{"id":20410288,"url":"https://github.com/kuadrant/testsuite-pipelines","last_synced_at":"2026-03-19T15:42:08.290Z","repository":{"id":209458375,"uuid":"719005108","full_name":"Kuadrant/testsuite-pipelines","owner":"Kuadrant","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-15T10:40:50.000Z","size":16,"stargazers_count":0,"open_issues_count":6,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-04-17T19:16:30.529Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Kuadrant.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-15T08:45:15.000Z","updated_at":"2024-05-14T15:31:03.267Z","dependencies_parsed_at":"2024-01-25T14:26:16.051Z","dependency_job_id":"5762ef59-d1b6-4bb1-aab5-ee7f8a5e1fd9","html_url":"https://github.com/Kuadrant/testsuite-pipelines","commit_stats":null,"previous_names":["kuadrant/testsuite-pipelines"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Ftestsuite-pipelines","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Ftestsuite-pipelines/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Ftestsuite-pipelines/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Ftestsuite-pipelines/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Kuadrant","download_url":"https://codeload.github.com/Kuadrant/testsuite-pipelines/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241955039,"owners_count":20048405,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T05:45:21.245Z","updated_at":"2026-03-19T15:42:08.277Z","avatar_url":"https://github.com/Kuadrant.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"testsuite-pipelines\n===\nThis repository contains Kuadrant testsuite pipeline objects\n\nDeployment\n---\n1. Install the `openshift-pipelines` Openshift operator on the cluster\n2. Deploy pipeline by running `kubectl apply -k pipelines/\u003cpipeline-dir\u003e/\u003cpipeline\u003e/` on the desired pipeline directory. Pipelines are grouped by their purpose:\n   - `pipelines/test/` - pipelines that execute testsuite tests\n   - `pipelines/deploy/` - pipelines that deploy Kuadrant on clusters\n   - `pipelines/infra/` - pipelines for provisioning and managing kubernetes clusters\n   - `pipelines/misc/` - other pipelines, e.g. for rapiDAST security scans\n\nRequired secrets and configmaps\n---\nPrior to the running of the pipeline, the following resources must be created in the pipeline namespace:\n\n#### Resources required to run test/ pipelines\n- Opaque Secret (pipelines expect `openshift-pipelines-credentials` name by default but custom name can be specified via `cluster-credentials` input parameter) containing `KUBE_PASSWORD` and `KUBE_USER` keys \nwith the credentials to access the testing cluster. E.g.\n```shell\nkubectl create secret generic openshift-pipelines-credentials --from-literal=KUBE_USER=\"admin\" --from-literal=KUBE_PASSWORD=\"admin\" -n ${PIPELINE_NAMESPACE}\n```\n- Opaque Secret named `rp-credentials` containing `RP_URL` key with the URL of the ReportPortal instance \nand `RP_TOKEN` key with the ReportPortal user access token. E.g.\n```shell\nkubectl create secret generic rp-credentials --from-literal=RP_URL=\"https://reportportal-kuadrant-qe.example.io\" --from-literal=RP_TOKEN=\"api-token\" -n ${PIPELINE_NAMESPACE}\n```\n- ConfigMap named `rp-ca-bundle` containing the certificates trusted by the ReportPortal instance under the `tls-ca-bundle.pem` key. E.g.\n```shell\nkubectl create cm rp-ca-bundle --from-file=tls-ca-bundle.pem=./tls-ca-bundle.pem -n ${PIPELINE_NAMESPACE}\n```\n- ConfigMap with testsuite settings under the `settings.local.yaml` key. Just copy the default testsuite settings if you don't need anything else. E.g.\n```shell\nkubectl create cm pipeline-settings --from-file=settings.local.yaml=./settings.local.yaml -n ${PIPELINE_NAMESPACE}\n```\n\n- Opaque Secret named additional-auth-entries containing \"auth\" sections that will be added to global pull secret. Useful if consuming images from private registries.\n```shell\nexport ADDITIONAL_AUTH_ENTRIES='\"desired.registry.io\": {\"auth\": \"base64-encoded-creds\"}'\nkubectl create secret generic additional-auth-entries --from-literal=\"additional-auth-entries=$ADDITIONAL_AUTH_ENTRIES\" -n \"${PIPELINE_NAMESPACE}\"\n```\n\n#### Resources required to run deploy/ pipelines\n- Opaque Secret named values-additional-manifests containing secrets for testsuite run. Example: https://github.com/azgabur/kuadrant-helm-install/blob/main/example-additionalManifests.yaml\n```shell\nkubectl create -n ${PIPELINE_NAMESPACE} secret generic values-additional-manifests --from-file=additionalManifests.yaml=${ADDITIONAL_MANIFESTS.yaml}\n```\n\n#### Resources required to run infra/ pipelines\n- Opaque secret containing AWS credentials for `osdCcsAdmin` IAM user (pipelines provisioning clusters in AWS only). E.g.\n```shell\nkubectl create secret generic kua-aws-credentials --from-literal=AWS_ACCOUNT_ID=\"xxx\" --from-literal=AWS_ACCESS_KEY_ID=\"xxx\" --from-literal=AWS_SECRET_ACCESS_KEY=\"xxx\" -n ${PIPELINE_NAMESPACE}\n```\n\n- Opaque secret containing HCC client credentials (pipelines provisioning clusters via HCC (OCM) only). E.g.\n```shell\nkubectl create secret generic kua-ocm-stage-client-credentials --from-literal=CLIENT_ID=\"xxx\" --from-literal=CLIENT_SECRET=\"xxx\" -n ${PIPELINE_NAMESPACE}\n```\n\n- Opaque secret containing GCP credentials for `osd-ccs-admin` IAM user (pipelines provisioning clusters in GCP only). E.g.\n```shell\nkubectl create secret generic kua-gcp-credentials --from-file=gcp-osd-ccs-admin-sa-security-key.json -n ${PIPELINE_NAMESPACE}\n```\n\n- Opaque secret containing ROSA credentials for an IAM user (pipelines provisioning ROSA cluster only). E.g.\n```shell\nkubectl create secret generic kua-rosa-credentials --from-literal=AWS_ACCOUNT_ID=\"xxx\" --from-literal=AWS_ACCESS_KEY_ID=\"xxx\" --from-literal=AWS_SECRET_ACCESS_KEY=\"xxx\" -n ${PIPELINE_NAMESPACE}\n```\n\n- Opaque secret containing service principal credentials for Azure Portal (pipelines provisioning ARO cluster only). E.g.\n```shell\nkubectl create secret generic kua-azure-credentials --from-literal=APP_ID=\"xxx\" --from-literal=PASSWORD=\"xxx\" --from-literal=TENANT_ID=\"xxx\" --from-literal=SUBSCRIPTION_ID=\"xxx\" -n ${PIPELINE_NAMESPACE}\n```\n\n- Pull secret containing auth sections for brew and stage (optional) registries (pipelines provisioning ARO cluster only). E.g.\n```shell\nkubectl create secret generic aro-pull-secret --from-file=.dockerconfigjson=/path/to/your/auths.json  --type=kubernetes.io/dockerconfigjson -n ${PIPELINE_NAMESPACE}\n```\n\n#### Resources required for rapiDAST pipeline\n- Opaque secret containing credentials for Google Cloud storage where rapiDAST scan results will be stored. E.g.\n```shell\nkubectl create secret generic rapidast-storage-access-key --from-file=rapidast-sa-rhcl_key.json=/local/path/to/your-service-account_key.json -n ${PIPELINE_NAMESPACE}\n```\n\n#### Resources required to interact with internal cluster management repository\n- Config map containing root certfticate of the managed gitlab instance\n```shell\nkubectl create configmap gitlab.ca --from-file=ca.pem=/local/path/to/ca.pem -n ${PIPELINE_NAMESPACE}\n```\n\nPipeline execution\n---\n1. Through the OpenShift Web Console\n    - Navigate to the `Pipelines` section in the OpenShift Web Console\n    - Click on the `Pipeline` object to be executed\n    - Click on the `Start` button\n    - Fill in the required parameters\n    - Click on the `Start` button\n2. Apply the `PipelineRun` resource directly\n    - Create the new `PipelineRun` resource directly in the namespace with pipeline\n    - `PipelineRun` resource should contain all required parameters\n3. Using the `tkn` CLI\n    - Install the `tkn` CLI tool\n    - Execute the `tkn pipeline start` command with the required parameters\n\nUseful commands\n---\n* Trigger nightly pipeline manually\n```shell\nkubectl create job --from=cronjob/trigger-nightly-testsuite-cron trigger-nightly-pipeline-$(date +%d.%m)-$(whoami)-manual -n ${PIPELINE_NAMESPACE}\n```\n\n* Set default dns configuration for Tekton pods\n```shell\nresolver1=\"1.2.3.4\" # Change me\nresolver2=\"2.3.4.5\" # Change me\nkubectl patch tektonconfig config --type merge -p \"{\\\"spec\\\": {\\\"pipeline\\\": {\\\"default-pod-template\\\": \\\"dnsConfig:\\n  nameservers:\\n    - ${resolver1}\\n    - ${resolver2}\\ndnsPolicy: None\\\"}}}\"\n```\n\n* Setup automatic cleanup of old PipelineRun's every week\n```shell\nkubectl patch tektonconfig config --type=merge -p '{\"spec\":{\"pruner\":{\"disabled\":false,\"keep\":null,\"keep-since\":10080,\"resources\":[\"pipelinerun\"],\"schedule\":\"0 0 * * 0\"}}}'\n```\n\n* Synchronize repository pipelines structure with CLAUDE.md, if structure has been changed (Note: if structure has been changed significantly include the updated CLAUDE.md in your PR.)\n```shell\nclaude /sync-structure\n```\n\nPipeline image\n---\n**The CI handles image builds and pushes automatically.** Manual pushes to the registry are not encouraged and should only be performed in exceptional circumstances by members of the [QE Team](https://quay.io/organization/kuadrant/teams/qe) or the `kuadrant+qe` robot account.\n\n\u003cdetails\u003e\n\u003csummary\u003eManual push instructions (emergency use only)\u003c/summary\u003e\n\nSet the VERSION env variable to an increment of the last version in https://quay.io/repository/kuadrant/testsuite-pipelines-tools?tab=tags:\n\n```shell\nexport VERSION=v1.x.x\n```\n\n### Docker\nInstall [docker buildx](https://github.com/docker/buildx) and QEMU packages, ensure you're logged into quay.io, then run:\n\n```shell\nexport OUTPUT=\"type=registry\"  # Required to push (default is type=image for local builds)\ndocker buildx bake\n```\n\n### Podman\nYou might need to install QEMU User Static Emulation and enable Binary Format Support.\n```shell\n# Fedora example\nsudo dnf install qemu-user-static\nsudo systemctl start systemd-binfmt.service\n```\n\nOr use a container:\n```shell\npodman run --rm --privileged mirror.gcr.io/multiarch/qemu-user-static --reset -p yes\n```\n\nTo build multiarch (AMD64 and ARM64) image:\n```shell\npodman build --no-cache --platform linux/arm64 -t testsuite-pipelines-tools:latest-arm64 .\npodman build --no-cache --platform linux/amd64 -t testsuite-pipelines-tools:latest-amd64 .\npodman manifest rm testsuite-pipelines-tools:latest\npodman manifest create testsuite-pipelines-tools:latest\npodman manifest add testsuite-pipelines-tools:latest testsuite-pipelines-tools:latest-arm64\npodman manifest add testsuite-pipelines-tools:latest testsuite-pipelines-tools:latest-amd64\npodman manifest push testsuite-pipelines-tools:latest quay.io/kuadrant/testsuite-pipelines-tools:latest\npodman manifest push testsuite-pipelines-tools:latest quay.io/kuadrant/testsuite-pipelines-tools:$VERSION\n```\n\n\u003c/details\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkuadrant%2Ftestsuite-pipelines","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkuadrant%2Ftestsuite-pipelines","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkuadrant%2Ftestsuite-pipelines/lists"}