Merge pull request #366 from xinredhat/pict_installation

modified rhtap installation to accept the installation options generated by pict
redhat-appstudio · Dec 31, 2024 · 0ab90e1 · 0ab90e1
2 parents 4360abc + a2e04c3
commit 0ab90e1
Show file tree

Hide file tree

Showing 5 changed files with 148 additions and 68 deletions.
diff --git a/integration-tests/pict-models/default.pict b/integration-tests/pict-models/default.pict
@@ -2,9 +2,17 @@
 # This is file used for integration tests (PR checks, post-merge checks)
 #
 
+# OCP: 4.17, 4.16
+# ACS: valid values:  new, hosted
+# Registry: valid values:  quay, quay.io, artifactory
+# TPA: valid values:  new, hosted
+# SCM: valid values:  github, gitlab, bitbucket
+# Pipeline: valid values:  github, gitlab, bitbucket
+
 OCP: 4.17, 4.16
-ACS: Enabled(deploy new)
-Registry: Quay(deploy new)
-TPA: Enabled
-SCM: GitHub
-Pipeline/CI: Tekton
+AUTH: github
+ACS: new            
+Registry: quay      
+TPA: new           
+SCM: github         
+Pipeline: tekton 
diff --git a/integration-tests/pipelines/e2e-main-pipeline.yaml b/integration-tests/pipelines/e2e-main-pipeline.yaml
@@ -47,16 +47,12 @@ spec:
                 value: $(tasks.test-metadata.results.job-spec)
             script: |
               #!/usr/bin/env bash
+              ## Download the pict file from the repository under directory integration-tests/pict-models/default.pict
               GIT_REPO="$(jq -r '.git.repo // empty' <<< $JOB_SPEC)"
+              REPO_ORG=$(jq -r '.git.source_repo_org' <<< $JOB_SPEC)
+              BRANCH=$(jq -r '.git.source_repo_branch' <<< $JOB_SPEC)
 
-              if [[ "${GIT_REPO}" = "rhtap-cli" ]]; then
-                REPO_ORG=$(jq -r '.git.source_repo_org' <<< $JOB_SPEC)
-                BRANCH=$(jq -r '.git.source_repo_branch' <<< $JOB_SPEC)
-              else
-                REPO_ORG="redhat-appstudio"
-                BRANCH="main"
-              fi
-              curl -o $(results.pict-file.path) https://raw.githubusercontent.com/$REPO_ORG/rhtap-cli/refs/heads/$BRANCH/integration-tests/pict-models/default.pict
+              curl -o $(results.pict-file.path) https://raw.githubusercontent.com/$REPO_ORG/$GIT_REPO/refs/heads/$BRANCH/integration-tests/pict-models/default.pict
     - name: generate-configs
       runAfter:
         - get-pict-file
@@ -117,18 +113,32 @@ spec:
 
               pids=()
 
-              while IFS= read -r version; do
+              while IFS= read -r config; do
+                OCP_VERSION=$(echo "$config" | jq -r '.[] | select(.key == "OCP").value')
+                ACS=$(echo "$config" | jq -r '.[] | select(.key == "ACS").value')
+                REGISTRY=$(echo "$config" | jq -r '.[] | select(.key == "Registry").value')
+                TPA=$(echo "$config" | jq -r '.[] | select(.key == "TPA").value')
+                SCM=$(echo "$config" | jq -r '.[] | select(.key == "SCM").value')
+                PIPELINE=$(echo "$config" | jq -r '.[] | select(.key == "Pipeline").value')
+                AUTH=$(echo "$config" | jq -r '.[] | select(.key == "AUTH").value')
+
                 (
                 pipeline_run_name=$(tkn pipeline start -f https://raw.githubusercontent.com/$REPO_ORG/rhtap-cli/refs/heads/$BRANCH/integration-tests/pipelines/rhtap-cli-e2e.yaml \
-                  --param ocp-version="$version"\
+                  --param ocp-version="$OCP_VERSION"\
                   --param job-spec="$JOB_SPEC"\
                   --param konflux-test-infra-secret="$(params.konflux-test-infra-secret)" \
+                  --param acs_config="$ACS" \
+                  --param registry_config="$REGISTRY" \
+                  --param tpa_config="$TPA" \
+                  --param scm_config="$SCM" \
+                  --param pipeline_config="$PIPELINE" \
+                  --param auth_config="$AUTH" \
                   --use-param-defaults \
                   --labels "appstudio.openshift.io/component=${KONFLUX_COMPONENT_NAME}" \
                   --labels "appstudio.openshift.io/application=${KONFLUX_APPLICATION_NAME}" \
                   --labels "pipelines.appstudio.openshift.io/type=$(context.pipelineRun.name)" \
                   --labels "test.appstudio.openshift.io/scenario=pr-e2e-tests" \
-                  --prefix-name "e2e-$version"\
+                  --prefix-name "e2e-$OCP_VERSION"\
                   -o name)
 
                   tkn pipelinerun logs  "$pipeline_run_name" -f | sed "s/^/$pipeline_run_name: /"
@@ -142,7 +152,7 @@ spec:
                 ) &
                 pid="$!"
                 pids+=("$pid")
-              done < <(echo "$CONFIGS_JSON" | jq -r '.[][] | select(.key == "OCP").value')
+              done < <(echo "$CONFIGS_JSON" | jq -c '.[]')
 
               for pid in "${pids[@]}"; do
                 wait "$pid"

diff --git a/integration-tests/pipelines/rhtap-cli-e2e.yaml b/integration-tests/pipelines/rhtap-cli-e2e.yaml
@@ -38,6 +38,24 @@ spec:
     - name: konflux-test-infra-secret
       description: The name of secret where testing infrastructures credentials are stored.
       type: string
+    - name: acs_config
+      type: string
+      description: "The ACS option for rhtap-cli installation. Valid values are 'new' and 'hosted'."
+    - name: tpa_config
+      type: string
+      description: "The TPA option for rhtap-cli installation. Valid values are 'new' and 'hosted'."
+    - name: registry_config
+      type: string
+      description: "The image registry option for rhtap-cli installation. Valid values are 'quay', 'quay.io' and 'artifactory'."
+    - name: scm_config
+      type: string
+      description: "The SCM option for rhtap-cli installation. Valid values are 'github' , 'gitlab' and 'bitbucket'."
+    - name: pipeline_config
+      type: string
+      description: "The Pipeline option for rhtap-cli installation. Valid values are 'tekton' and 'jenkins'."
+    - name: auth_config
+      type: string
+      description: "The authentication provider for rhtap. Valid values are 'github' and 'gitlab'."
   tasks:
     - name: rosa-hcp-metadata
       taskRef:
@@ -107,6 +125,16 @@ spec:
           value: "$(tasks.provision-rosa.results.ocp-login-command)"
         - name: job-spec
           value: "$(params.job-spec)"
+        - name: acs_config
+          value: $(params.acs_config)
+        - name: tpa_config
+          value: $(params.tpa_config)
+        - name: registry_config
+          value: $(params.registry_config)
+        - name: scm_config
+          value: $(params.scm_config)
+        - name: pipeline_config
+          value: $(params.pipeline_config)
     - name: sprayproxy-provision
       runAfter:
         - rhtap-install

diff --git a/integration-tests/scripts/install.sh b/integration-tests/scripts/install.sh
@@ -9,19 +9,18 @@ if [ -f "$HOME/rhtap-cli-ci-kubeconfig" ]; then
 fi
 
 echo "[INFO]Configuring deployment"
-
-acs_install_enabled="${acs_install_enabled:-true}"
-quay_install_enabled="${quay_install_enabled:-true}"
-github_enabled="${github_enabled:-true}"
-gitlab_enabled="${gitlab_enabled:-true}"
-jenkins_enabled="${jenkins_enabled:-true}"
-bitbucket_enabled="${bitbucket_enabled:-false}"
-
-echo "[INFO] acs_install_enabled=$acs_install_enabled"
-echo "[INFO] quay_install_enabled=$quay_install_enabled"
-echo "[INFO] github_enabled=$github_enabled"
-echo "[INFO] gitlab_enabled=$gitlab_enabled"
-echo "[INFO] jenkins_enabled=$jenkins_enabled"
+acs_config="${acs_config:-new}" # new, hosted
+tpa_config="${tpa_config:-new}" # new, hosted
+registry_config="${registry_config:-quay}" # quay, quayio, artifactory
+scm_config="${scm_config:-github}"  # github, gitlab, bitbucket
+pipeline_config="${pipeline_config:-tekton}" # tekton, jenkins
+auth_config="${auth_config:-github}" # github, gitlab
+
+echo "[INFO] acs_config=$acs_config"
+echo "[INFO] tpa_config=$tpa_config"
+echo "[INFO] registry_config=$registry_config"
+echo "[INFO] scm_config=$scm_config"
+echo "[INFO] ci_config=$pipeline_config"
 
 # Variables for RHTAP Sample Backstage Templates
 export DEVELOPER_HUB__CATALOG__URL="${DEVELOPER_HUB__CATALOG__URL:-"https://github.com/redhat-appstudio/tssc-sample-templates/blob/main/all.yaml"}"
@@ -34,6 +33,8 @@ export GITOPS__GIT_TOKEN
 export GITHUB__APP__WEBHOOK__SECRET
 # Variables for Gitlab integration
 export GITLAB__TOKEN
+export GITLAB__APP__ID
+export GITLAB__APP_SECRET
 # Variables for Jenkins integration
 export JENKINS_API_TOKEN
 export JENKINS_URL
@@ -48,6 +49,12 @@ export ACS__API_TOKEN
 export BITBUCKET_HOST="bitbucket.org"
 export BITBUCKET_USERNAME
 export BITBUCKET_APP_PASSWORD
+## variables for TPA integration
+export BOMBASTIC_API_URL
+export OIDC_CLIENT_ID
+export OIDC_CLIENT_SECRET
+export OIDC_ISSUER_URL
+export SUPPORTED_CYCLONEDX_VERSION="1.4"
 
 tpl_file="installer/charts/values.yaml.tpl"
 config_file="installer/config.yaml"
@@ -66,8 +73,8 @@ update_dh_catalog_url() {
 }
 
 github_integration() {
-  # if github_enabled is true, then perform the github integration
-  if [[ "${github_enabled}" == "true" ]]; then
+  # if scm_config is "github", then perform the github integration
+  if [[ "${scm_config}" == "github" || "$auth_config" == "github" ]]; then
     echo "[INFO] Config Github integration with RHTAP"
 
     GITHUB__APP__ID="${GITHUB__APP__ID:-$(cat /usr/local/rhtap-cli-install/rhdh-github-app-id)}"
@@ -93,7 +100,7 @@ EOF
 }
 
 jenkins_integration() {
-  if [[ "${jenkins_enabled}" == "true" ]]; then
+  if [[ "${pipeline_config}" == "jenkins" ]]; then
     echo "[INFO] Integrates an exising Jenkins server into RHTAP"
 
     JENKINS_API_TOKEN="${JENKINS_API_TOKEN:-$(cat /usr/local/rhtap-cli-install/jenkins-api-token)}"
@@ -105,17 +112,20 @@ jenkins_integration() {
 }
 
 gitlab_integration() {
-  if [[ "${gitlab_enabled}" == "true" ]]; then
+  if [[ "${scm_config}" == "gitlab" || "$auth_config" = "gitlab" ]]; then
     echo "[INFO] Configure Gitlab integration into RHTAP"
 
     GITLAB__TOKEN="${GITLAB__TOKEN:-$(cat /usr/local/rhtap-cli-install/gitlab_token)}"
 
-    ./bin/rhtap-cli integration --kube-config "$KUBECONFIG" gitlab --token "${GITLAB__TOKEN}"
+    GITLAB__APP__ID="${GITLAB__APP__ID:-$(cat /usr/local/rhtap-cli-install/gitlab-app-id)}"
+    GITLAB__APP_SECRET="${GITLAB__APP_SECRET:-$(cat /usr/local/rhtap-cli-install/gitlab-app-secret)}"
+
+    ./bin/rhtap-cli integration --kube-config "$KUBECONFIG" gitlab --token="${GITLAB__TOKEN}" --app-id="${GITLAB__APP__ID}" --app-secret="${GITLAB__APP_SECRET}"
   fi
 }
 
-quay_integration() {
-  if [[ "${quay_install_enabled}" == "false" ]]; then
+quayio_integration() {
+  if [[ "${registry_config}" == "quay.io" ]]; then
     # disable Quay installation
     yq e '.rhtapCLI.features.redHatQuay.enabled = false' -i "${config_file}"
 
@@ -130,7 +140,7 @@ quay_integration() {
 }
 
 acs_integration() {
-  if [[ "${acs_install_enabled}" == "false" ]]; then
+  if [[ "${acs_config}" == "hosted" ]]; then
     # disable ACS installation
     yq e '.rhtapCLI.features.redHatAdvancedClusterSecurity.enabled = false' -i "${config_file}"
 
@@ -144,8 +154,11 @@ acs_integration() {
 }
 
 acs_quay_connection() {
-  # if quay_install_enabled is false, then skip the quay integration
-  if [[ "${quay_install_enabled}" == "true" ]]; then
+  #TODO: it needs to consider the following scenarios:
+  # 1. ACS is installed and Quay is installed
+  # 2. ACS is hosted on somewhere and registry is using quay.io
+  # 3. ACS is hosted on somewhere and registry is Artifactory
+  if [[ "${registry_config}" == "quay" ]]; then
     echo "[INFO] Configure internal Quay integration with internal ACS"
 
     acs_central_url=https://$(kubectl -n rhtap-acs get route central -o  'jsonpath={.spec.host}')
@@ -163,7 +176,7 @@ acs_quay_connection() {
 }
 
 bitbucket_integration() {
-  if [[ "${bitbucket_enabled}" == "true" ]]; then
+  if [[ "${scm_config}" == "bitbucket" ]]; then
     echo "[INFO] Configure Bitbucket integration into RHTAP"
 
     BITBUCKET_USERNAME="${BITBUCKET_USERNAME:-$(cat /usr/local/rhtap-cli-install/bitbucket-username)}"
@@ -173,6 +186,21 @@ bitbucket_integration() {
   fi
 }
 
+tpa_integration() {
+  if [[ "${tpa_config}" == "hosted" ]]; then
+    echo "[INFO] Configure a hosted TPA integration into RHTAP"
+
+    BOMBASTIC_API_URL="${BOMBASTIC_API_URL:-$(cat /usr/local/rhtap-cli-install/bombastic-api-url)}"
+    OIDC_CLIENT_ID="${OIDC_CLIENT_ID:-$(cat /usr/local/rhtap-cli-install/oidc-client-id)}"
+    OIDC_CLIENT_SECRET="${OIDC_CLIENT_SECRET:-$(cat /usr/local/rhtap-cli-install/oidc-client-secret)}"
+    OIDC_ISSUER_URL="${OIDC_ISSUER_URL:-$(cat /usr/local/rhtap-cli-install/oidc-issuer-url)}"
+
+    # disable TPA installation
+    yq e '.rhtapCLI.features.trustedProfileAnalyzer.enabled = false' -i "${config_file}"
+    ./bin/rhtap-cli integration --kube-config "$KUBECONFIG" trustification --bombastic-api-url="${BOMBASTIC_API_URL}" --oidc-client-id="${OIDC_CLIENT_ID}" --oidc-client-secret="${OIDC_CLIENT_SECRET}" --oidc-issuer-url="${OIDC_ISSUER_URL}" --supported-cyclonedx-version="${SUPPORTED_CYCLONEDX_VERSION}"
+  fi
+}
+
 install_rhtap() {
   echo "[INFO] Start installing RHTAP"
   github_integration
@@ -182,13 +210,14 @@ install_rhtap() {
   echo "[INFO] Installing RHTAP"
   jenkins_integration
   gitlab_integration
-  quay_integration
+  quayio_integration
   acs_integration
   bitbucket_integration
+  tpa_integration
   # for debugging purpose
   echo "[INFO] Print out the content of values.yaml.tpl"
   cat "$tpl_file"
-  ./bin/rhtap-cli deploy --timeout 30m --config "$config_file" --values-template "$tpl_file" --kube-config "$KUBECONFIG" --debug --log-level=debug
+  ./bin/rhtap-cli deploy --timeout 35m --config "$config_file" --values-template "$tpl_file" --kube-config "$KUBECONFIG" --debug --log-level=debug
 
   homepage_url=https://$(kubectl -n rhtap get route backstage-developer-hub -o  'jsonpath={.spec.host}')
   callback_url=https://$(kubectl -n rhtap get route backstage-developer-hub -o  'jsonpath={.spec.host}')/api/auth/github/handler/frame

diff --git a/integration-tests/tasks/rhtap-install.yaml b/integration-tests/tasks/rhtap-install.yaml
@@ -11,21 +11,24 @@ spec:
     - name: job-spec
       type: string
       description: "The job specification containing details of the test execution."
-    - name: acs_install_enabled
-      description: 'Indicates if the ACS installation is enabled.'
-      default: 'true'
-    - name: quay_install_enabled
-      description: 'Indicates if the Quay installation is enabled.'
-      default: 'true'
-    - name: github_enabled
-      description: 'Indicates if the GitHub integration is enabled.'
-      default: 'true'
-    - name: gitlab_enabled
-      description: 'Indicates if the GitLab integration is enabled.'
-      default: 'true'
-    - name: jenkins_enabled
-      description: 'Indicates if the Jenkins integration is enabled.'
-      default: 'true'
+    - name: acs_config
+      type: string
+      description: "The ACS option for rhtap-cli installation. Valid values are 'new' and 'hosted'."
+    - name: tpa_config
+      type: string
+      description: "The TPA option for rhtap-cli installation. Valid values are 'new' and 'hosted'."
+    - name: registry_config
+      type: string
+      description: "The image registry option for rhtap-cli installation. Valid values are 'quay', 'quayio' and 'artifactory'."
+    - name: scm_config
+      type: string
+      description: "The SCM option for rhtap-cli installation. Valid values are 'github' , 'gitlab' and 'bitbucket'."
+    - name: pipeline_config
+      type: string
+      description: "The Pipeline option for rhtap-cli installation. Valid values are 'tekton' and 'jenkins'."
+    - name: auth_config
+      type: string
+      description: "The authentication provider for rhtap. Valid values are 'github' and 'gitlab'."
   volumes:
     - name: rhtap-cli-volume
       secret:
@@ -36,16 +39,6 @@ spec:
       env:
         - name: JOB_SPEC
           value: "$(params.job-spec)"
-        - name: acs_install_enabled
-          value: "$(params.acs_install_enabled)"
-        - name: quay_install_enabled
-          value: "$(params.quay_install_enabled)"
-        - name: github_enabled
-          value: "$(params.github_enabled)"
-        - name: gitlab_enabled
-          value: "$(params.gitlab_enabled)"
-        - name: jenkins_enabled
-          value: "$(params.jenkins_enabled)"
         - name: OCP_LOGIN_COMMAND
           value: "$(params.ocp-login-command)"
       volumeMounts:
@@ -64,6 +57,17 @@ spec:
           exit 1
         fi
 
+        # Generate the .env file for rhtap-cli installation based on the configuration given in the pict file
+        if [ -f .env ]; then
+            rm .env
+        fi
+        echo "export acs_config=\"$(params.acs_config)\"" >> .env
+        echo "export tpa_config=\"$(params.tpa_config)\"" >> .env
+        echo "export registry_config=\"$(params.registry_config)\"" >> .env
+        echo "export scm_config=\"$(params.scm_config)\"" >> .env
+        echo "export pipeline_config=\"$(params.pipeline_config)\"" >> .env
+        echo "export auth_config=\"$(params.auth_config)\"" >> .env
+
         # Clone the rhtap-cli repository
         cd "$(mktemp -d)"
 
@@ -80,6 +84,7 @@ spec:
         fi
 
         # Deploy rhtap
+        source .env
         ./integration-tests/scripts/ci-oc-login.sh
         ./integration-tests/scripts/minio.sh
         ./integration-tests/scripts/install.sh