Skip to content

HYPERFLEET-1058 - feat: Update e2e repo and remove dead code#122

Draft
ma-hill wants to merge 1 commit into
openshift-hyperfleet:mainfrom
ma-hill:HYPERFLEET-1058
Draft

HYPERFLEET-1058 - feat: Update e2e repo and remove dead code#122
ma-hill wants to merge 1 commit into
openshift-hyperfleet:mainfrom
ma-hill:HYPERFLEET-1058

Conversation

@ma-hill

@ma-hill ma-hill commented Jun 10, 2026
edited by atlassian Bot
Loading

Copy link
Copy Markdown
Contributor

Summary

Completes the migration from E2E-specific deployment scripts to using the centralized hyperfleet-infra repository for all HyperFleet component installations. This PR removes ~4500 lines of obsolete deployment code, adapter testdata, and Kind setup tooling that have been superseded by infra repo patterns. The E2E repo now focuses purely on test automation, relying on infra for environment setup and deployment.

HYPERFLEET-1058

Changes

  • Removed deploy-scripts/ directory containing:
    • deploy-clm.sh (602 lines) — orchestration script replaced by infra repo
    • kind-local.sh and kind-build-images.sh — Kind cluster management replaced by infra Makefile targets
    • All library modules (lib/adapter.sh, lib/api.sh, lib/common.sh, lib/helm.sh, lib/sentinel.sh, lib/gcp.sh)
    • .env.example and README documentation
  • Removed testdata/adapter-configs/ for all adapters (cl-deployment, cl-job, cl-maestro, cl-namespace, np-configmap) — adapter configs now live in infra repo
  • Removed docs/local-kind-setup.md — replaced by infra repo setup guide
  • Added env/env.ci and env/env.local for infra repo integration (environment variable configuration for CI and local development)
  • Added scripts/cleanup-k8s-resources.sh to uninstall Helm releases and delete namespaces (used in CI teardown)
  • Added scripts/cleanup-pubsub-resources.sh to remove GCP Pub/Sub topics and subscriptions (used in CI cleanup)
  • Created docs/setup.md consolidating setup instructions for both local and CI environments
  • Updated docs/runbook.md to reference infra repo installation steps instead of deploy-clm.sh
  • Updated docs/getting-started.md to point to new setup.md and infra repo
  • Updated docs/development.md to remove references to old deployment workflow
  • Updated README.md and CONTRIBUTING.md directory trees to reflect new structure
  • Updated Dockerfile to copy env/ and scripts/ directories instead of deploy-scripts/
  • Removed make local-up, make local-down, make local-rebuild targets from Makefile
  • Updated AGENTS.md source of truth table to reference docs/setup.md instead of docs/local-kind-setup.md

Notes

This PR is part of a broader effort to centralize HyperFleet deployment and infrastructure management in the infra repository (HYPERFLEET-1057). The E2E repo now assumes that component installation is handled externally via infra repo patterns.

The new workflow:

  • Local development: Use infra repo's Makefile targets to set up kind/gcp cluster, deploy components, and run E2E tests
  • CI: Use infra repo's helmfile-based deployment with env/env.ci configuration
  • Cleanup: Use new cleanup scripts in scripts/ for teardown

All adapter configurations (values.yaml, adapter-config.yaml, task configs) have moved to the infra repository and are deployed via helmfile.

Test Plan

  • Unit tests added/updated
  • make test-all passes
  • make lint passes
  • Dockerfile builds successfully and includes env/ and scripts/ directories
  • Deployed using infra repo workflow and verified E2E tests run successfully
  • Cleanup scripts validated in CI environment

@openshift-ci

openshift-ci Bot commented Jun 10, 2026

Copy link
Copy Markdown

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@coderabbitai

coderabbitai Bot commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: da3fda61-bcce-4ef5-a58a-f67d06a2d76f

📥 Commits

Reviewing files that changed from the base of the PR and between 2b8fb4f and 518fba3.

📒 Files selected for processing (41)
  • AGENTS.md
  • CONTRIBUTING.md
  • Dockerfile
  • Makefile
  • README.md
  • deploy-scripts/.env.example
  • deploy-scripts/README.md
  • deploy-scripts/deploy-clm.sh
  • deploy-scripts/kind-build-images.sh
  • deploy-scripts/kind-local.sh
  • deploy-scripts/lib/adapter.sh
  • deploy-scripts/lib/api.sh
  • deploy-scripts/lib/common.sh
  • deploy-scripts/lib/gcp.sh
  • deploy-scripts/lib/helm.sh
  • deploy-scripts/lib/sentinel.sh
  • docs/development.md
  • docs/getting-started.md
  • docs/local-kind-setup.md
  • docs/runbook.md
  • docs/setup.md
  • env/env.local
  • testdata/adapter-configs/cl-deployment/adapter-config.yaml
  • testdata/adapter-configs/cl-deployment/adapter-task-config.yaml
  • testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
  • testdata/adapter-configs/cl-deployment/values.yaml
  • testdata/adapter-configs/cl-job/adapter-config.yaml
  • testdata/adapter-configs/cl-job/adapter-task-config.yaml
  • testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
  • testdata/adapter-configs/cl-job/values.yaml
  • testdata/adapter-configs/cl-maestro/adapter-config.yaml
  • testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
  • testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
  • testdata/adapter-configs/cl-maestro/values.yaml
  • testdata/adapter-configs/cl-namespace/adapter-config.yaml
  • testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
  • testdata/adapter-configs/cl-namespace/values.yaml
  • testdata/adapter-configs/np-configmap/adapter-config.yaml
  • testdata/adapter-configs/np-configmap/adapter-task-config.yaml
  • testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
  • testdata/adapter-configs/np-configmap/values.yaml
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
💤 Files with no reviewable changes (33)
  • docs/local-kind-setup.md
  • testdata/adapter-configs/cl-maestro/adapter-config.yaml
  • testdata/adapter-configs/cl-deployment/adapter-config.yaml
  • testdata/adapter-configs/cl-job/adapter-config.yaml
  • testdata/adapter-configs/cl-deployment/adapter-task-resource-deployment.yaml
  • testdata/adapter-configs/cl-namespace/adapter-task-config.yaml
  • Dockerfile
  • testdata/adapter-configs/np-configmap/adapter-config.yaml
  • deploy-scripts/README.md
  • testdata/adapter-configs/np-configmap/values.yaml
  • testdata/adapter-configs/cl-namespace/values.yaml
  • testdata/adapter-configs/cl-deployment/values.yaml
  • testdata/adapter-configs/np-configmap/adapter-task-resource-configmap.yaml
  • testdata/adapter-configs/cl-maestro/adapter-task-config.yaml
  • testdata/adapter-configs/cl-job/adapter-task-config.yaml
  • deploy-scripts/lib/sentinel.sh
  • deploy-scripts/lib/gcp.sh
  • testdata/adapter-configs/cl-job/values.yaml
  • deploy-scripts/.env.example
  • testdata/adapter-configs/cl-job/adapter-task-resource-job.yaml
  • deploy-scripts/lib/api.sh
  • deploy-scripts/kind-build-images.sh
  • testdata/adapter-configs/cl-maestro/values.yaml
  • deploy-scripts/kind-local.sh
  • deploy-scripts/lib/adapter.sh
  • deploy-scripts/deploy-clm.sh
  • testdata/adapter-configs/cl-deployment/adapter-task-config.yaml
  • deploy-scripts/lib/common.sh
  • Makefile
  • testdata/adapter-configs/cl-namespace/adapter-config.yaml
  • deploy-scripts/lib/helm.sh
  • testdata/adapter-configs/cl-maestro/adapter-task-resource-manifestwork.yaml
  • testdata/adapter-configs/np-configmap/adapter-task-config.yaml
📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Added container image build targets (image, image-push, image-dev) to Makefile.
    • Added docs/setup.md for local and GCP E2E test setup guidance.
    • Added env/env.local for local development environment configuration.

  • Documentation

    • Updated setup and testing documentation with streamlined workflows.
    • Removed local kind-based deployment guides.

  • Removed

    • Removed local kind development infrastructure and deployment scripts.
    • Removed adapter test configuration files.

Walkthrough

This PR deprecates the local-kind-specific deployment infrastructure (deploy-scripts, .env.example, test adapters) and establishes a unified setup guide supporting both Kind and GCP. It introduces docs/setup.md as the primary environment configuration reference and env/env.local for defaulted variables. Makefile removes local kind targets and adds container image build targets (image, image-push, image-dev). Dockerfile stops copying deploy-scripts. Documentation across AGENTS.md, CONTRIBUTING.md, README.md, and guides is revised to reference the new setup flow, environment variables, and tier-based test execution patterns.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Security and Supply Chain Notes

Container Image Build Targets (CWE-427: Untrusted Search Path)
New Makefile targets image, image-push, image-dev lack explicit image digest or signature verification. The image-dev target exports to user-controlled quay.io/$(QUAY_USER) registry with no validation of QUAY_USER format or registry endpoint security.

Environment Variable Injection (CWE-94: Improper Control of Generation of Code)
env/env.local uses unsanitized ${VAR:-default} substitution. Malicious shell metacharacters in IMAGE_REGISTRY, API_CHART_REPO, or GCP_PROJECT_ID could execute unintended commands when sourced by shell scripts or CI/CD pipelines.

Removal of Deployment Automation (CWE-345: Insufficient Verification of Data Authenticity)
Deletion of deploy-scripts/lib/gcp.sh removes GCP Pub/Sub topic/subscription cleanup logic (delete_all_pubsub_topics, delete_all_pubsub_subscriptions). Manual cleanup guidance in runbook.md lacks cryptographic or resource-locking guarantees. Orphaned resources in GCP Pub/Sub remain untracked.

Kubernetes API Credentials in Environment (CWE-798: Use of Hard-Coded Credentials)
docs/setup.md and docs/getting-started.md rely on KUBECONFIG and kubectl context without explicit RBAC scope validation or credential rotation policies.

CI/CD Configuration Drift (CWE-426: Untrusted Search Path in an External Product)
Makefile removal of local-up, local-down, local-rebuild targets may leave stale CI job references or external tool integrations pointing to absent targets, causing silent failures or unexpected state.

🚥 Pre-merge checks | ✅ 9 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
No Privileged Containers ⚠️ Warning Dockerfiles run as root without justification: ./Dockerfile and ./images/Dockerfile set USER root (lines 32, 30) and never revert, running containers as UID 0. CWE-250. Add USER directive to switch to non-root after root-required RUN commands complete, following images/Dockerfile.platform pattern (USER 1000 with OpenShift SCC compatibility).
No Pii Or Sensitive Data In Logs ⚠️ Warning cleanup-pubsub-resources.sh logs GCP_PROJECT_ID (line 376) and Pub/Sub resource names containing namespaces (lines 184-187, 245-248); cleanup-k8s-resources.sh logs namespace names (line 252, 235) w... Remove or redact logging of GCP_PROJECT_ID (line 376), namespace identifiers in topic/subscription listings (lines 184-187, 245-248), and namespace names from logs. Log only sanitized resource identifiers or count only.
✅ Passed checks (9 passed)
Check name Status Explanation
Title check ✅ Passed Title clearly identifies the main change: removing obsolete deployment scripts and adapter testdata, consolidating to infra-repo patterns. Directly relates to the substantial refactor across ~4500 lines.
Description check ✅ Passed Description is detailed and directly relevant to the changeset, explaining the migration rationale, removal of deploy-scripts and testdata, addition of env/ and scripts/, documentation updates, and new workflows.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed No log statements (slog, log, logr, zap, fmt.Print*) contain tokens, passwords, credentials, or secrets. All logging is non-sensitive: Kubernetes resource names, GCP project IDs, resource identifie...
No Hardcoded Secrets ✅ Passed No hardcoded secrets found. env/env.ci and env/env.local use templated defaults only; cleanup scripts contain no credentials; docs/setup.md uses placeholder syntax. All credential injection deferre...
No Weak Cryptography ✅ Passed No weak cryptographic primitives (MD5, DES, RC4, ECB, weak SHA1) or custom crypto implementations found; cleanup scripts use only standard CLI tools; environment files contain no hardcoded secrets;...
No Injection Vectors ✅ Passed No injection vectors detected. New cleanup scripts properly quote all variables, validate input (NAMESPACE DNS-1123 regex, file existence, jq from trusted sources), and avoid eval/command substitut...

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Comment @coderabbitai help to get the list of available commands and usage tips.

@ma-hill
HYPERFLEET-1058 - feat: Update e2e repo and remove dead code
518fba3 
Removes deploy scripts, Kind setup tooling, and adapter testdata that have been migrated to the infra repository. Adds environment files and cleanup scripts to support the new infra-based workflow.

- Remove deploy-scripts/ directory (deploy-clm.sh, Kind scripts, adapter/API/common/helm/sentinel libraries)
- Remove testdata/adapter-configs/ for all adapters (cl-deployment, cl-job, cl-maestro, cl-namespace, np-configmap)
- Remove docs/local-kind-setup.md (replaced by infra repo setup)
- Add env/env.ci and env/env.local for infra repo integration
- Add scripts/cleanup-k8s-resources.sh and scripts/cleanup-pubsub-resources.sh
- Add docs/setup.md with new setup instructions
- Update docs/runbook.md, docs/getting-started.md, docs/development.md to reference infra repo
- Update README.md, CONTRIBUTING.md, Dockerfile, and Makefile to remove old deployment targets
@openshift-ci

openshift-ci Bot commented Jun 11, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign tirthct for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ma-hill

ma-hill commented Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ma-hill