Skip to content

Initial CI automation on test for GitOps operator support for xKS #1188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
anandrkskd wants to merge 6 commits into
base: master
Choose a base branch
from
+58 −0
Open

Initial CI automation on test for GitOps operator support for xKS #1188

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
484913a
Initital CI automation for GitOps operator support for xKS test
anandrkskd Jun 23, 2026
e6fdc76
use kind internal registry to deploy
anandrkskd Jun 23, 2026
caccc0a
remove prometheus from make deploy kustomize
anandrkskd Jun 25, 2026
15599db
minor fix
anandrkskd Jun 25, 2026
0d8f072
debug commit
anandrkskd Jun 25, 2026
5413f4d
make webhook option with make deploy
anandrkskd Jun 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions .github/workflows/deploy-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Build, Deploy and Test on kind

on:
pull_request:
branches:
- '*'

env:
IMG: gitops-operator:test

jobs:
deploy-test:
name: Build image, deploy to kind cluster and run tests
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

- name: Setup Go
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
with:
go-version-file: 'go.mod'

- name: Create kind cluster
uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1
with:
cluster_name: gitops-test

- name: Disable webhook and prometheus for non-OCP cluster
run: |
sed -i 's|^- ../webhook|#- ../webhook|' config/default/kustomization.yaml
sed -i 's|^- manager_webhook_patch.yaml|#- manager_webhook_patch.yaml|' config/default/kustomization.yaml
sed -i 's|^- ../prometheus|#- ../prometheus|' config/default/kustomization.yaml

- name: Build manager image
run: |
make docker-build IMG=${{ env.IMG }}

- name: Load image into kind
run: |
kind load docker-image ${{ env.IMG }} --name gitops-test

- name: Install CRDs
run: |
make install

- name: Deploy operator
run: |
make deploy IMG=${{ env.IMG }}

- name: Verify Controller Manager deployment is available
run: |
kubectl get deployment -n openshift-gitops-operator
kubectl describe deployment -n openshift-gitops-operator
kubectl wait --for=condition=available --timeout=120s \
deployment/openshift-gitops-operator-controller-manager \
-n openshift-gitops-operator
1 change: 1 addition & 0 deletions config/default/manager_webhook_patch.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,4 @@ spec:
secret:
defaultMode: 420
secretName: webhook-server-cert
optional: true
Comment on lines 21 to +24

@coderabbitai coderabbitai Bot Jun 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== deploy-test workflow disables the webhook patch =="
sed -n '25,40p' .github/workflows/deploy-test.yaml | nl -ba

echo
echo "== default kustomization still includes the webhook patch =="
sed -n '35,45p' config/default/kustomization.yaml | nl -ba

echo
echo "== changed patch content =="
sed -n '15,30p' config/default/manager_webhook_patch.yaml | nl -ba

Repository: redhat-developer/gitops-operator

Length of output: 264

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== deploy-test workflow =="
sed -n '1,120p' .github/workflows/deploy-test.yaml | cat -n

echo
echo "== default kustomization =="
sed -n '1,120p' config/default/kustomization.yaml | cat -n

echo
echo "== manager_webhook_patch =="
sed -n '1,80p' config/default/manager_webhook_patch.yaml | cat -n

Repository: redhat-developer/gitops-operator

Length of output: 6356

Cover the webhook patch change in deploy-test config/default/manager_webhook_patch.yaml:21-24 is only exercised when manager_webhook_patch.yaml stays enabled, but .github/workflows/deploy-test.yaml comments that patch out before make deploy. Either move this change behind the same kind-only path or add a workflow job that deploys with webhooks enabled so this manifest change doesn't drift untested.

🧰 Tools
🪛 Checkov (3.3.1)

[medium] 1-24: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[medium] 1-24: Minimize the admission of root containers

(CKV_K8S_23)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config/default/manager_webhook_patch.yaml` around lines 21 - 24, The webhook
patch update in manager_webhook_patch.yaml is not covered by deploy-test because
the workflow disables that patch before deployment. Update the deploy-test path
in .github/workflows/deploy-test.yaml so this manifest change is exercised,
either by keeping the webhook patch enabled in a dedicated kind-only flow or by
adding a separate job that deploys with webhooks enabled. Use the existing
manager_webhook_patch.yaml and deploy-test workflow symbols to locate the
affected paths.

Loading