Merge "sfconfig prepare dev - use in CI jobs"

softwarefactory-project · Nov 17, 2023 · b6e6139 · b6e6139
2 parents 55dbc70 + 87a664f
commit b6e6139
Show file tree

Hide file tree

Showing 9 changed files with 31 additions and 47 deletions.
diff --git a/cli/sfconfig/cmd/dev/run.go b/cli/sfconfig/cmd/dev/run.go
@@ -55,7 +55,8 @@ func Run() {
 		Cli: cli,
 	}
 	// TODO: only do gerrit when provision demo is on?
-	EnsureNamespacePermissions(&env)
+	EnsureNamespaces(&env)
+	EnsureMicroshiftWorkarounds(&env)
 	EnsureCertManager(&env)
 	EnsurePrometheusOperator(&env)
 	gerrit.EnsureGerrit(&env, sfconfig.FQDN)
@@ -131,12 +132,21 @@ func EnsureRepo(sfconfig *config.SFConfig, apiKey string, name string) {
 	utils.RunCmd("git", "-C", path, "reset", "--hard", "origin/master")
 }
 
-func EnsureNamespacePermissions(env *utils.ENV) {
+func EnsureNamespaces(env *utils.ENV) {
 	// TODO: implement natively
-	// TODO: ensure setup-namespaces role use this to avoid duplication
+	utils.EnsureNamespace(env, env.Ns)
+	utils.RunCmd("kubectl", "config", "set-context", "microshift", "--namespace="+env.Ns)
 	utils.RunCmd("kubectl", "label", "--overwrite", "ns", env.Ns, "pod-security.kubernetes.io/enforce=privileged")
 	utils.RunCmd("kubectl", "label", "--overwrite", "ns", env.Ns, "pod-security.kubernetes.io/enforce-version=v1.24")
 	utils.RunCmd("oc", "adm", "policy", "add-scc-to-user", "privileged", "-z", "default")
+
+	utils.EnsureNamespace(env, "operators")
+	utils.RunCmd("oc", "adm", "policy", "add-scc-to-user", "privileged", "system:serviceaccount:operators:default")
+}
+
+func EnsureMicroshiftWorkarounds(env *utils.ENV) {
+	// TODO: migrate from Makefile to here
+	utils.RunCmd("make", "setup-prometheus-operator-serviceaccount", "OPERATOR_NAMESPACE=operators")
 }
 
 func EnsureCRD() {

diff --git a/cli/sfconfig/cmd/nodepool/create_namespace_for_nodepool.go b/cli/sfconfig/cmd/nodepool/create_namespace_for_nodepool.go
@@ -18,24 +18,12 @@ import (
 	"github.com/softwarefactory-project/sf-operator/controllers"
 	apiv1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/client-go/tools/clientcmd"
 	cliapi "k8s.io/client-go/tools/clientcmd/api"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/softwarefactory-project/sf-operator/cli/sfconfig/cmd/utils"
 )
 
-func ensureNamespace(env *utils.ENV, name string) {
-	var ns apiv1.Namespace
-	if err := env.Cli.Get(env.Ctx, client.ObjectKey{Name: name}, &ns); errors.IsNotFound(err) {
-		ns.Name = name
-		utils.CreateR(env, &ns)
-	} else if err != nil {
-		panic(fmt.Errorf("could not get namespace: %s", err))
-	}
-}
-
 func ensureRole(env *utils.ENV, sa string) {
 	var role rbacv1.Role
 	if !utils.GetM(env, "nodepool-role", &role) {
@@ -189,7 +177,7 @@ func CreateNamespaceForNodepool(sfEnv *utils.ENV, nodepoolContext string, nodepo
 	sa := "nodepool-sa"
 
 	// Ensure resources exists
-	ensureNamespace(&nodepoolEnv, nodepoolNamespace)
+	utils.EnsureNamespace(&nodepoolEnv, nodepoolNamespace)
 	utils.EnsureServiceAccount(&nodepoolEnv, sa)
 	ensureRole(&nodepoolEnv, sa)
 	token := ensureServiceAccountSecret(&nodepoolEnv, sa)

diff --git a/cli/sfconfig/cmd/utils/utils.go b/cli/sfconfig/cmd/utils/utils.go
@@ -49,6 +49,16 @@ func RunCmd(cmdName string, args ...string) {
 	}
 }
 
+func EnsureNamespace(env *ENV, name string) {
+	var ns apiv1.Namespace
+	if err := env.Cli.Get(env.Ctx, client.ObjectKey{Name: name}, &ns); errors.IsNotFound(err) {
+		ns.Name = name
+		CreateR(env, &ns)
+	} else if err != nil {
+		panic(fmt.Errorf("could not get namespace: %s", err))
+	}
+}
+
 func EnsureServiceAccount(env *ENV, name string) {
 	var sa apiv1.ServiceAccount
 	if !GetM(env, name, &sa) {

diff --git a/playbooks/main.yaml b/playbooks/main.yaml
@@ -4,31 +4,15 @@
     - setup-variables
     - setup-env
     - sanity-check
-    - setup-namespaces
-    - start-gerrit
+    - sfconfig-dev-prepare
   tasks:
-    - name: CI process(standalone)
-      block:
-        - community.general.make:
-            target: "{{ item }}"
-            chdir: "{{ zuul.project.src_dir }}"
-          loop:
-            - install-cert-manager
-            - install-prometheus-operator
-        - ansible.builtin.include_role:
-            name: start-prometheus
-      when: mode == 'standalone'
-
     - name: CI process(OLM install)
       ansible.builtin.include_role:
         name: "{{ item }}"
       loop:
-        - microshift-workarounds
         - build-operator-assets
         - clean-installations
         - install-operator
-        # we start prometheus after installing the operator, to ensure the prometheus-operator dependency was installed properly.
-        - start-prometheus
         - apply-custom-resources
       when: mode == 'olm'
 

diff --git a/playbooks/upgrade.yaml b/playbooks/upgrade.yaml
@@ -4,9 +4,7 @@
     - setup-variables
     - setup-env
     - sanity-check
-    - setup-namespaces
-    - microshift-workarounds
-    - start-gerrit
+    - sfconfig-dev-prepare
     - role: build-operator-assets
       vars:
         build_bundle: false
@@ -20,5 +18,4 @@
         build_bundle: true
         ci_bundle_img: localhost:5000/sf-operator-bundle:latest
     - upgrade-operator
-    - start-prometheus
     - run-tests
diff --git a/roles/start-gerrit/defaults/main.yaml → ...s/sfconfig-dev-prepare/defaults/main.yaml b/roles/start-gerrit/defaults/main.yaml → ...s/sfconfig-dev-prepare/defaults/main.yaml
diff --git a/roles/sfconfig-dev-prepare/tasks/main.yaml b/roles/sfconfig-dev-prepare/tasks/main.yaml
@@ -0,0 +1,5 @@
+---
+- name: Run the sfconfig dev prepare
+  command: "tools/sfconfig dev prepare"
+  args:
+    chdir: "{{ zuul.project.src_dir }}"
diff --git a/roles/start-gerrit/tasks/main.yaml b/roles/start-gerrit/tasks/main.yaml
diff --git a/roles/start-prometheus/tasks/main.yaml b/roles/start-prometheus/tasks/main.yaml