Implement job for testing Compliance Operator on ROSA (#51781)

We can use the rosa-aws-sts-hcp workflow to create ROSA clusters in CI, which gives us the opportunity to run the Compliance Operator on top of ROSA. Since ROSA is different from self-managed OpenShift, we should exercise the operator on ROSA just like we would any other OpenShift version.
openshift · May 10, 2024 · 17dc0eb · 17dc0eb
1 parent d5dc1cd
commit 17dc0eb
Show file tree

Hide file tree

Showing 2 changed files with 108 additions and 0 deletions.
diff --git a/...fig/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master.yaml b/...fig/ComplianceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master.yaml
@@ -3,10 +3,18 @@ base_images:
     name: ubi
     namespace: ocp
     tag: "8"
+  cli-ocm:
+    name: cli-ocm
+    namespace: ci
+    tag: latest
   openshift_release_rhel-8-release-golang-1.20-openshift-4.14:
     name: release
     namespace: openshift
     tag: rhel-8-release-golang-1.20-openshift-4.14
+  rosa-aws-cli:
+    name: rosa-aws-cli
+    namespace: ci
+    tag: release
 build_root:
   image_stream_tag:
     name: release
@@ -106,6 +114,25 @@ tests:
         requests:
           cpu: 100m
     workflow: ipi-aws
+- as: e2e-rosa
+  skip_if_only_changed: ^.*(md|adoc)$|^LICENSE$
+  steps:
+    cluster_profile: quay-aws
+    env:
+      BYO_OIDC: "true"
+      CHANNEL_GROUP: stable
+      OCM_LOGIN_ENV: integration
+      OPENSHIFT_VERSION: 4.15.8
+      REGION: us-east-2
+    test:
+    - as: test-ocp4-pci-dss-node
+      cli: latest
+      commands: make e2e-rosa
+      from: src
+      resources:
+        requests:
+          cpu: 100m
+    workflow: rosa-aws-sts-hcp
 zz_generated_metadata:
   branch: master
   org: ComplianceAsCode

diff --git a/...nceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-presubmits.yaml b/...nceAsCode/compliance-operator/ComplianceAsCode-compliance-operator-master-presubmits.yaml
@@ -162,6 +162,87 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )e2e-aws-serial,?($|\s.*)
+  - agent: kubernetes
+    always_run: false
+    branches:
+    - ^master$
+    - ^master-
+    cluster: build05
+    context: ci/prow/e2e-rosa
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci-operator.openshift.io/cloud: aws
+      ci-operator.openshift.io/cloud-cluster-profile: quay-aws
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-ComplianceAsCode-compliance-operator-master-e2e-rosa
+    rerun_command: /test e2e-rosa
+    skip_if_only_changed: ^.*(md|adoc)$|^LICENSE$
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --secret-dir=/usr/local/e2e-rosa-cluster-profile
+        - --target=e2e-rosa
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /usr/local/e2e-rosa-cluster-profile
+          name: cluster-profile
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: cluster-profile
+        secret:
+          secretName: cluster-secrets-quay-aws
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )e2e-rosa,?($|\s.*)
   - agent: kubernetes
     always_run: false
     branches: