diff --git a/.ci/openshift-ci/Dockerfile b/.ci/openshift-ci/Dockerfile index 320c5fbc4dd..7c912ee523f 100644 --- a/.ci/openshift-ci/Dockerfile +++ b/.ci/openshift-ci/Dockerfile @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2019-2021 Red Hat, Inc. +# Copyright (c) 2023 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ diff --git a/.ci/openshift-ci/common.sh b/.ci/openshift-ci/common.sh new file mode 100644 index 00000000000..4c6fe9a5f8e --- /dev/null +++ b/.ci/openshift-ci/common.sh @@ -0,0 +1,313 @@ +#!/bin/bash +# +# Copyright (c) 2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +set -e +# only exit with zero if all commands of the pipeline exit successfully +set -o pipefail + +PR_IMAGE_TAG="pr-${PULL_NUMBER}" + +export CHE_NAMESPACE=${CHE_NAMESPACE:-"eclipse-che"} +export CHE_SERVER_IMAGE=${CHE_SERVER_IMAGE:-"quay.io/eclipse/che-server:${PR_IMAGE_TAG}"} +export ARTIFACTS_DIR=${ARTIFACT_DIR:-"/tmp/artifacts"} +export CHE_FORWARDED_PORT="8081" +export OCP_ADMIN_USER_NAME=${OCP_ADMIN_USER_NAME:-"admin"} +export OCP_NON_ADMIN_USER_NAME=${OCP_NON_ADMIN_USER_NAME:-"user"} +export OCP_LOGIN_PASSWORD=${OCP_LOGIN_PASSWORD:-"passw"} +export ADMIN_CHE_NAMESPACE=${OCP_ADMIN_USER_NAME}"-che" +export USER_CHE_NAMESPACE=${OCP_NON_ADMIN_USER_NAME}"-che" +export GIT_PROVIDER_USERNAME=${GIT_PROVIDER_USERNAME:-"chepullreq1"} +export PUBLIC_REPO_WORKSPACE_NAME=${PUBLIC_REPO_WORKSPACE_NAME:-"public-repo-wksp-testname"} +export PRIVATE_REPO_WORKSPACE_NAME=${PRIVATE_REPO_WORKSPACE_NAME:-"private-repo-wksp-testname"} +export PUBLIC_PROJECT_NAME=${PUBLIC_PROJECT_NAME:-"public-repo"} +export PRIVATE_PROJECT_NAME=${PRIVATE_PROJECT_NAME:-"private-repo"} +export YAML_FILE_NAME=${YAML_FILE_NAME:-"devfile.yaml"} + +provisionOpenShiftOAuthUser() { + echo -e "[INFO] Provisioning Openshift OAuth user" + htpasswd -c -B -b users.htpasswd ${OCP_ADMIN_USER_NAME} ${OCP_LOGIN_PASSWORD} + htpasswd -b users.htpasswd ${OCP_NON_ADMIN_USER_NAME} ${OCP_LOGIN_PASSWORD} + oc create secret generic htpass-secret --from-file=htpasswd="users.htpasswd" -n openshift-config + oc apply -f ".ci/openshift-ci/htpasswdProvider.yaml" + oc adm policy add-cluster-role-to-user cluster-admin ${OCP_ADMIN_USER_NAME} + + echo -e "[INFO] Waiting for htpasswd auth to be working up to 5 minutes" + CURRENT_TIME=$(date +%s) + ENDTIME=$((CURRENT_TIME + 300)) + while [ "$(date +%s)" -lt $ENDTIME ]; do + if oc login -u=${OCP_ADMIN_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false; then + break + fi + sleep 10 + done +} + +createCustomResourcesFile() { + cat > custom-resources.yaml <<-END +apiVersion: org.eclipse.che/v2 +spec: + devEnvironments: + maxNumberOfRunningWorkspacesPerUser: 10000 +END + + echo "Generated custom resources file" + cat custom-resources.yaml +} + +deployChe() { + chectl server:deploy --cheimage=$CHE_SERVER_IMAGE \ + --che-operator-cr-patch-yaml=custom-resources.yaml \ + --platform=openshift \ + --telemetry=off \ + --batch +} + +# this command starts port forwarding between the local machine and the che-host service in the OpenShift cluster. +forwardPortToService() { + oc port-forward service/che-host ${CHE_FORWARDED_PORT}:8080 -n ${CHE_NAMESPACE} & + sleep 3s +} + +killProcessByPort() { + fuser -k ${CHE_FORWARDED_PORT}/tcp +} + +requestFactoryResolverGitRepoUrl() { + GIT_REPO_URL=$1 + CLUSTER_ACCESS_TOKEN=$(oc whoami -t) + + curl -i -X 'POST' \ + http://localhost:${CHE_FORWARDED_PORT}/api/factory/resolver \ + -H 'accept: */*' \ + -H "Authorization: Bearer ${CLUSTER_ACCESS_TOKEN}" \ + -H 'Content-Type: application/json' \ + -d '{ + "url": "'${GIT_REPO_URL}'" + }' +} + +# check that factory resolver returns correct value without any PAT/OAuth setup +testFactoryResolverNoPatOAuth() { + PUBLIC_REPO_URL=$1 + PRIVATE_REPO_URL=$2 + + echo "[INFO] Check factory resolver for public repository with NO PAT/OAuth setup" + if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then + echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code." + else + echo "[ERROR] Factory resolver returned wrong status code. Expected: HTTP/1.1 200." + exit 1 + fi + + echo "[INFO] Check factory resolver for private repository with NO PAT/OAuth setup" + if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 400")" ]; then + echo "[INFO] Factory resolver returned 'HTTP/1.1 400' status code. Expected client side error." + else + echo "[ERROR] Factory resolver returned wrong status code. Expected 'HTTP/1.1 400'." + exit 1 + fi +} + +# check that factory resolver returns correct value with PAT/OAuth setup +testFactoryResolverWithPatOAuth() { + PUBLIC_REPO_URL=$1 + PRIVATE_REPO_URL=$2 + + echo "[INFO] Check factory resolver for public repository with PAT/OAuth setup" + if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then + echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code." + else + echo "[ERROR] Factory resolver returned wrong status code. Expected: HTTP/1.1 200" + exit 1 + fi + + echo "[INFO] Check factory resolver for private repository with PAT/OAuth setup" + if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 200")" ]; then + echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code." + else + echo "[ERROR] Factory resolver returned wrong status code. Expected: HTTP/1.1 200" + exit 1 + fi +} + +requestProvisionNamespace() { + CLUSTER_ACCESS_TOKEN=$(oc whoami -t) + + curl -i -X 'POST' \ + http://localhost:${CHE_FORWARDED_PORT}/api/kubernetes/namespace/provision \ + -H 'accept: application/json' \ + -H "Authorization: Bearer ${CLUSTER_ACCESS_TOKEN}" \ + -d '' +} + +initUserNamespace() { + OCP_USER_NAME=$1 + + echo "[INFO] Initialize user namespace" + oc login -u=${OCP_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false + if [ "$(requestProvisionNamespace | grep "HTTP/1.1 200")" ]; then + echo "[INFO] Request provision user namespace returned 'HTTP/1.1 200' status code." + else + echo "[ERROR] Request provision user namespace returned wrong status code. Expected: HTTP/1.1 200" + exit 1 + fi +} + +setupPersonalAccessToken() { + GIT_PROVIDER_TYPE=$1 + GIT_PROVIDER_URL=$2 + GIT_PROVIDER_USER_ID=$3 + GIT_PROVIDER_PAT=$4 + + echo "[INFO] Setup Personal Access Token Secret" + oc project ${USER_CHE_NAMESPACE} + CHE_USER_ID=$(oc get secret user-profile -o jsonpath='{.data.id}' | base64 -d) + ENCODED_PAT=$(echo -n ${GIT_PROVIDER_PAT} | base64) + cat .ci/openshift-ci/pat-secret.yaml > pat-secret.yaml + + # patch the pat-secret.yaml file + sed -i "s#che-user-id#${CHE_USER_ID}#g" pat-secret.yaml + sed -i "s#git-provider-name#${GIT_PROVIDER_TYPE}#g" pat-secret.yaml + sed -i "s#git-provider-url#${GIT_PROVIDER_URL}#g" pat-secret.yaml + sed -i "s#git-provider-user-id#${GIT_PROVIDER_USER_ID}#g" pat-secret.yaml + sed -i "s#encoded-access-token#${ENCODED_PAT}#g" pat-secret.yaml + + cat pat-secret.yaml + + oc apply -f pat-secret.yaml -n ${USER_CHE_NAMESPACE} +} + +runTestWorkspaceWithGitRepoUrl() { + WS_NAME=$1 + PROJECT_NAME=$2 + GIT_REPO_URL=$3 + OCP_USER_NAMESPACE=$4 + + oc project ${OCP_USER_NAMESPACE} + cat .ci/openshift-ci/devworkspace-test.yaml > devworkspace-test.yaml + + # patch the devworkspace-test.yaml file + sed -i "s#ws-name#${WS_NAME}#g" devworkspace-test.yaml + sed -i "s#project-name#${PROJECT_NAME}#g" devworkspace-test.yaml + sed -i "s#git-repo-url#${GIT_REPO_URL}#g" devworkspace-test.yaml + + cat devworkspace-test.yaml + + oc apply -f devworkspace-test.yaml -n ${OCP_USER_NAMESPACE} + oc wait -n ${OCP_USER_NAMESPACE} --for=condition=Ready dw ${WS_NAME} --timeout=360s + echo "[INFO] Test workspace is run" +} + +testProjectIsCloned() { + PROJECT_NAME=$1 + OCP_USER_NAMESPACE=$2 + + WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}') + if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- test -f /projects/${PROJECT_NAME}/${YAML_FILE_NAME}; then + echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} exists." + else + echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} does not exist." + return 1 + fi +} + +testGitCredentials() { + OCP_USER_NAMESPACE=$1 + GIT_PROVIDER_PAT=$2 + + echo "[INFO] Check the 'git credentials' is in a workspace" + gitCredentials="${GIT_PROVIDER_USERNAME}:${GIT_PROVIDER_PAT}" + WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}') + if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- cat /.git-credentials/credentials | grep -q ${gitCredentials}; then + echo "[INFO] Git credentials file '/.git-credentials/credentials' exists and has the expected content." + else + echo "[ERROR] Git credentials file '/.git-credentials/credentials' does not exist or has incorrect content." + return 1 + fi +} + +deleteTestWorkspace() { + WS_NAME=$1 + OCP_USER_NAMESPACE=$2 + + oc delete dw ${WS_NAME} -n ${OCP_USER_NAMESPACE} +} + +# Catch the finish of the job and write logs in artifacts. +catchFinish() { + local RESULT=$? + killProcessByPort + if [ "$RESULT" != "0" ]; then + set +e + collectEclipseCheLogs + set -e + fi + + [[ "${RESULT}" != "0" ]] && echo "[ERROR] Job failed." || echo "[INFO] Job completed successfully." + exit $RESULT +} + +collectEclipseCheLogs() { + mkdir -p ${ARTIFACTS_DIR}/che-logs + + # Collect all Eclipse Che logs and cluster CR + chectl server:logs -n $CHE_NAMESPACE --directory ${ARTIFACTS_DIR}/che-logs --telemetry off + oc get checluster -o yaml -n $CHE_NAMESPACE > "${ARTIFACTS_DIR}/che-cluster.yaml" +} + +testClonePublicRepoNoPatOAuth() { + WS_NAME=$1 + PROJECT_NAME=$2 + GIT_REPO_URL=$3 + OCP_USER_NAMESPACE=$4 + + runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE} + echo "[INFO] Check the public repository is cloned with NO PAT/OAuth setup" + testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1 + deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE} +} + +testClonePrivateRepoNoPatOAuth() { + WS_NAME=$1 + PROJECT_NAME=$2 + GIT_REPO_URL=$3 + OCP_USER_NAMESPACE=$4 + + runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE} + echo "[INFO] Check the private repository is NOT cloned with NO PAT/OAuth setup" + testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} && exit 1 + deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE} +} + +testCloneGitRepoWithSetupPat() { + WS_NAME=$1 + PROJECT_NAME=$2 + GIT_REPO_URL=$3 + OCP_USER_NAMESPACE=$4 + GIT_PROVIDER_PATH=$5 + + runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE} + testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1 + testGitCredentials ${OCP_USER_NAMESPACE} ${GIT_PROVIDER_PAT} + deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE} +} + +setupTestEnvironment() { + OCP_USER_NAME=$1 + + provisionOpenShiftOAuthUser + createCustomResourcesFile + deployChe + forwardPortToService + initUserNamespace ${OCP_USER_NAME} +} diff --git a/.ci/openshift-ci/devworkspace-test.yaml b/.ci/openshift-ci/devworkspace-test.yaml new file mode 100644 index 00000000000..9a52720f2c8 --- /dev/null +++ b/.ci/openshift-ci/devworkspace-test.yaml @@ -0,0 +1,21 @@ +kind: DevWorkspace +apiVersion: workspace.devfile.io/v1alpha2 +metadata: + name: ws-name +spec: + started: true + template: + projects: + - name: project-name + git: + remotes: + origin: git-repo-url + contributions: + - name: che-code + uri: https://eclipse-che.github.io/che-plugin-registry/main/v3/plugins/che-incubator/che-code/latest/devfile.yaml + components: + - name: che-code-runtime-description + container: + env: + - name: CODE_HOST + value: 0.0.0.0 diff --git a/.ci/openshift-ci/htpasswdProvider.yaml b/.ci/openshift-ci/htpasswdProvider.yaml new file mode 100644 index 00000000000..1bfe61860db --- /dev/null +++ b/.ci/openshift-ci/htpasswdProvider.yaml @@ -0,0 +1,12 @@ +apiVersion: config.openshift.io/v1 +kind: OAuth +metadata: + name: cluster +spec: + identityProviders: + - name: htpasswd + mappingMethod: claim + type: HTPasswd + htpasswd: + fileData: + name: htpass-secret diff --git a/.ci/openshift-ci/pat-secret.yaml b/.ci/openshift-ci/pat-secret.yaml new file mode 100644 index 00000000000..f45ed810d58 --- /dev/null +++ b/.ci/openshift-ci/pat-secret.yaml @@ -0,0 +1,16 @@ +kind: Secret +apiVersion: v1 +metadata: + name: personal-access-token + labels: + app.kubernetes.io/component: scm-personal-access-token + app.kubernetes.io/part-of: che.eclipse.org + annotations: + che.eclipse.org/che-userid: che-user-id + che.eclipse.org/scm-personal-access-token-name: git-provider-name + che.eclipse.org/scm-url: git-provider-url + che.eclipse.org/scm-userid: 'git-provider-user-id' + che.eclipse.org/scm-username: chepullreq1 +data: + token: encoded-access-token +type: Opaque diff --git a/.ci/openshift-ci/test-bitbucket-no-pat-oauth-flow.sh b/.ci/openshift-ci/test-bitbucket-no-pat-oauth-flow.sh new file mode 100644 index 00000000000..6516c7afb14 --- /dev/null +++ b/.ci/openshift-ci/test-bitbucket-no-pat-oauth-flow.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# +# Copyright (c) 2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +# exit immediately when a command fails +set -ex +# only exit with zero if all commands of the pipeline exit successfully +set -o pipefail + +export PUBLIC_REPO_URL=${PUBLIC_REPO_URL:-"https://chepullreq1@bitbucket.org/chepullreq/public-repo.git"} +export PRIVATE_REPO_URL=${PRIVATE_REPO_URL:-"https://chepullreq1@bitbucket.org/chepullreq/private-repo.git"} + +# import common test functions +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +source "${SCRIPT_DIR}"/common.sh + +trap "catchFinish" EXIT SIGINT + +setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME} +testFactoryResolverNoPatOAuth ${PUBLIC_REPO_URL} ${PRIVATE_REPO_URL} +testClonePublicRepoNoPatOAuth ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_URL} ${USER_CHE_NAMESPACE} +testClonePrivateRepoNoPatOAuth ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_URL} ${USER_CHE_NAMESPACE} diff --git a/.ci/openshift-ci/test-github-no-pat-oauth-flow.sh b/.ci/openshift-ci/test-github-no-pat-oauth-flow.sh new file mode 100644 index 00000000000..22d025cd41d --- /dev/null +++ b/.ci/openshift-ci/test-github-no-pat-oauth-flow.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# +# Copyright (c) 2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +# exit immediately when a command fails +set -ex +# only exit with zero if all commands of the pipeline exit successfully +set -o pipefail + +export PUBLIC_REPO_URL=${PUBLIC_REPO_URL:-"https://github.com/chepullreq1/public-repo.git"} +export PRIVATE_REPO_URL=${PRIVATE_REPO_URL:-"https://github.com/chepullreq1/private-repo.git"} + +# import common test functions +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +source "${SCRIPT_DIR}"/common.sh + +trap "catchFinish" EXIT SIGINT + +setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME} +testFactoryResolverNoPatOAuth ${PUBLIC_REPO_URL} ${PRIVATE_REPO_URL} +testClonePublicRepoNoPatOAuth ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_URL} ${USER_CHE_NAMESPACE} +testClonePrivateRepoNoPatOAuth ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_URL} ${USER_CHE_NAMESPACE} diff --git a/.ci/openshift-ci/test-github-with-pat-setup-flow.sh b/.ci/openshift-ci/test-github-with-pat-setup-flow.sh new file mode 100644 index 00000000000..53a01cf8e32 --- /dev/null +++ b/.ci/openshift-ci/test-github-with-pat-setup-flow.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# +# Copyright (c) 2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +# exit immediately when a command fails +set -ex +# only exit with zero if all commands of the pipeline exit successfully +set -o pipefail + +export PUBLIC_REPO_URL=${PUBLIC_REPO_URL:-"https://github.com/chepullreq1/public-repo.git"} +export PRIVATE_REPO_URL=${PRIVATE_REPO_URL:-"https://github.com/chepullreq1/private-repo.git"} +export GIT_PROVIDER_TYPE=${GIT_PROVIDER_TYPE:-"github"} +export GIT_PROVIDER_URL=${GIT_PROVIDER_URL:-"https://github.com"} + +# import common test functions +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +source "${SCRIPT_DIR}"/common.sh + +trap "catchFinish" EXIT SIGINT + +setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME} +setupPersonalAccessToken ${GIT_PROVIDER_TYPE} ${GIT_PROVIDER_URL} ${GITHUB_USER_ID} ${GITHUB_PAT} +testFactoryResolverWithPatOAuth ${PUBLIC_REPO_URL} ${PRIVATE_REPO_URL} +echo "[INFO] Check clone public repository with PAT setup" +testCloneGitRepoWithSetupPat ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_URL} ${USER_CHE_NAMESPACE} ${GITHUB_PAT} +echo "[INFO] Check clone private repository with PAT setup" +testCloneGitRepoWithSetupPat ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_URL} ${USER_CHE_NAMESPACE} ${GITHUB_PAT} diff --git a/.ci/openshift-ci/test-gitlab-no-pat-oauth-flow.sh b/.ci/openshift-ci/test-gitlab-no-pat-oauth-flow.sh new file mode 100644 index 00000000000..6d67a5cc648 --- /dev/null +++ b/.ci/openshift-ci/test-gitlab-no-pat-oauth-flow.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# +# Copyright (c) 2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +# exit immediately when a command fails +set -ex +# only exit with zero if all commands of the pipeline exit successfully +set -o pipefail + +export PUBLIC_REPO_URL=${PUBLIC_REPO_URL:-"https://gitlab.com/chepullreq1/public-repo.git"} +export PRIVATE_REPO_URL=${PRIVATE_REPO_URL:-"https://gitlab.com/chepullreq1/private-repo.git"} + +# import common test functions +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +source "${SCRIPT_DIR}"/common.sh + +trap "catchFinish" EXIT SIGINT + +setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME} +testFactoryResolverNoPatOAuth ${PUBLIC_REPO_URL} ${PRIVATE_REPO_URL} +testClonePublicRepoNoPatOAuth ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_URL} ${USER_CHE_NAMESPACE} +testClonePrivateRepoNoPatOAuth ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_URL} ${USER_CHE_NAMESPACE} diff --git a/.ci/openshift-ci/test-gitlab-with-pat-setup-flow.sh b/.ci/openshift-ci/test-gitlab-with-pat-setup-flow.sh new file mode 100644 index 00000000000..2c2b44f4294 --- /dev/null +++ b/.ci/openshift-ci/test-gitlab-with-pat-setup-flow.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# +# Copyright (c) 2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +# exit immediately when a command fails +set -ex +# only exit with zero if all commands of the pipeline exit successfully +set -o pipefail + +export PUBLIC_REPO_URL=${PUBLIC_REPO_URL:-"https://gitlab.com/chepullreq1/public-repo.git"} +export PRIVATE_REPO_URL=${PRIVATE_REPO_URL:-"https://gitlab.com/chepullreq1/private-repo.git"} +export GIT_PROVIDER_TYPE=${GIT_PROVIDER_TYPE:-"gitlab"} +export GIT_PROVIDER_URL=${GIT_PROVIDER_URL:-"https://gitlab.com"} + +# import common test functions +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +source "${SCRIPT_DIR}"/common.sh + +trap "catchFinish" EXIT SIGINT + +setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME} +setupPersonalAccessToken ${GIT_PROVIDER_TYPE} ${GIT_PROVIDER_URL} ${GITLAB_USER_ID} ${GITLAB_PAT} +testFactoryResolverWithPatOAuth ${PUBLIC_REPO_URL} ${PRIVATE_REPO_URL} +echo "[INFO] Check clone public repository with PAT setup" +testCloneGitRepoWithSetupPat ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_URL} ${USER_CHE_NAMESPACE} ${GITLAB_PAT} +echo "[INFO] Check clone private repository with PAT setup" +testCloneGitRepoWithSetupPat ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_URL} ${USER_CHE_NAMESPACE} ${GITLAB_PAT} diff --git a/.github/workflows/build-pr-check.yml b/.github/workflows/build-pr-check.yml index c9dee916adb..b9c73f07852 100644 --- a/.github/workflows/build-pr-check.yml +++ b/.github/workflows/build-pr-check.yml @@ -11,6 +11,9 @@ name: build-pr-check on: [push, pull_request] +env: + PR_IMAGE_TAG: pr-${{ github.event.pull_request.number }} + jobs: build: runs-on: ubuntu-22.04 @@ -26,5 +29,25 @@ jobs: distribution: 'temurin' java-version: '11' cache: 'maven' + - name: Login to docker.io + if: github.event_name == 'pull_request' + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + registry: docker.io + - name: Login to quay.io + if: github.event_name == 'pull_request' + uses: docker/login-action@v2 + with: + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + registry: quay.io - name: Build with Maven run: mvn -B clean install -U -Pintegration + - name: Build docker images + if: github.event_name == 'pull_request' + run: ./dockerfiles/build.sh --tag:${{ env.PR_IMAGE_TAG }} + - name: Push docker images + if: github.event_name == 'pull_request' + run: docker push quay.io/eclipse/che-server:${{ env.PR_IMAGE_TAG }}