Merge branch 'main' of github.com:eclipse-che/che-server into che-22243

.ci/openshift-ci/Dockerfile

@@ -11,28 +11,30 @@
 #   Red Hat, Inc. - initial API and implementation
 
 # Dockerfile to bootstrap build and test in openshift-ci
-
 FROM registry.access.redhat.com/ubi9/nodejs-18:1
-
-SHELL ["/bin/bash", "-c"]
-
+# hadolint ignore=DL3002
 USER 0
 
 # Install yq, kubectl, chectl cli used by olm/olm.sh script.
-RUN dnf install -y psmisc nodejs-devel nodejs-libs -q --allowerasing --nobest \
+# hadolint ignore=DL3041
+RUN dnf install -y -q --allowerasing --nobest nodejs-devel nodejs-libs psmisc python3-pip jq golang httpd-tools \
     # already installed or installed as deps:
     openssl openssl-devel ca-certificates make cmake cpp gcc gcc-c++ zlib zlib-devel brotli brotli-devel python3 nodejs-packaging && \
     dnf update -y && dnf clean all && \
     npm install -g [email protected] npm@9 && \
     echo -n "node version: "; node -v; \
     echo -n "npm  version: "; npm -v; \
-    echo -n "yarn version: "; yarn -v && \
-    yum install --assumeyes -d1 python3-pip  httpd-tools && \
-    pip3 install --upgrade setuptools && \
-    pip3 install yq && \
+    echo -n "yarn version: "; yarn -v; \
+    go version; \
+    pip3 install --upgrade pip setuptools yq && \
+
+    # Install kubectl, chectl cli used by olm/olm.sh script.
     curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
     chmod +x ./kubectl && \
     mv ./kubectl /usr/local/bin && \
     bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next && \
-    curl https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.12.30/openshift-client-linux.tar.gz | tar xvzf - -C /usr/local/bin/ oc && \
+    curl https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest-4.12/openshift-client-linux.tar.gz | tar xvzf - -C /usr/local/bin/ oc && \
     chmod ug+x /usr/local/bin/oc
+
+SHELL ["/bin/bash", "-c"]
+

.ci/openshift-ci/common.sh

@@ -166,8 +166,7 @@ initUserNamespace() {
 setupPersonalAccessToken() {
   GIT_PROVIDER_TYPE=$1
   GIT_PROVIDER_URL=$2
-  GIT_PROVIDER_USER_ID=$3
-  GIT_PROVIDER_PAT=$4
+  GIT_PROVIDER_PAT=$3
 
   echo "[INFO] Setup Personal Access Token Secret"
   oc project ${USER_CHE_NAMESPACE}
@@ -179,14 +178,36 @@ setupPersonalAccessToken() {
   sed -i "s#che-user-id#${CHE_USER_ID}#g" pat-secret.yaml
   sed -i "s#git-provider-name#${GIT_PROVIDER_TYPE}#g" pat-secret.yaml
   sed -i "s#git-provider-url#${GIT_PROVIDER_URL}#g" pat-secret.yaml
-  sed -i "s#git-provider-user-id#${GIT_PROVIDER_USER_ID}#g" pat-secret.yaml
   sed -i "s#encoded-access-token#${ENCODED_PAT}#g" pat-secret.yaml
 
+  if [ "${GIT_PROVIDER_TYPE}" == "azure-devops" ]; then
+    sed -i "s#''#${GIT_PROVIDER_USERNAME}#g" pat-secret.yaml
+  fi
+
   cat pat-secret.yaml
 
   oc apply -f pat-secret.yaml -n ${USER_CHE_NAMESPACE}
 }
 
+setupSSHKeyPairs() {
+  GIT_PRIVATE_KEY=$1
+  GIT_PUBLIC_KEY=$2
+
+  echo "[INFO] Setup SSH Key Pairs Secret"
+  oc project ${USER_CHE_NAMESPACE}
+  ENCODED_GIT_PRIVATE_KEY=$(echo "${GIT_PRIVATE_KEY}" | base64 -w 0)
+  ENCODED_GIT_PUBLIC_KEY=$(echo "${GIT_PUBLIC_KEY}" | base64 -w 0)
+  cat .ci/openshift-ci/ssh-secret.yaml > ssh-secret.yaml
+
+  # patch the ssh-secret.yaml file
+  sed -i "s#ssh_private_key#${ENCODED_GIT_PRIVATE_KEY}#g" ssh-secret.yaml
+  sed -i "s#ssh_public_key#${ENCODED_GIT_PUBLIC_KEY}#g" ssh-secret.yaml
+
+  cat ssh-secret.yaml
+
+  oc apply -f ssh-secret.yaml -n ${USER_CHE_NAMESPACE}
+}
+
 runTestWorkspaceWithGitRepoUrl() {
   WS_NAME=$1
   PROJECT_NAME=$2
@@ -216,23 +237,32 @@ testProjectIsCloned() {
   if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- test -f /projects/${PROJECT_NAME}/${YAML_FILE_NAME}; then
     echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} exists."
   else
-    echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} does not exist."
+    echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} is absent."
     return 1
   fi
 }
 
-testGitCredentials() {
+testGitCredentialsData() {
   OCP_USER_NAMESPACE=$1
   GIT_PROVIDER_PAT=$2
+  GIT_PROVIDER_URL=$3
 
   echo "[INFO] Check the 'git credentials' is in a workspace"
-  gitCredentials="${GIT_PROVIDER_USERNAME}:${GIT_PROVIDER_PAT}"
+  hostName="${GIT_PROVIDER_URL#https://}"
+
+  if [ "${GIT_PROVIDER_TYPE}" == "azure-devops" ]; then
+    userName="username"
+  else
+    userName=${GIT_PROVIDER_USERNAME}
+  fi
+
+  gitCredentials="https://${userName}:${GIT_PROVIDER_PAT}@${hostName}"
   WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}')
   if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- cat /.git-credentials/credentials | grep -q ${gitCredentials}; then
     echo "[INFO] Git credentials file '/.git-credentials/credentials' exists and has the expected content."
   else
     echo "[ERROR] Git credentials file '/.git-credentials/credentials' does not exist or has incorrect content."
-    return 1
+    exit 1
   fi
 }
 
@@ -265,41 +295,30 @@ collectEclipseCheLogs() {
   oc get checluster -o yaml -n $CHE_NAMESPACE > "${ARTIFACTS_DIR}/che-cluster.yaml"
 }
 
-testClonePublicRepoNoPatOAuth() {
-  WS_NAME=$1
-  PROJECT_NAME=$2
-  GIT_REPO_URL=$3
-  OCP_USER_NAMESPACE=$4
-
-  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
-  echo "[INFO] Check the public repository is cloned with NO PAT/OAuth setup"
-  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1
-  deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
-}
-
-testClonePrivateRepoNoPatOAuth() {
-  WS_NAME=$1
-  PROJECT_NAME=$2
-  GIT_REPO_URL=$3
-  OCP_USER_NAMESPACE=$4
-
-  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
-  echo "[INFO] Check the private repository is NOT cloned with NO PAT/OAuth setup"
-  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} && exit 1
-  deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
+testCloneGitRepoNoProjectExists() {
+    WS_NAME=$1
+    PROJECT_NAME=$2
+    GIT_REPO_URL=$3
+    OCP_USER_NAMESPACE=$4
+
+    runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
+    echo "[INFO] Check the private repository is NOT cloned with NO PAT/OAuth setup"
+    testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} && \
+    { echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} should NOT be present" && exit 1; }
+    echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} is NOT present. This is EXPECTED"
 }
 
-testCloneGitRepoWithSetupPat() {
+# Test that the repository is cloned when PAT, OAuth or SSH is configured
+testCloneGitRepoProjectShouldExists() {
   WS_NAME=$1
   PROJECT_NAME=$2
   GIT_REPO_URL=$3
   OCP_USER_NAMESPACE=$4
-  GIT_PROVIDER_PATH=$5
 
   runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
-  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1
-  testGitCredentials ${OCP_USER_NAMESPACE} ${GIT_PROVIDER_PAT}
-  deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
+  echo "[INFO] Check the repository is cloned"
+  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || \
+  { echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} should be present." && exit 1; }
 }
 
 setupTestEnvironment() {

.ci/openshift-ci/pat-secret.yaml

@@ -9,8 +9,7 @@ metadata:
     che.eclipse.org/che-userid: che-user-id
     che.eclipse.org/scm-personal-access-token-name: git-provider-name
     che.eclipse.org/scm-url: git-provider-url
-    che.eclipse.org/scm-userid: 'git-provider-user-id'
-    che.eclipse.org/scm-username: chepullreq1
+    che.eclipse.org/scm-organization: ''
 data:
   token: encoded-access-token
 type: Opaque

.ci/openshift-ci/ssh-secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: git-ssh-key
+  annotations:
+    controller.devfile.io/mount-as: subpath
+    controller.devfile.io/mount-path: /etc/ssh/
+  labels:
+    controller.devfile.io/mount-to-devworkspace: "true"
+    controller.devfile.io/watch-secret: "true"
+type: Opaque
+data:
+  dwo_ssh_key: ssh_private_key
+  dwo_ssh_key.pub: ssh_public_key
+  ssh_config: aG9zdCAqCiAgSWRlbnRpdHlGaWxlIC9ldGMvc3NoL2R3b19zc2hfa2V5CiAgU3RyaWN0SG9zdEtleUNoZWNraW5nID0gbm8K

.ci/openshift-ci/test-azure-no-pat-oauth-flow.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# Copyright (c) 2023 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+#
+
+# exit immediately when a command fails
+set -ex
+# only exit with zero if all commands of the pipeline exit successfully
+set -o pipefail
+
+export PUBLIC_REPO_URL=${PUBLIC_REPO_URL:-"https://[email protected]/chepullreq1/che-pr-public/_git/public-repo"}
+export PRIVATE_REPO_URL=${PRIVATE_REPO_URL:-"https://dev.azure.com/chepullreq1/che-pr-private/_git/private-repo"}
+
+# import common test functions
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${SCRIPT_DIR}"/common.sh
+
+trap "catchFinish" EXIT SIGINT
+
+setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME}
+# due to the issue https://github.com/eclipse/che/issues/22469
+# testFactoryResolverNoPatOAuth ${PUBLIC_REPO_URL} ${PRIVATE_REPO_URL}
+testCloneGitRepoProjectShouldExists ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_URL} ${USER_CHE_NAMESPACE}
+deleteTestWorkspace ${PUBLIC_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}
+testCloneGitRepoNoProjectExists ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_URL} ${USER_CHE_NAMESPACE}
+deleteTestWorkspace ${PRIVATE_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}

.ci/openshift-ci/test-azure-with-pat-setup-flow.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# Copyright (c) 2023 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+#
+
+# exit immediately when a command fails
+set -ex
+# only exit with zero if all commands of the pipeline exit successfully
+set -o pipefail
+
+export PUBLIC_REPO_URL=${PUBLIC_REPO_URL:-"https://[email protected]/chepullreq1/che-pr-public/_git/public-repo"}
+export PRIVATE_REPO_URL=${PRIVATE_REPO_URL:-"https://dev.azure.com/chepullreq1/che-pr-private/_git/private-repo"}
+export GIT_PROVIDER_TYPE=${GIT_PROVIDER_TYPE:-"azure-devops"}
+export GIT_PROVIDER_URL=${GIT_PROVIDER_URL:-"https://dev.azure.com"}
+
+# import common test functions
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${SCRIPT_DIR}"/common.sh
+
+trap "catchFinish" EXIT SIGINT
+
+setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME}
+setupPersonalAccessToken  ${GIT_PROVIDER_TYPE} ${GIT_PROVIDER_URL} ${AZURE_PAT}
+requestProvisionNamespace
+testFactoryResolverWithPatOAuth ${PUBLIC_REPO_URL} ${PRIVATE_REPO_URL}
+echo "[INFO] Check clone public repository with PAT setup"
+testCloneGitRepoProjectShouldExists ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_URL} ${USER_CHE_NAMESPACE}
+testGitCredentialsData ${USER_CHE_NAMESPACE} ${AZURE_PAT} ${GIT_PROVIDER_URL}
+deleteTestWorkspace ${PUBLIC_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}
+echo "[INFO] Check clone private repository with PAT setup"
+testCloneGitRepoProjectShouldExists ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_URL} ${USER_CHE_NAMESPACE}
+testGitCredentialsData ${USER_CHE_NAMESPACE} ${AZURE_PAT} ${GIT_PROVIDER_URL}
+deleteTestWorkspace ${PRIVATE_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}

.ci/openshift-ci/test-bitbucket-no-pat-oauth-flow-raw-devfile-url.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+#
+# Copyright (c) 2023 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+#
+
+# exit immediately when a command fails
+set -ex
+# only exit with zero if all commands of the pipeline exit successfully
+set -o pipefail
+
+export PUBLIC_REPO_RAW_PATH_URL=${PUBLIC_REPO_RAW_PATH_URL:-"https://bitbucket.org/chepullreq/public-repo/raw/746000bd63a54eaf8ea8aba9dfe6620e5c6c61d7/devfile.yaml"}
+export PRIVATE_REPO_RAW_PATH_URL=${PRIVATE_REPO_URL:-"https://bitbucket.org/chepullreq/private-repo/raw/80b183d27c6c533462128b0c092208aad73b2906/devfile.yaml"}
+
+# import common test functions
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${SCRIPT_DIR}"/common.sh
+
+trap "catchFinish" EXIT SIGINT
+
+setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME}
+testFactoryResolverNoPatOAuth ${PUBLIC_REPO_RAW_PATH_URL} ${PRIVATE_REPO_RAW_PATH_URL}
+
+testCloneGitRepoProjectShouldExists ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_RAW_PATH_URL} ${USER_CHE_NAMESPACE}
+deleteTestWorkspace ${PUBLIC_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}
+
+testCloneGitRepoNoProjectExists ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_RAW_PATH_URL} ${USER_CHE_NAMESPACE}
+deleteTestWorkspace ${PRIVATE_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}

.ci/openshift-ci/test-bitbucket-no-pat-oauth-flow-ssh-url.sh

@@ -0,0 +1,36 @@
+
+#!/bin/bash
+#
+# Copyright (c) 2023 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+#
+
+# exit immediately when a command fails
+set -ex
+# only exit with zero if all commands of the pipeline exit successfully
+set -o pipefail
+
+export PUBLIC_REPO_SSH_URL=${PUBLIC_REPO_SSH_URL:-"[email protected]:chepullreq/public-repo.git"}
+export PRIVATE_REPO_SSH_URL=${PRIVATE_REPO_SSH_URL:-"[email protected]:chepullreq/private-repo.git"}
+
+# import common test functions
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${SCRIPT_DIR}"/common.sh
+
+trap "catchFinish" EXIT SIGINT
+
+setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME}
+setupSSHKeyPairs "${BITBUCKET_PRIVATE_KEY}" "${BITBUCKET_PUBLIC_KEY}"
+testFactoryResolverNoPatOAuth ${PUBLIC_REPO_SSH_URL} ${PRIVATE_REPO_SSH_URL}
+
+testCloneGitRepoProjectShouldExists ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_SSH_URL} ${USER_CHE_NAMESPACE}
+deleteTestWorkspace ${PUBLIC_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}
+testCloneGitRepoProjectShouldExists ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_SSH_URL} ${USER_CHE_NAMESPACE}
+deleteTestWorkspace ${PRIVATE_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}

.ci/openshift-ci/test-bitbucket-no-pat-oauth-flow.sh

@@ -27,5 +27,7 @@ trap "catchFinish" EXIT SIGINT
 
 setupTestEnvironment ${OCP_NON_ADMIN_USER_NAME}
 testFactoryResolverNoPatOAuth ${PUBLIC_REPO_URL} ${PRIVATE_REPO_URL}
-testClonePublicRepoNoPatOAuth ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_URL} ${USER_CHE_NAMESPACE}
-testClonePrivateRepoNoPatOAuth ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_URL} ${USER_CHE_NAMESPACE}
+testCloneGitRepoProjectShouldExists ${PUBLIC_REPO_WORKSPACE_NAME} ${PUBLIC_PROJECT_NAME} ${PUBLIC_REPO_URL} ${USER_CHE_NAMESPACE}
+deleteTestWorkspace ${PUBLIC_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}
+testCloneGitRepoNoProjectExists ${PRIVATE_REPO_WORKSPACE_NAME} ${PRIVATE_PROJECT_NAME} ${PRIVATE_REPO_URL} ${USER_CHE_NAMESPACE}
+deleteTestWorkspace ${PRIVATE_REPO_WORKSPACE_NAME} ${USER_CHE_NAMESPACE}