RHTAPINST-49: OpenShift Pipelines Configuration

[otaviof]

Moving the Tekton Chains configuration to the infrastructure chart, replacing the pre-deploy hook with a post-deploy job that will create the Tekton Chains resources.

Improved the Helm chart testing to wait for OpenShift Pipelines to be ready, and using official Chainguard images to run cosign.

After #43 and #42 🙏

[Roming22]

This resource feels superfluous.

[otaviof]

That's the link with RHDH toggle. So, when RHDH is disabled we can also disable OpenShift Pipelines changes.

[Roming22]

This section can go away, I don't see it's value.

[otaviof]

That section controls Tekton Chains related settings, and replaces hook scripts. In fact, is quite relevant.

[Roming22]

I don't think any of these values are controlled by the user.

[otaviof]

These attributes have defaults, they should be good enough to work with the current version of OpenShift Pipelines, and allow us to modify as we move forward. The entries added to the values.yaml are, in fact, variables that we use in multiple resources to avoid duplication, among other reasons to define them.

Additionally, by having these attributes we can leverage their relationship via values.yaml.tpl.

[otaviof]

For the record, I moved the defaults to the values.yaml on rhtap-infrastructure instead of setting them up on values.yaml.tpl.

[Roming22]

Please rebase to simplify the review.

[Roming22]

I don't think any of these values are controlled by the user.

[Roming22]

Let's discuss tomorrow why that's needed.

[otaviof]

It's needed to replace this:

rhtap-cli/charts/rhtap-backing-services/hooks/pre-deploy.sh

Lines 6 to 17 in 2cff2c5

	make_helm_managed() {
	KIND="$1"
	NAMESPACE="$2"
	NAME="$3"
	echo -n "."
	kubectl annotate "$KIND" "$NAME" meta.helm.sh/release-name=rhtap-backing-services >/dev/null
	echo -n "."
	kubectl annotate "$KIND" "$NAME" meta.helm.sh/release-namespace="$NAMESPACE" >/dev/null
	echo -n "."
	kubectl label "$KIND" "$NAME" app.kubernetes.io/managed-by=Helm >/dev/null
	}

Thus we can run these type of interactions in the cluster, without the need for extra local tools to run rhtap-cli.

[konflux-ci-qe-bot]

@otaviof: The following test finished, in case test failed say /retest to rerun all failed tests:

PipelineRun name	Command
rhtap-cli-nt6jt-g6jz8	/retest

To inspect your test artifacts make sure you have installed ORAS in your local machine. To inspect all test artifacts execute:

mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-qe-incubator/konflux-qe-oci-storage:rhtap-cli-nt6jt-g6jz8

For instructions on how to install ORAS, please refer to the ORAS installation guide.

[otaviof]

Please rebase to simplify the review.

Sure! Just rebased, please consider.

[konflux-ci-qe-bot]

@otaviof: The following test finished, in case test failed say /retest to rerun all failed tests:

PipelineRun name	Command
rhtap-cli-zkzkj-bzkgz	/retest

To inspect your test artifacts make sure you have installed ORAS in your local machine. To inspect all test artifacts execute:

mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-qe-incubator/konflux-qe-oci-storage:rhtap-cli-zkzkj-bzkgz

For instructions on how to install ORAS, please refer to the ORAS installation guide.

[konflux-ci-qe-bot]

@otaviof: The following test finished, in case test failed say /retest to rerun all failed tests:

PipelineRun name	Command
rhtap-cli-qrvrp-zfdf6	/retest

To inspect your test artifacts make sure you have installed ORAS in your local machine. To inspect all test artifacts execute:

mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-qe-incubator/konflux-qe-oci-storage:rhtap-cli-qrvrp-zfdf6

For instructions on how to install ORAS, please refer to the ORAS installation guide.