Merge branch 'main' into RHIDP-4244

janus-idp · Dec 9, 2024 · 400ea92 · 400ea92
2 parents f9ecd72 + d871ec6
commit 400ea92
Show file tree

Hide file tree

Showing 25 changed files with 705 additions and 782 deletions.
diff --git a/.ibm/pipelines/auth/secrets-rhdh-secrets.yaml b/.ibm/pipelines/auth/secrets-rhdh-secrets.yaml
@@ -29,7 +29,7 @@ data:
   KEYCLOAK_CLIENT_ID: bXljbGllbnQ=
   KEYCLOAK_CLIENT_SECRET: dGVtcA==
   ACR_SECRET: dGVtcA==
-  DH_TARGET_URL: aHR0cDovL3Rlc3QtYmFja3N0YWdlLWN1c3RvbWl6YXRpb24tcHJvdmlkZXItc2hvd2Nhc2UtY2kucmhkaC1wci1vcy1hOTgwNTY1MDgzMGIyMmMzYWVlMjQzZTUxZDc5NTY1ZC0wMDAwLnVzLWVhc3QuY29udGFpbmVycy5hcHBkb21haW4uY2xvdWQ=
+  DH_TARGET_URL: dGVzdC1iYWNrc3RhZ2UtY3VzdG9taXphdGlvbi1wcm92aWRlci1zaG93Y2FzZS1jaS5yaGRoLXByLW9zLWE5ODA1NjUwODMwYjIyYzNhZWUyNDNlNTFkNzk1NjVkLTAwMDAudXMtZWFzdC5jb250YWluZXJzLmFwcGRvbWFpbi5jbG91ZA==
   GOOGLE_CLIENT_ID: dGVtcA==
   GOOGLE_CLIENT_SECRET: dGVtcA==
 type: Opaque
diff --git a/.ibm/pipelines/cluster/aks/deployment.sh b/.ibm/pipelines/cluster/aks/deployment.sh
@@ -1,5 +1,4 @@
 initiate_aks_deployment() {
-  install_helm
   add_helm_repos
   delete_namespace "${NAME_SPACE_RBAC_K8S}"
   configure_namespace "${NAME_SPACE_K8S}"
@@ -20,7 +19,6 @@ initiate_aks_deployment() {
 }
 
 initiate_rbac_aks_deployment() {
-  install_helm
   add_helm_repos
   delete_namespace "${NAME_SPACE_K8S}"
   configure_namespace "${NAME_SPACE_RBAC_K8S}"
@@ -38,4 +36,4 @@ initiate_rbac_aks_deployment() {
     --set global.host="${K8S_CLUSTER_ROUTER_BASE}" \
     --set upstream.backstage.image.repository="${QUAY_REPO}" \
     --set upstream.backstage.image.tag="${TAG_NAME}"
-}
+}
diff --git a/.ibm/pipelines/cluster/gke/deployment.sh b/.ibm/pipelines/cluster/gke/deployment.sh
@@ -1,6 +1,5 @@
 initiate_gke_deployment() {
   gcloud_ssl_cert_create $GKE_CERT_NAME $GKE_INSTANCE_DOMAIN_NAME $GOOGLE_CLOUD_PROJECT
-  install_helm
   add_helm_repos
   delete_namespace "${NAME_SPACE_RBAC_K8S}"
   configure_namespace "${NAME_SPACE_K8S}"
@@ -24,7 +23,6 @@ initiate_gke_deployment() {
 
 initiate_rbac_gke_deployment() {
   gcloud_ssl_cert_create $GKE_CERT_NAME $GKE_INSTANCE_DOMAIN_NAME $GOOGLE_CLOUD_PROJECT
-  install_helm
   add_helm_repos
   delete_namespace "${NAME_SPACE_K8S}"
   configure_namespace "${NAME_SPACE_RBAC_K8S}"
@@ -43,4 +41,4 @@ initiate_rbac_gke_deployment() {
     --set upstream.backstage.image.repository="${QUAY_REPO}" \
     --set upstream.backstage.image.tag="${TAG_NAME}" \
     --set upstream.ingress.annotations."ingress\.gcp\.kubernetes\.io/pre-shared-cert"="${GKE_CERT_NAME}"
-}
+}
diff --git a/.ibm/pipelines/env_variables.sh b/.ibm/pipelines/env_variables.sh
@@ -67,7 +67,7 @@ KEYCLOAK_REALM='myrealm'
 KEYCLOAK_CLIENT_ID='myclient'
 KEYCLOAK_CLIENT_SECRET=$(cat /tmp/secrets/KEYCLOAK_CLIENT_SECRET)
 ACR_SECRET=$(cat /tmp/secrets/ACR_SECRET)
-DH_TARGET_URL=aHR0cDovL3Rlc3QtYmFja3N0YWdlLWN1c3RvbWl6YXRpb24tcHJvdmlkZXItc2hvd2Nhc2UtY2kucmhkaC1wci1vcy1hOTgwNTY1MDgzMGIyMmMzYWVlMjQzZTUxZDc5NTY1ZC0wMDAwLnVzLWVhc3QuY29udGFpbmVycy5hcHBkb21haW4uY2xvdWQ=
+DH_TARGET_URL=dGVzdC1iYWNrc3RhZ2UtY3VzdG9taXphdGlvbi1wcm92aWRlci1zaG93Y2FzZS1jaS5yaGRoLXByLW9zLWE5ODA1NjUwODMwYjIyYzNhZWUyNDNlNTFkNzk1NjVkLTAwMDAudXMtZWFzdC5jb250YWluZXJzLmFwcGRvbWFpbi5jbG91ZA==
 GOOGLE_CLIENT_ID=$(cat /tmp/secrets/GOOGLE_CLIENT_ID)
 GOOGLE_CLIENT_SECRET=$(cat /tmp/secrets/GOOGLE_CLIENT_SECRET)
 GOOGLE_ACC_COOKIE=$(cat /tmp/secrets/GOOGLE_ACC_COOKIE)

diff --git a/.ibm/pipelines/jobs/aks.sh b/.ibm/pipelines/jobs/aks.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+handle_aks() {
+  echo "Starting AKS deployment"
+  for file in ${DIR}/cluster/aks/*.sh; do source $file; done
+
+  export K8S_CLUSTER_URL=$(cat /tmp/secrets/RHDH_AKS_CLUSTER_URL)
+  export K8S_CLUSTER_TOKEN=$(cat /tmp/secrets/RHDH_AKS_CLUSTER_TOKEN)
+  export K8S_CLUSTER_ROUTER_BASE=$AKS_INSTANCE_DOMAIN_NAME
+  export NAME_SPACE_K8S="showcase-k8s-ci-nightly"
+  export NAME_SPACE_RBAC_K8S="showcase-rbac-k8s-ci-nightly"
+
+  url="https://${K8S_CLUSTER_ROUTER_BASE}"
+
+  az_login
+  az_aks_start "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
+  az_aks_approuting_enable "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
+  az_aks_get_credentials "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
+
+  set_github_app_3_credentials
+
+  initiate_aks_deployment
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE_K8S}" "${url}"
+  delete_namespace "${NAME_SPACE_K8S}"
+  initiate_rbac_aks_deployment
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC_K8S}"
+  delete_namespace "${NAME_SPACE_RBAC_K8S}"
+}
+
+
diff --git a/.ibm/pipelines/jobs/gke.sh b/.ibm/pipelines/jobs/gke.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+handle_gke() {
+  echo "Starting GKE deployment"
+  for file in ${DIR}/cluster/gke/*.sh; do source $file; done
+
+  export K8S_CLUSTER_ROUTER_BASE=$GKE_INSTANCE_DOMAIN_NAME
+  export NAME_SPACE_K8S="showcase-k8s-ci-nightly"
+  export NAME_SPACE_RBAC_K8S="showcase-rbac-k8s-ci-nightly"
+  url="https://${K8S_CLUSTER_ROUTER_BASE}"
+
+  gcloud_auth "${GKE_SERVICE_ACCOUNT_NAME}" "/tmp/secrets/GKE_SERVICE_ACCOUNT_KEY"
+  gcloud_gke_get_credentials "${GKE_CLUSTER_NAME}" "${GKE_CLUSTER_REGION}" "${GOOGLE_CLOUD_PROJECT}"
+
+  set_github_app_3_credentials
+
+  initiate_gke_deployment
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE_K8S}" "${url}"
+  delete_namespace "${NAME_SPACE_K8S}"
+  initiate_rbac_gke_deployment
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC_K8S}"
+  delete_namespace "${NAME_SPACE_RBAC_K8S}"
+
+}
diff --git a/.ibm/pipelines/jobs/main.sh b/.ibm/pipelines/jobs/main.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -x
+
+set_namespace() {
+  # Enable parallel PR testing for main branch by utilizing a pool of namespaces
+  local namespaces_pool=("pr-1" "pr-2" "pr-3")
+  local namespace_found=false
+  # Iterate through namespace pool to find an available set
+  for ns in "${namespaces_pool[@]}"; do
+    if ! oc get namespace "showcase-$ns" >/dev/null 2>&1; then
+      echo "Namespace "showcase-$ns" does not exist, Using NS: showcase-$ns, showcase-rbac-$ns, postgress-external-db-$ns"
+      export NAME_SPACE="showcase-$ns"
+      export NAME_SPACE_RBAC="showcase-rbac-$ns"
+      export NAME_SPACE_POSTGRES_DB="postgress-external-db-$ns"
+      namespace_found=true
+      break
+    fi
+  done
+  if ! $namespace_found; then
+    echo "Error: All namespaces $namespaces_pool already in Use"
+    exit 1
+  fi
+}
+
+handle_main() {
+  echo "Configuring namespace: ${NAME_SPACE}"
+  set_github_app_4_credentials
+  set_namespace
+  oc_login
+
+  API_SERVER_URL=$(oc whoami --show-server)
+  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
+  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
+
+  export K8S_CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
+  local url="https://${RELEASE_NAME}-backstage-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
+  initiate_deployments
+  deploy_test_backstage_provider "${NAME_SPACE}"
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${url}"
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${url}"
+}
diff --git a/.ibm/pipelines/jobs/ocp-v4-15.sh b/.ibm/pipelines/jobs/ocp-v4-15.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+handle_ocp_4_15() {
+  K8S_CLUSTER_URL=$(cat /tmp/secrets/RHDH_OS_2_CLUSTER_URL)
+  K8S_CLUSTER_TOKEN=$(cat /tmp/secrets/RHDH_OS_2_CLUSTER_TOKEN)
+
+  oc_login
+
+  API_SERVER_URL=$(oc whoami --show-server)
+  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
+  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
+
+  export K8S_CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
+  apply_yaml_files "${DIR}" "${NAME_SPACE}"
+  deploy_test_backstage_provider "${NAME_SPACE}"
+  local url="https://${release_name}-backstage-${namespace}.${K8S_CLUSTER_ROUTER_BASE}"
+
+  initiate_deployments
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${url}"
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${url}"
+}
diff --git a/.ibm/pipelines/jobs/ocp-v4-16.sh b/.ibm/pipelines/jobs/ocp-v4-16.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+handle_ocp_4_16() {
+  K8S_CLUSTER_URL=$(cat /tmp/secrets/RHDH_OS_1_CLUSTER_URL)
+  K8S_CLUSTER_TOKEN=$(cat /tmp/secrets/RHDH_OS_1_CLUSTER_TOKEN)
+
+  oc_login
+
+  API_SERVER_URL=$(oc whoami --show-server)
+  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
+  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
+
+  export K8S_CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
+  apply_yaml_files "${DIR}" "${NAME_SPACE}"
+  deploy_test_backstage_provider "${NAME_SPACE}"
+  local url="https://${release_name}-backstage-${namespace}.${K8S_CLUSTER_ROUTER_BASE}"
+
+  initiate_deployments
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${url}"
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${url}"
+}
diff --git a/.ibm/pipelines/jobs/operator.sh b/.ibm/pipelines/jobs/operator.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+handle_operator() {
+  oc_login
+
+  API_SERVER_URL=$(oc whoami --show-server)
+  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
+  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
+
+  apply_yaml_files "${DIR}" "${NAME_SPACE}"
+  deploy_test_backstage_provider "${NAME_SPACE}"
+}
diff --git a/.ibm/pipelines/jobs/periodic.sh b/.ibm/pipelines/jobs/periodic.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+handle_nightly() {
+  export NAME_SPACE="showcase-ci-nightly"
+  export NAME_SPACE_RBAC="showcase-rbac-nightly"
+  export NAME_SPACE_POSTGRES_DB="postgress-external-db-nightly"
+  export NAME_SPACE_K8S="showcase-k8s-ci-nightly"
+  export NAME_SPACE_RBAC_K8S="showcase-rbac-k8s-ci-nightly"
+
+  oc_login
+
+  API_SERVER_URL=$(oc whoami --show-server)
+  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
+  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
+
+  export K8S_CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
+
+  configure_namespace "${NAME_SPACE}"
+  deploy_test_backstage_provider "${NAME_SPACE}"
+  local url="https://${RELEASE_NAME}-backstage-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
+  install_pipelines_operator
+  sleep 20 # wait for Pipeline Operator/Tekton pipelines to be ready
+  oc apply -f "$dir/resources/pipeline-run/hello-world-pipeline.yaml"
+  oc apply -f "$dir/resources/pipeline-run/hello-world-pipeline-run.yaml"
+  initiate_deployments
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${url}"
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${url}"
+
+  # Only test TLS config with RDS and Change configuration at runtime in nightly jobs
+  initiate_rds_deployment "${RELEASE_NAME}" "${NAME_SPACE_RDS}"
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE_RDS}" "${url}"
+
+  # Deploy `showcase-runtime` to run tests that require configuration changes at runtime
+  configure_namespace "${NAME_SPACE_RUNTIME}"
+  uninstall_helmchart "${NAME_SPACE_RUNTIME}" "${RELEASE_NAME}"
+  oc apply -f "$DIR/resources/redis-cache/redis-deployment.yaml" --namespace="${NAME_SPACE_RUNTIME}"
+  apply_yaml_files "${DIR}" "${NAME_SPACE_RUNTIME}"
+  helm upgrade -i "${RELEASE_NAME}" -n "${NAME_SPACE_RUNTIME}" "${HELM_REPO_NAME}/${HELM_IMAGE_NAME}" --version "${CHART_VERSION}" -f "${DIR}/value_files/${HELM_CHART_VALUE_FILE_NAME}" --set global.clusterRouterBase="${K8S_CLUSTER_ROUTER_BASE}" --set upstream.backstage.image.repository="${QUAY_REPO}" --set upstream.backstage.image.tag="${TAG_NAME}"
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE_RUNTIME}" "${url}"
+}