Run Integration tests on microshift

khrm · khrm · commit ae13f76df74f · 2025-07-02T16:36:32.000+05:30
diff --git a/.github/workflows/microshift.yaml b/.github/workflows/microshift.yaml
@@ -0,0 +1,100 @@
+name: Integration Tests on microshift
+
+permissions:
+  contents: read
+  packages: write
+
+on:
+  pull_request:
+    branches:
+      - main
+      - release-*
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  tekton-triggers-integration-tests-microshift:
+    runs-on: ubuntu-24.04
+    name: Integration Tests on microshift
+    strategy:
+      fail-fast: false
+
+    env:
+      SHELL: /bin/bash
+      GOPATH: ${{ github.workspace }}
+      GO111MODULE: on
+      #    KO_DOCKER_REPO: ghcr.io/${{ github.repository_owner }}/
+      KO_DOCKER_REPO: ko.local
+      CLUSTER_DOMAIN: ${{ github.run_id }}.local
+      ARTIFACTS: ${{ github.workspace }}/artifacts
+      SKIP_INITIALIZE: true
+      SKIP_SECURITY_CTX: true
+      SKIP_KNATIVE_EG: true
+      DOCKER_HOST: unix:///run/podman/podman.sock
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          path: ${{ github.workspace }}/src/github.com/tektoncd/triggers
+
+      - name: Set up Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          cache-dependency-path: "${{ github.workspace }}/src/github.com/tektoncd/triggers/go.sum"
+          go-version-file: "${{ github.workspace }}/src/github.com/tektoncd/triggers/go.mod"
+
+      - name: Install Podman
+        uses: gacts/install-podman@v1
+        run: |
+          sudo podman system service -t 5000 &
+
+
+      - name: Install dependencies
+        working-directory: ./
+        run: |
+          echo '::group::install ko'
+          curl -L https://github.com/ko-build/ko/releases/download/v0.15.4/ko_0.15.4_Linux_x86_64.tar.gz | tar xzf - ko
+          echo '::group:: install go-junit-report'
+          go install github.com/jstemmer/go-junit-report@v0.9.1
+          echo '::endgroup::'
+          chmod +x ./ko
+          sudo mv ko /usr/local/bin
+          echo '::endgroup::'
+
+          echo '::group::create required folders'
+          mkdir -p "${ARTIFACTS}"
+          echo '::endgroup::'
+
+          echo "${GOPATH}/bin" >> "$GITHUB_PATH"
+
+#      - name: Log in to the Container registry
+#        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+#        with:
+#          registry: ghcr.io
+#          username: ${{ github.actor }}
+#          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run tests
+        working-directory: ${{ github.workspace }}/src/github.com/tektoncd/triggers
+        run: |
+          curl -L -o minc  https://github.com/minc-org/minc/releases/latest/download/minc_linux_amd64
+          chmod +x minc
+          curl https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml | yq 'del(.spec.template.spec.containers[]?.securityContext.runAsUser, .spec.template.spec.containers[]?.securityContext.runAsGroup)' > release
+          export RELEASE_YAML=$(realpath release)
+          ./minc config set provider podman
+          ./minc create --log-level debug
+          export KUBECONFIG=$HOME/.kube/config
+          ${{ github.workspace }}/src/github.com/tektoncd/triggers/test/gh-e2e-tests.sh
+
+      - name: Upload test results
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        if: ${{ failure() }}
+        with:
+          path: ${{ env.ARTIFACTS }}
diff --git a/docs/getting-started/pipeline.yaml b/docs/getting-started/pipeline.yaml
@@ -148,3 +148,14 @@ spec:
   containers:
   - image: gcr.io/knative-releases/github.com/knative/eventing-sources/cmd/event_display
     name: web
+    securityContext:
+      allowPrivilegeEscalation: false
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      runAsUser: 65532
+      runAsGroup: 65532
+      capabilities:
+        drop:
+          - "ALL"
+      seccompProfile:
+        type: RuntimeDefault
diff --git a/test/e2e-common.sh b/test/e2e-common.sh
@@ -26,7 +26,6 @@
 # Check if we have a specific RELEASE_YAML global environment variable to use
 # instead of detecting the latest released one from tektoncd/pipeline releases
 RELEASE_YAML=${RELEASE_YAML:-}
-
 source $(dirname $0)/../vendor/github.com/tektoncd/plumbing/scripts/e2e-tests.sh
 
 function install_pipeline_crd() {
@@ -52,17 +51,37 @@ function install_pipeline_crd() {
 
 function install_triggers_crd() {
   echo ">> Deploying Tekton Triggers"
-  ko apply -f config/ || fail_test "Tekton Triggers installation failed"
+  ko resolve -f config/ > rel.yaml || fail_test "Tekton Triggers build failed"
+
+  if [ "${SKIP_SECURITY_CTX}" == "true" ]; then
+      yq 'del(.spec.template.spec.containers[]?.securityContext.runAsUser, .spec.template.spec.containers[]?.securityContext.runAsGroup)' rel.yaml > release.yaml
+  else
+      cat rel.yaml > release.yaml
+  fi
+
+  rm rel.yaml
+  kubectl apply -f release.yaml || fail_test "Tekton Triggers installation failed"
 
   # Wait for the Interceptors CRD to be available before adding the core-interceptors
   kubectl wait --for=condition=Established --timeout=30s crds/clusterinterceptors.triggers.tekton.dev
-  ko apply -f config/interceptors || fail_test "Core interceptors installation failed"
+  ko resolve -f config/interceptors > rel.yaml || fail_test "Core interceptors build failed"
+
+  if [ "${SKIP_SECURITY_CTX}" == "true" ]; then
+      kubectl patch configmap config-defaults-triggers -n tekton-pipelines --type='merge' -p='{"data":{"default-run-as-user":"","default-fs-group":"", "default-run-as-group":""}}'
+      yq 'del(.spec.template.spec.containers[]?.securityContext.runAsUser, .spec.template.spec.containers[]?.securityContext.runAsGroup)' rel.yaml > release.yaml
+  else
+      cat rel.yaml > release.yaml
+  fi
+
+  rm rel.yaml
+  kubectl apply -f release.yaml || fail_test "Core interceptors installation failed"
 
   # Make sure that eveything is cleaned up in the current namespace.
   for res in eventlistener triggertemplate triggerbinding clustertriggerbinding; do
     kubectl delete --ignore-not-found=true ${res}.triggers.tekton.dev --all
   done
 
+  rm release.yaml
   # Wait for pods to be running in the namespaces we are deploying to
   wait_until_pods_running tekton-pipelines || fail_test "Tekton Triggers did not come up"
 
diff --git a/test/e2e-tests-examples.sh b/test/e2e-tests-examples.sh
@@ -202,15 +202,27 @@ main() {
       cleanup
       info "Test Successful"
     done
-    # To test Knative Serving example
-    info "Knative Example Test Started"
-    current_example="custom-resource"
-    echo "*** Example ${current_example_version}/${current_example} ***";
-    apply_files
-    check_eventlistener
-    curl_knative_service
-    cleanup
-    info "Knative Example Test Successful"
+    if [ "${SKIP_KNATIVE_EG}" == "false" ]; then
+        # To test Knative Serving example
+        info "Knative Example Test Started"
+        current_example="custom-resource"
+        echo "*** Example ${current_example_version}/${current_example} ***";
+        kubectl delete events -n default  --all
+        apply_files
+        sleep 60
+        kubectl get deployment el-custom-resource-listener-00001-deployment -n default
+        kubectl get deployment el-custom-resource-listener-00001-deployment -n default  -o yaml
+        kubectl get pod -n default
+        kubectl get pod -n default -l app=el-custom-resource-listener-00001
+        kubectl get el custom-resource-listener
+        kubectl get el custom-resource-listener -o yaml
+        kubectl logs -f deployments/el-custom-resource-listener-00001-deployment -c queue-proxy
+        kubectl get events
+        check_eventlistener
+        curl_knative_service
+        cleanup
+        info "Knative Example Test Successful"
+    fi
   done
 
   echo; echo "*** Completed Examples Test Successfully ***"; echo;
diff --git a/test/e2e-tests-yaml.sh b/test/e2e-tests-yaml.sh
@@ -47,7 +47,11 @@ main() {
   kubectl create namespace getting-started
   for op in apply delete;do
     for file in $(find ${REPO_ROOT_DIR}/docs/getting-started -name *.yaml | sort); do
-        kubectl ${op} -f ${file}
+           if [ "${SKIP_SECURITY_CTX}" == "true" ]; then
+             yq 'del(.spec.spec.containers[]?.securityContext.runAsUser, .spec.spec.containers[]?.securityContext.runAsGroup)' ${file} |  kubectl ${op} -f -
+           else
+               kubectl ${op} -f ${file}
+           fi
     done
   done
   kubectl delete namespace getting-started
diff --git a/test/e2e-tests.sh b/test/e2e-tests.sh
@@ -16,13 +16,16 @@
 
 # This script calls out to scripts in tektoncd/plumbing to setup a cluster
 # and deploy Tekton Pipelines to it for running integration tests.
+set -e
 
 source $(dirname $0)/e2e-common.sh
 # Script entry point.
 
 # Setting defaults
 failed=0
-SKIP_INITIALIZE=${SKIP_INITIALIZE:="false"}
+export  SKIP_INITIALIZE=${SKIP_INITIALIZE:="false"}
+export SKIP_SECURITY_CTX=${SKIP_SECURITY_CTX:="false"}
+export SKIP_KNATIVE_EG=${SKIP_KNATIVE_EG:="false"}
 
 
 if [ "${SKIP_INITIALIZE}" != "true" ]; then
@@ -34,18 +37,19 @@ install_pipeline_crd
 install_triggers_crd
 
 header "Running yaml tests"
-$(dirname $0)/e2e-tests-yaml.sh || failed=1
+$(dirname $0)/e2e-tests-yaml.sh || ( failed=1 && echo "failed yaml tests" )
 
 header "Running ingress tests"
-$(dirname $0)/e2e-tests-ingress.sh || failed=1
+$(dirname $0)/e2e-tests-ingress.sh || ( failed=1 && echo "failed ingress tests" )
 
 # Run the integration tests
 header "Running Go e2e tests"
-go_test_e2e -timeout=20m ./test || failed=1
-go_test_e2e -timeout=20m ./cmd/... || failed=1
+go_test_e2e -timeout=20m ./test || ( failed=1 && echo "failed integration tests" )
+go_test_e2e -timeout=20m ./cmd/... || ( failed=1 && echo "failed integration tests" )
+
 
 header "Running examples tests"
-$(dirname $0)/e2e-tests-examples.sh || failed=1
+$(dirname $0)/e2e-tests-examples.sh || ( failed=1 && echo "failed example tests" )
 
 (( failed )) && fail_test
 success
diff --git a/test/eventlistener_test.go b/test/eventlistener_test.go
@@ -493,9 +493,6 @@ func TestEventListenerCreate(t *testing.T) {
 		}
 	}
 
-	fmt.Printf("\nel.Spec.Resources.KubernetesResource.ServiceType: %v", el.Spec.Resources.KubernetesResource.ServiceType)
-	fmt.Printf("\nel.Spec.Resources.KubernetesResource.ServicePort: %v", *el.Spec.Resources.KubernetesResource.ServicePort)
-
 	// Send POST request to EventListener sink
 	var resp *http.Response
 	if err := WaitFor(func() (bool, error) {
diff --git a/test/presubmit-tests.sh b/test/presubmit-tests.sh
@@ -23,11 +23,13 @@
 
 # Markdown linting failures don't show up properly in Gubernator resulting
 # in a net-negative contributor experience.
+set -x
 export DISABLE_MD_LINTING=1
 export DISABLE_MD_LINK_CHECK=1
 
 source $(dirname $0)/../vendor/github.com/tektoncd/plumbing/scripts/presubmit-tests.sh
 
+go install github.com/jstemmer/go-junit-report/v2@latest
 
 function post_build_tests() {
     return_code=0

Original file line number	Diff line number	Diff line change
`@@ -493,9 +493,6 @@ func TestEventListenerCreate(t *testing.T) {`
`493`	`493`	`}`
`494`	`494`	`}`
`495`	`495`
`496`		`- fmt.Printf("\nel.Spec.Resources.KubernetesResource.ServiceType: %v", el.Spec.Resources.KubernetesResource.ServiceType)`
`497`		`- fmt.Printf("\nel.Spec.Resources.KubernetesResource.ServicePort: %v", *el.Spec.Resources.KubernetesResource.ServicePort)`
`498`		`-`
`499`	`496`	`// Send POST request to EventListener sink`
`500`	`497`	`var resp *http.Response`
`501`	`498`	`if err := WaitFor(func() (bool, error) {`