test: refactor custom install suite and add rolling update scenario

[osmman]

Refactor custom install suite to allow install different configurations of manager pod.

Create a new scenario to trigger rolling update on all deployments with multiple replicas.

Summary by Sourcery

Refactor custom install suite, introduce NFS-CSI support, and add new e2e custom_install tests for proxy-based installs and rolling upgrade scenarios, with corresponding CI workflow updates

New Features:

• Introduce WithNFSPVC option to configure NFS-based PVCs in Securesign custom installs
• Add e2e custom_install suite with proxy-environment install scenario
• Add rolling upgrade scenario to verify deployment updates across replicas

Enhancements:

• Refactor custom install suite to support flexible manager pod configurations

CI:

• Bump kind version and node image in GitHub Actions kind-cluster action
• Add optional NFS-CSI installation input and cleanup steps in kind-cluster and cleanup actions
• Enable NFS-CSI in custom_install workflow

Tests:

• Add custom_install tests for proxy environment and rolling upgrade scenarios
• Implement suite_test harness for custom manager pod installs

[sourcery-ai]

Reviewer's Guide

This PR refactors the custom install E2E suite to support flexible manager pod options (NFS-backed PVCs and dynamic image injection), adds new HTTP proxy and rolling-upgrade test scenarios, and updates CI workflows to install and cleanup NFS CSI support.

File-Level Changes

Change	Details	Files
Refactor custom install suite for configurable manager pod options and dynamic image injection	Implement optManagerPod functions and enforce TEST_MANAGER_IMAGE environment variable Add WithNFSPVC option to configure NFS-backed PVCs in Securesign resource Consolidate image environment variables into an Images slice for dynamic injection	test/e2e/support/tas/securesign/securesign.go internal/images/images.go test/e2e/custom_install/suite_test.go
Add HTTP proxy installation test scenario	Implement proxy_test.go to deploy a proxy server and validate OIDC traffic through HTTP_PROXY Introduce withProxy helper to inject proxy env vars into the manager pod Embed proxy manifest under testdata for proxy server deployment	test/e2e/custom_install/proxy_test.go test/e2e/custom_install/testdata/proxy.yaml
Add rolling upgrade test scenario for multi-replica deployments	Implement rolling_upgrade_test.go with WithReplicas option to scale components Add withRelatedImages helper to inject dummy image tags for triggering updates Verify rolling updates by checking deployment container images contain the dummy tag	test/e2e/custom_install/rolling_upgrade_test.go
Update CI workflows to install and cleanup NFS CSI	Add nfs-csi input and installation step in kind-cluster action Enable NFS CSI and disable Keycloak in main GitHub Actions workflow Add NFS CSI uninstallation and volume cleanup in kind-cluster-cleanup action	.github/actions/kind-cluster/action.yml .github/workflows/main.yml .github/actions/kind-cluster-cleanup/action.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[osmman]

@sourcery-ai title

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Replace the static time.Sleep calls used to wait for operator pod deletion with Gomega Eventually loops checking pod readiness for more reliable test timing.
• Extract the installOperator, managerPod, and rbac helper functions into shared test utilities to reduce duplicated setup code across the proxy and rolling upgrade tests.
• Consider using kustomize or the controller-runtime typed client directly instead of unstructured YAML decoding when applying RBAC resources for stronger type safety and maintainability.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- Replace the static time.Sleep calls used to wait for operator pod deletion with Gomega Eventually loops checking pod readiness for more reliable test timing.
- Extract the installOperator, managerPod, and rbac helper functions into shared test utilities to reduce duplicated setup code across the proxy and rolling upgrade tests.
- Consider using kustomize or the controller-runtime typed client directly instead of unstructured YAML decoding when applying RBAC resources for stronger type safety and maintainability.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:
## Individual Comments

### Comment 1
<location> `.github/actions/kind-cluster/action.yml:118` </location>
<code_context>

         echo "oidc_host=keycloak-internal.keycloak-system.svc" >> $GITHUB_OUTPUT
+
+    - name: Install nfs-csi
+      if: ${{ inputs.nfs-csi  == 'true'}}
+      id: install-nfs-csi
+      shell: bash
+      run: |
+        kustomize build --enable-helm ./ci/nfs/overlay/ | kubectl apply -f -
\ No newline at end of file
</code_context>

<issue_to_address>
No error handling for kustomize or kubectl failures.

Add error handling to ensure failures in kustomize or kubectl are clearly reported, such as using set -e or explicit checks.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:
## Individual Comments

### Comment 1
<location> `.github/actions/kind-cluster/action.yml:118` </location>
<code_context>

         echo "oidc_host=keycloak-internal.keycloak-system.svc" >> $GITHUB_OUTPUT
+
+    - name: Install NFS-CSI
+      if: ${{ inputs.nfs-csi  == 'true'}}
+      id: install-nfs-csi
</code_context>

<issue_to_address>
Consider adding error handling for NFS-CSI installation.

Without error handling, failures in kustomize or kubectl may go unnoticed, resulting in an incomplete NFS-CSI setup. Implement checks to ensure installation succeeds.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}