From e9f00b11de1539f54bad4ecd508adb7db7c45c89 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Mon, 14 Oct 2024 11:39:46 +0200
Subject: [PATCH 1/2] Improve validate-origin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If we set the main.git.upstreamRepoURL then we need to check that one
for the presence of the branch and not whatever is configured as the
origin remote.

Tested as follows:

- Working upstreamRepoURL:

    ❯ yq -r '.main.git.repoUpstreamURL // (.main.git.repoUpstreamURL = "")' values-global.yaml
    https://github.com/mbaldessari/industrial-edge
    ❯ make validate-origin
    make -f common/Makefile validate-origin
    make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/industrial-edge'
    Checking repository:
    Upstream URL set to: https://github.com/mbaldessari/industrial-edge
      https://github.com/mbaldessari/industrial-edge - branch 'for-max-s3-kafka-fix': OK
    make[1]: Leaving directory '/home/michele/Engineering/cloud-patterns/industrial-edge'

- upstreamRepoURL without the branch:

    ❯ yq -r '.main.git.repoUpstreamURL // (.main.git.repoUpstreamURL = "")' values-global.yaml
    https://github.com/mamurak/industrial-edge
    ❯ make validate-origin
    make -f common/Makefile validate-origin
    make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/industrial-edge'
    Checking repository:
    Upstream URL set to: https://github.com/mamurak/industrial-edge
      https://github.com/mamurak/industrial-edge - branch 'for-max-s3-kafka-fix': NOT FOUND
    make[1]: *** [common/Makefile:138: validate-origin] Error 1
    make[1]: Leaving directory '/home/michele/Engineering/cloud-patterns/industrial-edge'
    make: *** [Makefile:24: validate-origin] Error 2

- No repoUpstreamURL set:

    ❯ yq -r '.main.git.repoUpstreamURL // (.main.git.repoUpstreamURL = "")' values-global.yaml
    ❯
    ❯ make validate-origin
    make -f common/Makefile validate-origin
    make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/industrial-edge'
    Checking repository:
      https://github.com/mbaldessari/industrial-edge.git - branch 'for-max-s3-kafka-fix': OK
    make[1]: Leaving directory '/home/michele/Engineering/cloud-patterns/industrial-edge'
---
 Makefile | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index a5c102b89..ceec9745a 100644
--- a/Makefile
+++ b/Makefile
@@ -129,12 +129,22 @@ token-kubeconfig: ## Create a local ~/.kube/config with password (not usually ne
 
 # We only check the remote ssh git branch's existance if we're not running inside a container
 # as getting ssh auth working inside a container seems a bit brittle
+# If the main repoUpstreamURL field is set, then we need to check against
+# that and not target_repo
 .PHONY: validate-origin
 validate-origin: ## verify the git origin is available
 	@echo "Checking repository:"
-	@echo -n "  $(TARGET_REPO) - branch '$(TARGET_BRANCH)': "
-	@git ls-remote --exit-code --heads $(TARGET_REPO) $(TARGET_BRANCH) >/dev/null &&\
-		echo "OK" || (echo "NOT FOUND"; exit 1)
+	$(eval UPSTREAMURL := $(shell yq -r '.main.git.repoUpstreamURL // (.main.git.repoUpstreamURL = "")' values-global.yaml))
+	@if [ -z "$(UPSTREAMURL)" ]; then\
+		echo -n "  $(TARGET_REPO) - branch '$(TARGET_BRANCH)': ";\
+		git ls-remote --exit-code --heads $(TARGET_REPO) $(TARGET_BRANCH) >/dev/null &&\
+			echo "OK" || (echo "NOT FOUND"; exit 1);\
+	else\
+		echo "Upstream URL set to: $(UPSTREAMURL)";\
+		echo -n "  $(UPSTREAMURL) - branch '$(TARGET_BRANCH)': ";\
+		git ls-remote --exit-code --heads $(UPSTREAMURL) $(TARGET_BRANCH) >/dev/null &&\
+			echo "OK" || (echo "NOT FOUND"; exit 1);\
+	fi
 
 .PHONY: validate-cluster
 validate-cluster: ## Do some cluster validations before installing

From 8dfad491b7b616a0866d752e361935d526335382 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Tue, 15 Oct 2024 19:25:46 +0200
Subject: [PATCH 2/2] Make the make install output less daunting

The current output is a bit daunting for first-time users as it outputs
things like the following a few times:

    customresourcedefinition.apiextensions.k8s.io/patterns.gitops.hybrid-cloud-patterns.io created
    configmap/patterns-operator-config created
    subscription.operators.coreos.com/patterns-operator created
    error: resource mapping not found for name: "rhoai-patterns-demo" namespace: "openshift-operators" from "STDIN": no matches for kind "Pattern" in version "gitops.hybrid-cloud-patterns.io/v1alpha1"
    ensure CRDs are installed first

Let's switch to something a bit more user-friendly:

    make -f common/Makefile operator-deploy
    make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops'
    Checking repository:
      https://github.com/mbaldessari/multicloud-gitops.git - branch 'luis-demo': OK
    Checking cluster:
      cluster-info: OK
      storageclass: WARNING: No storageclass found
    Installing pattern: Done
    ...

Do some magic with file descriptors so we still manage to capture the
helm template stderr and the oc apply stdout+stderr and output them at
the end in case of failure.

In such cases the output will be something like the following:

    Installing pattern: .....Installation failed [5/5]. Error:
    Pulled: quay.io/hybridcloudpatterns/pattern-install:0.0.3
    Digest: sha256:dd2d35d462b75aa8358ff278757dca0ee3c878cadafa64df8c68f880b59569ef
    E1015 18:41:31.585465  196315 memcache.go:265] couldn't get current server API group list: Get "https://api.sno3.ocplab.ocp:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by un
    known authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kube-apiserver-lb-signer")
    ...

Suggested-by: Luis Tomas Bolivar <ltomasbo@redhat.com>
---
 Makefile                  |  6 +-----
 scripts/deploy-pattern.sh | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 5 deletions(-)
 create mode 100755 scripts/deploy-pattern.sh

diff --git a/Makefile b/Makefile
index a5c102b89..44a422281 100644
--- a/Makefile
+++ b/Makefile
@@ -68,11 +68,7 @@ preview-%:
 
 .PHONY: operator-deploy
 operator-deploy operator-upgrade: validate-prereq validate-origin validate-cluster ## runs helm install
-	@set -e -o pipefail
-	# Retry five times because the CRD might not be fully installed yet
-	for i in {1..5}; do \
-		helm template --include-crds --name-template $(NAME) $(PATTERN_INSTALL_CHART) $(HELM_OPTS) | oc apply -f- && break || sleep 10; \
-	done
+	@common/scripts/deploy-pattern.sh $(NAME) $(PATTERN_INSTALL_CHART) $(HELM_OPTS)
 
 .PHONY: uninstall
 uninstall: ## runs helm uninstall
diff --git a/scripts/deploy-pattern.sh b/scripts/deploy-pattern.sh
new file mode 100755
index 000000000..7393d9b63
--- /dev/null
+++ b/scripts/deploy-pattern.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+set -o pipefail
+
+RUNS=5
+# Retry five times because the CRD might not be fully installed yet
+echo -n "Installing pattern: "
+for i in $(seq 1 ${RUNS}); do \
+    exec 3>&1 4>&2
+    OUT=$( { helm template --include-crds --name-template $* 2>&4 | oc apply -f- 2>&4 1>&3; } 4>&1 3>&1)
+    exec 3>&- 4>&-
+    ret=$?
+    if [ ${ret} -eq 0 ]; then
+        break;
+    else
+        echo -n "."
+        sleep 10
+    fi
+done
+
+# All the runs failed
+if [ ${i} -eq ${RUNS} ]; then
+    echo "Installation failed [${i}/${RUNS}]. Error:"
+    echo "${OUT}"
+    exit 1
+fi
+echo "Done"