Konflux integration#145
Open
AdamSaleh wants to merge 21 commits into
Open
Conversation
Collaborator
Author
|
/retest |
2 similar comments
Collaborator
Author
|
/retest |
Collaborator
Author
|
/retest |
There are currently four test-suites being run: - gitops-operator's e2e ginkgo test-suite, sharded into 3 scripts - the rollouts e2e tests - gitops operator's ui test verifying login (more tests to come) - the argocd tests in a separate pipeline There is simple parametrized pipeline, where you can choose: - the openshift version - size of cluster nodes - the channel to be used in the catalog - the test-script to run Secont separate pipeline installs standalone argocd and runs the e2e tests All the tests are run from precompiled docker image, the pipeline will check at the start and build them if hte images were changed. The test and utility scripts always get copied. The logs get uploaded to quay. At the end of the pipeline, it will send a message to gitops-test-notification channel on slack The code is mostly authored by prompting claude and tested against the v1.20 branch of the catalog repo. Assisted-by: Claude <usersafety@anthropic.com> Signed-off-by: Adam Saleh <adam@asaleh.net>
- Add GATE_LABEL param to both pipelines: when set, push events always run but pull_request events require the specified label on the PR (checked via GitHub API). Default empty = no gating. - Add BUILD_TEST_IMAGE param: when "true", builds test image from source via build-ginkgo-test-image task; otherwise uses pre-built TEST_IMAGE_URL. - Add resolve-test-image task to select built vs pre-built image URL. - Add run-sanity-tests.sh: release sanity script covering CSV validation, operator health, toolchain version check (with Confluence Component Matrix lookup), ArgoCD login test, and app sync smoke test. - Update test-operator task with confluence-credentials volume mount. - Remove non-UI test scenario files (moved to cluster-only). - Update default TEST_IMAGE_URL to konflux_v1.21.0 tag. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AdamSaleh
force-pushed
the
konflux-integration
branch
from
2e84399 to
acd01fe
Compare
Four scenarios covering latest channel (default, fips, upgrade, upgrade-fips) using run-sanity-tests.sh with GATE_LABEL=release-candidate. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Collaborator
Author
|
/retest |
The parse-metadata task reads event type and PR number from pod labels (pac.test.appstudio.openshift.io/*), but these labels may not be propagated to integration test PipelineRun pods. This adds a fallback that reads the PipelineRun labels directly via the Kubernetes API, plus diagnostic logging to help debug label propagation issues. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Collaborator
Author
|
/retest |
1 similar comment
Collaborator
Author
|
/retest |
When build-test-image is skipped (BUILD_TEST_IMAGE=false), Tekton cascade-skips any task that references its results. Adding default values to the results means resolve-test-image receives "" instead of being skipped, allowing it to fall through to the TEST_IMAGE_URL fallback. This was causing all downstream tasks (install-operator, test-operator) to be skipped after provision-cluster. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… ref Revert result defaults (unsupported by this Tekton version) and instead remove the $(tasks.build-test-image.results.IMAGE_URL) reference from resolve-test-image params. Pass "" so it always falls through to TEST_IMAGE_URL. BUILD_TEST_IMAGE is not actively used; wiring can be restored when needed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the inline resolve-test-image pass-through with a new overlay-test-scripts task that builds a thin scripts layer on top of the pre-built base image. This ensures new/changed scripts (like run-sanity-tests.sh) are always available without full image rebuilds. The task clones the catalog repo, hashes scripts/ and config/ dirs, and skips the build on cache hit (skopeo inspect). On miss it builds a single-layer overlay with buildah and pushes to quay. Both operator and argocd e2e pipelines now use this task. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The grep pattern for extracting PR labels assumed "name":"value" (no space after colon), but GitHub returns "name": "value" with a space, causing label detection to always fail. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Separate the image resolution and scripts overlay into distinct tasks: - resolve-test-image: inline task that picks the base image (build output via K8s API when BUILD_TEST_IMAGE=true, or TEST_IMAGE_URL) - overlay-test-scripts: builds scripts layer on top of resolved base resolve-test-image now has runAfter: [build-test-image] so it waits for the full build when active, then passes the build output to the overlay task. When build is skipped (common case), resolve runs immediately with the pre-built TEST_IMAGE_URL. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The guestbook app sync failed because the ArgoCD application controller lacked permissions in the target namespace. Label the namespace with argocd.argoproj.io/managed-by so the operator automatically creates the required RoleBindings. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The guestbook deployment can take a while to pull its image on EaaS clusters. The sanity test validates that ArgoCD can sync an app, not that the container starts quickly. Accept Synced as the primary success condition — Progressing health is noted but not a failure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The guestbook app pulls gcr.io/google-samples/gb-frontend:v5 which is slow on EaaS clusters, causing the health check to time out at Progressing. Replace with a ConfigMap-only app from the catalog repo itself — no image pull, instant Synced+Healthy, still validates the full ArgoCD sync path. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Point the ArgoCD smoke test at a ConfigMap in the catalog repo itself (.tekton/test-image/config/smoke-app/) instead of the guestbook app. Uses CATALOG_URL and CATALOG_REVISION env vars so ArgoCD syncs from the same branch the pipeline is running from — the smoke-app path exists on that branch. No image pull needed, instant Synced+Healthy. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Collaborator
Author
|
/retest |
2 similar comments
Collaborator
Author
|
/retest |
Collaborator
Author
|
/retest |
Add IntegrationTestScenario definitions for all test types: - rc-operator-check: parallel, parallel-fips, sequential-s1, sequential-s2, rollouts, parallel-upgrade, sequential-s1-upgrade (7 scenarios) - rc-argocd-check: argocd-e2e, argocd-e2e-fips (2 scenarios) - rc-ui-check: ui-e2e (1 scenario) All scenarios are optional and gated on PR labels. Only operator and sanity test groups include upgrade testing variants. Also adds catalogUrl/catalogRevision params to test-operator task for smoke test app source resolution. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Collaborator
Author
|
/retest |
…switch - Add fallback to pre-compiled argocd binary from test image when all extraction methods fail (IDMS mirror + arch mismatch on EaaS clusters) - Add wait_for_argocd_reconciliation() to ensure ArgoCD workloads are updated with new images before tests run after an operator upgrade - Switch test suite repo from rh-gitops-release-qa to redhat-developer Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This should be ready for review.
The code itself was produced mostly by claude but I reviewed and tested it extensively.
Intent of the pipeline:
Outstanding questions: