E2e test suite

Author: bouskaJ

.github/workflows/actions/kind-cluster/action.yml .github/actions/kind-cluster/action.yml

@@ -1,23 +1,28 @@
 name: 'Install and configure Kind cluster'
+description: 'Customized Kind-action'
+
 inputs:
   config:
     description: 'Kind config'
     required: true
   olm:
     description: 'install olm'
     required: true
-    type: boolean
     default: 'false'
   keycloak:
     description: 'install keycloak'
     required: true
-    type: boolean
     default: 'false'
   prometheus:
     description: 'install prometheus'
     required: true
-    type: boolean
     default: 'false'
+
+outputs:
+  oidc_url:
+    value: keycloak_url
+    description: 'Keycloak OIDC url'
+
 runs:
   using: 'composite'
   steps:
@@ -36,7 +41,7 @@ runs:
         kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
         kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s
     - name: Install prometheus
-      if: ${{ inputs.prometheus }}
+      if: ${{ inputs.prometheus == 'true'}}
       shell: bash
       run: |
         #install Prometheus
@@ -45,7 +50,7 @@ runs:
         kubectl wait --for=condition=Ready pods -l  app.kubernetes.io/name=prometheus-operator -n default
 
     - name: Install olm
-      if: ${{ inputs.olm }}
+      if: ${{ inputs.olm  == 'true'}}
       shell: bash
       run: |
         #install OLM
@@ -55,7 +60,7 @@ runs:
         kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml
 
     - name: Install keycloak
-      if: ${{ inputs.keycloak }}
+      if: ${{ inputs.keycloak  == 'true'}}
       shell: bash
       run: |
         kubectl create --kustomize ci/keycloak/operator/overlay/kind
@@ -66,9 +71,9 @@ runs:
           sleep 10
         done
         kubectl create --kustomize ci/keycloak/resources/overlay/kind
-        until [[ $( oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system 2>/dev/null) == "true" ]]
+        until [[ $( kubectl get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system 2>/dev/null) == "true" ]]
         do
-          printf "Waiting for keycloak deployment. \n Keycloak ready: %s\n" $(oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system)
+          printf "Waiting for keycloak deployment. \n Keycloak ready: %s\n" $(kubectl get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system)
           sleep 10
         done
 
@@ -92,4 +97,6 @@ runs:
                       number: 80
                 path: /
                 pathType: Prefix
-        EOF
+        EOF
+        
+        echo "keycloak_url=https://keycloak-internal.keycloak-system.svc" >> $GITHUB_OUTPUT

.github/workflows/main.yml

@@ -9,6 +9,7 @@ on:
 
 env:
   GO_VERSION: 1.22
+  OPERATOR_SDK_VERSION: v1.37.0
   IMG: ttl.sh/securesign/secure-sign-operator-${{github.run_number}}:1h
   BUNDLE_IMG: ttl.sh/securesign/bundle-secure-sign-${{github.run_number}}:1h
   CATALOG_IMG: ttl.sh/securesign/catalog-${{github.run_number}}:1h
@@ -205,7 +206,7 @@ jobs:
         run: podman load -i /tmp/operator-oci.tar
 
       - name: Install Cluster
-        uses: ./.github/workflows/actions/kind-cluster
+        uses: ./.github/actions/kind-cluster
         with:
           config: ./ci/config.yaml
           prometheus: 'true'
@@ -286,7 +287,7 @@ jobs:
           podman load -i /tmp/catalog-oci.tar
 
       - name: Install Cluster
-        uses: ./.github/workflows/actions/kind-cluster
+        uses: ./.github/actions/kind-cluster
         with:
           config: ./ci/config.yaml
           prometheus: 'true'
@@ -356,7 +357,7 @@ jobs:
         run: podman load -i /tmp/operator-oci.tar
 
       - name: Install Cluster
-        uses: ./.github/workflows/actions/kind-cluster
+        uses: ./.github/actions/kind-cluster
         with:
           config: ./ci/config.yaml
 
@@ -382,18 +383,19 @@ jobs:
 
   test-e2e:
     name: Execute securesign/sigstore-e2e
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     needs:
-      - build-fbc
+      - build-operator
+    env:
+      TEST_NAMESPACE: test
     steps:
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@main
-        with:
-          tool-cache: true
       - name: Checkout source
         uses: actions/checkout@v4
+      - name: Checkout test source repository
+        uses: actions/checkout@v4
         with:
           repository: "securesign/sigstore-e2e"
+          path: e2e
 
       - name: Install Go
         uses: actions/setup-go@v5
@@ -421,35 +423,56 @@ jobs:
       - name: Load images
         run: |
           podman load -i /tmp/operator-oci.tar
-          podman load -i /tmp/bundle-oci.tar
-          podman load -i /tmp/catalog-oci.tar
 
       - name: Install Cluster
-        uses: ./.github/workflows/actions/kind-cluster
+        id: kind
+        uses: ./.github/actions/kind-cluster
         with:
           config: ./ci/config.yaml
           keycloak: 'true'
           olm: 'true'
+          prometheus: 'true'
 
       - name: Add service hosts to /etc/hosts
         run: |
           sudo echo "127.0.0.1 fulcio-server.local tuf.local rekor-server.local rekor-search-ui.local cli-server.local" | sudo tee -a /etc/hosts
 
-      - name: Install operator
-        run:
-
-      - name: Run tests
+      - name: Deploy operator container
         env:
-          TEST_MANAGER_IMAGE: ${{ env.IMG }}
           OPENSHIFT: false
-        run: make install && go test ./test/e2e/... -tags=custom_install -p 1 -timeout 20m
+        run: make deploy
 
-      - name: Archive test artifacts
-        uses: actions/upload-artifact@v4
-        if: always()
-        with:
-          name: test-custom-install
-          path: test/**/k8s-dump-*.tar.gz
+      - name: Wait for operator to be ready
+        run: |
+          kubectl wait --for=condition=available deployment/rhtas-operator-controller-manager --timeout=120s -n openshift-rhtas-operator
+
+      - name: Install securesign
+        run: |
+          sed -i 's#https://your-oidc-issuer-url#${{ steps.kind.outputs.oidc_url }}#' config/samples/rhtas_v1alpha1_securesign.yaml
+          sed -i 's#rhtas.redhat.com/metrics: "true"#rhtas.redhat.com/metrics: "false"#' config/samples/rhtas_v1alpha1_securesign.yaml
+          kubectl create ns ${{ env.TEST_NAMESPACE }}
+          kubectl create -f config/samples/rhtas_v1alpha1_securesign.yaml -n ${{ env.TEST_NAMESPACE }}
+          sleep 1
+          kubectl wait --for=condition=Ready securesign/securesign-sample -n ${{ env.TEST_NAMESPACE }}
+
+      - name: Run tests
+        run: |         
+          export SIGSTORE_OIDC_ISSUER=${{ steps.kind.outputs.oidc_url }}
+          export FULCIO_URL=$(kubectl get securesign -o jsonpath='{.items[0].status.fulcio.url}' -n ${{ env.TEST_NAMESPACE }})
+          export REKOR_URL=$(kubectl get securesign -o jsonpath='{.items[0].status.rekor.url}' -n ${{ env.TEST_NAMESPACE }})
+          export TUF_URL=$(kubectl get securesign -o jsonpath='{.items[0].status.tuf.url}' -n ${{ env.TEST_NAMESPACE }})
+          export TSA_URL=$(kubectl get securesign -o jsonpath='{.items[0].status.tsa.url}' -n ${{ env.TEST_NAMESPACE }})
+          
+          export  CLI_STRATEGY=cli_server
+          export CLI_SERVER_URL="http://cli-server.local"
+          
+          cd e2e
+          go test -v ./test/...
+
+      - name: dump the logs of the operator
+        run: |
+          kubectl logs -n openshift-rhtas-operator deployment/rhtas-operator-controller-manager
+        if: failure()
 
   test-eks:
     name: Test EKS deployment

config/samples/rhtas_v1alpha1_securesign.yaml

@@ -13,7 +13,7 @@ spec:
     externalAccess:
       enabled: true
     monitoring:
-      enabled: true
+      enabled: false
   trillian:
     database:
       create: true
@@ -31,7 +31,7 @@ spec:
       organizationEmail: [email protected]
       commonName: fulcio.hostname
     monitoring:
-      enabled: true
+      enabled: false
   tuf:
     externalAccess:
       enabled: true
@@ -52,7 +52,7 @@ spec:
     externalAccess:
       enabled: true
     monitoring:
-      enabled: true
+      enabled: false
     ntpMonitoring:
       enabled: true
     signer: