Skip to content

Conversation

osmman
Copy link
Collaborator

@osmman osmman commented Aug 27, 2025

Refactor custom install suite to allow install different configurations of manager pod.

Create a new scenario to trigger rolling update on all deployments with multiple replicas.

Summary by Sourcery

Refactor custom install suite, introduce NFS-CSI support, and add new e2e custom_install tests for proxy-based installs and rolling upgrade scenarios, with corresponding CI workflow updates

New Features:

  • Introduce WithNFSPVC option to configure NFS-based PVCs in Securesign custom installs
  • Add e2e custom_install suite with proxy-environment install scenario
  • Add rolling upgrade scenario to verify deployment updates across replicas

Enhancements:

  • Refactor custom install suite to support flexible manager pod configurations

CI:

  • Bump kind version and node image in GitHub Actions kind-cluster action
  • Add optional NFS-CSI installation input and cleanup steps in kind-cluster and cleanup actions
  • Enable NFS-CSI in custom_install workflow

Tests:

  • Add custom_install tests for proxy environment and rolling upgrade scenarios
  • Implement suite_test harness for custom manager pod installs

Copy link

sourcery-ai bot commented Aug 27, 2025

Reviewer's Guide

This PR refactors the custom install E2E suite to support flexible manager pod options (NFS-backed PVCs and dynamic image injection), adds new HTTP proxy and rolling-upgrade test scenarios, and updates CI workflows to install and cleanup NFS CSI support.

File-Level Changes

Change Details Files
Refactor custom install suite for configurable manager pod options and dynamic image injection
  • Implement optManagerPod functions and enforce TEST_MANAGER_IMAGE environment variable
  • Add WithNFSPVC option to configure NFS-backed PVCs in Securesign resource
  • Consolidate image environment variables into an Images slice for dynamic injection
test/e2e/support/tas/securesign/securesign.go
internal/images/images.go
test/e2e/custom_install/suite_test.go
Add HTTP proxy installation test scenario
  • Implement proxy_test.go to deploy a proxy server and validate OIDC traffic through HTTP_PROXY
  • Introduce withProxy helper to inject proxy env vars into the manager pod
  • Embed proxy manifest under testdata for proxy server deployment
test/e2e/custom_install/proxy_test.go
test/e2e/custom_install/testdata/proxy.yaml
Add rolling upgrade test scenario for multi-replica deployments
  • Implement rolling_upgrade_test.go with WithReplicas option to scale components
  • Add withRelatedImages helper to inject dummy image tags for triggering updates
  • Verify rolling updates by checking deployment container images contain the dummy tag
test/e2e/custom_install/rolling_upgrade_test.go
Update CI workflows to install and cleanup NFS CSI
  • Add nfs-csi input and installation step in kind-cluster action
  • Enable NFS CSI and disable Keycloak in main GitHub Actions workflow
  • Add NFS CSI uninstallation and volume cleanup in kind-cluster-cleanup action
.github/actions/kind-cluster/action.yml
.github/workflows/main.yml
.github/actions/kind-cluster-cleanup/action.yml

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@osmman
Copy link
Collaborator Author

osmman commented Aug 27, 2025

@sourcery-ai title

@osmman osmman added the test label Aug 27, 2025
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes - here's some feedback:

  • Replace the static time.Sleep calls used to wait for operator pod deletion with Gomega Eventually loops checking pod readiness for more reliable test timing.
  • Extract the installOperator, managerPod, and rbac helper functions into shared test utilities to reduce duplicated setup code across the proxy and rolling upgrade tests.
  • Consider using kustomize or the controller-runtime typed client directly instead of unstructured YAML decoding when applying RBAC resources for stronger type safety and maintainability.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Replace the static time.Sleep calls used to wait for operator pod deletion with Gomega Eventually loops checking pod readiness for more reliable test timing.
- Extract the installOperator, managerPod, and rbac helper functions into shared test utilities to reduce duplicated setup code across the proxy and rolling upgrade tests.
- Consider using kustomize or the controller-runtime typed client directly instead of unstructured YAML decoding when applying RBAC resources for stronger type safety and maintainability.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@sourcery-ai sourcery-ai bot changed the title test: new custom install scenario to cover rolling update Refactor custom install suite for manager configs; add proxy, rolling update tests Aug 27, 2025
@osmman osmman changed the title Refactor custom install suite for manager configs; add proxy, rolling update tests test: Refactor custom install suite and add rolling update scenario Aug 27, 2025
@osmman osmman changed the title test: Refactor custom install suite and add rolling update scenario test: refactor custom install suite and add rolling update scenario Aug 27, 2025
@osmman osmman force-pushed the tturek/SECURESIGN-2533 branch 5 times, most recently from a4f0a5d to 1ca1686 Compare August 27, 2025 16:50
@osmman osmman marked this pull request as draft August 27, 2025 17:10
@osmman osmman force-pushed the tturek/SECURESIGN-2533 branch from 1ca1686 to 9e2dcd1 Compare August 29, 2025 12:29
@osmman osmman marked this pull request as ready for review August 29, 2025 13:33
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents
Please address the comments from this code review:
## Individual Comments

### Comment 1
<location> `.github/actions/kind-cluster/action.yml:118` </location>
<code_context>

         echo "oidc_host=keycloak-internal.keycloak-system.svc" >> $GITHUB_OUTPUT
+
+    - name: Install nfs-csi
+      if: ${{ inputs.nfs-csi  == 'true'}}
+      id: install-nfs-csi
+      shell: bash
+      run: |
+        kustomize build --enable-helm ./ci/nfs/overlay/ | kubectl apply -f -
\ No newline at end of file
</code_context>

<issue_to_address>
No error handling for kustomize or kubectl failures.

Add error handling to ensure failures in kustomize or kubectl are clearly reported, such as using set -e or explicit checks.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@osmman osmman force-pushed the tturek/SECURESIGN-2533 branch 12 times, most recently from d9c1a43 to 5755535 Compare September 1, 2025 12:22
@osmman osmman marked this pull request as draft September 1, 2025 12:22
@osmman osmman force-pushed the tturek/SECURESIGN-2533 branch from 5755535 to 041ff90 Compare September 1, 2025 12:50
Refactor custom install suite to allow install different configurations
of manager pod.

Create a new scenario to trigger rolling update on all
deployments with multiple replicas.

Signed-off-by: Tomas Turek <[email protected]>
@osmman osmman force-pushed the tturek/SECURESIGN-2533 branch from 041ff90 to ef50e8f Compare September 1, 2025 13:56
@osmman osmman marked this pull request as ready for review September 1, 2025 14:22
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents
Please address the comments from this code review:
## Individual Comments

### Comment 1
<location> `.github/actions/kind-cluster/action.yml:118` </location>
<code_context>

         echo "oidc_host=keycloak-internal.keycloak-system.svc" >> $GITHUB_OUTPUT
+
+    - name: Install NFS-CSI
+      if: ${{ inputs.nfs-csi  == 'true'}}
+      id: install-nfs-csi
</code_context>

<issue_to_address>
Consider adding error handling for NFS-CSI installation.

Without error handling, failures in kustomize or kubectl may go unnoticed, resulting in an incomplete NFS-CSI setup. Implement checks to ensure installation succeeds.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@osmman osmman requested review from JasonPowr and knrc September 1, 2025 14:35
@osmman osmman merged commit 0fae4d8 into main Sep 1, 2025
19 checks passed
@osmman osmman deleted the tturek/SECURESIGN-2533 branch September 1, 2025 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants