diff --git a/.packit.yaml b/.packit.yaml index c31753d..e8b44cd 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -2,10 +2,25 @@ jobs: - job: tests trigger: pull_request + identifier: official-image branch: main targets: - fedora-rawhide skip_build: true + tf_extra_params: + environments: + - tmt: + context: + target_PR_branch: main + OC: "false" + UPSTREAM_CODE: "false" + - job: tests + trigger: pull_request + identifier: upstream-code + branch: main + targets: + - fedora-stable + skip_build: true tf_extra_params: environments: - tmt: diff --git a/Plans/upstream-operator-all-tests.fmf b/Plans/upstream-operator-all-tests.fmf new file mode 100644 index 0000000..7bb5eff --- /dev/null +++ b/Plans/upstream-operator-all-tests.fmf @@ -0,0 +1,41 @@ +summary: Plan with installation of upstream tang operator. + + +prepare: + - how: shell + script: + - systemctl disable --now dnf-makecache.service || true + - systemctl disable --now dnf-makecache.timer || true + - dnf makecache + +environment: + TANG_IMAGE: "quay.io/sec-eng-special/fedora_tang_server" + UPSTREAM_TANG: "true" + +discover: + - name: Configure_test_system + how: fmf + url: https://github.com/RedHat-SP-Security/common-cloud-orchestration + ref: main + test: + - /Setup/setup_local_cluster + - name: Run_tests + how: fmf + test: + - /Setup/install_upstream_tang-operator + - /Setup/creating_test_namespace + - /Sanity + - /Setup/clean_cluster + +adjust: + - when: distro == rhel-9 or distro == centos-stream-9 + prepare+: + - how: shell + script: + - dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm + - when: UPSTREAM_CODE is defined and UPSTREAM_CODE == false + enabled: false + because: we want to run this plan only for stable version of fedora, golang is not stable on rawhide + +execute: + how: tmt diff --git a/Setup/clean_cluster/runtest.sh b/Setup/clean_cluster/runtest.sh index e63d9ca..a45d15e 100755 --- a/Setup/clean_cluster/runtest.sh +++ b/Setup/clean_cluster/runtest.sh @@ -49,5 +49,10 @@ rlJournalStart rlRun "ocpopCheckPodKilled ${controller_name} ${OPERATOR_NAMESPACE} ${TO_POD_CONTROLLER_TERMINATE}" 0 "Checking controller POD not available any more [Timeout=${TO_POD_CONTROLLER_TERMINATE} secs.]" fi rlRun "${OC_CLIENT} delete -f ${TEST_NAMESPACE_FILE}" 0 "Deleting test namespace:${TEST_NAMESPACE}" + + if [ "${UPSTREAM_TANG}" == "true" ]; then + rlLog "Stop running registry container." + rlRun "podman rm --force -t 2 registry" + fi rlPhaseEnd rlJournalEnd diff --git a/Setup/install_upstream_tang-operator/main.fmf b/Setup/install_upstream_tang-operator/main.fmf new file mode 100644 index 0000000..3ea070b --- /dev/null +++ b/Setup/install_upstream_tang-operator/main.fmf @@ -0,0 +1,15 @@ +summary: Build upstream tang operator. +description: | + Build tang operator from upstream code. +contact: Patrik Koncity +component: + - tang +test: ./runtest.sh +tag: + - CI-Tier-1 +require: + - podman + - go + - git +duration: 10m +enabled: true diff --git a/Setup/install_upstream_tang-operator/runtest.sh b/Setup/install_upstream_tang-operator/runtest.sh new file mode 100755 index 0000000..aed97b8 --- /dev/null +++ b/Setup/install_upstream_tang-operator/runtest.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# Copyright 2023. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +[ -n "${TANG_OPERATOR_UPSTREAM_URL}" ] || TANG_OPERATOR_UPSTREAM_URL="https://github.com/latchset/tang-operator.git" +[ -n "${TANG_OPERATOR_UPSTREAM_BRANCH}" ] || TANG_OPERATOR_UPSTREAM_BRANCH="main" + +rlJournalStart + + rlPhaseStartTest "Build tang operator bundle from upstream code" + export IP=$(hostname -I | awk '{print $1}') + if [ -d /var/tmp/tang-operator_sources ]; then + rlLogInfo "Compiling tang-operator bits from /var/tmp/tang-operator_sources" + else + rlLogInfo "Compiling tang-operator from cloned upstream repo" + rlRun "git clone -b ${TANG_OPERATOR_UPSTREAM_BRANCH} ${TANG_OPERATOR_UPSTREAM_URL} /var/tmp/tang-operator_sources" + fi + rlRun "pushd /var/tmp/tang-operator_sources" + rlRun "sed -i 's/FROM golang:1.21 as builder/FROM docker.io\/library\/golang:1.21 as builder/g' Dockerfile" +cat <> /etc/containers/registries.conf +[[registry]] +location = "${IP}:5000" +insecure = true +EOF + rlRun "mkdir -p /var/lib/registry" + #Need to export to use it in make build commands + export IMG="${IP}:5000/tang-controller:latest" + export BUNDLE_IMG="${IP}:5000/tang-operator-bundle:latest" + rlRun "podman container run -dt -p 5000:5000 --name registry --volume registry:/var/lib/registry:Z docker.io/library/registry:2" + #Check if it's registry accesible + rlRun "curl ${IP}:5000/v2/_catalog" 0 "Checking registry availability" + rlRun "make podman-build podman-push" + rlRun "make bundle" + rlRun "make podman-bundle-build podman-bundle-push" + #For another shell sessions + cat < /etc/profile.d/upstream_tang_init.sh +#!/bin/bash +export IMAGE_VERSION=${BUNDLE_IMG} +export RUN_BUNDLE_PARAMS="--use-http" +EOF + popd + rlPhaseEnd + + +rlJournalEnd diff --git a/TestHelpers/functions.sh b/TestHelpers/functions.sh index 8f56c16..dfce067 100755 --- a/TestHelpers/functions.sh +++ b/TestHelpers/functions.sh @@ -44,6 +44,9 @@ TO_POD_STOP=5 #seconds TO_SERVICE_START=120 #seconds TO_SERVICE_STOP=120 #seconds +if [ -d /etc/profile.d/upstream_tang_init.sh ]; then + sh /etc/profile.d/upstream_tang_init.sh +fi TO_ALL_POD_CONTROLLER_TERMINATE=120 #seconds TO_KEY_ROTATION=1 #seconds