Install upstream tang setup task

New setup for installing upstream version
of tang operator. Also adjust clean cluster
setup for stop running helper registry
container. And initialize variable with
image in function script. Add plan which
test upstream version of operator. Add new runner in
packit CI for running plan just for stable version
of fedora.

.packit.yaml

@@ -6,6 +6,20 @@ jobs:
     targets:
       - fedora-rawhide
     skip_build: true
+    tf_extra_params:
+      environments:
+        - tmt:
+            context:
+              target_PR_branch: main
+              OC: "false"
+              UPSTREAM_CODE: "false"
+  - job: tests
+    trigger: pull_request
+    identifier: image_upstream_code
+    branch: main
+    targets:
+      - fedora-stable
+    skip_build: true
     tf_extra_params:
       environments:
         - tmt:

Plans/upstream-operator-all-tests.fmf

@@ -0,0 +1,41 @@
+summary: Plan with installation of upstream tang operator.
+
+
+prepare:
+  - how: shell
+    script:
+     - systemctl disable --now dnf-makecache.service || true
+     - systemctl disable --now dnf-makecache.timer || true
+     - dnf makecache
+
+environment:
+  TANG_IMAGE: "quay.io/sec-eng-special/fedora_tang_server"
+  UPSTREAM_TANG: "true"
+
+discover:
+  - name: Configure_test_system
+    how: fmf
+    url: https://github.com/RedHat-SP-Security/common-cloud-orchestration
+    ref: main
+    test:
+      - /Setup/setup_local_cluster
+  - name: Run_tests
+    how: fmf
+    test:
+      - /Setup/install_upstream_tang-operator
+      - /Setup/creating_test_namespace
+      - /Sanity
+      - /Setup/clean_cluster
+
+adjust:
+  - when: distro == rhel-9 or distro == centos-stream-9 
+    prepare+:
+      - how: shell
+        script:
+          - dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm
+  - when: UPSTREAM_CODE is defined and UPSTREAM_CODE == false
+    enabled: false
+    because: we want to run this plan only for stable version of fedora, golang is not stable on rawhide
+
+execute:
+    how: tmt

Setup/clean_cluster/runtest.sh

@@ -49,5 +49,10 @@ rlJournalStart
           rlRun "ocpopCheckPodKilled ${controller_name} ${OPERATOR_NAMESPACE} ${TO_POD_CONTROLLER_TERMINATE}" 0 "Checking controller POD not available any more [Timeout=${TO_POD_CONTROLLER_TERMINATE} secs.]"
         fi
         rlRun "${OC_CLIENT} delete -f ${TEST_NAMESPACE_FILE}" 0 "Deleting test namespace:${TEST_NAMESPACE}"
+
+        if [ "${UPSTREAM_TANG}" == "true" ]; then
+            rlLog "Stop running registry container."
+            rlRun "podman rm --force -t 2 registry"
+        fi
     rlPhaseEnd
 rlJournalEnd

Setup/install_upstream_tang-operator/main.fmf

@@ -0,0 +1,15 @@
+summary: Build upstream tang operator.
+description: |
+    Build tang operator from upstream code.
+contact: Patrik Koncity <[email protected]>
+component:
+  - tang
+test: ./runtest.sh
+tag:
+  - CI-Tier-1
+require:
+  - podman
+  - go
+  - git
+duration: 10m
+enabled: true

Setup/install_upstream_tang-operator/runtest.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+# Copyright 2023.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+[ -n "${TANG_OPERATOR_UPSTREAM_URL}" ] || TANG_OPERATOR_UPSTREAM_URL="https://github.com/latchset/tang-operator.git"
+[ -n "${TANG_OPERATOR_UPSTREAM_BRANCH}" ] || TANG_OPERATOR_UPSTREAM_BRANCH="main"
+
+rlJournalStart
+
+    rlPhaseStartTest "Build tang operator bundle from upstream code"
+        export IP=$(hostname -I | awk '{print $1}')
+        if [ -d /var/tmp/tang-operator_sources ]; then
+            rlLogInfo "Compiling tang-operator bits from /var/tmp/tang-operator_sources"
+        else
+            rlLogInfo "Compiling tang-operator from cloned upstream repo"
+            rlRun "git clone -b ${TANG_OPERATOR_UPSTREAM_BRANCH} ${TANG_OPERATOR_UPSTREAM_URL} /var/tmp/tang-operator_sources"
+        fi
+        rlRun "pushd /var/tmp/tang-operator_sources"
+        rlRun "sed -i 's/FROM golang:1.21 as builder/FROM docker.io\/library\/golang:1.21 as builder/g' Dockerfile"
+cat <<EOF >> /etc/containers/registries.conf
+[[registry]]
+location = "${IP}:5000"
+insecure = true
+EOF
+        rlRun "mkdir -p /var/lib/registry"
+        #Need to export to use it in make build commands
+        export IMG="${IP}:5000/tang-controller:latest"
+        export BUNDLE_IMG="${IP}:5000/tang-operator-bundle:latest"
+        rlRun "podman container run -dt -p 5000:5000 --name registry --volume registry:/var/lib/registry:Z docker.io/library/registry:2"
+        #Check if it's registry accesible
+        rlRun "curl ${IP}:5000/v2/_catalog" 0 "Checking registry availability"
+        rlRun "make podman-build podman-push"
+        rlRun "make bundle"
+        rlRun "make podman-bundle-build podman-bundle-push"
+        #For another shell sessions
+        cat <<EOF > /etc/profile.d/upstream_tang_init.sh
+#!/bin/bash
+export IMAGE_VERSION=${BUNDLE_IMG}
+export RUN_BUNDLE_PARAMS="--use-http"
+EOF
+        popd
+    rlPhaseEnd
+
+
+rlJournalEnd

TestHelpers/functions.sh

@@ -44,6 +44,9 @@ TO_POD_STOP=5 #seconds
 TO_SERVICE_START=120 #seconds
 TO_SERVICE_STOP=120 #seconds
 
+if [ -d /etc/profile.d/upstream_tang_init.sh ]; then
+    sh /etc/profile.d/upstream_tang_init.sh
+fi
 
 TO_ALL_POD_CONTROLLER_TERMINATE=120 #seconds
 TO_KEY_ROTATION=1 #seconds