Skip to content

WIP: Trying hive. Take #3 ;-) #1331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

WIP: Trying hive. Take #3 ;-) #1331

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
b45d9f7
WIP: Trying hive. Take #3 ;-)
rhopp Oct 7, 2025
8e39133
fix result reference
rhopp Oct 7, 2025
ac96313
increase timeout
rhopp Oct 8, 2025
3b57667
run just single pipeline
rhopp Oct 8, 2025
a3a1c33
switch clusterpoo
rhopp Oct 8, 2025
bba4870
Increase some timeout ;-)
rhopp Oct 8, 2025
79dd8f5
Disable tls in tests
rhopp Oct 9, 2025
4dfb0c1
Update tssc-test-image in e2e tests to use a specific self-signed image
rhopp Oct 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion integration-tests/config/rhads-config
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
OCP="4.17,4.18,4.19"
OCP="4.19"
ACS="local"
REGISTRY="quay,artifactory,nexus"
TPA="local"
Expand Down
4 changes: 2 additions & 2 deletions integration-tests/pipelines/e2e-main-pipeline.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/redhat-appstudio/tssc-cli.git
value: https://github.com/rhopp/tssc-cli.git
- name: revision
value: main
value: hive-try3
- name: pathInRepo
value: integration-tests/tasks/start-pipelines.yaml
params:
Expand Down
268 changes: 196 additions & 72 deletions integration-tests/pipelines/tssc-cli-e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,46 +47,175 @@ spec:
description: 'Optional testplan.json content encoded in base64 format. If not provided, testplan will be downloaded from the repository.'
default: ""
tasks:
- name: rosa-hcp-metadata
taskRef:
resolver: git
params:
- name: url
value: https://github.com/konflux-ci/tekton-integration-catalog.git
- name: revision
value: main
- name: pathInRepo
value: tasks/rosa/hosted-cp/rosa-hcp-metadata/0.1/rosa-hcp-metadata.yaml
- name: provision-rosa
runAfter:
- rosa-hcp-metadata
taskRef:
resolver: git
params:
- name: url
value: https://github.com/konflux-ci/tekton-integration-catalog.git
- name: revision
value: main
- name: pathInRepo
value: tasks/rosa/hosted-cp/rosa-hcp-provision/0.2/rosa-hcp-provision.yaml
params:
- name: cluster-name
value: "$(tasks.rosa-hcp-metadata.results.cluster-name)"
- name: ocp-version
value: "$(params.ocp-version)"
- name: replicas
value: "$(params.replicas)"
- name: machine-type
value: "$(params.machine-type)"
- name: konflux-test-infra-secret
value: "$(params.konflux-test-infra-secret)"
- name: cloud-credential-key
value: "$(params.cloud-credential-key)"
- name: oci-container
value: "quay.io/konflux-test-storage/rhtap-team/rhtap-cli:$(context.pipelineRun.name)"
- name: provision-cluster
taskSpec:
results:
- name: ocp-login-command
value: "$(steps.claim-cluster.results.ocp-login-command)"
volumes:
- name: hive-creds-volume
secret:
secretName: rhopp-test
- name: credentials
emptyDir: {}
steps:
- name: claim-cluster
image: registry.redhat.io/openshift4/ose-cli@sha256:15da03b04318bcc842060b71e9dd6d6c2595edb4e8fdd11b0c6781eeb03ca182
volumeMounts:
- name: hive-creds-volume
mountPath: /usr/local/hive-creds
results:
- name: ocp-login-command
description: "Ocp login command"
script: |
#!/usr/bin/bash
oc login $(cat /usr/local/hive-creds/kube_api_url) -u cluster-admin -p $(cat /usr/local/hive-creds/password)
oc whoami
oc get rhopp-test-clusterpool -n hive
oc create -f - <<EOF
apiVersion: hive.openshift.io/v1
kind: ClusterClaim
metadata:
name: $(context.pipelineRun.name)
namespace: hive
spec:
clusterPoolName: rhopp-test-clusterpool
EOF
## wait for cluster for up to 60 minutes
if ! kubectl wait --for=condition=ClusterRunning clusterclaims.hive.openshift.io/$(context.pipelineRun.name) -n hive --timeout 60m; then
echo "Cluster failed to start in 60 minutes. Deleting clusterClaim"
oc delete clusterclaims.hive.openshift.io/$(context.pipelineRun.name) -n hive
exit 1
fi
cp_namespace=$(oc get clusterclaims.hive.openshift.io -n hive $(context.pipelineRun.name) -o jsonpath={.spec.namespace})
api_url=$(oc get clusterdeployment -n $cp_namespace $cp_namespace -o jsonpath={.status.apiURL})
admin_pass_secret=$(oc get clusterdeployment -n $cp_namespace $cp_namespace -o jsonpath={.spec.clusterMetadata.adminPasswordSecretRef.name})
kubeadminpass=$(oc get secret $admin_pass_secret -n $cp_namespace -o jsonpath={.data.password} |base64 -d)
echo "oc login --insecure-skip-tls-verify=true $api_url -u kubeadmin -p $kubeadminpass" > $(step.results.ocp-login-command.path)

kubeconfig_secret=$(oc get clusterdeployment -n $cp_namespace $cp_namespace -o jsonpath={.spec.clusterMetadata.adminKubeconfigSecretRef.name})

oc get secret -n $cp_namespace $kubeconfig_secret -o jsonpath={.data.kubeconfig} |base64 -d > /tmp/ephemereal.config
export KUBECONFIG=/tmp/ephemereal.config
csr_max_retries=5
csr_sleep_duration=10
approved_csrs=false

console_max_retries=30
console_sleep_duration=10
console_connect_timeout=10
console_accessible=false

echo "--- Starting CSR Approval Process ---"
for ((i=1; i<=csr_max_retries; i++)); do
echo "CSR Attempt $i of $csr_max_retries: Checking for pending CSRs..."
if ! oc get csr 2>/dev/null | grep -i Pending; then
echo "No pending CSRs found. Continuing"
approved_csrs=true
break
else
echo "There are pending CSRs. That probably means cluster was hibernated for more than 24 hours. Need to approve them (until OCPBUGS-55339 is resolved)"
if oc get csr -oname | xargs oc adm certificate approve; then
echo "Successfully submitted approval for CSRs on attempt $i."
sleep 60 # Small delay for changes to propagate
if ! oc get csr 2>/dev/null | grep -i Pending; then
echo "Confirmed no pending CSRs after approval."
approved_csrs=true
break
else
echo "Pending CSRs still exist after approval attempt $i."
fi
else
echo "Failed to run approval command for CSRs on attempt $i."
fi
fi

if [[ "$i" -lt "$csr_max_retries" ]]; then
echo "Sleeping for $csr_sleep_duration seconds before next CSR retry..."
sleep "$csr_sleep_duration"
fi
done

if [[ "$approved_csrs" == "true" ]]; then
echo "CSR check and approval process completed successfully."
else
echo "Failed to ensure all pending CSRs were approved after $csr_max_retries attempts."
exit 1
fi
echo "--- CSR Approval Process Finished ---"

# --- Console URL Accessibility Check ---
echo "--- Starting Console Accessibility Check ---"


oc whoami
console_url=$(oc whoami --show-console)
echo "Console URL: $console_url"
# # Check if routes are available (OpenShift-specific resource)
# echo "Checking if routes are available..."
# if ! oc api-resources | grep -q "routes"; then
# echo "Warning: Routes are not available. This might not be an OpenShift cluster or it's not fully ready."
# echo "Waiting for OpenShift components to be ready..."
# sleep 30
# if ! oc api-resources | grep -q "routes"; then
# echo "Error: Routes still not available. This doesn't appear to be an OpenShift cluster."
# exit 1
# fi
# fi

# # Check if openshift-console namespace exists
# echo "Checking if openshift-console namespace exists..."
# if ! oc get namespace openshift-console &>/dev/null; then
# echo "Error: openshift-console namespace not found."
# exit 1
# fi

# # Wait for console route to be available
# echo "Waiting for console route to be available..."
# for ((k=1; k<=10; k++)); do
# if oc get route console -n openshift-console &>/dev/null; then
# echo "Console route found."
# break
# fi
# echo "Console route not found, attempt $k/10. Waiting 30 seconds..."
# sleep 30
# done

# console_url="https://$(oc get route console -n openshift-console -o jsonpath='{.spec.host}' 2>/dev/null)"

if [[ -z "$console_url" ]]; then
echo "Error: Could not retrieve OpenShift console URL."
exit 1
else
echo "Console URL found: $console_url"
for ((j=1; j<=console_max_retries; j++)); do
echo "Console Check Attempt $j of $console_max_retries: Checking console URL accessibility..."
if curl -k --silent --output /dev/null --head --fail --connect-timeout "$console_connect_timeout" "$console_url"; then
echo "Console URL $console_url is accessible (HTTP 2xx)."
console_accessible=true
break
else
curl_exit_code=$?
echo "Console URL $console_url not accessible on attempt $j (curl exit code: $curl_exit_code)."
fi

if [[ "$j" -lt "$console_max_retries" ]]; then
echo "Sleeping for $console_sleep_duration seconds before next console check retry..."
sleep "$console_sleep_duration"
fi
done

if [[ "$console_accessible" == "true" ]]; then
echo "Console is ready. Continuing."
else
echo "Failed to access console URL $console_url after $console_max_retries attempts."
exit 1
fi
fi
echo "--- Console Accessibility Check Finished ---"
- name: tssc-install
runAfter:
- provision-rosa
- provision-cluster
taskRef:
resolver: git
params:
Expand All @@ -98,7 +227,7 @@ spec:
value: integration-tests/tasks/tssc-install.yaml
params:
- name: ocp-login-command
value: "$(tasks.provision-rosa.results.ocp-login-command)"
value: "$(tasks.provision-cluster.results.ocp-login-command)"
- name: job-spec
value: "$(params.job-spec)"
- name: rhads-config
Expand All @@ -119,28 +248,28 @@ spec:
value: tasks/sprayproxy/sprayproxy-provision/0.1/sprayproxy-provision.yaml
params:
- name: ocp-login-command
value: "$(tasks.provision-rosa.results.ocp-login-command)"
value: "$(tasks.provision-cluster.results.ocp-login-command)"
- name: tssc-e2e-tests
runAfter:
- sprayproxy-provision
taskRef:
resolver: git
params:
- name: url
value: https://github.com/redhat-appstudio/tssc-test.git
value: https://github.com/rhopp/tssc-test.git
- name: revision
value: main
value: disable_tls
- name: pathInRepo
value: integration-tests/tasks/tssc-e2e.yaml
params:
- name: job-spec
value: $(params.job-spec)
- name: ocp-login-command
value: "$(tasks.provision-rosa.results.ocp-login-command)"
value: "$(tasks.provision-cluster.results.ocp-login-command)"
- name: oci-container
value: "quay.io/konflux-test-storage/rhtap-team/rhtap-cli:$(context.pipelineRun.name)"
- name: tssc-test-image
value: $(params.tssc-test-image)
value: "quay.io/rhopp/tssc-tests:self_signed"
- name: testplan
value: $(params.testplan)
- name: rhtap-ui-tests
Expand All @@ -160,39 +289,34 @@ spec:
- name: job-spec
value: $(params.job-spec)
- name: ocp-login-command
value: "$(tasks.provision-rosa.results.ocp-login-command)"
value: "$(tasks.provision-cluster.results.ocp-login-command)"
- name: oci-container
value: "quay.io/konflux-test-storage/rhtap-team/rhtap-cli:$(context.pipelineRun.name)"
- name: tssc-test-image
value: $(params.tssc-test-image)
value: "$(params.tssc-test-image)"
- name: testplan
value: $(params.testplan)
finally:
- name: deprovision-rosa-collect-artifacts
taskRef:
resolver: git
params:
- name: url
value: https://github.com/konflux-ci/tekton-integration-catalog.git
- name: revision
value: main
- name: pathInRepo
value: tasks/rosa/hosted-cp/rosa-hcp-deprovision/0.2/rosa-hcp-deprovision.yaml
params:
- name: test-name
value: $(context.pipelineRun.name)
- name: ocp-login-command
value: "$(tasks.provision-rosa.results.ocp-login-command)"
- name: oci-container
value: "quay.io/konflux-test-storage/rhtap-team/rhtap-cli:$(context.pipelineRun.name)"
- name: cluster-name
value: "$(tasks.rosa-hcp-metadata.results.cluster-name)"
- name: konflux-test-infra-secret
value: "$(params.konflux-test-infra-secret)"
- name: cloud-credential-key
value: "$(params.cloud-credential-key)"
- name: pipeline-aggregate-status
value: "$(tasks.status)"
- name: deprovision-cluster
taskSpec:
volumes:
- name: hive-creds-volume
secret:
secretName: rhopp-test
- name: credentials
emptyDir: {}
steps:
- name: deprovision-cluster
image: registry.redhat.io/openshift4/ose-cli@sha256:15da03b04318bcc842060b71e9dd6d6c2595edb4e8fdd11b0c6781eeb03ca182
volumeMounts:
- name: hive-creds-volume
mountPath: /usr/local/hive-creds
script: |
#!/usr/bin/bash
set -x
oc login $(cat /usr/local/hive-creds/kube_api_url) -u cluster-admin -p $(cat /usr/local/hive-creds/password)
oc whoami
oc delete clusterclaims.hive.openshift.io $(context.pipelineRun.name) -n hive
- name: sprayproxy-deprovision
when:
- input: "$(tasks.sprayproxy-provision.status)"
Expand All @@ -210,7 +334,7 @@ spec:
value: tasks/sprayproxy/sprayproxy-deprovision/0.1/sprayproxy-deprovision.yaml
params:
- name: ocp-login-command
value: "$(tasks.provision-rosa.results.ocp-login-command)"
value: "$(tasks.provision-cluster.results.ocp-login-command)"
- name: pull-request-status-message
taskRef:
resolver: git
Expand Down
2 changes: 1 addition & 1 deletion integration-tests/tasks/start-pipelines.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ spec:
"-o" "name"
)
echo "Starting pipeline with testplan (${#testplan_b64} chars): ${testplan_b64:0:50}..."
pipeline_run=$(tkn pipeline start -f https://raw.githubusercontent.com/$REPO_ORG/tssc-cli/refs/heads/$BRANCH/integration-tests/pipelines/tssc-cli-e2e.yaml "${tkn_params[@]}")
pipeline_run=$(tkn pipeline start -f https://raw.githubusercontent.com/rhopp/tssc-cli/refs/heads/hive-try3/integration-tests/pipelines/tssc-cli-e2e.yaml "${tkn_params[@]}")
echo "Started new pipelinerun: ${KONFLUX_URL}/ns/${KONFLUX_NAMESPACE}/applications/${KONFLUX_APPLICATION_NAME}/pipelineruns/${pipeline_run}"
PIPELINERUNS_ARRAY+=($pipeline_run)
}
Expand Down