326 lines
11 KiB
Bash
326 lines
11 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Copyright (c) 2023 Red Hat, Inc.
|
|
# This program and the accompanying materials are made
|
|
# available under the terms of the Eclipse Public License 2.0
|
|
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
#
|
|
# SPDX-License-Identifier: EPL-2.0
|
|
#
|
|
# Contributors:
|
|
# Red Hat, Inc. - initial API and implementation
|
|
#
|
|
|
|
set -e
|
|
# only exit with zero if all commands of the pipeline exit successfully
|
|
set -o pipefail
|
|
|
|
PR_IMAGE_TAG="pr-${PULL_NUMBER}"
|
|
|
|
export CHE_NAMESPACE=${CHE_NAMESPACE:-"eclipse-che"}
|
|
export CHE_SERVER_IMAGE=${CHE_SERVER_IMAGE:-"quay.io/eclipse/che-server:${PR_IMAGE_TAG}"}
|
|
export ARTIFACTS_DIR=${ARTIFACT_DIR:-"/tmp/artifacts"}
|
|
export CHE_FORWARDED_PORT="8081"
|
|
export OCP_ADMIN_USER_NAME=${OCP_ADMIN_USER_NAME:-"admin"}
|
|
export OCP_NON_ADMIN_USER_NAME=${OCP_NON_ADMIN_USER_NAME:-"user"}
|
|
export OCP_LOGIN_PASSWORD=${OCP_LOGIN_PASSWORD:-"passw"}
|
|
export ADMIN_CHE_NAMESPACE=${OCP_ADMIN_USER_NAME}"-che"
|
|
export USER_CHE_NAMESPACE=${OCP_NON_ADMIN_USER_NAME}"-che"
|
|
export GIT_PROVIDER_USERNAME=${GIT_PROVIDER_USERNAME:-"chepullreq1"}
|
|
export PUBLIC_REPO_WORKSPACE_NAME=${PUBLIC_REPO_WORKSPACE_NAME:-"public-repo-wksp-testname"}
|
|
export PRIVATE_REPO_WORKSPACE_NAME=${PRIVATE_REPO_WORKSPACE_NAME:-"private-repo-wksp-testname"}
|
|
export PUBLIC_PROJECT_NAME=${PUBLIC_PROJECT_NAME:-"public-repo"}
|
|
export PRIVATE_PROJECT_NAME=${PRIVATE_PROJECT_NAME:-"private-repo"}
|
|
export YAML_FILE_NAME=${YAML_FILE_NAME:-"devfile.yaml"}
|
|
|
|
provisionOpenShiftOAuthUser() {
|
|
echo -e "[INFO] Provisioning Openshift OAuth user"
|
|
htpasswd -c -B -b users.htpasswd ${OCP_ADMIN_USER_NAME} ${OCP_LOGIN_PASSWORD}
|
|
htpasswd -b users.htpasswd ${OCP_NON_ADMIN_USER_NAME} ${OCP_LOGIN_PASSWORD}
|
|
oc create secret generic htpass-secret --from-file=htpasswd="users.htpasswd" -n openshift-config
|
|
oc apply -f ".ci/openshift-ci/htpasswdProvider.yaml"
|
|
oc adm policy add-cluster-role-to-user cluster-admin ${OCP_ADMIN_USER_NAME}
|
|
|
|
echo -e "[INFO] Waiting for htpasswd auth to be working up to 5 minutes"
|
|
CURRENT_TIME=$(date +%s)
|
|
ENDTIME=$((CURRENT_TIME + 300))
|
|
while [ "$(date +%s)" -lt $ENDTIME ]; do
|
|
if oc login -u=${OCP_ADMIN_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false; then
|
|
break
|
|
fi
|
|
sleep 10
|
|
done
|
|
}
|
|
|
|
createCustomResourcesFile() {
|
|
cat > custom-resources.yaml <<-END
|
|
apiVersion: org.eclipse.che/v2
|
|
spec:
|
|
devEnvironments:
|
|
maxNumberOfRunningWorkspacesPerUser: 10000
|
|
END
|
|
|
|
echo "Generated custom resources file"
|
|
cat custom-resources.yaml
|
|
}
|
|
|
|
deployChe() {
|
|
chectl server:deploy --cheimage=$CHE_SERVER_IMAGE \
|
|
--che-operator-cr-patch-yaml=custom-resources.yaml \
|
|
--platform=openshift \
|
|
--telemetry=off \
|
|
--batch
|
|
}
|
|
|
|
# this command starts port forwarding between the local machine and the che-host service in the OpenShift cluster.
|
|
forwardPortToService() {
|
|
oc port-forward service/che-host ${CHE_FORWARDED_PORT}:8080 -n ${CHE_NAMESPACE} &
|
|
sleep 3s
|
|
}
|
|
|
|
killProcessByPort() {
|
|
fuser -k ${CHE_FORWARDED_PORT}/tcp
|
|
}
|
|
|
|
requestFactoryResolverGitRepoUrl() {
|
|
GIT_REPO_URL=$1
|
|
CLUSTER_ACCESS_TOKEN=$(oc whoami -t)
|
|
|
|
curl -i -X 'POST' \
|
|
http://localhost:${CHE_FORWARDED_PORT}/api/factory/resolver \
|
|
-H 'accept: */*' \
|
|
-H "Authorization: Bearer ${CLUSTER_ACCESS_TOKEN}" \
|
|
-H 'Content-Type: application/json' \
|
|
-d '{
|
|
"url": "'${GIT_REPO_URL}'"
|
|
}'
|
|
}
|
|
|
|
# check that factory resolver returns correct value without any PAT/OAuth setup
|
|
testFactoryResolverNoPatOAuth() {
|
|
PUBLIC_REPO_URL=$1
|
|
PRIVATE_REPO_URL=$2
|
|
|
|
echo "[INFO] Check factory resolver for public repository with NO PAT/OAuth setup"
|
|
if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then
|
|
echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code."
|
|
else
|
|
echo "[ERROR] Factory resolver returned wrong status code. Expected: HTTP/1.1 200."
|
|
exit 1
|
|
fi
|
|
|
|
echo "[INFO] Check factory resolver for private repository with NO PAT/OAuth setup"
|
|
if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 400")" ]; then
|
|
echo "[INFO] Factory resolver returned 'HTTP/1.1 400' status code. Expected client side error."
|
|
else
|
|
echo "[ERROR] Factory resolver returned wrong status code. Expected 'HTTP/1.1 400'."
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# check that factory resolver returns correct value with PAT/OAuth setup
|
|
testFactoryResolverWithPatOAuth() {
|
|
PUBLIC_REPO_URL=$1
|
|
PRIVATE_REPO_URL=$2
|
|
|
|
echo "[INFO] Check factory resolver for public repository with PAT/OAuth setup"
|
|
if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then
|
|
echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code."
|
|
else
|
|
echo "[ERROR] Factory resolver returned wrong status code. Expected: HTTP/1.1 200"
|
|
exit 1
|
|
fi
|
|
|
|
echo "[INFO] Check factory resolver for private repository with PAT/OAuth setup"
|
|
if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 200")" ]; then
|
|
echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code."
|
|
else
|
|
echo "[ERROR] Factory resolver returned wrong status code. Expected: HTTP/1.1 200"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
requestProvisionNamespace() {
|
|
CLUSTER_ACCESS_TOKEN=$(oc whoami -t)
|
|
|
|
curl -i -X 'POST' \
|
|
http://localhost:${CHE_FORWARDED_PORT}/api/kubernetes/namespace/provision \
|
|
-H 'accept: application/json' \
|
|
-H "Authorization: Bearer ${CLUSTER_ACCESS_TOKEN}" \
|
|
-d ''
|
|
}
|
|
|
|
initUserNamespace() {
|
|
OCP_USER_NAME=$1
|
|
|
|
echo "[INFO] Initialize user namespace"
|
|
oc login -u=${OCP_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false
|
|
if [ "$(requestProvisionNamespace | grep "HTTP/1.1 200")" ]; then
|
|
echo "[INFO] Request provision user namespace returned 'HTTP/1.1 200' status code."
|
|
else
|
|
echo "[ERROR] Request provision user namespace returned wrong status code. Expected: HTTP/1.1 200"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
setupPersonalAccessToken() {
|
|
GIT_PROVIDER_TYPE=$1
|
|
GIT_PROVIDER_URL=$2
|
|
GIT_PROVIDER_PAT=$3
|
|
|
|
echo "[INFO] Setup Personal Access Token Secret"
|
|
oc project ${USER_CHE_NAMESPACE}
|
|
CHE_USER_ID=$(oc get secret user-profile -o jsonpath='{.data.id}' | base64 -d)
|
|
ENCODED_PAT=$(echo -n ${GIT_PROVIDER_PAT} | base64)
|
|
cat .ci/openshift-ci/pat-secret.yaml > pat-secret.yaml
|
|
|
|
# patch the pat-secret.yaml file
|
|
sed -i "s#che-user-id#${CHE_USER_ID}#g" pat-secret.yaml
|
|
sed -i "s#git-provider-name#${GIT_PROVIDER_TYPE}#g" pat-secret.yaml
|
|
sed -i "s#git-provider-url#${GIT_PROVIDER_URL}#g" pat-secret.yaml
|
|
sed -i "s#encoded-access-token#${ENCODED_PAT}#g" pat-secret.yaml
|
|
|
|
if [ "${GIT_PROVIDER_TYPE}" == "azure-devops" ]; then
|
|
sed -i "s#''#${GIT_PROVIDER_USERNAME}#g" pat-secret.yaml
|
|
fi
|
|
|
|
cat pat-secret.yaml
|
|
|
|
oc apply -f pat-secret.yaml -n ${USER_CHE_NAMESPACE}
|
|
}
|
|
|
|
runTestWorkspaceWithGitRepoUrl() {
|
|
WS_NAME=$1
|
|
PROJECT_NAME=$2
|
|
GIT_REPO_URL=$3
|
|
OCP_USER_NAMESPACE=$4
|
|
|
|
oc project ${OCP_USER_NAMESPACE}
|
|
cat .ci/openshift-ci/devworkspace-test.yaml > devworkspace-test.yaml
|
|
|
|
# patch the devworkspace-test.yaml file
|
|
sed -i "s#ws-name#${WS_NAME}#g" devworkspace-test.yaml
|
|
sed -i "s#project-name#${PROJECT_NAME}#g" devworkspace-test.yaml
|
|
sed -i "s#git-repo-url#${GIT_REPO_URL}#g" devworkspace-test.yaml
|
|
|
|
cat devworkspace-test.yaml
|
|
|
|
oc apply -f devworkspace-test.yaml -n ${OCP_USER_NAMESPACE}
|
|
oc wait -n ${OCP_USER_NAMESPACE} --for=condition=Ready dw ${WS_NAME} --timeout=360s
|
|
echo "[INFO] Test workspace is run"
|
|
}
|
|
|
|
testProjectIsCloned() {
|
|
PROJECT_NAME=$1
|
|
OCP_USER_NAMESPACE=$2
|
|
|
|
WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}')
|
|
if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- test -f /projects/${PROJECT_NAME}/${YAML_FILE_NAME}; then
|
|
echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} exists."
|
|
else
|
|
echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} is absent."
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
testGitCredentialsData() {
|
|
OCP_USER_NAMESPACE=$1
|
|
GIT_PROVIDER_PAT=$2
|
|
GIT_PROVIDER_URL=$3
|
|
|
|
echo "[INFO] Check the 'git credentials' is in a workspace"
|
|
hostName="${GIT_PROVIDER_URL#https://}"
|
|
|
|
if [ "${GIT_PROVIDER_TYPE}" == "azure-devops" ]; then
|
|
userName="username"
|
|
else
|
|
userName=${GIT_PROVIDER_USERNAME}
|
|
fi
|
|
|
|
gitCredentials="https://${userName}:${GIT_PROVIDER_PAT}@${hostName}"
|
|
WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}')
|
|
if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- cat /.git-credentials/credentials | grep -q ${gitCredentials}; then
|
|
echo "[INFO] Git credentials file '/.git-credentials/credentials' exists and has the expected content."
|
|
else
|
|
echo "[ERROR] Git credentials file '/.git-credentials/credentials' does not exist or has incorrect content."
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
deleteTestWorkspace() {
|
|
WS_NAME=$1
|
|
OCP_USER_NAMESPACE=$2
|
|
|
|
oc delete dw ${WS_NAME} -n ${OCP_USER_NAMESPACE}
|
|
}
|
|
|
|
# Catch the finish of the job and write logs in artifacts.
|
|
catchFinish() {
|
|
local RESULT=$?
|
|
killProcessByPort
|
|
if [ "$RESULT" != "0" ]; then
|
|
set +e
|
|
collectEclipseCheLogs
|
|
set -e
|
|
fi
|
|
|
|
[[ "${RESULT}" != "0" ]] && echo "[ERROR] Job failed." || echo "[INFO] Job completed successfully."
|
|
exit $RESULT
|
|
}
|
|
|
|
collectEclipseCheLogs() {
|
|
mkdir -p ${ARTIFACTS_DIR}/che-logs
|
|
|
|
# Collect all Eclipse Che logs and cluster CR
|
|
chectl server:logs -n $CHE_NAMESPACE --directory ${ARTIFACTS_DIR}/che-logs --telemetry off
|
|
oc get checluster -o yaml -n $CHE_NAMESPACE > "${ARTIFACTS_DIR}/che-cluster.yaml"
|
|
}
|
|
|
|
testClonePublicRepoNoPatOAuth() {
|
|
WS_NAME=$1
|
|
PROJECT_NAME=$2
|
|
GIT_REPO_URL=$3
|
|
OCP_USER_NAMESPACE=$4
|
|
|
|
runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
|
|
echo "[INFO] Check the public repository is cloned with NO PAT/OAuth setup"
|
|
testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || \
|
|
{ echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} should be present." && exit 1; }
|
|
deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
|
|
}
|
|
|
|
testClonePrivateRepoNoPatOAuth() {
|
|
WS_NAME=$1
|
|
PROJECT_NAME=$2
|
|
GIT_REPO_URL=$3
|
|
OCP_USER_NAMESPACE=$4
|
|
|
|
runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
|
|
echo "[INFO] Check the private repository is NOT cloned with NO PAT/OAuth setup"
|
|
testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} && \
|
|
{ echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} should NOT be present" && exit 1; }
|
|
echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} is NOT present. This is EXPECTED"
|
|
deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
|
|
}
|
|
|
|
testCloneGitRepoWithSetupPat() {
|
|
WS_NAME=$1
|
|
PROJECT_NAME=$2
|
|
GIT_REPO_URL=$3
|
|
OCP_USER_NAMESPACE=$4
|
|
|
|
runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
|
|
testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || \
|
|
{ echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} should be present." && exit 1; }
|
|
}
|
|
|
|
setupTestEnvironment() {
|
|
OCP_USER_NAME=$1
|
|
|
|
provisionOpenShiftOAuthUser
|
|
createCustomResourcesFile
|
|
deployChe
|
|
forwardPortToService
|
|
initUserNamespace ${OCP_USER_NAME}
|
|
}
|