Skip to content

fix: add multi-arch and source container support to collectors krw test #1215

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 16, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion integration-tests/collectors/resources/managed/rpa.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ spec:
defaults:
tags:
- latest
pushSourceContainer: false
pushSourceContainer: true
components:
- name: ${component_name}
repository: quay.io/redhat-pending/rhtap----rh-advisories-component
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ metadata:
git-provider: github
build.appstudio.openshift.io/request: configure-pac
image.redhat.com/generate: '{"visibility": "public"}'
build.appstudio.openshift.io/pipeline: '{"name": "docker-build-multi-platform-oci-ta", "bundle": "latest"}'
name: ${component_name}
labels:
originating-tool: "${originating_tool}"
Expand Down
49 changes: 49 additions & 0 deletions integration-tests/collectors/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,15 @@ verify_release_contents() {
advisory_internal_url=$(jq -r '.status.artifacts.advisory.internal_url // ""' <<< "${release_json}")
catalog_url=$(jq -r '.status.artifacts.catalog_urls[]?.url // ""' <<< "${release_json}")
cve=$(jq -r '.status.collectors.tenant.cve.releaseNotes.cves[]? | select(.key == "CVE-2024-8260") | .key // ""' <<< "${release_json}")
image_arches=$(jq -r '.status.artifacts.images[0].arches | sort | join(" ") // ""' <<< "${release_json}")

echo "Checking image arches..."
if [ "$image_arches" = "amd64 arm64" ]; then
echo "✅️ Found required image arches: amd64 arm64"
else
echo "🔴 Some required image arches were NOT found: expected: amd64 arm64, found: ${image_arches}"
failures=$((failures+1))
fi

if [ -z "$advisory_internal_url" ]; then
echo "Warning: advisory_internal_url is empty. Skipping advisory content check."
Expand Down Expand Up @@ -169,3 +178,43 @@ verify_release_contents() {
fi

}

patch_component_source_before_merge() {
echo "Patching component source BEFORE MERGE to:"
echo "- Add multi-arch support to the PaC pipeline"
echo "- Add source image build to the PaC pipeline"
set +x
# Get secret value from the tenant secrets file and use
# it for GH_TOKEN
secret_value=$(yq '. | select(.metadata.name | contains("pipelines-as-code-secret-")) | .stringData.password' ${SUITE_DIR}/resources/tenant/secrets/tenant-secrets.yaml)
export GH_TOKEN=${secret_value}

# Patch each PaC pipeline to add multi-arch support and source image build
local file_names=".tekton/${component_name}-pull-request.yaml .tekton/${component_name}-push.yaml "
for file_name in ${file_names}; do
echo "Patching ${file_name}..."
head_sha=$(curl -s -H "Authorization: token ${GH_TOKEN}" \
"https://api.github.com/repos/${component_repo_name}/pulls/${pr_number}" | jq -r '.head.sha')

decoded_contents=$(curl -s -H "Authorization: token ${GH_TOKEN}" \
"https://api.github.com/repos/${component_repo_name}/contents/${file_name}?ref=${head_sha}" | \
jq -r '.content' | base64 -d)

local work_dir=$(mktemp -d)
nopath_file_name=$(basename "${file_name}")
echo "${decoded_contents}" > "${work_dir}/${nopath_file_name}"
yq -i '(.spec.params[] | select(.name == "build-platforms") | .value) += ["linux/arm64"]' "${work_dir}/${nopath_file_name}"
yq -i '.spec.params += [{"name": "build-source-image", "value": "true"}]' "${work_dir}/${nopath_file_name}"
encoded_contents=$(base64 -w 0 <<< "$(cat "${work_dir}/${nopath_file_name}")")
rm -rf "${work_dir}"

"${SCRIPT_DIR}/scripts/update-file-in-pull-request.sh" \
"${component_repo_name}" \
"${pr_number}" \
"${file_name}" \
"Update component source before merge" \
"${encoded_contents}"
done

echo "✅️ Successfully patched component source!"
}
14 changes: 11 additions & 3 deletions integration-tests/lib/test-functions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -604,10 +604,18 @@ delete_old_branches() {

# Function to verify Release contents
verify_release_contents() {
echo "WARNING: Test Suite should implement this function to verify Release contents in their test.sh file"
echo "📝 Note: Test Suite may implement ${FUNCNAME[0]}" \
"to verify Release contents in their test.sh file"
}

# Function to patch the component source
# Function to patch the component source BEFORE Component creation
patch_component_source() {
echo "WARNING: Test Suite should implement this function to patch the component source in their test.sh file"
echo "📝 Note: Test Suite may implement ${FUNCNAME[0]}" \
"to patch the component source BEFORE Component creation in their test.sh file"
}

# Function to patch the component source BEFORE MERGE
patch_component_source_before_merge() {
echo "📝 Note: Test Suite may implement ${FUNCNAME[0]}" \
"to patch the component source BEFORE MERGE in their test.sh file"
}
1 change: 1 addition & 0 deletions integration-tests/run-test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ cleanup_old_resources "${originating_tool}"
create_kubernetes_resources # tmpDir is set here

wait_for_component_initialization # component_pr and pr_number are set here
patch_component_source_before_merge
merge_github_pr # SHA is set here

wait_for_plr_to_appear # component_push_plr_name is set here
Expand Down
83 changes: 83 additions & 0 deletions integration-tests/scripts/update-file-in-pull-request.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
#!/usr/bin/env bash
#
# Summary:
# Updates an existing file in a specified pull request in a GitHub repository.
#
# Parameters:
# $1: repo_name - The name of the GitHub repository (e.g., "owner/repo").
# $2: pr_number - The number of the pull request to update.
# $3: file_name - The desired name for the new file within the repository.
# $4: commit_msg - The commit message to use.
# $5: encoded_contents - The encoded contents of the file to update.
#
# Environment Variables:
# GH_TOKEN - A GitHub personal access token with permissions to write to
# the repository. Required.
#
# Dependencies:
# curl, jq, mktemp

set -eo pipefail

if [ -z $GH_TOKEN ] ; then
echo "error: missing env var GH_TOKEN"
exit 1
fi

repo_name=$1
if [ -z "$repo_name" ] ; then
echo "🔴 error: missing parameter repo_name"
exit 1
fi
pr_number=$2
if [ -z "$pr_number" ] ; then
echo "🔴 error: missing parameter pr_number"
exit 1
fi
file_name=$3
if [ -z "$file_name" ] ; then
echo "🔴 error: missing parameter file_name"
exit 1
fi
commit_msg=$4
if [ -z "$commit_msg" ] ; then
echo "🔴 error: missing parameter commit_msg"
exit 1
fi
tmpFile=$(mktemp)

encoded_contents="$5"
if [ -z "$encoded_contents" ] ; then
echo "🔴 error: missing parameter encoded_contents"
exit 1
fi

echo "Updating an existing file ${file_name} in PR ${pr_number}"
# Get PR head branch info
pr_info=$(curl -s -H "Authorization: token ${GH_TOKEN}" \
"https://api.github.com/repos/${repo_name}/pulls/${pr_number}")
head_branch=$(jq -r '.head.ref' <<< "${pr_info}")
head_repo=$(jq -r '.head.repo.full_name' <<< "${pr_info}")

# Get current file SHA
file_sha=$(curl -s -H "Authorization: token ${GH_TOKEN}" \
"https://api.github.com/repos/${head_repo}/contents/${file_name}?ref=${head_branch}" \
| jq -r '.sha')

# Update the file
response=$(curl -s -w "\n%{http_code}" -X PUT \
-H "Authorization: token ${GH_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"message": "'"${commit_msg}"'",
"content": "'"${encoded_contents}"'",
"sha": "'"${file_sha}"'",
"branch": "'"${head_branch}"'"
}' \
"https://api.github.com/repos/${head_repo}/contents/${file_name}")

code=$(echo "$response" | tail -n1)
[[ "$code" == "200" ]] && { echo "✅️ file ${file_name} updated in PR ${pr_number}"; exit 0; }
echo "🔴 error: Update failed: $3 (HTTP $code)"
echo "$response" | head -n -1 | jq -r '.message // empty' 2>/dev/null
exit 1