From cee36d84e07a3f551d49a5c35a572688785d8945 Mon Sep 17 00:00:00 2001
From: Emmanuel Hugonnet <ehugonne@redhat.com>
Date: Wed, 5 Jun 2024 18:21:43 +0200
Subject: [PATCH 1/2] Signing the releases Adding some annotationsto help with
 ArtifactHub

Signed-off-by: Emmanuel Hugonnet <ehugonne@redhat.com>
---
 .github/workflows/ci_kind.yaml | 16 +++++++++-------
 .github/workflows/helm.yaml    | 31 +++++++++++++++++++++++++------
 charts/wildfly/Chart.yaml      | 10 ++++++++++
 cr.yml                         |  2 ++
 4 files changed, 46 insertions(+), 13 deletions(-)
 create mode 100644 cr.yml

diff --git a/.github/workflows/ci_kind.yaml b/.github/workflows/ci_kind.yaml
index a7509ba9..5b236928 100644
--- a/.github/workflows/ci_kind.yaml
+++ b/.github/workflows/ci_kind.yaml
@@ -2,7 +2,7 @@ name: Helm Chart CI
 
 on:
   - pull_request
-#  - push
+  - push
   
 # Only run the latest job
 concurrency:
@@ -12,22 +12,24 @@ concurrency:
 jobs:
   test:
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.6
         with:
           fetch-depth: 0
           submodules: recursive
 
       - name: Install Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: v3.13.3
 
       - name: Setup Bats and Bats libs
-        uses: bats-core/bats-action@1.5.4
+        uses: bats-core/bats-action@2.0.0
         with:
-          bats-version: 1.10.0
+          bats-version: 1.11.0
           support-path: ${{ github.workspace }}/tests/test-common/bats-support
           assert-path: ${{ github.workspace }}/tests/test-common/bats-assert
 
@@ -39,7 +41,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create k8s Kind Cluster
-        uses: helm/kind-action@v1.5.0
+        uses: helm/kind-action@v1.10.0
         with:
           node_image: "kindest/node:v1.29.0"
           config: ./.github/workflows/ci/kind-config.yaml
@@ -64,4 +66,4 @@ jobs:
       - name: Run Tests
         run: |-
           cd tests/bats
-          export IMAGE_REGISTRY=ghcr.io/${{ github.repository_owner }} && export PUSH_TO_REGISTRY=true && export USE_OPENSHIFT=false && export BATS_LIBS_BASEDIR=../test-common && export_CLUSTER_CLIENT=kubectl && bats --timing --trace --verbose-run -r . 
+          export IMAGE_REGISTRY=ghcr.io/${{ github.repository_owner }} && export PUSH_TO_REGISTRY=true && export USE_OPENSHIFT=false && export BATS_LIBS_BASEDIR=../test-common && export CLUSTER_CLIENT=kubectl && bats --timing --trace --verbose-run -r . 
diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
index cab43d67..523913c7 100644
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@@ -6,7 +6,7 @@ name: Helm Chart Release
 on:
   # Triggers the workflow on push or pull request for the release branch
   push:
-    branches: [ release ]
+#    branches: [ release ]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -24,15 +24,34 @@ jobs:
         run: |
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+      - name: List keys
+        run: gpg -K
+      - name: Prepare GPG key
+        run: |
+          gpg_dir=.cr-gpg
+          mkdir "$gpg_dir"
+          keyring=~/.gnupg/pubring.gpg
+          base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
+          passphrase_file="$gpg_dir/passphrase"
+          echo "$GPG_PASSPHRASE" > "$passphrase_file"
+          echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
+        env:
+          GPG_KEYRING_BASE64: "${{ secrets.GPG_PRIVATE_KEY_BASE64 }}"
+          GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
 
       - name: Install Helm
-        uses: azure/setup-helm@v1
+        uses: azure/setup-helm@v3.5
         with:
           version: v3.4.0
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.1.0
-        with:
-          charts_repo_url: http://docs.wildfly.org/wildfly-charts/
+        uses: helm/chart-releaser-action@v1.6.0
+       # with:
+       #   charts_repo_url: http://docs.wildfly.org/wildfly-charts/
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/charts/wildfly/Chart.yaml b/charts/wildfly/Chart.yaml
index 91236e0e..ab03b8c0 100644
--- a/charts/wildfly/Chart.yaml
+++ b/charts/wildfly/Chart.yaml
@@ -16,6 +16,16 @@ icon: https://design.jboss.org/wildfly/logo/final/wildfly_logomark_256px.png
 annotations:
   charts.openshift.io/name: WildFly
   charts.openshift.io/provider: WildFly
+  artifacthub.io/category: ApplicationServer
+  artifacthub.io/images: |
+    - name: builderImage
+      image: quay.io/wildfly/wildfly-s2i:latest
+    - name: runtimeImage
+      image: quay.io/wildfly/wildfly-runtime:latest
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/signKey: |
+    fingerprint: 54CBE792CAFD9AD9E59D7C8E9E0332B74DCA3EF1
+    url: http://lacrosse.corp.redhat.com/~ehugonne/signing_key.asc
 
 dependencies:
 - name: wildfly-common
diff --git a/cr.yml b/cr.yml
new file mode 100644
index 00000000..cb773bd2
--- /dev/null
+++ b/cr.yml
@@ -0,0 +1,2 @@
+sign: true
+key: ehugonne@redhat.com

From 880c3d84595476c07286b562dc2296c64411e14a Mon Sep 17 00:00:00 2001
From: Emmanuel Hugonnet <ehugonne@redhat.com>
Date: Mon, 10 Jun 2024 13:51:11 +0200
Subject: [PATCH 2/2] Using local registry when testing with kind.

Signed-off-by: Emmanuel Hugonnet <ehugonne@redhat.com>
---
 .github/workflows/ci/setup-image-registry.sh | 50 ++++++++++++++++++++
 .github/workflows/ci_kind.yaml               | 17 +++----
 .github/workflows/helm.yaml                  |  2 +-
 charts/wildfly/Chart.yaml                    |  2 +-
 tests/bats/ingress.bats                      |  4 --
 tests/bats/metadata.bats                     |  4 --
 tests/bats/setup_suite.bash                  |  1 +
 7 files changed, 59 insertions(+), 21 deletions(-)
 create mode 100755 .github/workflows/ci/setup-image-registry.sh

diff --git a/.github/workflows/ci/setup-image-registry.sh b/.github/workflows/ci/setup-image-registry.sh
new file mode 100755
index 00000000..ed3f3045
--- /dev/null
+++ b/.github/workflows/ci/setup-image-registry.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+set -o errexit
+
+echo 1. Create registry container unless it already exists
+reg_name='kind-registry'
+reg_port='5001'
+if [ "$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
+  docker run \
+    -d --restart=always -p "127.0.0.1:${reg_port}:5000" --name "${reg_name}" \
+    registry:2
+fi
+
+echo 2. Add the registry config to the nodes
+
+# This is necessary because localhost resolves to loopback addresses that are
+# network-namespace local.
+# In other words: localhost in the container is not localhost on the host.
+#
+# We want a consistent name that works from both ends, so we tell containerd to
+# alias localhost:${reg_port} to the registry container when pulling images
+kind get nodes --name chart-testing
+REGISTRY_DIR="/etc/containerd/certs.d/localhost:${reg_port}"
+for node in $(kind get nodes --name chart-testing); do
+  docker exec "${node}" mkdir -p "${REGISTRY_DIR}"
+  cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
+[host."http://${reg_name}:5000"]
+EOF
+done
+
+echo 3. Connect the registry to the cluster network if not already connected
+# This allows kind to bootstrap the network but ensures they're on the same network
+if [ "$(docker inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = 'null' ]; then
+  docker network connect "kind" "${reg_name}"
+fi
+
+echo 4. Document the local registry
+# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: local-registry-hosting
+  namespace: kube-public
+data:
+  localRegistryHosting.v1: |
+    host: "localhost:${reg_port}"
+    help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
+EOF
+
+
diff --git a/.github/workflows/ci_kind.yaml b/.github/workflows/ci_kind.yaml
index 5b236928..72661968 100644
--- a/.github/workflows/ci_kind.yaml
+++ b/.github/workflows/ci_kind.yaml
@@ -2,7 +2,7 @@ name: Helm Chart CI
 
 on:
   - pull_request
-  - push
+#  - push
   
 # Only run the latest job
 concurrency:
@@ -12,8 +12,6 @@ concurrency:
 jobs:
   test:
     runs-on: ubuntu-latest
-    permissions:
-      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4.1.6
@@ -32,6 +30,7 @@ jobs:
           bats-version: 1.11.0
           support-path: ${{ github.workspace }}/tests/test-common/bats-support
           assert-path: ${{ github.workspace }}/tests/test-common/bats-assert
+          detik-install: false
 
       - name: Login to Github Container Registry
         uses: docker/login-action@v3
@@ -46,14 +45,10 @@ jobs:
           node_image: "kindest/node:v1.29.0"
           config: ./.github/workflows/ci/kind-config.yaml
           cluster_name: chart-testing
-      
-      - name: Create registry secret
-        run: |-
-          kubectl create secret docker-registry github-secret --docker-server=ghcr.io/${{ github.repository_owner }} --docker-username=${{ github.actor }} --docker-password=${{ github.token }}
-  
-      - name: Check registry secret
+
+      - name: Setup Image registry
         run: |-
-          kubectl get secret github-secret --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
+          ./.github/workflows/ci/setup-image-registry.sh
 
       - name: Setup Nginx Ingress Controller
         run: |-
@@ -66,4 +61,4 @@ jobs:
       - name: Run Tests
         run: |-
           cd tests/bats
-          export IMAGE_REGISTRY=ghcr.io/${{ github.repository_owner }} && export PUSH_TO_REGISTRY=true && export USE_OPENSHIFT=false && export BATS_LIBS_BASEDIR=../test-common && export CLUSTER_CLIENT=kubectl && bats --timing --trace --verbose-run -r . 
+          export IMAGE_REGISTRY=localhost:5001 && export PUSH_TO_REGISTRY=true && export USE_OPENSHIFT=false && export BATS_LIBS_BASEDIR=../test-common && export CLUSTER_CLIENT=kubectl && bats --timing --trace --verbose-run -r . 
diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
index 523913c7..58eccd8c 100644
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@@ -6,7 +6,7 @@ name: Helm Chart Release
 on:
   # Triggers the workflow on push or pull request for the release branch
   push:
-#    branches: [ release ]
+    branches: [ release ]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
diff --git a/charts/wildfly/Chart.yaml b/charts/wildfly/Chart.yaml
index ab03b8c0..636625bd 100644
--- a/charts/wildfly/Chart.yaml
+++ b/charts/wildfly/Chart.yaml
@@ -25,7 +25,7 @@ annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/signKey: |
     fingerprint: 54CBE792CAFD9AD9E59D7C8E9E0332B74DCA3EF1
-    url: http://lacrosse.corp.redhat.com/~ehugonne/signing_key.asc
+    url: https://docs.wildfly.org/wildfly-charts/pubkey.asc
 
 dependencies:
 - name: wildfly-common
diff --git a/tests/bats/ingress.bats b/tests/bats/ingress.bats
index d85407d1..cfd4a376 100644
--- a/tests/bats/ingress.bats
+++ b/tests/bats/ingress.bats
@@ -27,8 +27,6 @@ deploy:
     enabled: true
   route:
     enabled: false # Disable OpenShift Route
-  imagePullSecrets:
-    - name: github-secret
 EOF
     sleep 5    
     ${CLUSTER_CLIENT} wait deployment test-ingress --for condition=Available=True --timeout=90s
@@ -58,8 +56,6 @@ deploy:
       secret: test-secret-tls
   route:
     enabled: false # Disable OpenShift Route
-  imagePullSecrets:
-    - name: github-secret
 EOF
     sleep 5
     ${CLUSTER_CLIENT} wait deployment test-ingress --for condition=Available=True --timeout=90s
diff --git a/tests/bats/metadata.bats b/tests/bats/metadata.bats
index 6d4b7fb5..6d0816d4 100644
--- a/tests/bats/metadata.bats
+++ b/tests/bats/metadata.bats
@@ -25,8 +25,6 @@ deploy:
     foo-label: bar
   route:
     enabled: false # Disable OpenShift Route
-  imagePullSecrets:
-    - name: github-secret
 EOF
 
     run ${CLUSTER_CLIENT} get deployment test-metadata -o jsonpath='{.metadata.labels}'
@@ -44,8 +42,6 @@ deploy:
     foo-annotation: bar
   route:
     enabled: false # Disable OpenShift Route
-  imagePullSecrets:
-    - name: github-secret
 EOF
 
     run ${CLUSTER_CLIENT} get deployment test-metadata -o jsonpath='{.metadata.annotations}'
diff --git a/tests/bats/setup_suite.bash b/tests/bats/setup_suite.bash
index 3cc06ecf..53130d7d 100644
--- a/tests/bats/setup_suite.bash
+++ b/tests/bats/setup_suite.bash
@@ -37,6 +37,7 @@ setup_suite() {
         cd quickstart/helloworld
         mvn -B -Popenshift package wildfly:image
         docker tag helloworld ${IMAGE_REGISTRY}/helloworld
+        echo "docker tag of ${IMAGE_REGISTRY}/helloworld was successful" >&3
         docker push ${IMAGE_REGISTRY}/helloworld
         echo "docker push of ${IMAGE_REGISTRY}/helloworld was successful" >&3
         popd