Merge branch 'main' into fix-links

janus-idp · Dec 13, 2024 · 87b024a · 87b024a
2 parents 6a6c283 + e3e7586
commit 87b024a
Show file tree

Hide file tree

Showing 79 changed files with 1,301 additions and 792 deletions.
diff --git a/.github/workflows/pr-semantic.yaml b/.github/workflows/pr-semantic.yaml
@@ -33,6 +33,7 @@ jobs:
             test
             revert
           requireScope: false
+          headerPattern: '^(?:\[release-\d+.\d+\] )?(\w*)(?:\(([\w$.\-* ]*)\))?: (.*)$'
           subjectPattern: ^(?![A-Z]).+$
           subjectPatternError: |
             The subject "{subject}" found in the pull request title "{title}"

diff --git a/.ibm/pipelines/auth/secrets-rhdh-secrets.yaml b/.ibm/pipelines/auth/secrets-rhdh-secrets.yaml
@@ -32,4 +32,10 @@ data:
   DH_TARGET_URL: dGVzdC1iYWNrc3RhZ2UtY3VzdG9taXphdGlvbi1wcm92aWRlci1zaG93Y2FzZS1jaS5yaGRoLXByLW9zLWE5ODA1NjUwODMwYjIyYzNhZWUyNDNlNTFkNzk1NjVkLTAwMDAudXMtZWFzdC5jb250YWluZXJzLmFwcGRvbWFpbi5jbG91ZA==
   GOOGLE_CLIENT_ID: dGVtcA==
   GOOGLE_CLIENT_SECRET: dGVtcA==
+  RHDH_BASE_URL: dGVtcA==
+  KEYCLOAK_AUTH_BASE_URL: dGVtcA==
+  KEYCLOAK_AUTH_CLIENTID: dGVtcA==
+  KEYCLOAK_AUTH_CLIENT_SECRET: dGVtcA==
+  KEYCLOAK_AUTH_LOGIN_REALM: dGVtcA==
+  KEYCLOAK_AUTH_REALM: dGVtcA==
 type: Opaque
diff --git a/.ibm/pipelines/cluster/aks/az.sh b/.ibm/pipelines/cluster/aks/az.sh
@@ -20,7 +20,7 @@ az_aks_approuting_enable() {
   local resource_group=$2
   set +xe
   local output=$(az aks approuting enable --name $name --resource-group $resource_group 2>&1 | sed 's/^ERROR: //')
-  set -xe
+  set -e
   exit_status=$?
 
   if [ $exit_status -ne 0 ]; then

diff --git a/.ibm/pipelines/cluster/aks/deployment.sh b/.ibm/pipelines/cluster/aks/deployment.sh
@@ -6,7 +6,8 @@ initiate_aks_deployment() {
   # install_tekton_pipelines
   uninstall_helmchart "${NAME_SPACE_K8S}" "${RELEASE_NAME}"
   cd "${DIR}"
-  apply_yaml_files "${DIR}" "${NAME_SPACE_K8S}"
+  local rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
+  apply_yaml_files "${DIR}" "${NAME_SPACE_K8S}" "${rhdh_base_url}"
   yq_merge_value_files "${DIR}/value_files/${HELM_CHART_VALUE_FILE_NAME}" "${DIR}/value_files/${HELM_CHART_AKS_DIFF_VALUE_FILE_NAME}" "/tmp/${HELM_CHART_K8S_MERGED_VALUE_FILE_NAME}"
   mkdir -p "${ARTIFACT_DIR}/${NAME_SPACE_K8S}"
   cp -a "/tmp/${HELM_CHART_K8S_MERGED_VALUE_FILE_NAME}" "${ARTIFACT_DIR}/${NAME_SPACE_K8S}/" # Save the final value-file into the artifacts directory.
@@ -26,7 +27,8 @@ initiate_rbac_aks_deployment() {
   # install_tekton_pipelines
   uninstall_helmchart "${NAME_SPACE_RBAC_K8S}" "${RELEASE_NAME_RBAC}"
   cd "${DIR}"
-  apply_yaml_files "${DIR}" "${NAME_SPACE_RBAC_K8S}"
+  local rbac_rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
+  apply_yaml_files "${DIR}" "${NAME_SPACE_RBAC_K8S}" "${rbac_rhdh_base_url}"
   yq_merge_value_files "${DIR}/value_files/${HELM_CHART_RBAC_VALUE_FILE_NAME}" "${DIR}/value_files/${HELM_CHART_RBAC_AKS_DIFF_VALUE_FILE_NAME}" "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}"
   mkdir -p "${ARTIFACT_DIR}/${NAME_SPACE_RBAC_K8S}"
   cp -a "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}" "${ARTIFACT_DIR}/${NAME_SPACE_RBAC_K8S}/" # Save the final value-file into the artifacts directory.

diff --git a/.ibm/pipelines/cluster/gke/deployment.sh b/.ibm/pipelines/cluster/gke/deployment.sh
@@ -7,7 +7,8 @@ initiate_gke_deployment() {
   # install_tekton_pipelines
   uninstall_helmchart "${NAME_SPACE_K8S}" "${RELEASE_NAME}"
   cd "${DIR}"
-  apply_yaml_files "${DIR}" "${NAME_SPACE_K8S}"
+  local rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
+  apply_yaml_files "${DIR}" "${NAME_SPACE_K8S}" "${rhdh_base_url}"
   oc apply -f "${DIR}/cluster/gke/frontend-config.yaml" --namespace="${project}"
   yq_merge_value_files "${DIR}/value_files/${HELM_CHART_VALUE_FILE_NAME}" "${DIR}/value_files/${HELM_CHART_GKE_DIFF_VALUE_FILE_NAME}" "/tmp/${HELM_CHART_K8S_MERGED_VALUE_FILE_NAME}"
   mkdir -p "${ARTIFACT_DIR}/${NAME_SPACE_K8S}"
@@ -30,7 +31,8 @@ initiate_rbac_gke_deployment() {
   # install_tekton_pipelines
   uninstall_helmchart "${NAME_SPACE_RBAC_K8S}" "${RELEASE_NAME_RBAC}"
   cd "${DIR}"
-  apply_yaml_files "${DIR}" "${NAME_SPACE_RBAC_K8S}"
+  local rbac_rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
+  apply_yaml_files "${DIR}" "${NAME_SPACE_RBAC_K8S}"  "${rbac_rhdh_base_url}"
   yq_merge_value_files "${DIR}/value_files/${HELM_CHART_RBAC_VALUE_FILE_NAME}" "${DIR}/value_files/${HELM_CHART_RBAC_GKE_DIFF_VALUE_FILE_NAME}" "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}"
   mkdir -p "${ARTIFACT_DIR}/${NAME_SPACE_RBAC_K8S}"
   cp -a "/tmp/${HELM_CHART_RBAC_K8S_MERGED_VALUE_FILE_NAME}" "${ARTIFACT_DIR}/${NAME_SPACE_RBAC_K8S}/" # Save the final value-file into the artifacts directory.

diff --git a/.ibm/pipelines/cluster/gke/gcloud.sh b/.ibm/pipelines/cluster/gke/gcloud.sh
@@ -19,7 +19,7 @@ gcloud_ssl_cert_create() {
   # Capture both stdout and stderr
   set +xe
   local output=$(gcloud compute ssl-certificates create "${cert_name}" --domains="${domain}" --project="${project}" --global 2>&1)
-  set -xe
+  set -e
 
   # Check the return status
   if [ $? -eq 0 ]; then

diff --git a/.ibm/pipelines/cluster/operators/acm/multiclusterhub.yaml b/.ibm/pipelines/cluster/operators/acm/multiclusterhub.yaml
@@ -0,0 +1,6 @@
+apiVersion: operator.open-cluster-management.io/v1
+kind: MultiClusterHub
+metadata:
+  name: multiclusterhub
+  namespace: open-cluster-management
+spec: {}
diff --git a/.ibm/pipelines/cluster/operators/acm/operator-group.yaml b/.ibm/pipelines/cluster/operators/acm/operator-group.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: open-cluster-management
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: open-cluster-management
+  namespace: open-cluster-management
+spec:
+  targetNamespaces:
+  - open-cluster-management
diff --git a/.ibm/pipelines/cluster/operators/acm/subscription-acm.yaml b/.ibm/pipelines/cluster/operators/acm/subscription-acm.yaml
@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: advanced-cluster-management
+  namespace: open-cluster-management
+spec:
+  channel: release-2.12
+  installPlanApproval: Automatic
+  name: advanced-cluster-management
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
diff --git a/.ibm/pipelines/env_variables.sh b/.ibm/pipelines/env_variables.sh
@@ -24,18 +24,10 @@ NAME_SPACE_RUNTIME="${NAME_SPACE_RUNTIME:-showcase-runtime}"
 NAME_SPACE_POSTGRES_DB="${NAME_SPACE_POSTGRES_DB:-postgress-external-db}"
 NAME_SPACE_RDS="showcase-rds-nightly"
 CHART_VERSION="2.15.2"
-GITHUB_APP_APP_ID=$(cat /tmp/secrets/GITHUB_APP_APP_ID)
-GITHUB_APP_CLIENT_ID=$(cat /tmp/secrets/GITHUB_APP_CLIENT_ID)
-GITHUB_APP_PRIVATE_KEY=$(cat /tmp/secrets/GITHUB_APP_PRIVATE_KEY)
-GITHUB_APP_CLIENT_SECRET=$(cat /tmp/secrets/GITHUB_APP_CLIENT_SECRET)
-GITHUB_APP_2_APP_ID=$(cat /tmp/secrets/GITHUB_APP_2_APP_ID)
-GITHUB_APP_2_CLIENT_ID=$(cat /tmp/secrets/GITHUB_APP_2_CLIENT_ID)
-GITHUB_APP_2_PRIVATE_KEY=$(cat /tmp/secrets/GITHUB_APP_2_PRIVATE_KEY)
-GITHUB_APP_2_CLIENT_SECRET=$(cat /tmp/secrets/GITHUB_APP_2_CLIENT_SECRET)
-GITHUB_APP_3_APP_ID=$(cat /tmp/secrets/GITHUB_APP_3_APP_ID)
-GITHUB_APP_3_CLIENT_ID=$(cat /tmp/secrets/GITHUB_APP_3_CLIENT_ID)
-GITHUB_APP_3_PRIVATE_KEY=$(cat /tmp/secrets/GITHUB_APP_3_PRIVATE_KEY)
-GITHUB_APP_3_CLIENT_SECRET=$(cat /tmp/secrets/GITHUB_APP_3_CLIENT_SECRET)
+GITHUB_APP_APP_ID=$(cat /tmp/secrets/GITHUB_APP_3_APP_ID)
+GITHUB_APP_CLIENT_ID=$(cat /tmp/secrets/GITHUB_APP_3_CLIENT_ID)
+GITHUB_APP_PRIVATE_KEY=$(cat /tmp/secrets/GITHUB_APP_3_PRIVATE_KEY)
+GITHUB_APP_CLIENT_SECRET=$(cat /tmp/secrets/GITHUB_APP_3_CLIENT_SECRET)
 GITHUB_APP_JANUS_TEST_APP_ID=OTE3NjM5
 GITHUB_APP_JANUS_TEST_CLIENT_ID=SXYyM2xpSEdtU1l6SUFEbHFIakw=
 GITHUB_APP_JANUS_TEST_PRIVATE_KEY=$(cat /tmp/secrets/GITHUB_APP_JANUS_TEST_PRIVATE_KEY)
@@ -57,6 +49,7 @@ GITLAB_TOKEN=$(cat /tmp/secrets/GITLAB_TOKEN)
 
 RHDH_PR_OS_CLUSTER_URL=$(cat /tmp/secrets/RHDH_PR_OS_CLUSTER_URL)
 RHDH_PR_OS_CLUSTER_TOKEN=$(cat /tmp/secrets/RHDH_PR_OS_CLUSTER_TOKEN)
+ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
 K8S_CLUSTER_API_SERVER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n')
 K8S_SERVICE_ACCOUNT_TOKEN=$K8S_CLUSTER_TOKEN_ENCODED
 OCM_CLUSTER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n')
@@ -136,4 +129,10 @@ AUTH_PROVIDERS_NAMESPACE="showcase-auth-providers"
 STATIC_API_TOKEN="somecicdtoken"
 AUTH_PROVIDERS_CHART="rhdh-chart/backstage"
 
+KEYCLOAK_AUTH_BASE_URL=$(cat /tmp/secrets/KEYCLOAK_AUTH_BASE_URL)
+KEYCLOAK_AUTH_CLIENTID=$(cat /tmp/secrets/KEYCLOAK_AUTH_CLIENTID)
+KEYCLOAK_AUTH_CLIENT_SECRET=$(cat /tmp/secrets/KEYCLOAK_AUTH_CLIENT_SECRET)
+KEYCLOAK_AUTH_LOGIN_REALM=$(cat /tmp/secrets/KEYCLOAK_AUTH_LOGIN_REALM)
+KEYCLOAK_AUTH_REALM=$(cat /tmp/secrets/KEYCLOAK_AUTH_REALM)
+
 set +a  # Stop automatically exporting variables
diff --git a/.ibm/pipelines/jobs/aks.sh b/.ibm/pipelines/jobs/aks.sh
@@ -17,13 +17,12 @@ handle_aks() {
   az_aks_approuting_enable "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
   az_aks_get_credentials "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
 
-  set_github_app_3_credentials
-
   initiate_aks_deployment
   check_and_test "${RELEASE_NAME}" "${NAME_SPACE_K8S}" "${url}"
   delete_namespace "${NAME_SPACE_K8S}"
   initiate_rbac_aks_deployment
-  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC_K8S}"
+  local rbac_rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC_K8S}" "${rbac_rhdh_base_url}"
   delete_namespace "${NAME_SPACE_RBAC_K8S}"
 }
 

diff --git a/.ibm/pipelines/jobs/gke.sh b/.ibm/pipelines/jobs/gke.sh
@@ -12,13 +12,12 @@ handle_gke() {
   gcloud_auth "${GKE_SERVICE_ACCOUNT_NAME}" "/tmp/secrets/GKE_SERVICE_ACCOUNT_KEY"
   gcloud_gke_get_credentials "${GKE_CLUSTER_NAME}" "${GKE_CLUSTER_REGION}" "${GOOGLE_CLOUD_PROJECT}"
 
-  set_github_app_3_credentials
-
   initiate_gke_deployment
   check_and_test "${RELEASE_NAME}" "${NAME_SPACE_K8S}" "${url}"
   delete_namespace "${NAME_SPACE_K8S}"
   initiate_rbac_gke_deployment
-  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC_K8S}"
+  local rbac_rhdh_base_url="https://${K8S_CLUSTER_ROUTER_BASE}"
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC_K8S}" "${rbac_rhdh_base_url}"
   delete_namespace "${NAME_SPACE_RBAC_K8S}"
 
 }
diff --git a/.ibm/pipelines/jobs/main.sh b/.ibm/pipelines/jobs/main.sh
@@ -1,42 +1,16 @@
 #!/bin/sh
 
-set -x
-
-set_namespace() {
-  # Enable parallel PR testing for main branch by utilizing a pool of namespaces
-  local namespaces_pool=("pr-1" "pr-2" "pr-3")
-  local namespace_found=false
-  # Iterate through namespace pool to find an available set
-  for ns in "${namespaces_pool[@]}"; do
-    if ! oc get namespace "showcase-$ns" >/dev/null 2>&1; then
-      echo "Namespace "showcase-$ns" does not exist, Using NS: showcase-$ns, showcase-rbac-$ns, postgress-external-db-$ns"
-      export NAME_SPACE="showcase-$ns"
-      export NAME_SPACE_RBAC="showcase-rbac-$ns"
-      export NAME_SPACE_POSTGRES_DB="postgress-external-db-$ns"
-      namespace_found=true
-      break
-    fi
-  done
-  if ! $namespace_found; then
-    echo "Error: All namespaces $namespaces_pool already in Use"
-    exit 1
-  fi
-}
-
 handle_main() {
   echo "Configuring namespace: ${NAME_SPACE}"
-  set_github_app_4_credentials
-  set_namespace
   oc_login
-
-  API_SERVER_URL=$(oc whoami --show-server)
-  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
-  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
+  echo "OCP version: $(oc version)"
 
   export K8S_CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
-  local url="https://${RELEASE_NAME}-backstage-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
+  cluster_setup
   initiate_deployments
   deploy_test_backstage_provider "${NAME_SPACE}"
+  local url="https://${RELEASE_NAME}-backstage-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
   check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${url}"
-  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${url}"
+  local rbac_url="https://${RELEASE_NAME_RBAC}-backstage-${NAME_SPACE_RBAC}.${K8S_CLUSTER_ROUTER_BASE}"
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${rbac_url}"
 }
diff --git a/.ibm/pipelines/jobs/ocp-v4-15.sh b/.ibm/pipelines/jobs/ocp-v4-15.sh
diff --git a/.ibm/pipelines/jobs/ocp-v4-16.sh b/.ibm/pipelines/jobs/ocp-v4-16.sh
diff --git a/.ibm/pipelines/jobs/operator.sh b/.ibm/pipelines/jobs/operator.sh
@@ -3,10 +3,6 @@
 handle_operator() {
   oc_login
 
-  API_SERVER_URL=$(oc whoami --show-server)
-  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
-  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
-
   apply_yaml_files "${DIR}" "${NAME_SPACE}"
   deploy_test_backstage_provider "${NAME_SPACE}"
 }
diff --git a/.ibm/pipelines/jobs/periodic.sh b/.ibm/pipelines/jobs/periodic.sh
@@ -1,40 +1,32 @@
 #!/bin/sh
 
 handle_nightly() {
-  export NAME_SPACE="showcase-ci-nightly"
-  export NAME_SPACE_RBAC="showcase-rbac-nightly"
-  export NAME_SPACE_POSTGRES_DB="postgress-external-db-nightly"
-  export NAME_SPACE_K8S="showcase-k8s-ci-nightly"
-  export NAME_SPACE_RBAC_K8S="showcase-rbac-k8s-ci-nightly"
-
   oc_login
 
-  API_SERVER_URL=$(oc whoami --show-server)
-  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
-  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
-
   export K8S_CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
 
   configure_namespace "${NAME_SPACE}"
   deploy_test_backstage_provider "${NAME_SPACE}"
-  local url="https://${RELEASE_NAME}-backstage-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
-  install_pipelines_operator
-  sleep 20 # wait for Pipeline Operator/Tekton pipelines to be ready
-  oc apply -f "$dir/resources/pipeline-run/hello-world-pipeline.yaml"
-  oc apply -f "$dir/resources/pipeline-run/hello-world-pipeline-run.yaml"
+  cluster_setup
   initiate_deployments
+  local url="https://${RELEASE_NAME}-backstage-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
   check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${url}"
-  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${url}"
+  local rbac_url="https://${RELEASE_NAME_RBAC}-backstage-${NAME_SPACE_RBAC}.${K8S_CLUSTER_ROUTER_BASE}"
+  check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${rbac_url}"
 
   # Only test TLS config with RDS and Change configuration at runtime in nightly jobs
   initiate_rds_deployment "${RELEASE_NAME}" "${NAME_SPACE_RDS}"
-  check_and_test "${RELEASE_NAME}" "${NAME_SPACE_RDS}" "${url}"
+  local rds_url="https://${RELEASE_NAME}-backstage-${NAME_SPACE_RDS}.${K8S_CLUSTER_ROUTER_BASE}"
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE_RDS}" "${rds_url}"
 
   # Deploy `showcase-runtime` to run tests that require configuration changes at runtime
   configure_namespace "${NAME_SPACE_RUNTIME}"
   uninstall_helmchart "${NAME_SPACE_RUNTIME}" "${RELEASE_NAME}"
   oc apply -f "$DIR/resources/redis-cache/redis-deployment.yaml" --namespace="${NAME_SPACE_RUNTIME}"
-  apply_yaml_files "${DIR}" "${NAME_SPACE_RUNTIME}"
+
+  local runtime_url="https://${RELEASE_NAME}-backstage-${NAME_SPACE_RUNTIME}.${K8S_CLUSTER_ROUTER_BASE}"
+
+  apply_yaml_files "${DIR}" "${NAME_SPACE_RUNTIME}" "${runtime_url}"
   helm upgrade -i "${RELEASE_NAME}" -n "${NAME_SPACE_RUNTIME}" "${HELM_REPO_NAME}/${HELM_IMAGE_NAME}" --version "${CHART_VERSION}" -f "${DIR}/value_files/${HELM_CHART_VALUE_FILE_NAME}" --set global.clusterRouterBase="${K8S_CLUSTER_ROUTER_BASE}" --set upstream.backstage.image.repository="${QUAY_REPO}" --set upstream.backstage.image.tag="${TAG_NAME}"
-  check_and_test "${RELEASE_NAME}" "${NAME_SPACE_RUNTIME}" "${url}"
+  check_and_test "${RELEASE_NAME}" "${NAME_SPACE_RUNTIME}" "${runtime_url}"
 }