chore: Use startpaac script for E2E environment setup

*   Migrated E2E environment setup to the `startpaac` script target.
*   Removed redundant helper functions from `hack/gh-workflow-ci.sh`.
*   Simplified the E2E workflow definition by replacing multiple setup steps
with a single `startpaac` call.
*   Configured workflow parameters to use `vars` instead of `secrets` where
appropriate.
*   Updated E2E test URLs to use `https`.
*   Updated the default internal Gitea URL in tests to reflect the environment
setup.

Signed-off-by: Chmouel Boudjnah <[email protected]>

Author: chmouel

.github/workflows/e2e.yaml

@@ -37,14 +37,15 @@ jobs:
 
     env:
       KO_DOCKER_REPO: localhost:5000
-      CONTROLLER_DOMAIN_URL: controller.paac-127-0-0-1.nip.io
+      CONTROLLER_DOMAIN_URL: paac.127.0.0.1.nip.io
       TEST_GITHUB_REPO_OWNER_GITHUBAPP: openshift-pipelines/pipelines-as-code-e2e-tests
       KUBECONFIG: /home/runner/.kube/config.kind
       TEST_BITBUCKET_CLOUD_API_URL: https://api.bitbucket.org/2.0
       TEST_BITBUCKET_CLOUD_E2E_REPOSITORY: cboudjna/pac-e2e-tests
       TEST_BITBUCKET_CLOUD_USER: cboudjna
-      TEST_EL_URL: http://controller.paac-127-0-0-1.nip.io
-      TEST_GITEA_API_URL: http://localhost:3000
+      TEST_EL_URL: https://paac.127.0.0.1.nip.io
+      TEST_GITEA_API_URL: https://gitea.127.0.0.1.nip.io
+      TEST_GITEA_INTERNAL_URL: http://forgejo-http.forgejo.svc.cluster.local:3000
       TEST_GITEA_USERNAME: pac
       TEST_GITEA_PASSWORD: pac
       TEST_GITEA_REPO_OWNER: pac/pac
@@ -53,11 +54,10 @@ jobs:
       TEST_GITHUB_PRIVATE_TASK_URL: https://github.com/openshift-pipelines/pipelines-as-code-e2e-tests-private/blob/main/remote_task.yaml
       TEST_GITHUB_PRIVATE_TASK_NAME: task-remote
       TEST_GITHUB_SECOND_API_URL: ghe.pipelinesascode.com
-      TEST_GITHUB_SECOND_EL_URL: http://ghe.paac-127-0-0-1.nip.io
+      TEST_GITHUB_SECOND_EL_URL: https://ghe.127.0.0.1.nip.io
       TEST_GITHUB_SECOND_REPO_OWNER_GITHUBAPP: pipelines-as-code/e2e
-      TEST_GITHUB_SECOND_REPO_INSTALLATION_ID: 1
       TEST_GITLAB_API_URL: https://gitlab.com
-      TEST_GITLAB_PROJECT_ID: 34405323
+      TEST_GITLAB_PROJECT_ID: ${{ vars.TEST_GITLAB_PROJECT_ID }}
       TEST_BITBUCKET_SERVER_USER: pipelines
       TEST_BITBUCKET_SERVER_E2E_REPOSITORY: PAC/pac-e2e-tests
     steps:
@@ -76,38 +76,55 @@ jobs:
         with:
           repo: chmouel/gosmee
 
-      - name: Run gosmee
+      - name: Run gosmee main controller
         run: |
-          nohup gosmee client --saveDir /tmp/gosmee-replay ${{ secrets.PYSMEE_URL }} "http://${CONTROLLER_DOMAIN_URL}" &
+          nohup gosmee client --saveDir /tmp/gosmee-replay ${{ secrets.TEST_GITEA_SMEEURL }} "${TEST_EL_URL}" &
+
+      - name: Run gosmee second controller
+        if: matrix.provider == 'providers'
+        run: |
+          nohup gosmee client --saveDir /tmp/gosmee-replay ${{ secrets.TEST_GITHUB_SECOND_SMEE_URL }} "${TEST_GITHUB_SECOND_EL_URL}" &
 
       - name: Setup tmate session
         uses: mxschmitt/action-tmate@v3
         if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
+        env:
+          PAC_GITHUB_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
+          PAC_GITHUB_APPLICATION_ID: ${{ vars.APPLICATION_ID }}
+          PAC_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
+          PAC_SMEE_URL: ${{ secrets.PYSMEE_URL }}
+          TEST_GITHUB_SECOND_SMEE_URL: ${{ secrets.TEST_GITHUB_SECOND_SMEE_URL }}
+          TEST_GITHUB_SECOND_PRIVATE_KEY: ${{ secrets.TEST_GITHUB_SECOND_PRIVATE_KEY }}
+          TEST_GITHUB_SECOND_WEBHOOK_SECRET: ${{ secrets.TEST_GITHUB_SECOND_WEBHOOK_SECRET }}
+          TEST_GITHUB_SECOND_APPLICATION_ID: ${{ vars.TEST_GITHUB_SECOND_APPLICATION_ID }}
+          TEST_PROVIDER: ${{ matrix.provider }}
+          TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
+          TEST_EL_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
+          TEST_GITEA_SMEEURL: ${{ secrets.TEST_GITEA_SMEEURL }}
+          TEST_GITHUB_REPO_INSTALLATION_ID: ${{ vars.INSTALLATION_ID }}
+          TEST_GITHUB_TOKEN: ${{ secrets.GH_APPS_TOKEN }}
+          TEST_GITHUB_SECOND_TOKEN: ${{ secrets.TEST_GITHUB_SECOND_TOKEN }}
+          TEST_GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
+          TEST_BITBUCKET_SERVER_TOKEN: ${{ secrets.BITBUCKET_SERVER_TOKEN }}
+          TEST_BITBUCKET_SERVER_API_URL: ${{ secrets.BITBUCKET_SERVER_API_URL }}
+          TEST_BITBUCKET_SERVER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_SERVER_WEBHOOK_SECRET }}
         with:
           detached: true
           limit-access-to-actor: true
 
       - name: Start installing cluster
-        run: |
-          export PAC_DIR=${PWD}
-          export TEST_GITEA_SMEEURL="${{ secrets.TEST_GITEA_SMEEURL }}"
-          bash -x ./hack/dev/kind/install.sh
-
-      - name: Create PAC github-app-secret
         env:
+          TEST_PROVIDER: ${{ matrix.provider }}
           PAC_GITHUB_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
-          PAC_GITHUB_APPLICATION_ID: ${{ secrets.APPLICATION_ID }}
+          PAC_GITHUB_APPLICATION_ID: ${{ vars.APPLICATION_ID }}
           PAC_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
-        run: |
-          ./hack/gh-workflow-ci.sh create_pac_github_app_secret
-
-      - name: Create second Github APP Controller on GHE
-        env:
+          PAC_SMEE_URL: ${{ secrets.PYSMEE_URL }}
           TEST_GITHUB_SECOND_SMEE_URL: ${{ secrets.TEST_GITHUB_SECOND_SMEE_URL }}
           TEST_GITHUB_SECOND_PRIVATE_KEY: ${{ secrets.TEST_GITHUB_SECOND_PRIVATE_KEY }}
           TEST_GITHUB_SECOND_WEBHOOK_SECRET: ${{ secrets.TEST_GITHUB_SECOND_WEBHOOK_SECRET }}
+          TEST_GITHUB_SECOND_APPLICATION_ID: ${{ vars.TEST_GITHUB_SECOND_APPLICATION_ID }}
         run: |
-          ./hack/gh-workflow-ci.sh create_second_github_app_controller_on_ghe
+          ./hack/gh-workflow-ci.sh startpaac
 
       - name: Run E2E Tests
         if: ${{ github.event_name != 'schedule' || github.event.label.name == 'e2e' || contains(github.event.pull_request.labels.*.name, 'e2e') }}
@@ -116,7 +133,7 @@ jobs:
           TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
           TEST_EL_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
           TEST_GITEA_SMEEURL: ${{ secrets.TEST_GITEA_SMEEURL }}
-          TEST_GITHUB_REPO_INSTALLATION_ID: ${{ secrets.INSTALLATION_ID }}
+          TEST_GITHUB_REPO_INSTALLATION_ID: ${{ vars.INSTALLATION_ID }}
           TEST_GITHUB_TOKEN: ${{ secrets.GH_APPS_TOKEN }}
           TEST_GITHUB_SECOND_TOKEN: ${{ secrets.TEST_GITHUB_SECOND_TOKEN }}
           TEST_GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
@@ -134,7 +151,7 @@ jobs:
           TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
           TEST_EL_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
           TEST_GITEA_SMEEURL: ${{ secrets.TEST_GITEA_SMEEURL }}
-          TEST_GITHUB_REPO_INSTALLATION_ID: ${{ secrets.INSTALLATION_ID }}
+          TEST_GITHUB_REPO_INSTALLATION_ID: ${{ vars.INSTALLATION_ID }}
           TEST_GITHUB_TOKEN: ${{ secrets.GH_APPS_TOKEN }}
           TEST_GITHUB_SECOND_TOKEN: ${{ secrets.TEST_GITHUB_SECOND_TOKEN }}
           TEST_GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}

hack/gh-workflow-ci.sh

@@ -3,70 +3,6 @@
 # Helper script for GitHub Actions CI, used from e2e tests.
 set -exufo pipefail
 
-create_pac_github_app_secret() {
-  # Read from environment variables instead of arguments
-  local app_private_key="${PAC_GITHUB_PRIVATE_KEY}"
-  local application_id="${PAC_GITHUB_APPLICATION_ID}"
-  local webhook_secret="${PAC_WEBHOOK_SECRET}"
-
-  kubectl delete secret -n pipelines-as-code pipelines-as-code-secret || true
-  kubectl -n pipelines-as-code create secret generic pipelines-as-code-secret \
-    --from-literal github-private-key="${app_private_key}" \
-    --from-literal github-application-id="${application_id}" \
-    --from-literal webhook.secret="${webhook_secret}"
-  kubectl patch configmap -n pipelines-as-code -p "{\"data\":{\"bitbucket-cloud-check-source-ip\": \"false\"}}" \
-    --type merge pipelines-as-code
-
-  # restart controller
-  kubectl -n pipelines-as-code delete pod -l app.kubernetes.io/name=controller
-
-  echo -n "Waiting for controller to restart"
-  i=0
-  while true; do
-    [[ ${i} == 120 ]] && exit 1
-    ep=$(kubectl get ep -n pipelines-as-code pipelines-as-code-controller -o jsonpath='{.subsets[*].addresses[*].ip}')
-    [[ -n ${ep} ]] && break
-    sleep 2
-    echo -n "."
-    i=$((i + 1))
-  done
-  echo
-}
-
-create_second_github_app_controller_on_ghe() {
-  # Read from environment variables instead of arguments
-  local test_github_second_smee_url="${TEST_GITHUB_SECOND_SMEE_URL}"
-  local test_github_second_private_key="${TEST_GITHUB_SECOND_PRIVATE_KEY}"
-  local test_github_second_webhook_secret="${TEST_GITHUB_SECOND_WEBHOOK_SECRET}"
-
-  if [[ -n "$(type -p apt)" ]]; then
-    sudo apt update &&
-      sudo apt install -y python3-yaml
-  elif [[ -n "$(type -p dnf)" ]]; then
-    dnf install -y python3-pyyaml
-  else
-    # TODO(chmouel): setup a virtualenvironment instead
-    python3 -m pip install --break-system-packages PyYAML
-  fi
-
-  ./hack/second-controller.py \
-    --controller-image="ko" \
-    --smee-url="${test_github_second_smee_url}" \
-    --ingress-domain="paac-127-0-0-1.nip.io" \
-    --namespace="pipelines-as-code" \
-    ghe | tee /tmp/generated.yaml
-
-  ko apply -f /tmp/generated.yaml
-  kubectl delete secret -n pipelines-as-code ghe-secret || true
-  kubectl -n pipelines-as-code create secret generic ghe-secret \
-    --from-literal github-private-key="${test_github_second_private_key}" \
-    --from-literal github-application-id="2" \
-    --from-literal webhook.secret="${test_github_second_webhook_secret}"
-  sed "s/name: pipelines-as-code/name: ghe-configmap/" <config/302-pac-configmap.yaml | kubectl apply -n pipelines-as-code -f-
-  kubectl patch configmap -n pipelines-as-code ghe-configmap -p '{"data":{"application-name": "Pipelines as Code GHE"}}'
-  kubectl -n pipelines-as-code delete pod -l app.kubernetes.io/name=ghe-controller
-}
-
 get_tests() {
   target=$1
   mapfile -t testfiles < <(find test/ -maxdepth 1 -name '*.go')
@@ -91,6 +27,50 @@ run_e2e_tests() {
   make test-e2e GO_TEST_FLAGS="-run \"$(echo "${tests[*]}" | sed 's/ /|/g')\""
 }
 
+startpaac() {
+  echo "**********************************************************************"
+  echo "                       Installing startpaac"
+  echo "**********************************************************************"
+  [[ -d ~/startpaac ]] ||
+    git clone --depth=1 https://github.com/chmouel/startpaac ~/startpaac
+
+  mkdir -p ~/second ~/pass $HOME/.config/startpaac
+
+  cat <<EOF >$HOME/.config/startpaac/config
+PAC_DIR=$HOME/work/pipelines-as-code/pipelines-as-code/
+PAC_SECRET_FOLDER=$HOME/pass
+PAC_SECOND_SECRET_FOLDER=${HOME}/second
+TARGET_HOST=local
+EOF
+
+  echo "${PAC_GITHUB_PRIVATE_KEY}" >~/pass/github-private-key
+  echo "${PAC_GITHUB_APPLICATION_ID}" >~/pass/github-application-id
+  echo "${PAC_WEBHOOK_SECRET}" >~/pass/webhook.secret
+  echo "${PAC_SMEE_URL}" >~/pass/smee
+
+  echo "${TEST_GITHUB_SECOND_PRIVATE_KEY}" >~/second/github-private-key
+  echo "${TEST_GITHUB_SECOND_APPLICATION_ID}" >~/second/github-application-id
+  echo "${TEST_GITHUB_SECOND_WEBHOOK_SECRET}" >~/second/webhook.secret
+  echo "${TEST_GITHUB_SECOND_SMEE_URL}" >~/second/smee
+
+  go install github.com/jsha/minica@latest
+
+  (
+    cd ${HOME}/startpaac
+    if [[ ${TEST_PROVIDER} == "providers" ]]; then
+      ./startpaac --all-github-second-no-forgejo
+    else
+      ./startpaac --all
+    fi
+  )
+
+  echo "**********************************************************************"
+  echo "Copying minica CA certs to /usr/local/share/ca-certificates/minica.crt"
+  echo "**********************************************************************"
+  sudo cp -v /tmp/certs/minica.pem /usr/local/share/ca-certificates/minica.crt
+  sudo update-ca-certificates
+}
+
 collect_logs() {
   # Read from environment variables
   local test_gitea_smee_url="${TEST_GITEA_SMEEURL}"
@@ -157,22 +137,23 @@ help() {
   collect_logs
     Collect logs from the cluster
     Required env vars: TEST_GITEA_SMEEURL, TEST_GITHUB_SECOND_SMEE_URL
+
+  startpaac
+    Install startpaac and setup the config
+    Required env vars: PAC_GITHUB_PRIVATE_KEY, PAC_GITHUB_APPLICATION_ID, PAC_WEBHOOK_SECRET, PAC_SMEE_URL
 EOF
 }
 
 case ${1-""} in
-create_pac_github_app_secret)
-  create_pac_github_app_secret
-  ;;
-create_second_github_app_controller_on_ghe)
-  create_second_github_app_controller_on_ghe
-  ;;
 run_e2e_tests)
   run_e2e_tests
   ;;
 collect_logs)
   collect_logs
   ;;
+startpaac)
+  startpaac
+  ;;
 help)
   help
   exit 0

test/pkg/gitea/test.go

@@ -128,7 +128,8 @@ func TestPR(t *testing.T, topts *TestOpts) (context.Context, func()) {
 	hookURL := os.Getenv("TEST_GITEA_SMEEURL")
 	topts.InternalGiteaURL = os.Getenv("TEST_GITEA_INTERNAL_URL")
 	if topts.InternalGiteaURL == "" {
-		topts.InternalGiteaURL = "http://gitea.gitea:3000"
+		// default to internal forgejo as deployed by the helm
+		topts.InternalGiteaURL = "http://forgejo-http.forgejo.svc.cluster.local:3000"
 	}
 	if topts.ExtraArgs == nil {
 		topts.ExtraArgs = map[string]string{}