diff --git a/hack/install/_lib.sh b/hack/install/_lib.sh new file mode 100755 index 000000000..f9c4ad74c --- /dev/null +++ b/hack/install/_lib.sh @@ -0,0 +1,80 @@ +#!/usr/bin/env bash +# Shared helpers for hack/install/*.sh (source from those scripts, do not execute directly). + +# Namespace used by OLS operator E2E and default deploy manifests. +install::default_namespace() { + echo "${OLS_NAMESPACE:-openshift-lightspeed}" +} + +install::require_cmd() { + local c="$1" + if ! command -v "$c" >/dev/null 2>&1; then + echo "error: required command not found: $c" >&2 + exit 1 + fi +} + +install::ensure_oc_kubectl() { + install::require_cmd oc + # kubectl is optional if oc kubectl works; Makefile uses $(KUBECTL) defaulting to kubectl + if ! command -v kubectl >/dev/null 2>&1; then + echo "warn: kubectl not in PATH; ensure Makefile KUBECTL/oc wrapper is satisfied" >&2 + fi +} + +install::ensure_namespace() { + local ns="$1" + oc create namespace "$ns" --dry-run=client -o yaml | oc apply -f - + oc label namespaces "$ns" openshift.io/cluster-monitoring=true --overwrite=true 2>/dev/null || true +} + +# OLM gives CSV InstallCheckFailed / "install timeout" (~5m) if the CSV deployment never becomes +# Available. This does not follow operator-sdk --timeout. Dump state for ImagePull / probe / RBAC. +install::olm_failure_diagnostics() { + local ns="${1:-}" + if [[ -z "$ns" ]]; then + return 0 + fi + echo "---- OLM / operator install diagnostics (namespace=${ns}) ----" >&2 + oc get csv -n "$ns" -o wide 2>/dev/null || true + oc get subscription,installplan,catalogsource -n "$ns" -o wide 2>/dev/null || true + oc get deployment,pods -n "$ns" -o wide 2>/dev/null || true + for d in $(oc get deploy -n "$ns" -o jsonpath='{.items[*].metadata.name}' 2>/dev/null); do + [[ -n "$d" ]] || continue + echo "---- oc describe deployment/${d} -n ${ns} ----" >&2 + oc describe "deployment/${d}" -n "$ns" 2>/dev/null || true + done + for p in $(oc get pods -n "$ns" -o jsonpath='{.items[*].metadata.name}' 2>/dev/null); do + [[ -n "$p" ]] || continue + echo "---- oc describe pod/${p} -n ${ns} ----" >&2 + oc describe "pod/${p}" -n "$ns" 2>/dev/null || true + done + echo "---- recent events -n ${ns} ----" >&2 + oc get events -n "$ns" --sort-by=.metadata.creationTimestamp 2>/dev/null | tail -80 || true + echo "---- end diagnostics ----" >&2 +} + +# Install operator-sdk to PATH if missing (matches Konflux e2e pipelines). +install::ensure_operator_sdk() { + local ver="${OPERATOR_SDK_VERSION:-1.36.1}" + if command -v operator-sdk >/dev/null 2>&1; then + return 0 + fi + install::require_cmd curl + local arch + case "$(uname -m)" in + x86_64) arch=amd64 ;; + aarch64) arch=arm64 ;; + *) arch="$(uname -m)" ;; + esac + local url="https://github.com/operator-framework/operator-sdk/releases/download/v${ver}/operator-sdk_linux_${arch}" + local dest="${OPERATOR_SDK_BIN:-/usr/local/bin/operator-sdk}" + if [[ ! -w "$(dirname "$dest")" ]]; then + echo "error: operator-sdk not in PATH and cannot write to $(dirname "$dest"); set OPERATOR_SDK_BIN to a writable path" >&2 + exit 1 + fi + echo "installing operator-sdk v${ver} to ${dest}..." + curl -fsSL -o "$dest" "$url" + chmod +x "$dest" + export PATH="$(dirname "$dest"):${PATH}" +} diff --git a/hack/install/install-operator-bundle.sh b/hack/install/install-operator-bundle.sh new file mode 100755 index 000000000..bfd0c3579 --- /dev/null +++ b/hack/install/install-operator-bundle.sh @@ -0,0 +1,90 @@ +#!/usr/bin/env bash +# Install the operator via OLM using `operator-sdk run bundle` (Konflux-style). +# +# Required env: +# BUNDLE_IMAGE (e.g. quay.io/.../lightspeed-operator-bundle@sha256:...) +# +# Optional env: +# OLS_NAMESPACE (default: openshift-lightspeed) +# OPERATOR_SDK_VERSION (default: 1.36.1) +# OPERATOR_SDK_BIN (default: /usr/local/bin/operator-sdk when downloading) +# BUNDLE_TIMEOUT (default: 30m) — max time for operator-sdk to wait; OLM still fails the CSV +# after ~5m if the manager Deployment never becomes Available (pull/auth/probes). +# PRE_BUNDLE_IMAGE If set, `operator-sdk run bundle` is run with this image first, +# then again with BUNDLE_IMAGE (upgrade bootstrap / two-step install). +# SKIP_FINAL_BUNDLE_INSTALL If non-empty, after PRE_BUNDLE_IMAGE (required), skip the second +# `run bundle` with BUNDLE_IMAGE. Used for Konflux upgrade e2e: leave the +# cluster on an older catalog bundle, then tests run `bundle-upgrade` to +# the snapshot bundle. +# IMAGE_DIGEST_MIRROR_SET_URL If set, fetched with curl and applied via `oc apply` before bundle install +# (same behavior as Rapidast pipeline; optional elsewhere). +# +# operator-sdk is downloaded if not already on PATH (same as .tekton integration pipelines). +# +# This script does NOT clone git. Pipeline: clone/checkout → ./hack/install/install-operator-bundle.sh → tests +# +# shellcheck disable=SC1091 +set -euo pipefail + +usage() { + sed -n '2,/^$/p' "$0" | tail -n +1 + exit "${1:-0}" +} + +[[ "${1:-}" == "-h" || "${1:-}" == "--help" ]] && usage 0 + +SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=./_lib.sh +source "${SCRIPT_DIR}/_lib.sh" + +if [[ -z "${BUNDLE_IMAGE:-}" ]]; then + echo "error: BUNDLE_IMAGE must be set" >&2 + usage 1 +fi + +install::ensure_oc_kubectl +install::ensure_operator_sdk + +ns="$(install::default_namespace)" +install::ensure_namespace "$ns" + +# Optional cluster pull-through (Rapidast / restricted registries); same as legacy Tekton inline step. +if [[ -n "${IMAGE_DIGEST_MIRROR_SET_URL:-}" ]]; then + tmp=$(mktemp) + curl -fsSL -o "$tmp" "${IMAGE_DIGEST_MIRROR_SET_URL}" + oc apply -f "$tmp" + rm -f "$tmp" +fi + +timeout="${BUNDLE_TIMEOUT:-30m}" + +run_bundle() { + local image="$1" + echo "operator-sdk run bundle --timeout=${timeout} --namespace ${ns} ${image}" + if ! operator-sdk run bundle --timeout="${timeout}" --namespace "${ns}" "${image}" --verbose; then + install::olm_failure_diagnostics "${ns}" + return 1 + fi +} + +if [[ -n "${PRE_BUNDLE_IMAGE:-}" ]]; then + echo "Installing base bundle: ${PRE_BUNDLE_IMAGE}" + run_bundle "${PRE_BUNDLE_IMAGE}" +fi + +if [[ -n "${SKIP_FINAL_BUNDLE_INSTALL:-}" ]]; then + if [[ -z "${PRE_BUNDLE_IMAGE:-}" ]]; then + echo "error: SKIP_FINAL_BUNDLE_INSTALL requires PRE_BUNDLE_IMAGE" >&2 + exit 1 + fi + echo "SKIP_FINAL_BUNDLE_INSTALL set; skipping second install (BUNDLE_IMAGE=${BUNDLE_IMAGE})" + echo "Done. Operator deployment:" + oc get deployment lightspeed-operator-controller-manager -n "$ns" -o wide || true + exit 0 +fi + +echo "Installing bundle: ${BUNDLE_IMAGE}" +run_bundle "${BUNDLE_IMAGE}" + +echo "Done. Operator deployment:" +oc get deployment lightspeed-operator-controller-manager -n "$ns" -o wide || true diff --git a/hack/install/install-operator-direct.sh b/hack/install/install-operator-direct.sh new file mode 100755 index 000000000..a0792b9df --- /dev/null +++ b/hack/install/install-operator-direct.sh @@ -0,0 +1,126 @@ +#!/usr/bin/env bash +# Install the operator from this repo using kustomize (same path as `make install` + `make deploy`). +# Intended for Konflux / CI and for developers who want in-cluster manager instead of `make run`. +# +# Prerequisites: oc, make, kustomize/jq via Makefile bootstrap, repo root with related_images.json. +# Required env: IMG (operator image to run, e.g. quay.io/.../lightspeed-operator@sha256:...) +# +# Optional env: +# OLS_NAMESPACE (default: openshift-lightspeed) +# KUBECONFIG (standard kubeconfig path) +# KUBECTL (default: kubectl) +# SKIP_IDMS=1 On Hypershift / HostedCluster, admission often blocks applying ImageDigestMirrorSet +# from this manifest stream. When set, the script applies the same resources as +# `make deploy` except ImageDigestMirrorSet (kustomize output filtered with yq). +# Normal clusters: omit (default) and use `make deploy` unchanged. +# +# This script does NOT clone git; run from a checked-out repo (Tekton checks out first). +# Pipeline layout: clone/checkout → ./hack/install/install-operator-direct.sh → make test-e2e +# +# shellcheck disable=SC1091 +set -euo pipefail + +usage() { + sed -n '2,/^$/p' "$0" | tail -n +1 + exit "${1:-0}" +} + +[[ "${1:-}" == "-h" || "${1:-}" == "--help" ]] && usage 0 + +SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=./_lib.sh +source "${SCRIPT_DIR}/_lib.sh" + +if [[ -z "${IMG:-}" ]]; then + echo "error: IMG must be set to the operator image (registry/image@digest or :tag)" >&2 + usage 1 +fi + +install::require_cmd make +install::ensure_oc_kubectl + +ns="$(install::default_namespace)" +install::ensure_namespace "$ns" + +REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)" +cd "$REPO_ROOT" + +echo "Applying CRDs (make install)..." +make install + +# Same substitution logic as Makefile `deploy` (keep in sync); apply step varies when SKIP_IDMS=1. +# Mutates only a temp copy of config/ so the repo's deployment-patch.yaml is never touched. +direct_deploy_skip_idms() { + local localbin="${REPO_ROOT}/bin" + # IMG is validated non-empty at script entry + local operator_img="$IMG" + local kustomize="${localbin}/kustomize" + local jqbin="${localbin}/jq" + local kubectlbin="${KUBECTL:-kubectl}" + local yq_cmd + + [[ -f "${REPO_ROOT}/related_images.json" ]] || { + echo "error: related_images.json not found" >&2 + exit 1 + } + [[ -f "${REPO_ROOT}/hack/image_placeholders.json" ]] || { + echo "error: hack/image_placeholders.json not found" >&2 + exit 1 + } + [[ -f "${REPO_ROOT}/config/default/deployment-patch.yaml" ]] || { + echo "error: ${REPO_ROOT}/config/default/deployment-patch.yaml not found" >&2 + exit 1 + } + + yq_cmd=$(command -v yq 2>/dev/null || true) + if [[ -z "$yq_cmd" && -x "${localbin}/yq" ]]; then + yq_cmd="${localbin}/yq" + fi + if [[ -z "$yq_cmd" ]]; then + echo "SKIP_IDMS=1 requires yq; running: make yq" + make -s yq + yq_cmd=$(command -v yq 2>/dev/null || echo "${localbin}/yq") + fi + if ! "$yq_cmd" --version >/dev/null 2>&1; then + echo "error: yq not working at ${yq_cmd} (install yq or ensure make yq succeeds)" >&2 + exit 1 + fi + + ( + tmpcfg=$(mktemp -d) + trap 'rm -rf "${tmpcfg}"' EXIT + mkdir -p "${tmpcfg}/cfg" + cp -a "${REPO_ROOT}/config/." "${tmpcfg}/cfg/" + patch_file="${tmpcfg}/cfg/default/deployment-patch.yaml" + + sed -i "s|__REPLACE_LIGHTSPEED_OPERATOR__|${operator_img}|g" "$patch_file" + sed -i "/path: \/spec\/template\/spec\/containers\/0\/image/{n;s|value: .*|value: ${operator_img}|}" "$patch_file" + while IFS='|' read -r name placeholder; do + if [[ "$name" != "lightspeed-operator" ]]; then + img=$("${jqbin}" -r --arg n "$name" '.[] | select(.name==$n) | .image' "${REPO_ROOT}/related_images.json") + if [[ -n "$img" && "$img" != "null" ]]; then + sed -i "s|${placeholder}|${img}|g" "$patch_file" + fi + fi + done < <("${jqbin}" -r '.[] | "\(.name)|\(.placeholder)"' "${REPO_ROOT}/hack/image_placeholders.json") + + cd "${tmpcfg}/cfg/default" + "${kustomize}" build . | "${yq_cmd}" ea 'select(.kind != "ImageDigestMirrorSet")' - | "${kubectlbin}" apply -f - + ) +} + +if [[ "${SKIP_IDMS:-}" == "1" ]]; then + echo "Deploying operator manager (SKIP_IDMS=1: same as make deploy but omit ImageDigestMirrorSet; IMG=${IMG})..." + make manifests kustomize jq + direct_deploy_skip_idms +else + echo "Deploying operator manager (make deploy IMG=${IMG})..." + make deploy IMG="${IMG}" +fi + +if git rev-parse --git-dir >/dev/null 2>&1; then + git checkout -- config/default/deployment-patch.yaml 2>/dev/null || true +fi + +echo "Done. Operator deployment:" +oc get deployment lightspeed-operator-controller-manager -n "$ns" -o wide || true diff --git a/test/e2e/utils.go b/test/e2e/utils.go index 6e02084ec..2395e8bb9 100644 --- a/test/e2e/utils.go +++ b/test/e2e/utils.go @@ -274,7 +274,7 @@ func GetPodLogs(c *Client, namespace, podName, containerName string, sinceTime * if err != nil { return "", fmt.Errorf("failed to get pod logs: %w", err) } - defer podLogs.Close() + defer func() { _ = podLogs.Close() }() logs, err := io.ReadAll(podLogs) if err != nil {