Add tests for Konflux

hluk · hluk · commit 7f355ecfcfc6 · 2026-02-05T09:46:51.000+01:00
Assisted-by: Claude Code
diff --git a/.github/workflows/gating.yaml b/.github/workflows/gating.yaml
@@ -91,91 +91,3 @@ jobs:
           # * DL3041 - Specify version with dnf install -y <package>-<version>
           ignore: DL3041
           failure-threshold: warning
-
-  image-build:
-    name: Container Image Build
-    needs: hadolint
-    runs-on: ubuntu-latest
-    env:
-      IMAGE_NAME: waiverdb
-      REGISTRY: quay.io/factory2
-      GH_REGISTRY: ghcr.io/${{ github.actor }}
-
-    steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7
-        with:
-          python-version: "3.13"
-          enable-cache: true
-
-      - name: Install system dependencies
-        uses: nick-invision/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
-        with:
-          timeout_minutes: 10
-          retry_wait_seconds: 30
-          max_attempts: 3
-          command: >-
-            sudo apt-get update
-            && sudo apt-get install
-            libkrb5-dev
-            libldap2-dev
-            libsasl2-dev
-
-      - name: Update the Application Version
-        run: |
-          NEW_VERSION="$(./get-version.sh)"
-          uv version "$NEW_VERSION"
-
-      - name: Get image tag from git branch
-        run: |
-          export TAG=$(sed 's/[^0-9a-zA-Z_.-]/__/g' <<< "$GITHUB_REF_NAME") &&
-          echo "VERSION_TAG=$TAG" >> $GITHUB_ENV
-
-      - name: Build Image
-        id: build-image
-        uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
-        with:
-          image: ${{ env.IMAGE_NAME }}
-          tags: >-
-            ${{ env.VERSION_TAG }}
-            ${{ github.ref == 'refs/heads/master' && 'latest' || '' }}
-            ${{ github.sha }}
-          containerfiles: Dockerfile
-          build-args: |
-            GITHUB_SHA=${{ github.sha }}
-            EXPIRES_AFTER=${{ github.ref == 'refs/heads/master' && 'never' || '30d' }}
-
-      - name: Log in to the image registry
-        if: github.event_name == 'push' && github.actor != 'dependabot[bot]'
-        uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
-        with:
-          registry: ${{ secrets.REGISTRY_USER && env.REGISTRY || env.GH_REGISTRY }}
-          username: ${{ secrets.REGISTRY_USER || github.actor }}
-          password: ${{ secrets.REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
-
-      - name: Push Image
-        if: github.event_name == 'push' && github.actor != 'dependabot[bot]'
-        uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
-        with:
-          image: ${{ steps.build-image.outputs.image }}
-          tags: ${{ steps.build-image.outputs.tags }}
-          registry: ${{ secrets.REGISTRY_USER && env.REGISTRY || env.GH_REGISTRY }}
-
-      - name: Install Chromium for functional tests
-        run: |
-          sudo apt-get -y update &&
-          sudo apt-get -y install chromium-browser
-
-      - name: Test Image
-        run: |
-          .github/run-functional-tests.sh "${{ steps.build-image.outputs.image }}:${{ github.sha }}"
-
-      - name: Upload pytest logs
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
-        if: failure()
-        with:
-          name: pytest-logs
-          path: /tmp/pytest-of-runner/
-          retention-days: 14
diff --git a/.tekton/tasks/functional-tests.yaml b/.tekton/tasks/functional-tests.yaml
@@ -0,0 +1,125 @@
+---
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: functional-tests
+  labels:
+    app.kubernetes.io/version: "0.1"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.12.1"
+    tekton.dev/tags: test,functional,integration
+spec:
+  description: >-
+    Runs functional integration tests for WaiverDB using podman-compose
+    to orchestrate the application container with PostgreSQL and Keycloak.
+
+  params:
+    - name: IMAGE_URL
+      description: Fully qualified image name to test
+      type: string
+    - name: IMAGE_DIGEST
+      description: Image digest to test
+      type: string
+    - name: SOURCE_ARTIFACT
+      description: The Trusted Artifact URI pointing to the application source code
+      type: string
+      default: ""
+
+  results:
+    - name: TEST_OUTPUT
+      description: Test output summary
+
+  stepTemplate:
+    env:
+      - name: IMAGE_URL
+        value: $(params.IMAGE_URL)
+      - name: IMAGE_DIGEST
+        value: $(params.IMAGE_DIGEST)
+      - name: SOURCE_ARTIFACT
+        value: $(params.SOURCE_ARTIFACT)
+
+  steps:
+    - name: use-trusted-artifact
+      image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d
+      args:
+        - use
+        - $(params.SOURCE_ARTIFACT)=/var/workdir/source
+      volumeMounts:
+        - name: workdir
+          mountPath: /var/workdir
+
+    - name: install-dependencies
+      image: registry.access.redhat.com/ubi9/ubi:latest
+      workingDir: /var/workdir/source
+      script: |
+        #!/bin/bash
+        set -euo pipefail
+
+        echo "Installing system dependencies..."
+        dnf install -y \
+          chromium \
+          python3.13 \
+          python3.13-pip \
+          podman \
+          git
+
+        # Install uv for Python package management
+        curl -LsSf https://astral.sh/uv/install.sh | sh
+        export PATH="/root/.local/bin:$PATH"
+
+        echo "Dependencies installed successfully"
+      volumeMounts:
+        - name: workdir
+          mountPath: /var/workdir
+      securityContext:
+        runAsUser: 0
+
+    - name: run-functional-tests
+      image: registry.access.redhat.com/ubi9/ubi:latest
+      workingDir: /var/workdir/source
+      script: |
+        #!/bin/bash
+        set -euo pipefail
+
+        export PATH="/root/.local/bin:$PATH"
+
+        # Use the built image for testing
+        IMAGE_WITH_DIGEST="${IMAGE_URL}@${IMAGE_DIGEST}"
+        echo "Testing image: ${IMAGE_WITH_DIGEST}"
+
+        # Update docker-compose.yml to use the built image
+        sed -i "s| build: .*| image: ${IMAGE_WITH_DIGEST}|" docker-compose.yml
+        echo "Updated docker-compose.yml:"
+        grep -E " image:| build: " docker-compose.yml
+
+        # Setup cleanup trap
+        cleanup() {
+          echo "Cleaning up containers..."
+          uvx --with podman-compose podman-compose down || true
+        }
+        trap cleanup EXIT
+
+        # Pull required images
+        echo "Pulling images with podman-compose..."
+        uvx --with podman-compose podman-compose --verbose pull
+
+        # Start services
+        echo "Starting services with podman-compose..."
+        uvx --with podman-compose podman-compose --verbose up --no-build -d
+
+        # Run functional tests
+        echo "Running functional tests..."
+        uvx --with tox-uv tox -e functional -- --driver=Chrome
+
+        echo "Functional tests completed successfully"
+      volumeMounts:
+        - name: workdir
+          mountPath: /var/workdir
+      securityContext:
+        runAsUser: 0
+        # Required for podman to create containers
+        privileged: true
+
+  volumes:
+    - name: workdir
+      emptyDir: {}
diff --git a/.tekton/waiverdb-pull-request.yaml b/.tekton/waiverdb-pull-request.yaml
@@ -539,6 +539,122 @@ spec:
         operator: in
         values:
         - "false"
+    - name: functional-tests
+      params:
+      - name: IMAGE_URL
+        value: $(tasks.build-image-index.results.IMAGE_URL)
+      - name: IMAGE_DIGEST
+        value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+      - name: SOURCE_ARTIFACT
+        value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
+      runAfter:
+      - build-image-index
+      taskSpec:
+        params:
+        - name: IMAGE_URL
+          type: string
+        - name: IMAGE_DIGEST
+          type: string
+        - name: SOURCE_ARTIFACT
+          type: string
+          default: ""
+        results:
+        - name: TEST_OUTPUT
+          description: Test output summary
+        stepTemplate:
+          env:
+          - name: IMAGE_URL
+            value: $(params.IMAGE_URL)
+          - name: IMAGE_DIGEST
+            value: $(params.IMAGE_DIGEST)
+          - name: SOURCE_ARTIFACT
+            value: $(params.SOURCE_ARTIFACT)
+        steps:
+        - name: use-trusted-artifact
+          image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:9b180776a41d9a22a1c51539f1647c60defbbd55b44bbebdd4130e33512d8b0d
+          args:
+          - use
+          - $(params.SOURCE_ARTIFACT)=/var/workdir/source
+          volumeMounts:
+          - name: workdir
+            mountPath: /var/workdir
+        - name: install-dependencies
+          image: registry.access.redhat.com/ubi9/ubi:latest
+          workingDir: /var/workdir/source
+          script: |
+            #!/bin/bash
+            set -euo pipefail
+
+            echo "Installing system dependencies..."
+            dnf install -y \
+              chromium \
+              python3.13 \
+              python3.13-pip \
+              podman \
+              git
+
+            # Install uv for Python package management
+            curl -LsSf https://astral.sh/uv/install.sh | sh
+            export PATH="/root/.local/bin:$PATH"
+
+            echo "Dependencies installed successfully"
+          volumeMounts:
+          - name: workdir
+            mountPath: /var/workdir
+          securityContext:
+            runAsUser: 0
+        - name: run-functional-tests
+          image: registry.access.redhat.com/ubi9/ubi:latest
+          workingDir: /var/workdir/source
+          script: |
+            #!/bin/bash
+            set -euo pipefail
+
+            export PATH="/root/.local/bin:$PATH"
+
+            # Use the built image for testing
+            IMAGE_WITH_DIGEST="${IMAGE_URL}@${IMAGE_DIGEST}"
+            echo "Testing image: ${IMAGE_WITH_DIGEST}"
+
+            # Update docker-compose.yml to use the built image
+            sed -i "s| build: .*| image: ${IMAGE_WITH_DIGEST}|" docker-compose.yml
+            echo "Updated docker-compose.yml:"
+            grep -E " image:| build: " docker-compose.yml
+
+            # Setup cleanup trap
+            cleanup() {
+              echo "Cleaning up containers..."
+              uvx --with podman-compose podman-compose down || true
+            }
+            trap cleanup EXIT
+
+            # Pull required images
+            echo "Pulling images with podman-compose..."
+            uvx --with podman-compose podman-compose --verbose pull
+
+            # Start services
+            echo "Starting services with podman-compose..."
+            uvx --with podman-compose podman-compose --verbose up --no-build -d
+
+            # Run functional tests
+            echo "Running functional tests..."
+            uvx --with tox-uv tox -e functional -- --driver=Chrome
+
+            echo "Functional tests completed successfully"
+          volumeMounts:
+          - name: workdir
+            mountPath: /var/workdir
+          securityContext:
+            runAsUser: 0
+            privileged: true
+        volumes:
+        - name: workdir
+          emptyDir: {}
+      when:
+      - input: $(params.skip-checks)
+        operator: in
+        values:
+        - "false"
     - name: apply-tags
       params:
       - name: IMAGE_URL
@@ -554,6 +670,7 @@ spec:
       - rpms-signature-scan
       - sast-shell-check
       - sast-unicode-check
+      - functional-tests
       - build-image-index
       taskRef:
         params:
diff --git a/.tekton/waiverdb-push.yaml b/.tekton/waiverdb-push.yaml
