CI - inti add install-test.

currently only enabled for:
- specific tests written
  * operators-installer
- using defaults, no specific tests written
  * argocd-operator
  * bootstrap-project
  * kopf
  * network-policy

.github/workflows/conftest.yaml

@@ -10,6 +10,10 @@ on:
       - '.github/**'
       - 'README.md'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   conftest:
     runs-on: ubuntu-latest

.github/workflows/install-test.yaml

@@ -0,0 +1,98 @@
+---
+name: Install Test
+
+on:
+  pull_request:
+    paths:
+    - .github/**
+    - charts/**
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  # excluding all charts that on an intial test with ct install fail because they need some more massaging of "kind" to be able to work there (if even possible) because they have built in assumptions about OpenShift
+  # included charts (can't use the included harts option with CT because then they will always run and will ignore the ct changed charts functionality)
+  # - specific tests written
+  #   * operators-installer
+  # - using defaults, no specific tests written
+  #   * argocd-operator
+  #   * bootstrap-project
+  #   * kopf
+  #   * network-policy
+  INSTALL_TEST_EXCLUDED_CHARTS: "ansible-automation-platform,cert-manager-configs,dev-ex-dashboard,etherpad,gitea,gitops-operator,helper-console-links,helper-sealed-secrets,ipa,jenkins,openshift-logforwarding-splunk,operatorhub,owncloud,pact-broker,ploigos,sonarqube,sonatype-nexus,stackrox,static-site,tekton-demo"
+
+jobs:
+  install-test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout 🛎️
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Setup Helm 🧰
+      uses: azure/setup-helm@v3
+      with:
+        version: v3.5.1
+
+    - name: Setup Python 🐍
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.7
+
+    - name: Setup chart-testing 🧰
+      uses: helm/[email protected]
+
+    - name: Find changed Charts 🔎
+      id: changed-charts
+      run: |
+        changed=$(ct list-changed)
+        echo ${changed}
+        if [[ -n "$changed" ]]; then
+          echo "changed=true" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Setup kind cluster 🧰
+      uses: helm/[email protected]
+      with:
+        version: v0.20.0
+      if: steps.changed-charts.outputs.changed == 'true'
+
+    # for helm charts we are testing that require installing operators 
+    - name: Setup kind cluster - Install OLM 🧰
+      run: |
+        curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/install.sh -o install.sh
+        chmod +x install.sh
+        ./install.sh v0.25.0
+      if: steps.changed-charts.outputs.changed == 'true'
+
+    # for helm charts we are testing that require ingress
+    - name: Setup kind cluster - Install ingress controller 🧰
+      run: |
+        helm repo add haproxy-ingress https://haproxy-ingress.github.io/charts
+        helm install haproxy-ingress haproxy-ingress/haproxy-ingress \
+            --create-namespace --namespace=ingress-controller \
+            --set controller.hostNetwork=true
+        kubectl apply -f - <<EOF
+        apiVersion: networking.k8s.io/v1
+        kind: IngressClass
+        metadata:
+          name: haproxy
+          annotations:
+            ingressclass.kubernetes.io/is-default-class: 'true'
+        spec:
+          controller: haproxy-ingress.github.io/controller
+        EOF
+      if: steps.changed-charts.outputs.changed == 'true'
+
+    # for helm charts we are testing that require/expect certain default namespaces from Red Hat OpenShift
+    - name: Setup kind cluster - create expected namespaces 🧰
+      run: |
+        kubectl create namespace openshift-operators
+
+    - name: Run Chart install tests 🧪
+      run: |
+        ct install --debug --helm-extra-args "--debug --timeout 20m0s" --excluded-charts "${INSTALL_TEST_EXCLUDED_CHARTS}"
+      if: steps.changed-charts.outputs.changed == 'true'

.github/workflows/lint-test.yaml

@@ -1,53 +1,36 @@
-name: Lint and Test Charts
+name: Lint Test
 
 on: 
   pull_request:
     paths-ignore:
       - '.github/**'
       - 'README.md'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   lint-test:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Fetch history
-        run: git fetch --prune --unshallow
-
-      - name: Set up Helm
-        uses: azure/[email protected]
-        with:
-          version: v3.5.1
-
-      - uses: actions/setup-python@v4
-        with:
-          python-version: 3.7
+    - name: Checkout 🛎️
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
 
-      - name: Run chart-testing (lint)
-        id: lint
-        uses: helm/[email protected]
-
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed)
-          if [[ -n "$changed" ]]; then
-            echo "::set-output name=changed::true"
-          fi
+    - name: Setup Helm 🧰
+      uses: azure/setup-helm@v3
+      with:
+        version: v3.5.1
 
-      - name: Run chart-testing (lint)
-        run: ct lint
+    - name: Setup Python 🐍
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.7
 
-      # TODO
-      # These checks invariably fail with openshift specific features, features that need pv/pvc
-      # Need a better strategy here
-      # - name: Create kind cluster
-      #   uses: helm/[email protected]
-      #   if: steps.lint.outputs.changed == 'true'
+    - name: Setup chart-testing 🧰
+      uses: helm/[email protected]
 
-      # - name: Run chart-testing (install)
-      #   uses: helm/[email protected]
-      #   with:
-      #     command: install
-      #     config: ct.yaml
+    - name: Run Chart lint tests 🧪
+      run: ct lint

_test/conftest.sh

@@ -241,7 +241,7 @@ setup_file() {
 }
 
 @test "charts/operators-installer" {
-  tmp=$(helm_template "charts/operators-installer" "-f charts/operators-installer/test-install-old-operator-values.yaml")
+  tmp=$(helm_template "charts/operators-installer" "-f charts/operators-installer/ci/test-install-old-operator-approve-via-helm-hook-values.yaml")
 
   namespaces=$(get_rego_namespaces "ocp\.deprecated\.*")
   cmd="conftest test ${tmp} --output tap ${namespaces}"

charts/operators-installer/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.3.2
+version: 2.3.3
 
 home: https://github.com/redhat-cop/helm-charts
 

charts/operators-installer/ci/test-install-multiple-operators-in-different-namespace-approve-via-helm-hook-values.yaml

@@ -0,0 +1,29 @@
+approveManualInstallPlanViaHook: true
+
+installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.12
+
+operatorGroups:
+- name: community-operators
+  createNamespace: true
+  targetOwnNamespace: true
+  otherTargetNamespaces:
+
+operators:
+- channel: stable
+  installPlanApproval: Manual
+  name: external-secrets-operator
+  source: operatorhubio-catalog
+  sourceNamespace: olm
+  csv: external-secrets-operator.v0.8.1
+  namespace: community-operators
+  installPlanVerifierActiveDeadlineSeconds: 500
+- channel: alpha
+  installPlanApproval: Manual
+  name: argocd-operator
+  source: operatorhubio-catalog
+  sourceNamespace: olm
+  csv: argocd-operator.v0.6.0
+  namespace: community-operators
+  installPlanVerifierActiveDeadlineSeconds: 500
+commonLabels:
+  test-label: xyz123

charts/operators-installer/ci/test-install-multiple-operators-in-same-namespaces-approve-via-helm-hook-values copy.yaml

@@ -0,0 +1,33 @@
+approveManualInstallPlanViaHook: true
+
+installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.12
+
+operatorGroups:
+- name: external-secrets-operator
+  createNamespace: true
+  targetOwnNamespace: false
+  otherTargetNamespaces:
+- name: argocd-operator
+  createNamespace: true
+  targetOwnNamespace: true
+  otherTargetNamespaces:
+
+operators:
+- channel: stable
+  installPlanApproval: Manual
+  name: external-secrets-operator
+  source: operatorhubio-catalog
+  sourceNamespace: olm
+  csv: external-secrets-operator.v0.8.1
+  namespace: external-secrets-operator
+  installPlanVerifierActiveDeadlineSeconds: 500
+- channel: alpha
+  installPlanApproval: Manual
+  name: argocd-operator
+  source: operatorhubio-catalog
+  sourceNamespace: olm
+  csv: argocd-operator.v0.6.0
+  namespace: external-secrets-operator
+  installPlanVerifierActiveDeadlineSeconds: 500
+commonLabels:
+  test-label: xyz123

charts/operators-installer/ci/test-install-old-operator-approve-not-via-helm-hook-values.yaml

@@ -0,0 +1,21 @@
+approveManualInstallPlanViaHook: false
+
+installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.12
+
+operatorGroups:
+- name: external-secrets-operator
+  createNamespace: true
+  targetOwnNamespace: false
+  otherTargetNamespaces:
+
+operators:
+- channel: stable
+  installPlanApproval: Manual
+  name: external-secrets-operator
+  source: operatorhubio-catalog
+  sourceNamespace: olm
+  csv: external-secrets-operator.v0.8.1
+  namespace: external-secrets-operator
+  installPlanVerifierActiveDeadlineSeconds: 500
+commonLabels:
+  test-label: xyz123

charts/operators-installer/ci/test-install-old-operator-approve-via-helm-hook-values.yaml

@@ -0,0 +1,21 @@
+approveManualInstallPlanViaHook: true
+
+installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.12
+
+operatorGroups:
+- name: external-secrets-operator
+  createNamespace: true
+  targetOwnNamespace: false
+  otherTargetNamespaces:
+
+operators:
+- channel: stable
+  installPlanApproval: Manual
+  name: external-secrets-operator
+  source: operatorhubio-catalog
+  sourceNamespace: olm
+  csv: external-secrets-operator.v0.8.1
+  namespace: external-secrets-operator
+  installPlanVerifierActiveDeadlineSeconds: 500
+commonLabels:
+  test-label: xyz123