test(ui): Export OpenShift creds to ui e2e test jobs#19701
Conversation
|
This change is part of the following stack: Change managed by git-spice. |
|
Skipping CI for Draft Pull Request. |
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- Consider guarding the
source "${SHARED_DIR}/dotenv"call with a file existence check and a clear error message to avoid obscure failures if the dotenv file is missing or misnamed in CI. - The
export OPENSHIFT_CONSOLE_*=...assignments are self-assignments; if the intent is simply to expose variables already defined by the dotenv file to child processes, a singleset -a; source ...; set +a(or equivalent) would be simpler and less redundant.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Consider guarding the `source "${SHARED_DIR}/dotenv"` call with a file existence check and a clear error message to avoid obscure failures if the dotenv file is missing or misnamed in CI.
- The `export OPENSHIFT_CONSOLE_*=...` assignments are self-assignments; if the intent is simply to expose variables already defined by the dotenv file to child processes, a single `set -a; source ...; set +a` (or equivalent) would be simpler and less redundant.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
📝 WalkthroughWalkthroughUpdated CI routing to include Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@tests/e2e/lib.sh`:
- Around line 1513-1518: The current export of
OPENSHIFT_CONSOLE_URL/USERNAME/PASSWORD will fail under set -u if any variable
is missing; after sourcing "${SHARED_DIR}/dotenv" in the ci_job ocp UI branch,
guard each export by either using a safe default expansion (e.g. export
OPENSHIFT_CONSOLE_URL="${OPENSHIFT_CONSOLE_URL:-}" ) or only exporting when set
(e.g. if [[ -n "${OPENSHIFT_CONSOLE_URL:-}" ]]; then export
OPENSHIFT_CONSOLE_URL; fi), and apply the same pattern for
OPENSHIFT_CONSOLE_USERNAME and OPENSHIFT_CONSOLE_PASSWORD so the script won't
abort when dotenv lacks those keys.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: 83d14cb2-0d46-4fba-afa5-da9a5ac7e4e8
📒 Files selected for processing (2)
.openshift-ci/dispatch.shtests/e2e/lib.sh
95f5145 to
668c00c
Compare
|
/test ocp-4-21-qa-e2e-tests |
|
/test ocp-4-21-ui-e2e-tests |
|
Images are ready for the commit at 668c00c. To use with deploy scripts, first |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19701 +/- ##
=======================================
Coverage 49.65% 49.65%
=======================================
Files 2747 2747
Lines 207261 207261
=======================================
+ Hits 102909 102910 +1
+ Misses 96698 96697 -1
Partials 7654 7654
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- In
setup_automation_flavor_e2e_cluster, consider guardingsource "${SHARED_DIR}/dotenv"with a file-existence check or clearer error message so failures from a missing or malformed dotenv file are easier to diagnose. - The
export OPENSHIFT_CONSOLE_*="${OPENSHIFT_CONSOLE_*}"lines are redundant after sourcing dotenv; you can either rely on dotenv to export them or useset -a/exportonce to avoid repeating variable assignments. - The patterns
ocp*ui-e2e-testsand the description’socp.*ui-e2e-tests$differ; consider aligning the job name matching with an anchored or more explicit pattern so only the intended jobs trigger the OCP UI e2e setup.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- In `setup_automation_flavor_e2e_cluster`, consider guarding `source "${SHARED_DIR}/dotenv"` with a file-existence check or clearer error message so failures from a missing or malformed dotenv file are easier to diagnose.
- The `export OPENSHIFT_CONSOLE_*="${OPENSHIFT_CONSOLE_*}"` lines are redundant after sourcing dotenv; you can either rely on dotenv to export them or use `set -a`/`export` once to avoid repeating variable assignments.
- The patterns `ocp*ui-e2e-tests` and the description’s `ocp.*ui-e2e-tests$` differ; consider aligning the job name matching with an anchored or more explicit pattern so only the intended jobs trigger the OCP UI e2e setup.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
davdhacs
left a comment
There was a problem hiding this comment.
This looks great! And +1 I think it is good for it to fail if any of those variables are not set. If they're not set from the dotenv file, then there is a problem with the cluster anyway and we want a failure.
|
/retest |
🚀 Build Images ReadyImages are ready for commit b61d01e. To use with deploy scripts: export MAIN_IMAGE_TAG=4.11.x-557-gb61d01eadd |
Description
Note - Heavy use of Claude Code for the exploration and solution
OpenShift console credentials (
OPENSHIFT_CONSOLE_USERNAME,OPENSHIFT_CONSOLE_PASSWORD) are needed to run Cypress e2e tests against the OCP console plugin. These credentials are created by automation-flavors and stored in${SHARED_DIR}/dotenv, but were not being exported to UI test jobs.Historical Context
Initial attempt (reverted):
oc loginto authenticate with OCP clusters and export credentialsocp-qa-e2e-testsworkload identity setup (ROX-30812)oc loginmodified the kubeconfig cluster name from simple form (rox-ci-18674432) to API endpoint form (api-rox-ci-23657728-ocp-ci-rox-systems:6443)Solution
Key insight: UI tests don't need
oc loginat all!The Cypress tests perform browser-based authentication using environment variables. The kubeconfig already has admin access from automation-flavors for deploying StackRox components.
Changes
.openshift-ci/dispatch.sh- Addedocp*e2e-testspattern to trigger cluster setuptests/e2e/lib.sh- Export credentials forocp.*ui-e2e-tests$jobs by sourcing dotenvoc login= no kubeconfig modification = workload identity tests unaffectedWhy This Works
oc loginmeans workload identity tests see the original cluster nameocp.*ui-e2e-tests$jobsUser-facing documentation
Testing and quality
Automated testing
How I validated my change
Verify that the ocp-e2e test jobs that failed in the original change are successful: https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/stackrox_stackrox/19701/pull-ci-stackrox-stackrox-master-ocp-4-21-qa-e2e-tests/2038959834006556672
Verify that ui e2e tests correctly pick up the credentials and run passing tests against the console plugin. This occurs in a PR up-stack, plugin e2e tests do not run in this PR. (
ests are failing due to the plugin being disabled by default, but the authentication can be verified to be working correctly. Plugin enable state will be fixed in the follow up PR.) Tests are now working with both authentication, and against an enabled plugin, but are failing due to an issue with cert identities separate from this change. Enabling the tests and checking true e2e success will be handled in a PR up the stack. #18737