Merge branch 'main' into rhdh1.4-dynamic-plugins-versions-update

Author: nickboldt

.github/actions/docker-build/action.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 The Janus IDP Authors
+# Copyright Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

.github/workflows/next-build-image.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 The Janus IDP Authors
+# Copyright Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -55,9 +55,9 @@ jobs:
         uses: ./.github/actions/docker-build
         with:
           registry: ${{ env.REGISTRY }}
-          username: ${{ vars.QUAY_USERNAME }}
+          username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_TOKEN }}
-          imageName: ${{ github.repository }}
+          imageName: rhdh-community/rhdh
           imageTags: |
             type=raw,value=next
             type=sha,prefix=next-

.github/workflows/pr-build-image.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 The Janus IDP Authors
+# Copyright Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -45,7 +45,7 @@ jobs:
 
       - name: Get the latest commits from base branch
         run: |
-          git remote add base-origin https://github.com/janus-idp/backstage-showcase || true
+          git remote add base-origin https://github.com/${{ github.repository }} || true
           git config user.name "${{ github.event.pull_request.user.login }}"
           git config user.email "${{ github.event.pull_request.user.email }}"
           echo "Updating PR with latest commits from ${{ github.event.pull_request.base.ref }} ..."
@@ -67,9 +67,9 @@ jobs:
         uses: ./.github/actions/docker-build
         with:
           registry: ${{ env.REGISTRY }}
-          username: ${{ vars.QUAY_USERNAME }}
+          username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_TOKEN }}
-          imageName: ${{ github.repository }}
+          imageName: rhdh-community/rhdh
           imageTags: |
             type=ref,prefix=pr-,event=pr
             type=ref,prefix=pr-,suffix=-${{ env.SHORT_SHA }},event=pr
@@ -85,5 +85,5 @@ jobs:
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
-              body: 'The image is available at:\n* [`quay.io/${{ github.repository }}:pr-${{ github.event.number }}`](https://quay.io/${{ github.repository }}:pr-${{ github.event.number }}) or\n* [`quay.io/${{ github.repository }}:pr-${{ github.event.number }}-${{ env.SHORT_SHA }}`](https://quay.io/${{ github.repository }}:pr-${{ github.event.number }}-${{ env.SHORT_SHA }})'
+              body: 'The image is available at:\n* [`quay.io/rhdh-community/rhdh:pr-${{ github.event.number }}`](https://quay.io/rhdh-community/rhdh:pr-${{ github.event.number }}) or\n* [`quay.io/rhdh-community/rhdh:pr-${{ github.event.number }}-${{ env.SHORT_SHA }}`](https://quay.io/rhdh-community/rhdh:pr-${{ github.event.number }}-${{ env.SHORT_SHA }})'
             })

.github/workflows/pr.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023-2024 The Janus IDP Authors
+# Copyright Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

.github/workflows/techdocs.yaml

@@ -1,4 +1,4 @@
-# Copyright 2024 The Janus IDP Authors
+# Copyright Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -46,8 +46,8 @@ jobs:
         id: generate-token
         uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         with:
-          app-id: ${{ vars.JANUS_IDP_GITHUB_APP_ID }}
-          private-key: ${{ secrets.JANUS_IDP_GITHUB_APP_PRIVATE_KEY }}
+          app-id: ${{ secrets.RHDH_GITHUB_APP_ID }}
+          private-key: ${{ secrets.RHDH_GITHUB_APP_PRIVATE_KEY }}
 
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

.github/workflows/update-backstage.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 The Janus IDP Authors
+# Copyright Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# on push of a tag, trigger a container build for that tag and push to http://quay.io/janus-idp/backstage-showcase
+# on push of a tag, trigger a container build for that tag and push to http://quay.io/rhdh-community/rhdh
 name: Versioned
 
 on:
@@ -57,9 +57,9 @@ jobs:
         uses: ./.github/actions/docker-build
         with:
           registry: ${{ env.REGISTRY }}
-          username: ${{ vars.QUAY_USERNAME }}
+          username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_TOKEN }}
-          imageName: ${{ github.repository }}
+          imageName: rhdh-community/rhdh
           imageTags: |
             type=raw,value=latest,enable=${{ env.is_latest }}
             type=semver,pattern={{version}}

.github/workflows/versioned-build-image.yaml

@@ -1,3 +1,112 @@
+# OCP Ephemeral Environment
+
+## Overview
+
+The RHDH deployment for end-to-end (e2e) tests in CI has been updated to use **ephemeral clusters** on OpenShift Container Platform (OCP) instead of persistent clusters.  
+
+### Key Updates
+- Starting from version **1.5**, ephemeral clusters are used for:
+  - OCP nightly jobs (v4.17, v4.16, and v4.14).  
+  - PR checks on the main branch.  
+- Previously, RHDH PR checks utilized persistent clusters created on IBM Cloud.  
+- Now, ephemeral clusters are provisioned using the **OpenShift CI cluster claim** on AWS via the RHDH-QE account in the `us-east-2` region.
+
+---
+
+## Access Requirements
+
+To access ephemeral clusters, you must:  
+1. Be a **Cluster Pool Admin**.  
+2. Join the **Rover Group**: [rhdh-pool-admins](https://rover.redhat.com/groups/group/rhdh-pool-admins).
+
+---
+
+## Cluster Pools
+
+The following cluster pools are available for different OCP versions:
+
+- **RHDH-4-17-US-EAST-2**
+  - Usage: PR checks on the main branch and OCP v4.17 nightly jobs.  
+  - [Cluster Pool Configuration](https://github.com/openshift/release/blob/master/clusters/hosted-mgmt/hive/pools/rhdh/rhdh-ocp-4-17-0-amd64-aws-us-east-2_clusterpool.yaml).  
+
+- **RHDH-4-16-US-EAST-2**
+  - Usage: OCP v4.16 nightly jobs.  
+  - [Cluster Pool Configuration](https://github.com/openshift/release/blob/master/clusters/hosted-mgmt/hive/pools/rhdh/rhdh-ocp-4-16-0-amd64-aws-us-east-2_clusterpool.yaml).  
+
+- **RHDH-4-15-US-EAST-2**
+  - Usage: OCP v4.15 nightly jobs.  
+  - [Cluster Pool Configuration](https://github.com/openshift/release/blob/master/clusters/hosted-mgmt/hive/pools/rhdh/rhdh-ocp-4-15-0-amd64-aws-us-east-2_clusterpool.yaml).  
+
+---
+
+## Using Cluster Claims in OpenShift CI Jobs
+
+Ephemeral clusters can be utilized in CI jobs by defining a `cluster_claim` stanza with values matching the labels on the pool.  
+Additionally, include the workflow: `generic-claim` for setup and cleanup.
+
+### Example Configuration
+
+```yaml
+- as: e2e-tests-nightly
+  cluster_claim:
+    architecture: amd64
+    cloud: aws
+    labels:
+      region: us-east-2
+    owner: rhdh
+    product: ocp
+    timeout: 1h0m0s
+    version: "4.17"
+  cron: 0 7 * * *
+  steps:
+    test:
+    - ref: janus-idp-backstage-showcase-nightly
+    workflow: generic-claim
+```
+
+
+
+## Debugging
+
+If you are a member of the ```rhdh-pool-admins``` group, you can use the [.ibm/pipelines/ocp-cluster-claim-login.sh](ocp-cluster-claim-login.sh) script to log in and retrieve ephemeral environment credentials.
+
+### Steps:
+
+1. Run the script: 
+    ```bash
+    .ibm/pipelines/ocp-cluster-claim-login.sh
+    ```
+2. Provide the Prow log URL when prompted, for example: ```https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/janus-idp_backstage-showcase/2089/pull-ci-janus-idp-backstage-showcase-main-e2e-tests/1866766753132974080 ```
+3. The script will:
+    - Log in to the hosted-mgmt cluster, which manages ephemeral cluster creation.
+    - Retrieve admin credentials and log in to the ephemeral cluster.
+    - Prompt to open the OCP web console directly in the browser.
+4. Note:
+    - The ephemeral cluster is deleted as soon as the CI job terminates.
+    - To retain the cluster for a longer duration, add a sleep command in the [openshift-ci-tests.sh](openshift-ci-tests.sh) script, e.g.:
+        ```bash
+        ...
+        echo "Main script completed with result: ${OVERALL_RESULT}"
+        sleep 60*60
+        exit "${OVERALL_RESULT}"
+        ...
+        ```
+
+### For detailed documentation, refer to: [Openshift-ci cluster claim docs](https://docs.ci.openshift.org/docs/how-tos/cluster-claim/)
+
+
+## Keycloak Authentication for Tests
+- All tests on the main branch use Keycloak as the default authentication provider.
+- Keycloak is deployed on the pr-os cluster.
+### Keycloak Instance Details:
+- URL: [Keycloak Admin Console](https://keycloak-rhsso.rhdh-pr-os-a9805650830b22c3aee243e51d79565d-0000.us-east.containers.appdomain.cloud/auth/admin/master/console/#/realms/rhdh-login-test)
+- Credentials: These can be found in the RHDH-QE Vault under the following keys:
+    - ```KEYCLOAK_AUTH_BASE_URL```
+    - ```KEYCLOAK_AUTH_CLIENTID```
+    - ```KEYCLOAK_AUTH_CLIENT_SECRET```
+    - ```KEYCLOAK_AUTH_LOGIN_REALM```
+    - ```KEYCLOAK_AUTH_REALM```
+
 # Installation Instructions for Tests
 
 For tests dependent on `backstage-community-plugin-ocm-backend-dynamic` and `backstage-community-plugin-ocm`, it's necessary to install **Advanced Cluster Management for Kubernetes "MultiClusterHub"**.

.ibm/pipelines/README.md

@@ -4,25 +4,30 @@ handle_aks() {
   echo "Starting AKS deployment"
   for file in ${DIR}/cluster/aks/*.sh; do source $file; done
 
-  export K8S_CLUSTER_TOKEN=$(cat /tmp/secrets/AKS_CLUSTER_TOKEN)
-  export K8S_CLUSTER_TOKEN_ENCODED=$(printf "%s" $K8S_CLUSTER_TOKEN | base64 | tr -d '\n')
-  export K8S_SERVICE_ACCOUNT_TOKEN=$K8S_CLUSTER_TOKEN_ENCODED
-  export OCM_CLUSTER_TOKEN=$K8S_CLUSTER_TOKEN_ENCODED
-
   export K8S_CLUSTER_ROUTER_BASE=$AKS_INSTANCE_DOMAIN_NAME
   export NAME_SPACE_K8S="showcase-k8s-ci-nightly"
   export NAME_SPACE_RBAC_K8S="showcase-rbac-k8s-ci-nightly"
 
   url="https://${K8S_CLUSTER_ROUTER_BASE}"
 
-  az_login
-  az_aks_start "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
-  az_aks_approuting_enable "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
-  az_aks_get_credentials "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
-
-  export K8S_CLUSTER_URL=$(oc whoami --show-server)
-  export K8S_CLUSTER_API_SERVER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n')
-  export OCM_CLUSTER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n')
+  if kubectl auth whoami > /dev/null 2>&1; then
+    echo "Using an ephemeral AKS cluster."
+  else
+    echo "Falling back to a long-running AKS cluster."
+    export K8S_CLUSTER_TOKEN=$(cat /tmp/secrets/AKS_CLUSTER_TOKEN)
+    export K8S_CLUSTER_TOKEN_ENCODED=$(printf "%s" $K8S_CLUSTER_TOKEN | base64 | tr -d '\n')
+    export K8S_SERVICE_ACCOUNT_TOKEN=$K8S_CLUSTER_TOKEN_ENCODED
+    export OCM_CLUSTER_TOKEN=$K8S_CLUSTER_TOKEN_ENCODED
+
+    az_login
+    az_aks_start "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
+    az_aks_approuting_enable "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
+    az_aks_get_credentials "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
+
+    export K8S_CLUSTER_URL=$(oc whoami --show-server)
+    export K8S_CLUSTER_API_SERVER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n')
+    export OCM_CLUSTER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n')
+  fi
 
   initiate_aks_deployment
   check_and_test "${RELEASE_NAME}" "${NAME_SPACE_K8S}" "${url}"
@@ -32,5 +37,3 @@ handle_aks() {
   check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC_K8S}" "${rbac_rhdh_base_url}"
   delete_namespace "${NAME_SPACE_RBAC_K8S}"
 }
-
-

.ibm/pipelines/jobs/aks.sh

@@ -56,15 +56,11 @@ initiate_operator_deployments() {
 handle_operator() {
   oc_login
 
-  API_SERVER_URL=$(oc whoami --show-server)
-  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
-  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
-
   export K8S_CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
   local url="https://backstage-${RELEASE_NAME}-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
   local rbac_url="https://backstage-${RELEASE_NAME_RBAC}-${NAME_SPACE_RBAC}.${K8S_CLUSTER_ROUTER_BASE}"
 
-  cluster_setup
+  cluster_setup_operator
   initiate_operator_deployments
   check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${url}"
   check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${rbac_url}"

.ibm/pipelines/jobs/operator.sh

@@ -16,6 +16,3 @@ subjects:
   - kind: ServiceAccount
     name: rhdh-k8s-plugin
     namespace: showcase-operator-nightly
-  - kind: ServiceAccount
-    name: rhdh-k8s-plugin
-    namespace: showcase-op-rbac-nightly

.ibm/pipelines/resources/cluster_role_binding/cluster-role-binding-ocm.yaml

@@ -76,7 +76,7 @@ catalog:
     - allow: [API, Component, Group, Location, Resource, System, Template]
   locations:
     - type: url
-      target: https://github.com/janus-idp/backstage-showcase/blob/main/catalog-entities/all.yaml
+      target: https://github.com/redhat-developer/rhdh/blob/main/catalog-entities/all.yaml
     - type: url
       target: https://github.com/redhat-developer/red-hat-developer-hub-software-templates/blob/main/templates.yaml
     - type: url

.ibm/pipelines/resources/config_map/app-config-rhdh-rbac.yaml

@@ -107,7 +107,7 @@ catalog:
     - allow: [API, Component, Group, Location, Resource, System, Template]
   locations:
     - type: url
-      target: https://github.com/janus-idp/backstage-showcase/blob/main/catalog-entities/all.yaml
+      target: https://github.com/redhat-developer/rhdh/blob/main/catalog-entities/all.yaml
     - type: url
       target: https://github.com/redhat-developer/red-hat-developer-hub-software-templates/blob/main/templates.yaml
     - type: url