Konflux integration

.gitignore

@@ -4,4 +4,5 @@ catalog-renders/
 **/catalog.yaml
 **/catalog.json
 
+__pycache__/
 .DS_Store

.tekton/integration-tests/pipelines/catalog-argocd-e2e.yaml

@@ -0,0 +1,386 @@
+---
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: gitops-catalog-argocd-e2e
+spec:
+  description: |
+    ArgoCD E2E integration test which provisions an ephemeral cluster,
+    extracts ArgoCD server image from catalog, deploys ArgoCD standalone,
+    and runs upstream ArgoCD E2E tests.
+  params:
+    - description: Snapshot of the application
+      name: SNAPSHOT
+      default: '{"components": [{"name":"catalog-main", "containerImage": "quay.io/redhat-user-workloads/rh-openshift-gitops-tenant/catalog:latest"}]}'
+      type: string
+    - description: Git URL of catalog repository (for task definitions)
+      name: CATALOG_TASK_URL
+      default: "https://github.com/rh-gitops-midstream/catalog"
+      type: string
+    - description: Git revision for task definitions
+      name: CATALOG_TASK_REVISION
+      default: "konflux-integration"
+      type: string
+    - description: OpenShift version to provision
+      name: OPENSHIFT_VERSION
+      default: "4.20"
+      type: string
+    - description: Operator channel to query in catalog
+      name: OPERATOR_CHANNEL
+      default: "latest"
+      type: string
+    - description: Enable FIPS mode for the ephemeral cluster
+      name: FIPS_ENABLED
+      default: "false"
+      type: string
+    - description: ArgoCD version for upstream manifests
+      name: ARGOCD_VERSION
+      default: "v2.14.1"
+      type: string
+    - description: Git URL of the ArgoCD test repository
+      name: TEST_REPO_URL
+      default: "https://github.com/argoproj/argo-cd.git"
+      type: string
+    - description: Git branch or revision of the ArgoCD test repository
+      name: TEST_REPO_BRANCH
+      default: "v2.14.1"
+      type: string
+    - description: AWS instance type for the ephemeral cluster
+      name: CLUSTER_INSTANCE_TYPE
+      default: "m6g.xlarge"
+      type: string
+    - description: PR label required to run tests (empty = no gating, always run). When set, push events always proceed but pull_request events require this label on the PR.
+      name: GATE_LABEL
+      default: ""
+      type: string
+
+  finally:
+    - name: pipeline-wrapup
+      taskRef:
+        resolver: git
+        params:
+          - name: url
+            value: $(params.CATALOG_TASK_URL)
+          - name: revision
+            value: $(params.CATALOG_TASK_REVISION)
+          - name: pathInRepo
+            value: .tekton/tasks/pipeline-wrapup.yaml
+      params:
+        - name: eaasSpaceSecretRef
+          value: $(tasks.provision-eaas-space.results.secretRef)
+        - name: clusterName
+          value: "$(tasks.provision-cluster.results.clusterName)"
+        - name: pipelineRunName
+          value: "$(context.pipelineRun.name)"
+        - name: testImageUrl
+          value: "$(tasks.overlay-test-scripts.results.image-url)"
+        - name: aggregateStatus
+          value: "$(tasks.status)"
+        - name: logUrl
+          value: "https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com/ns/rh-openshift-gitops-tenant/applications/gitops-catalog/pipelineruns/$(context.pipelineRun.name)"
+        - name: pipelineName
+          value: "argocd-e2e"
+        - name: namespace
+          value: "argocd"
+        - name: taskNames
+          value: "extract-argocd-image deploy-argocd test-argocd"
+        - name: openshiftVersion
+          value: "$(params.OPENSHIFT_VERSION)"
+        - name: resolvedOpenshiftVersion
+          value: "$(tasks.provision-cluster.results.resolvedVersion)"
+        - name: operatorChannel
+          value: "$(params.OPERATOR_CHANNEL)"
+        - name: fipsEnabled
+          value: "$(params.FIPS_ENABLED)"
+        - name: argocdVersion
+          value: "$(params.ARGOCD_VERSION)"
+
+  results:
+    - name: TEST_OUTPUT
+      value: $(tasks.test-argocd.results.TEST_OUTPUT)
+
+  tasks:
+    - name: parse-metadata
+      taskRef:
+        resolver: git
+        params:
+          - name: url
+            value: https://github.com/konflux-ci/integration-examples
+          - name: revision
+            value: main
+          - name: pathInRepo
+            value: tasks/test_metadata.yaml
+      params:
+        - name: SNAPSHOT
+          value: $(params.SNAPSHOT)
+
+    - name: check-gate
+      runAfter:
+        - parse-metadata
+      taskSpec:
+        params:
+          - name: gate-label
+            type: string
+          - name: source-git-url
+            type: string
+          - name: source-git-revision
+            type: string
+        results:
+          - name: proceed
+            description: "true if tests should run, false to skip"
+        steps:
+          - name: check
+            image: registry.access.redhat.com/ubi9/ubi-minimal:latest
+            env:
+              - name: GATE_LABEL
+                value: $(params.gate-label)
+              - name: SOURCE_GIT_URL
+                value: $(params.source-git-url)
+              - name: SOURCE_GIT_REVISION
+                value: $(params.source-git-revision)
+            script: |
+              #!/bin/sh
+              set -eu
+
+              PROCEED=true
+
+              if [ -z "${GATE_LABEL}" ]; then
+                echo "No gate label configured, proceeding"
+                echo -n "${PROCEED}" > $(results.proceed.path)
+                exit 0
+              fi
+
+              echo "Gate label: ${GATE_LABEL}"
+
+              REPO_SLUG=""
+              if [ -n "${SOURCE_GIT_URL}" ]; then
+                REPO_SLUG=$(echo "${SOURCE_GIT_URL}" | sed 's|.*github.com/||' | sed 's|\.git$||')
+              fi
+
+              # Find PR by commit SHA via GitHub API
+              PR_NUMBER=""
+              if [ -n "${REPO_SLUG}" ] && [ -n "${SOURCE_GIT_REVISION}" ]; then
+                echo "Looking up PRs for commit ${SOURCE_GIT_REVISION}..."
+                COMMIT_PRS=$(curl -sf "https://api.github.com/repos/${REPO_SLUG}/commits/${SOURCE_GIT_REVISION}/pulls" || true)
+                if [ -n "${COMMIT_PRS}" ] && echo "${COMMIT_PRS}" | grep -q '"number"'; then
+                  PR_NUMBER=$(echo "${COMMIT_PRS}" | grep -o '"number": *[0-9]*' | head -1 | grep -o '[0-9]*' || true)
+                fi
+              fi
+
+              if [ -z "${PR_NUMBER}" ]; then
+                echo "No PR found for this commit, proceeding (push event)"
+                echo -n "${PROCEED}" > $(results.proceed.path)
+                exit 0
+              fi
+
+              echo "Found PR #${PR_NUMBER}, checking labels..."
+              LABELS=$(curl -sf "https://api.github.com/repos/${REPO_SLUG}/pulls/${PR_NUMBER}" \
+                | grep -o '"name": *"[^"]*"' | sed 's/"name": *"//;s/"$//' || true)
+              echo "PR labels: ${LABELS:-none}"
+
+              if echo "${LABELS}" | grep -qx "${GATE_LABEL}"; then
+                echo "Label '${GATE_LABEL}' found, proceeding"
+              else
+                echo "Label '${GATE_LABEL}' NOT found, skipping tests"
+                PROCEED=false
+              fi
+
+              echo -n "${PROCEED}" > $(results.proceed.path)
+              echo "Result: proceed=${PROCEED}"
+      params:
+        - name: gate-label
+          value: $(params.GATE_LABEL)
+        - name: source-git-url
+          value: $(tasks.parse-metadata.results.source-git-url)
+        - name: source-git-revision
+          value: $(tasks.parse-metadata.results.source-git-revision)
+
+    - name: build-test-image
+      runAfter:
+        - check-gate
+      when:
+        - input: $(tasks.check-gate.results.proceed)
+          operator: in
+          values: ["true"]
+      taskRef:
+        resolver: git
+        params:
+          - name: url
+            value: $(params.CATALOG_TASK_URL)
+          - name: revision
+            value: $(params.CATALOG_TASK_REVISION)
+          - name: pathInRepo
+            value: .tekton/tasks/build-ginkgo-test-image.yaml
+      params:
+        - name: SOURCE_URL
+          value: $(params.CATALOG_TASK_URL)
+        - name: SOURCE_REVISION
+          value: $(params.CATALOG_TASK_REVISION)
+        - name: IMAGE_EXPIRES_AFTER
+          value: "7d"
+
+    - name: overlay-test-scripts
+      runAfter:
+        - build-test-image
+      when:
+        - input: $(tasks.check-gate.results.proceed)
+          operator: in
+          values: ["true"]
+      taskRef:
+        resolver: git
+        params:
+          - name: url
+            value: $(params.CATALOG_TASK_URL)
+          - name: revision
+            value: $(params.CATALOG_TASK_REVISION)
+          - name: pathInRepo
+            value: .tekton/tasks/overlay-test-scripts.yaml
+      params:
+        - name: BASE_IMAGE_URL
+          value: $(tasks.build-test-image.results.IMAGE_URL)
+        - name: SOURCE_URL
+          value: $(params.CATALOG_TASK_URL)
+        - name: SOURCE_REVISION
+          value: $(params.CATALOG_TASK_REVISION)
+
+    - name: provision-eaas-space
+      runAfter:
+        - overlay-test-scripts
+      when:
+        - input: $(tasks.check-gate.results.proceed)
+          operator: in
+          values: ["true"]
+      taskRef:
+        resolver: git
+        params:
+          - name: url
+            value: https://github.com/konflux-ci/build-definitions.git
+          - name: revision
+            value: main
+          - name: pathInRepo
+            value: task/eaas-provision-space/0.1/eaas-provision-space.yaml
+      params:
+        - name: ownerName
+          value: $(context.pipelineRun.name)
+        - name: ownerUid
+          value: $(context.pipelineRun.uid)
+
+    - name: provision-cluster
+      runAfter:
+        - provision-eaas-space
+      taskRef:
+        resolver: git
+        params:
+          - name: url
+            value: $(params.CATALOG_TASK_URL)
+          - name: revision
+            value: $(params.CATALOG_TASK_REVISION)
+          - name: pathInRepo
+            value: .tekton/tasks/provision-cluster.yaml
+      params:
+        - name: eaasSpaceSecretRef
+          value: $(tasks.provision-eaas-space.results.secretRef)
+        - name: catalogSourceUrl
+          value: $(params.CATALOG_TASK_URL)
+        - name: catalogSourceRevision
+          value: $(params.CATALOG_TASK_REVISION)
+        - name: catalogTaskUrl
+          value: $(params.CATALOG_TASK_URL)
+        - name: catalogTaskRevision
+          value: $(params.CATALOG_TASK_REVISION)
+        - name: openshiftVersion
+          value: $(params.OPENSHIFT_VERSION)
+        - name: fipsEnabled
+          value: $(params.FIPS_ENABLED)
+        - name: clusterInstanceType
+          value: $(params.CLUSTER_INSTANCE_TYPE)
+
+    - name: extract-argocd-image
+      runAfter:
+        - overlay-test-scripts
+      taskRef:
+        resolver: git
+        params:
+          - name: url
+            value: $(params.CATALOG_TASK_URL)
+          - name: revision
+            value: $(params.CATALOG_TASK_REVISION)
+          - name: pathInRepo
+            value: .tekton/tasks/extract-argocd-image.yaml
+      params:
+        - name: catalogImage
+          value: $(tasks.parse-metadata.results.component-container-image)
+        - name: operatorChannel
+          value: $(params.OPERATOR_CHANNEL)
+        - name: testImageUrl
+          value: $(tasks.overlay-test-scripts.results.image-url)
+        - name: pipelineRunName
+          value: $(context.pipelineRun.name)
+
+    - name: deploy-argocd
+      runAfter:
+        - extract-argocd-image
+      taskRef:
+        resolver: git
+        params:
+          - name: url
+            value: $(params.CATALOG_TASK_URL)
+          - name: revision
+            value: $(params.CATALOG_TASK_REVISION)
+          - name: pathInRepo
+            value: .tekton/tasks/deploy-argocd.yaml
+      params:
+        - name: argoCDImage
+          value: $(tasks.extract-argocd-image.results.argoCDImage)
+        - name: argoCDVersion
+          value: $(params.ARGOCD_VERSION)
+        - name: testImageUrl
+          value: $(tasks.overlay-test-scripts.results.image-url)
+        - name: eaasSpaceSecretRef
+          value: $(tasks.provision-eaas-space.results.secretRef)
+        - name: clusterName
+          value: $(tasks.provision-cluster.results.clusterName)
+        - name: pipelineRunName
+          value: $(context.pipelineRun.name)
+
+    - name: test-argocd
+      runAfter:
+        - deploy-argocd
+      taskRef:
+        resolver: git
+        params:
+          - name: url
+            value: $(params.CATALOG_TASK_URL)
+          - name: revision
+            value: $(params.CATALOG_TASK_REVISION)
+          - name: pathInRepo
+            value: .tekton/tasks/test-argocd.yaml
+      params:
+        - name: argoCDImage
+          value: $(tasks.extract-argocd-image.results.argoCDImage)
+        - name: testRepoUrl
+          value: $(params.TEST_REPO_URL)
+        - name: testRepoBranch
+          value: $(params.TEST_REPO_BRANCH)
+        - name: testImageUrl
+          value: $(tasks.overlay-test-scripts.results.image-url)
+        - name: eaasSpaceSecretRef
+          value: $(tasks.provision-eaas-space.results.secretRef)
+        - name: clusterName
+          value: $(tasks.provision-cluster.results.clusterName)
+        - name: pipelineRunName
+          value: $(context.pipelineRun.name)
+        - name: argoCDNamespace
+          value: $(tasks.deploy-argocd.results.namespace)
+        - name: argoCDServer
+          value: $(tasks.deploy-argocd.results.server)
+        - name: argoCDAdminPassword
+          value: $(tasks.deploy-argocd.results.adminPassword)
+        - name: argoCDServerName
+          value: $(tasks.deploy-argocd.results.serverName)
+        - name: argoCDRepoServerName
+          value: $(tasks.deploy-argocd.results.repoServerName)
+        - name: argoCDApplicationControllerName
+          value: $(tasks.deploy-argocd.results.applicationControllerName)
+        - name: argoCDRedisName
+          value: $(tasks.deploy-argocd.results.redisName)