Merge branch 'main' into renovate/main-all-minor-patch

janus-idp · Jul 30, 2024 · 9d2bc44 · 9d2bc44
2 parents 103d3d6 + e53bfce
commit 9d2bc44
Show file tree

Hide file tree

Showing 104 changed files with 5,372 additions and 834 deletions.
diff --git a/.github/README.workflows.adoc b/.github/README.workflows.adoc
@@ -0,0 +1,7 @@
+NOTE: If you rename any of the tests in this folder, or want to add new required ones, please remember to submit a PR against the link:https://github.com/openshift/release[openshift/releases] repo with the updated list of `required_status_checks` for pull requests.
+
+For example:
+
+* link:https://github.com/openshift/release/tree/master/core-services/prow/02_config/janus-idp/[core-services/prow/02_config/janus-idp/]
+* link:https://github.com/openshift/release/tree/master/core-services/prow/02_config/redhat-developer[core-services/prow/02_config/redhat-developer]
+
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -4,7 +4,9 @@
     ":gitSignOff",
     ":rebaseStalePrs",
     "group:allNonMajor",
-    "docker:disableMajor"
+    "docker:disableMajor",
+    "default:pinDigestsDisabled",
+    "helpers:pinGitHubActionDigests"
   ],
   "labels": [
     "kind/dependency upgrade"
@@ -14,55 +16,191 @@
     "/^1\\..*\\.x/"
   ],
   "constraints": {
-    "go": "1.20"
+    "go": "1.21"
   },
   "packageRules": [
     {
-      "matchCategories": [
+      "description": "Do NOT generate PRs to pin or apply digests to dockerfiles",
+      "enabled": false,
+      "matchDatasources": [
         "docker"
       ],
       "matchUpdateTypes": [
-        "patch"
+        "pin","pinDigest", "digest"
       ],
-      "digest": {
-        "enabled": false
-      },
-      "automerge": true,
-      "pinDigests": false
+      "automerge": false
     },
     {
+      "description": "Do automerge patch updates to dockerfiles",
+      "enabled": true,
       "matchDatasources": [
         "docker"
       ],
       "matchUpdateTypes": [
         "patch"
       ],
-      "digest": {
-        "enabled": false
-      },
       "automerge": true,
       "pinDigests": false
     },
     {
+      "description": "k8s go: minor and patch updates in main",
+      "enabled": true,
+      "groupName": "k8s-go main",
+      "matchDatasources": [
+        "go"
+      ],
+      "matchPackagePrefixes": [
+        "k8s.io/api",
+        "k8s.io/apimachinery",
+        "k8s.io/client-go"
+      ],
+      "matchUpdateTypes": [
+        "minor", "patch"
+      ],
+      "baseBranches": [
+        "main"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "k8s go: patch updates only in 1.y.x",
+      "enabled": true,
+      "groupName": "k8s-go 1.y.x",
+      "matchDatasources": [
+        "go"
+      ],
+      "matchPackagePrefixes": [
+        "k8s.io/api",
+        "k8s.io/apimachinery",
+        "k8s.io/client-go"
+      ],
+      "matchUpdateTypes": [
+        "patch"
+      ],
+      "baseBranches": [
+        "/^1\\..*\\.x/"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "ginkgo: minor and patch updates in main",
+      "enabled": true,
+      "groupName": "ginkgo main",
+      "matchDatasources": [
+        "go"
+      ],
+      "matchPackagePrefixes": [
+        "github.com/onsi/ginkgo/v2"
+      ],
+      "matchUpdateTypes": [
+        "minor", "patch"
+      ],
+      "baseBranches": [
+        "main"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "ginkgo: patch updates only in 1.y.x",
+      "enabled": true,
+      "groupName": "ginkgo 1.y.x",
+      "matchDatasources": [
+        "go"
+      ],
+      "matchPackagePrefixes": [
+        "github.com/onsi/ginkgo/v2"
+      ],
+      "matchUpdateTypes": [
+        "patch"
+      ],
+      "baseBranches": [
+        "/^1\\..*\\.x/"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "gomega: minor and patch updates in main",
+      "enabled": true,
+      "groupName": "gomega main",
+      "matchDatasources": [
+        "go"
+      ],
+      "matchPackagePrefixes": [
+	      "github.com/onsi/gomega"
+      ],
+      "matchUpdateTypes": [
+        "minor", "patch"
+      ],
+      "baseBranches": [
+        "main"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "gomega: patch updates only in 1.y.x",
+      "enabled": true,
+      "groupName": "gomega 1.y.x",
+      "matchDatasources": [
+        "go"
+      ],
+      "matchPackagePrefixes": [
+	      "github.com/onsi/gomega"
+      ],
+      "matchUpdateTypes": [
+        "patch"
+      ],
+      "baseBranches": [
+        "/^1\\..*\\.x/"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "Do NOT generate PRs for major go dependency updates ",
+      "enabled": false,
+      "matchDatasources": [
+        "go"
+      ],
+      "matchUpdateTypes": [
+        "major"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "Do automerge go dependency patch updates, except for versions starting with 0",
+      "enabled": true,
       "matchDatasources": [
         "go"
       ],
       "matchUpdateTypes": [
-        "minor,",
         "patch"
       ],
       "matchCurrentVersion": "!/^0/",
-      "automerge": true,
-      "pinDigests": true
+      "automerge": true
     },
     {
+      "description": "Do generate PRs for golang version patch bumps, keeping x.yy version the same",
+      "enabled": true,
       "matchDatasources": [
         "golang-version"
       ],
-      "rangeStrategy": "bump",
-      "enabled": false,
+      "matchUpdateTypes": [
+        "patch"
+      ],
       "automerge": false
+    },
+    {
+      "description": "Do automerge and pin actions in GH workflows, except for versions starting with 0",
+      "enabled": true,
+      "matchDatasources": [
+        "github-runners"
+      ],
+      "matchUpdateTypes": [
+        "minor","patch"
+      ],
+      "matchCurrentVersion": "!/^0/",
+      "automerge": true
     }
+
   ],
   "vulnerabilityAlerts": {
     "enabled": true,

diff --git a/.github/workflows/next-container-build.yaml b/.github/workflows/next-container-build.yaml
@@ -38,7 +38,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4
         with:
           fetch-depth: 0
 
@@ -72,7 +72,7 @@ jobs:
       - name: Setup Go
         # run this stage only if there are changes that match the includes and not the excludes
         if: ${{ env.CHANGES != '' }}
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
         with:
           go-version-file: 'go.mod'
 

diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -12,15 +12,19 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        branch: [ main, 1.1.x ]
-    name: E2E Tests - ${{ matrix.branch }}
+        branch: [ main, 1.2.x, 1.1.x ]
+        test_upgrade: [ 'true', 'false' ]
+        exclude:
+          - branch: 1.1.x # Testing upgrade from 1.1.x
+            test_upgrade: 'true'
+    name: 'E2E Tests - ${{ matrix.branch }} - upgrade=${{ matrix.test_upgrade }}'
     concurrency:
-      group: ${{ github.workflow }}-${{ matrix.branch }}
+      group: '${{ github.workflow }}-${{ matrix.branch }}-${{ matrix.test_upgrade }}'
       cancel-in-progress: true
     env:
       CONTAINER_ENGINE: podman
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 # default branch will be checked out by default on scheduled workflows
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4 # default branch will be checked out by default on scheduled workflows
         with:
           fetch-depth: 0
 
@@ -29,25 +33,37 @@ jobs:
         run: git switch ${{ matrix.branch }}
 
       - name: Setup Go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
         with:
           go-version-file: 'go.mod'
 
       - name: Determine built operator image
         run: |
-          latestNext="next"
-          # for main branch, use next tags; for 1.x branches, use :latest tags
-          if [[ $(git rev-parse --abbrev-ref HEAD) != "main" ]]; then
-            latestNext="latest" 
-          fi
-          echo "OPERATOR_IMAGE=quay.io/janus-idp/operator:${latestNext}" >> $GITHUB_ENV
+          echo "OPERATOR_IMAGE=$(make show-img)" >> $GITHUB_ENV
+
+      - name: Check if image exists in remote registry
+        id: operator-image-existence-checker
+        run: |
+          echo "OPERATOR_IMAGE_EXISTS=$(if skopeo inspect "docker://${{ env.OPERATOR_IMAGE }}" > /dev/null; then echo "true"; else echo "false"; fi)" >> $GITHUB_OUTPUT
+
+      - name: Display warning if image was not found
+        if: ${{ steps.operator-image-existence-checker.outputs.OPERATOR_IMAGE_EXISTS == 'false' }}
+        run: |
+          echo "::warning ::Image ${{ env.OPERATOR_IMAGE }} not found for testing the ${{ matrix.branch }} branch. It might have expired. E2E tests will be skipped for ${{ matrix.branch }}."
 
       - name: Start Minikube
-        uses: medyagh/setup-minikube@317d92317e473a10540357f1f4b2878b80ee7b95 # v0.0.16
-        with:
-          addons: ingress
+        if: ${{ steps.operator-image-existence-checker.outputs.OPERATOR_IMAGE_EXISTS == 'true' }}
+        uses: medyagh/setup-minikube@d8c0eb871f6f455542491d86a574477bd3894533 # v0.0.18
+
+      - name: Run E2E tests (Operator Upgrade path)
+        if: ${{ matrix.test_upgrade == 'true' && steps.operator-image-existence-checker.outputs.OPERATOR_IMAGE_EXISTS == 'true' }}
+        env:
+          BACKSTAGE_OPERATOR_TESTS_PLATFORM: minikube
+          IMG: ${{ env.OPERATOR_IMAGE }}
+        run: make test-e2e-upgrade
 
       - name: Run E2E tests
+        if: ${{ matrix.test_upgrade == 'false' && steps.operator-image-existence-checker.outputs.OPERATOR_IMAGE_EXISTS == 'true' }}
         env:
           BACKSTAGE_OPERATOR_TESTS_PLATFORM: minikube
           IMG: ${{ env.OPERATOR_IMAGE }}

diff --git a/.github/workflows/pr-bundle-diff-checks.yaml b/.github/workflows/pr-bundle-diff-checks.yaml
@@ -34,7 +34,7 @@ jobs:
     # see list of approvers in OWNERS file
     environment:
       ${{ (github.event.pull_request.head.repo.full_name == github.repository ||
-      contains(fromJSON('["gazarenkov","jianrongzhang89","kadel","nickboldt","rm3l","kim-tsao","openshift-cherrypick-robot"]'), github.actor)) && 'internal' || 'external' }}
+      contains(fromJSON('["coreydaley","gazarenkov","kadel","nickboldt","rm3l","kim-tsao","openshift-cherrypick-robot"]'), github.actor)) && 'internal' || 'external' }}
     runs-on: ubuntu-latest
     steps:
       - name: approved
@@ -49,14 +49,14 @@ jobs:
       pull-requests: write
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4
         with:
           fetch-depth: 0
           repository: ${{github.event.pull_request.head.repo.full_name}}
           ref: ${{ github.event.pull_request.head.ref }}
 
       - name: Setup Go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
         with:
           go-version-file: 'go.mod'
 
@@ -97,3 +97,10 @@ jobs:
               repo: context.repo.repo,
               body: '⚠️ <b>Files changed in bundle generation!</b><br/><br/>Those changes to the operator bundle manifests should have been pushed automatically to your PR branch.<br/>You might also need to manually update the [`.rhdh/bundle/manifests/rhdh-operator.csv.yaml`](${{ env.GH_BLOB_VIEWER_BASE_URL }}/.rhdh/bundle/manifests/rhdh-operator.csv.yaml) CSV file accordingly.'
             })
+
+      - name: Check if the CSV for RHDH needs to be updated
+        run: |
+          echo "Checking that the RBAC roles of the downstream RHDH operator are not out of sync with the upstream CSV..."
+          diff -U 1 \
+            <(yq '.spec.install.spec.clusterPermissions' bundle/manifests/backstage-operator.clusterserviceversion.yaml | grep -v 'serviceAccountName: ') \
+            <(yq '.spec.install.spec.clusterPermissions' .rhdh/bundle/manifests/rhdh-operator.csv.yaml | grep -v 'serviceAccountName: ')
diff --git a/.github/workflows/pr-container-build.yaml b/.github/workflows/pr-container-build.yaml
@@ -41,7 +41,7 @@ jobs:
     # see list of approvers in OWNERS file
     environment:
       ${{ (github.event.pull_request.head.repo.full_name == github.repository ||
-        contains(fromJSON('["gazarenkov","jianrongzhang89","kadel","nickboldt","rm3l","kim-tsao","openshift-cherrypick-robot"]'), github.actor)) && 'internal' || 'external' }}
+        contains(fromJSON('["coreydaley","gazarenkov","kadel","nickboldt","rm3l","kim-tsao","openshift-cherrypick-robot"]'), github.actor)) && 'internal' || 'external' }}
     runs-on: ubuntu-latest
     steps:
       - name: approved
@@ -59,7 +59,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.ref }}
@@ -86,7 +86,7 @@ jobs:
       - name: Setup Go
         # run this stage only if there are changes that match the includes and not the excludes
         if: ${{ env.CHANGES != '' }}
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
         with:
           go-version-file: 'go.mod'
 

diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4
         with:
           fetch-depth: 0
 
@@ -50,7 +50,7 @@ jobs:
           } >> "$GITHUB_ENV"
 
       - name: Setup Go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
         with:
           go-version-file: 'go.mod'