diff --git a/.ibm/pipelines/jobs/ocp-pull.sh b/.ibm/pipelines/jobs/ocp-pull.sh index a69669a6e0..489f74c729 100644 --- a/.ibm/pipelines/jobs/ocp-pull.sh +++ b/.ibm/pipelines/jobs/ocp-pull.sh @@ -20,7 +20,18 @@ handle_ocp_pull() { initiate_deployments deploy_test_backstage_customization_provider "${NAME_SPACE}" local url="https://${RELEASE_NAME}-developer-hub-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}" + # check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${PW_PROJECT_SHOWCASE}" "${url}" + + # Perform PostgreSQL 15 -> 16 upgrade + perform_helm_install "${RELEASE_NAME}" "${NAME_SPACE}" "values_showcase_16_upgrade.yaml" + check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${PW_PROJECT_SHOWCASE}" "${url}" + + # Refresh collation versions after PostgreSQL upgrade to suppress glibc version mismatch warnings + refresh_postgres_collation_versions "${NAME_SPACE}" + + perform_helm_install "${RELEASE_NAME}" "${NAME_SPACE}" "values_showcase_16.yaml" check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${PW_PROJECT_SHOWCASE}" "${url}" - local rbac_url="https://${RELEASE_NAME_RBAC}-developer-hub-${NAME_SPACE_RBAC}.${K8S_CLUSTER_ROUTER_BASE}" - check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${PW_PROJECT_SHOWCASE_RBAC}" "${rbac_url}" + run_tests "${RELEASE_NAME}" "${NAME_SPACE}" "${PW_PROJECT_SHOWCASE}" "${url}" + # local rbac_url="https://${RELEASE_NAME_RBAC}-developer-hub-${NAME_SPACE_RBAC}.${K8S_CLUSTER_ROUTER_BASE}" + # check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${PW_PROJECT_SHOWCASE_RBAC}" "${rbac_url}" } diff --git a/.ibm/pipelines/serverless-workflows b/.ibm/pipelines/serverless-workflows new file mode 160000 index 0000000000..134b7a7d09 --- /dev/null +++ b/.ibm/pipelines/serverless-workflows @@ -0,0 +1 @@ +Subproject commit 134b7a7d09a0c0e15b374422107026d633f803b2 diff --git a/.ibm/pipelines/utils.sh b/.ibm/pipelines/utils.sh index b3a5ed1a7f..f4fb7373cb 100755 --- a/.ibm/pipelines/utils.sh +++ b/.ibm/pipelines/utils.sh @@ -567,9 +567,9 @@ configure_external_postgres_db() { # Now we can safely get the password POSTGRES_PASSWORD=$(oc get secret/postgress-external-db-pguser-janus-idp -n "${NAME_SPACE_POSTGRES_DB}" -o jsonpath='{.data.password}') - sed_inplace "s|POSTGRES_PASSWORD:.*|POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}|g" "${DIR}/resources/postgres-db/postgres-cred.yaml" + sed "s|POSTGRES_PASSWORD:.*|POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}|g" "${DIR}/resources/postgres-db/postgres-cred.yaml" POSTGRES_HOST=$(echo -n "postgress-external-db-primary.$NAME_SPACE_POSTGRES_DB.svc.cluster.local" | base64 | tr -d '\n') - sed_inplace "s|POSTGRES_HOST:.*|POSTGRES_HOST: ${POSTGRES_HOST}|g" "${DIR}/resources/postgres-db/postgres-cred.yaml" + sed "s|POSTGRES_HOST:.*|POSTGRES_HOST: ${POSTGRES_HOST}|g" "${DIR}/resources/postgres-db/postgres-cred.yaml" # Validate final configuration apply if ! oc apply -f "${DIR}/resources/postgres-db/postgres-cred.yaml" --namespace="${project}"; then @@ -595,7 +595,7 @@ apply_yaml_files() { ) for file in "${files[@]}"; do - sed_inplace "s/namespace:.*/namespace: ${project}/g" "$file" + sed "s/namespace:.*/namespace: ${project}/g" "$file" done DH_TARGET_URL=$(echo -n "test-backstage-customization-provider-${project}.${K8S_CLUSTER_ROUTER_BASE}" | base64 -w 0) @@ -943,10 +943,11 @@ delete_tekton_pipelines() { cluster_setup_ocp_helm() { # first install all operators to run the installation in parallel install_pipelines_operator - install_crunchy_postgres_ocp_operator + # install_crunchy_postgres_ocp_operator # Skip orchestrator infra installation on OSD-GCP due to infrastructure limitations if [[ ! "${JOB_NAME}" =~ osd-gcp ]]; then + # echo "skipping install_orchestrator_infra_chart" install_orchestrator_infra_chart else echo "Skipping orchestrator-infra installation on OSD-GCP environment" @@ -954,7 +955,7 @@ cluster_setup_ocp_helm() { # then wait for the right status one by one waitfor_pipelines_operator - waitfor_crunchy_postgres_ocp_operator + # waitfor_crunchy_postgres_ocp_operator } cluster_setup_ocp_operator() { @@ -1047,6 +1048,67 @@ perform_helm_install() { $(get_image_helm_set_params) } +# Refresh PostgreSQL collation versions after a major version upgrade +# This suppresses the "collation version mismatch" warnings that occur when +# upgrading PostgreSQL across glibc versions (e.g., 2.34 -> 2.40) +refresh_postgres_collation_versions() { + local namespace=$1 + local max_wait=${2:-120} # Max seconds to wait for PostgreSQL pod + + log::info "Refreshing PostgreSQL collation versions in namespace: ${namespace}" + + # Find the PostgreSQL pod + local pg_pod + local waited=0 + while [[ $waited -lt $max_wait ]]; do + pg_pod=$(oc get pods -n "${namespace}" -l "app.kubernetes.io/name=postgresql" -o jsonpath='{.items[0].metadata.name}' 2> /dev/null) + if [[ -n "$pg_pod" ]]; then + # Check if pod is ready + local ready + ready=$(oc get pod -n "${namespace}" "${pg_pod}" -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' 2> /dev/null) + if [[ "$ready" == "True" ]]; then + break + fi + fi + log::debug "Waiting for PostgreSQL pod to be ready... (${waited}s/${max_wait}s)" + sleep 5 + waited=$((waited + 5)) + done + + if [[ -z "$pg_pod" ]]; then + log::warn "No PostgreSQL pod found in namespace ${namespace}. Skipping collation refresh." + return 0 + fi + + log::info "Found PostgreSQL pod: ${pg_pod}" + + # Get list of databases (excluding templates) + local databases + databases=$(oc exec -n "${namespace}" "${pg_pod}" -- psql -U postgres -t -c \ + "SELECT datname FROM pg_database WHERE datistemplate = false AND datname NOT IN ('postgres');" 2> /dev/null | tr -d ' ') + + # Refresh collation version for postgres database first + log::info "Refreshing collation version for database: postgres" + oc exec -n "${namespace}" "${pg_pod}" -- psql -U postgres -c \ + "ALTER DATABASE postgres REFRESH COLLATION VERSION;" 2> /dev/null || log::warn "Failed to refresh collation for postgres" + + # Refresh collation version for template1 + log::info "Refreshing collation version for database: template1" + oc exec -n "${namespace}" "${pg_pod}" -- psql -U postgres -c \ + "ALTER DATABASE template1 REFRESH COLLATION VERSION;" 2> /dev/null || log::warn "Failed to refresh collation for template1" + + # Refresh collation version for user databases + for db in $databases; do + if [[ -n "$db" ]]; then + log::info "Refreshing collation version for database: ${db}" + oc exec -n "${namespace}" "${pg_pod}" -- psql -U postgres -c \ + "ALTER DATABASE \"${db}\" REFRESH COLLATION VERSION;" 2> /dev/null || log::warn "Failed to refresh collation for ${db}" + fi + done + + log::info "Collation version refresh completed for namespace: ${namespace}" +} + base_deployment() { configure_namespace ${NAME_SPACE} @@ -1089,7 +1151,7 @@ rbac_deployment() { initiate_deployments() { cd "${DIR}" base_deployment - rbac_deployment + # rbac_deployment } # OSD-GCP specific deployment functions that merge diff files and skip orchestrator workflows @@ -1262,7 +1324,8 @@ check_and_test() { if check_backstage_running "${release_name}" "${namespace}" "${url}" "${max_attempts}" "${wait_seconds}"; then echo "Display pods for verification..." oc get pods -n "${namespace}" - run_tests "${release_name}" "${namespace}" "${playwright_project}" "${url}" + # run_tests "${release_name}" "${namespace}" "${playwright_project}" "${url}" + echo "SKIPPING TESTS" else echo "Backstage is not running. Marking deployment as failed and continuing..." CURRENT_DEPLOYMENT=$((CURRENT_DEPLOYMENT + 1)) diff --git a/.ibm/pipelines/value_files/values_showcase_16.yaml b/.ibm/pipelines/value_files/values_showcase_16.yaml new file mode 100644 index 0000000000..3997434a48 --- /dev/null +++ b/.ibm/pipelines/value_files/values_showcase_16.yaml @@ -0,0 +1,386 @@ +global: + dynamic: + # -- Array of YAML files listing dynamic plugins to include with those listed in the `plugins` field. + # Relative paths are resolved from the working directory of the initContainer that will install the plugins (`/opt/app-root/src`). + includes: + # -- List of dynamic plugins included inside the `rhdh-community/rhdh` container image, some of which are disabled by default. + # This file ONLY works with the `rhdh-community/rhdh` container image. + - "dynamic-plugins.default.yaml" + + # -- List of dynamic plugins, possibly overriding the plugins listed in `includes` files. + # Every item defines the plugin `package` as a [NPM package spec](https://docs.npmjs.com/cli/v10/using-npm/package-spec), + # an optional `pluginConfig` with plugin-specific backstage configuration, and an optional `disabled` flag to disable/enable a plugin + # listed in `includes` files. It also includes an `integrity` field that is used to verify the plugin package [integrity](https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description). + plugins: + - package: oci://quay.io/gashcrumb/example-root-http-middleware:latest!internal-backstage-plugin-middleware-header-example-dynamic + disabled: false + pluginConfig: + proxy: + endpoints: + /add-test-header: + target: http://${.Values.global.host}/api/simple-chat + credentials: forward + headers: + x-proxy-test-header: hello! + - package: oci://quay.io/gashcrumb/example-root-http-middleware:latest!internal-backstage-plugin-simple-chat + disabled: false + pluginConfig: + dynamicPlugins: + frontend: + internal.backstage-plugin-simple-chat: + appIcons: + - name: chatIcon + importName: ChatIcon + dynamicRoutes: + - path: /simple-chat + importName: SimpleChatPage + menuItem: + text: Simple Chat + - package: oci://quay.io/gashcrumb/example-root-http-middleware:latest!internal-backstage-plugin-simple-chat-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-scaffolder-backend-module-github-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-dynamic + disabled: false + pluginConfig: + catalog: + providers: + github: + my-test-org: + organization: janus-qe + catalogPath: "/catalog-info.yaml" + schedule: + # Let's perform a single execution per test run + frequency: + hours: 24 + timeout: + minutes: 1 + initialDelay: + seconds: 15 + - package: "@red-hat-developer-hub/backstage-plugin-application-provider-test@0.0.2" + integrity: "sha512-N3HxvTNe/CxTDtXIsvfre3ZoFLWYfPxz/IJiKY3nzA5C0wcH4lZn+fI+mDFoTUXogt7fZWyl3mCrdwQWrOEM8A==" + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-application-provider-test: + dynamicRoutes: + - path: /application-provider-test-page + importName: TestPage + mountPoints: + - mountPoint: application/provider + importName: TestProviderOne + - mountPoint: application/provider + importName: TestProviderTwo + - package: "@red-hat-developer-hub/backstage-plugin-application-listener-test@0.0.2" + integrity: "sha512-GRLbpjXE9ZyfRJr/iyp+1L2sUQL97aPc+FV/IORH63eGT32Uc0xCFBu51fGPYJFmXY49BlSh+CnVnbKNsyiOAQ==" + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-application-listener-test: + mountPoints: + - mountPoint: application/listener + importName: LocationListener + - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-org-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-github-issues + disabled: false + - package: ./dynamic-plugins/dist/roadiehq-backstage-plugin-github-pull-requests + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-github-actions + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-quay + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-scaffolder-backend-module-quay-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-tekton + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-kubernetes + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-kubernetes-backend-dynamic + disabled: false + pluginConfig: + kubernetes: + clusterLocatorMethods: + - clusters: + - authProvider: serviceAccount + name: "my-cluster" + serviceAccountToken: ${K8S_CLUSTER_TOKEN_ENCODED} + url: ${K8S_CLUSTER_API_SERVER_URL} + type: config + customResources: + # Add for tekton + - apiVersion: "v1" + group: "tekton.dev" + plural: "pipelines" + - apiVersion: v1 + group: tekton.dev + plural: pipelineruns + - apiVersion: v1 + group: tekton.dev + plural: taskruns + # Add for topology plugin + - apiVersion: "v1" + group: "route.openshift.io" + plural: "routes" + serviceLocatorMethod: + type: multiTenant + # Enable bulk import plugins. + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-bulk-import-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-bulk-import + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-global-header + disabled: false + # Enable an extra header test plugin + - package: "@red-hat-developer-hub/backstage-plugin-global-header-test@0.0.2" + integrity: "sha512-Dlay4DUAC3SifSJx4dmKDeD07DITGX9ZZ2SMCgcMMc00GJVKToD3DFuPYZ7lV2C2Ve7gWDufCf5NUmqaUWf6GA==" + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-global-header-test: + mountPoints: + - mountPoint: application/header + importName: TestHeader + config: + position: above-main-content + - mountPoint: global.header/component + importName: TestButton + config: + priority: 95 + # Enable notifications plugins. + - package: ./dynamic-plugins/dist/backstage-plugin-notifications + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-notifications-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-signals-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-signals + disabled: false + # Enable tech-radar plugins. + - package: ./dynamic-plugins/dist/backstage-community-plugin-tech-radar + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-tech-radar-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-techdocs-module-addons-contrib + disabled: false + pluginConfig: + dynamicPlugins: + frontend: + backstage.plugin-techdocs-module-addons-contrib: + techdocsAddons: + - importName: ReportIssue + - package: ./dynamic-plugins/dist/backstage-community-plugin-acr + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-scaffolder-backend-module-kubernetes-dynamic + disabled: false + - package: ./dynamic-plugins/dist/roadiehq-scaffolder-backend-module-http-request-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor-dynamic + disabled: false + - package: ./dynamic-plugins/dist/immobiliarelabs-backstage-plugin-gitlab-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-gitlab-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-topology + disabled: false + - package: "@pataknight/backstage-plugin-rhdh-qe-theme@0.5.5" + disabled: false + integrity: sha512-srTnFDYn3Ett6z33bX4nL2NQY8wqux8TkpgBQNsE8S73nMfsor/wAdmVgHL+xW7pxQ09DT4YTdaG3GkH+cyyNQ== + - package: "@backstage-community/plugin-todo@0.2.42" + disabled: false + integrity: sha512-agmfwxHkZPy0zaXzjMKY9Us9l7J2og+z7p2lDWQBmlJ1KZRo6OBQdnlG1mTEryfEEl/bx5Ko+f1PhFj2/BmiIQ== + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-catalog-backend-module-marketplace-dynamic + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-marketplace-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-marketplace + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-global-floating-action-button + disabled: false + # Enable orchestrator plugins - Official release (Backstage 1.42.5) + - package: "oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-orchestrator:bs_1.42.5__5.1.0!red-hat-developer-hub-backstage-plugin-orchestrator" + disabled: false + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-orchestrator: + appIcons: + - importName: OrchestratorIcon + name: orchestratorIcon + dynamicRoutes: + - importName: OrchestratorPage + menuItem: + icon: orchestratorIcon + text: Orchestrator + textKey: menuItem.orchestrator + path: /orchestrator + entityTabs: + - path: /workflows + title: Workflows + titleKey: catalog.entityPage.workflows.title + mountPoint: entity.page.workflows + mountPoints: + - mountPoint: entity.page.workflows/cards + importName: OrchestratorCatalogTab + config: + layout: + gridColumn: "1 / -1" + if: + anyOf: + - IsOrchestratorCatalogTabAvailable + - package: "oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-orchestrator-backend:bs_1.42.5__8.2.0!red-hat-developer-hub-backstage-plugin-orchestrator-backend" + disabled: false + pluginConfig: + orchestrator: + dataIndexService: + url: http://sonataflow-platform-data-index-service + + - package: "oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-scaffolder-backend-module-orchestrator:bs_1.42.5__1.1.0!red-hat-developer-hub-backstage-plugin-scaffolder-backend-module-orchestrator" + disabled: false + pluginConfig: + orchestrator: + dataIndexService: + url: http://sonataflow-platform-data-index-service + + - package: "oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-orchestrator-form-widgets:bs_1.42.5__1.1.0!red-hat-developer-hub-backstage-plugin-orchestrator-form-widgets" + disabled: false + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-orchestrator-form-widgets: {} + +# -- Upstream Backstage [chart configuration](https://github.com/backstage/charts/blob/main/charts/backstage/values.yaml) +upstream: + nameOverride: developer-hub + commonLabels: + backstage.io/kubernetes-id: developer-hub + backstage: + appConfig: + backend: + auth: + dangerouslyDisableDefaultAuthPolicy: true + externalAccess: + - type: static + options: + token: test-token + subject: test-subject + image: + pullPolicy: Always + registry: quay.io + repository: rhdh-community/rhdh + tag: next + extraEnvVars: + - name: BACKEND_SECRET + valueFrom: + secretKeyRef: + key: backend-secret + name: '{{ include "janus-idp.backend-secret-name" $ }}' + - name: POSTGRESQL_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: "{{ .Release.Name }}-postgresql" + # disable telemetry in CI + - name: SEGMENT_TEST_MODE + value: "true" + - name: NODE_TLS_REJECT_UNAUTHORIZED + value: "0" + - name: NODE_ENV + value: "production" + - name: ENABLE_CORE_ROOTHTTPROUTER_OVERRIDE + value: "true" + extraAppConfig: + - configMapRef: app-config-rhdh + filename: app-config-rhdh.yaml + - configMapRef: dynamic-plugins-config + filename: dynamic-plugins-config.yaml + - configMapRef: dynamic-global-floating-action-button-config + filename: dynamic-global-floating-action-button-config.yaml + - configMapRef: dynamic-global-header-config + filename: dynamic-global-header-config.yaml + startupProbe: + # This gives enough time upon container startup before the liveness and readiness probes are triggered. + # Giving (120s = initialDelaySeconds + failureThreshold * periodSeconds) to account for the worst case scenario. + httpGet: + path: /.backstage/health/v1/liveness + port: backend + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 4 + periodSeconds: 20 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /.backstage/health/v1/readiness + port: backend + scheme: HTTP + # Both liveness and readiness probes won't be triggered until the startup probe is successful. + # The startup probe is already configured to give enough time for the application to be started. + # So removing the additional delay here allows the readiness probe to be checked right away after the startup probe, + # which helps make the application available faster to the end-user. + # initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 2 + timeoutSeconds: 4 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /.backstage/health/v1/liveness + port: backend + scheme: HTTP + # Both liveness and readiness probes won't be triggered until the startup probe is successful. + # The startup probe is already configured to give enough time for the application to be started. + # So removing the additional delay here allows the liveness probe to be checked right away after the startup probe, + # which helps make the application available faster to the end-user. + # initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 4 + extraEnvVarsSecrets: + - rhdh-secrets + - redis-secret + ingress: + host: "{{ .Values.global.host }}" + + service: + extraPorts: + - name: http-metrics + port: 9464 + targetPort: 9464 + postgresql: + enabled: true + image: + registry: quay.io + repository: fedora/postgresql-16 + tag: latest + primary: + # podSecurityContext: + # enabled: false + # containerSecurityContext: + # enabled: false + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + # resources: + # requests: + # cpu: 250m + # memory: 256Mi + # limits: + # cpu: 250m + # memory: 1024Mi + # ephemeral-storage: 20Mi + # persistence: + # enabled: true + # size: 1Gi + # mountPath: /var/lib/pgsql/data + extraEnvVars: + - name: POSTGRESQL_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: '{{- include "postgresql.v1.secretName" . }}' diff --git a/.ibm/pipelines/value_files/values_showcase_16_upgrade.yaml b/.ibm/pipelines/value_files/values_showcase_16_upgrade.yaml new file mode 100644 index 0000000000..dec628114d --- /dev/null +++ b/.ibm/pipelines/value_files/values_showcase_16_upgrade.yaml @@ -0,0 +1,388 @@ +global: + dynamic: + # -- Array of YAML files listing dynamic plugins to include with those listed in the `plugins` field. + # Relative paths are resolved from the working directory of the initContainer that will install the plugins (`/opt/app-root/src`). + includes: + # -- List of dynamic plugins included inside the `rhdh-community/rhdh` container image, some of which are disabled by default. + # This file ONLY works with the `rhdh-community/rhdh` container image. + - "dynamic-plugins.default.yaml" + + # -- List of dynamic plugins, possibly overriding the plugins listed in `includes` files. + # Every item defines the plugin `package` as a [NPM package spec](https://docs.npmjs.com/cli/v10/using-npm/package-spec), + # an optional `pluginConfig` with plugin-specific backstage configuration, and an optional `disabled` flag to disable/enable a plugin + # listed in `includes` files. It also includes an `integrity` field that is used to verify the plugin package [integrity](https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description). + plugins: + - package: oci://quay.io/gashcrumb/example-root-http-middleware:latest!internal-backstage-plugin-middleware-header-example-dynamic + disabled: false + pluginConfig: + proxy: + endpoints: + /add-test-header: + target: http://${.Values.global.host}/api/simple-chat + credentials: forward + headers: + x-proxy-test-header: hello! + - package: oci://quay.io/gashcrumb/example-root-http-middleware:latest!internal-backstage-plugin-simple-chat + disabled: false + pluginConfig: + dynamicPlugins: + frontend: + internal.backstage-plugin-simple-chat: + appIcons: + - name: chatIcon + importName: ChatIcon + dynamicRoutes: + - path: /simple-chat + importName: SimpleChatPage + menuItem: + text: Simple Chat + - package: oci://quay.io/gashcrumb/example-root-http-middleware:latest!internal-backstage-plugin-simple-chat-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-scaffolder-backend-module-github-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-dynamic + disabled: false + pluginConfig: + catalog: + providers: + github: + my-test-org: + organization: janus-qe + catalogPath: "/catalog-info.yaml" + schedule: + # Let's perform a single execution per test run + frequency: + hours: 24 + timeout: + minutes: 1 + initialDelay: + seconds: 15 + - package: "@red-hat-developer-hub/backstage-plugin-application-provider-test@0.0.2" + integrity: "sha512-N3HxvTNe/CxTDtXIsvfre3ZoFLWYfPxz/IJiKY3nzA5C0wcH4lZn+fI+mDFoTUXogt7fZWyl3mCrdwQWrOEM8A==" + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-application-provider-test: + dynamicRoutes: + - path: /application-provider-test-page + importName: TestPage + mountPoints: + - mountPoint: application/provider + importName: TestProviderOne + - mountPoint: application/provider + importName: TestProviderTwo + - package: "@red-hat-developer-hub/backstage-plugin-application-listener-test@0.0.2" + integrity: "sha512-GRLbpjXE9ZyfRJr/iyp+1L2sUQL97aPc+FV/IORH63eGT32Uc0xCFBu51fGPYJFmXY49BlSh+CnVnbKNsyiOAQ==" + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-application-listener-test: + mountPoints: + - mountPoint: application/listener + importName: LocationListener + - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-org-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-github-issues + disabled: false + - package: ./dynamic-plugins/dist/roadiehq-backstage-plugin-github-pull-requests + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-github-actions + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-quay + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-scaffolder-backend-module-quay-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-tekton + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-kubernetes + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-kubernetes-backend-dynamic + disabled: false + pluginConfig: + kubernetes: + clusterLocatorMethods: + - clusters: + - authProvider: serviceAccount + name: "my-cluster" + serviceAccountToken: ${K8S_CLUSTER_TOKEN_ENCODED} + url: ${K8S_CLUSTER_API_SERVER_URL} + type: config + customResources: + # Add for tekton + - apiVersion: "v1" + group: "tekton.dev" + plural: "pipelines" + - apiVersion: v1 + group: tekton.dev + plural: pipelineruns + - apiVersion: v1 + group: tekton.dev + plural: taskruns + # Add for topology plugin + - apiVersion: "v1" + group: "route.openshift.io" + plural: "routes" + serviceLocatorMethod: + type: multiTenant + # Enable bulk import plugins. + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-bulk-import-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-bulk-import + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-global-header + disabled: false + # Enable an extra header test plugin + - package: "@red-hat-developer-hub/backstage-plugin-global-header-test@0.0.2" + integrity: "sha512-Dlay4DUAC3SifSJx4dmKDeD07DITGX9ZZ2SMCgcMMc00GJVKToD3DFuPYZ7lV2C2Ve7gWDufCf5NUmqaUWf6GA==" + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-global-header-test: + mountPoints: + - mountPoint: application/header + importName: TestHeader + config: + position: above-main-content + - mountPoint: global.header/component + importName: TestButton + config: + priority: 95 + # Enable notifications plugins. + - package: ./dynamic-plugins/dist/backstage-plugin-notifications + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-notifications-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-signals-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-signals + disabled: false + # Enable tech-radar plugins. + - package: ./dynamic-plugins/dist/backstage-community-plugin-tech-radar + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-tech-radar-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-techdocs-module-addons-contrib + disabled: false + pluginConfig: + dynamicPlugins: + frontend: + backstage.plugin-techdocs-module-addons-contrib: + techdocsAddons: + - importName: ReportIssue + - package: ./dynamic-plugins/dist/backstage-community-plugin-acr + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-scaffolder-backend-module-kubernetes-dynamic + disabled: false + - package: ./dynamic-plugins/dist/roadiehq-scaffolder-backend-module-http-request-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor-dynamic + disabled: false + - package: ./dynamic-plugins/dist/immobiliarelabs-backstage-plugin-gitlab-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-gitlab-dynamic + disabled: false + - package: ./dynamic-plugins/dist/backstage-community-plugin-topology + disabled: false + - package: "@pataknight/backstage-plugin-rhdh-qe-theme@0.5.5" + disabled: false + integrity: sha512-srTnFDYn3Ett6z33bX4nL2NQY8wqux8TkpgBQNsE8S73nMfsor/wAdmVgHL+xW7pxQ09DT4YTdaG3GkH+cyyNQ== + - package: "@backstage-community/plugin-todo@0.2.42" + disabled: false + integrity: sha512-agmfwxHkZPy0zaXzjMKY9Us9l7J2og+z7p2lDWQBmlJ1KZRo6OBQdnlG1mTEryfEEl/bx5Ko+f1PhFj2/BmiIQ== + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-catalog-backend-module-marketplace-dynamic + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-marketplace-backend-dynamic + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-marketplace + disabled: false + - package: ./dynamic-plugins/dist/red-hat-developer-hub-backstage-plugin-global-floating-action-button + disabled: false + # Enable orchestrator plugins - Official release (Backstage 1.42.5) + - package: "oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-orchestrator:bs_1.42.5__5.1.0!red-hat-developer-hub-backstage-plugin-orchestrator" + disabled: false + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-orchestrator: + appIcons: + - importName: OrchestratorIcon + name: orchestratorIcon + dynamicRoutes: + - importName: OrchestratorPage + menuItem: + icon: orchestratorIcon + text: Orchestrator + textKey: menuItem.orchestrator + path: /orchestrator + entityTabs: + - path: /workflows + title: Workflows + titleKey: catalog.entityPage.workflows.title + mountPoint: entity.page.workflows + mountPoints: + - mountPoint: entity.page.workflows/cards + importName: OrchestratorCatalogTab + config: + layout: + gridColumn: "1 / -1" + if: + anyOf: + - IsOrchestratorCatalogTabAvailable + - package: "oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-orchestrator-backend:bs_1.42.5__8.2.0!red-hat-developer-hub-backstage-plugin-orchestrator-backend" + disabled: false + pluginConfig: + orchestrator: + dataIndexService: + url: http://sonataflow-platform-data-index-service + + - package: "oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-scaffolder-backend-module-orchestrator:bs_1.42.5__1.1.0!red-hat-developer-hub-backstage-plugin-scaffolder-backend-module-orchestrator" + disabled: false + pluginConfig: + orchestrator: + dataIndexService: + url: http://sonataflow-platform-data-index-service + + - package: "oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-orchestrator-form-widgets:bs_1.42.5__1.1.0!red-hat-developer-hub-backstage-plugin-orchestrator-form-widgets" + disabled: false + pluginConfig: + dynamicPlugins: + frontend: + red-hat-developer-hub.backstage-plugin-orchestrator-form-widgets: {} + +# -- Upstream Backstage [chart configuration](https://github.com/backstage/charts/blob/main/charts/backstage/values.yaml) +upstream: + nameOverride: developer-hub + commonLabels: + backstage.io/kubernetes-id: developer-hub + backstage: + appConfig: + backend: + auth: + dangerouslyDisableDefaultAuthPolicy: true + externalAccess: + - type: static + options: + token: test-token + subject: test-subject + image: + pullPolicy: Always + registry: quay.io + repository: rhdh-community/rhdh + tag: next + extraEnvVars: + - name: BACKEND_SECRET + valueFrom: + secretKeyRef: + key: backend-secret + name: '{{ include "janus-idp.backend-secret-name" $ }}' + - name: POSTGRESQL_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: "{{ .Release.Name }}-postgresql" + # disable telemetry in CI + - name: SEGMENT_TEST_MODE + value: "true" + - name: NODE_TLS_REJECT_UNAUTHORIZED + value: "0" + - name: NODE_ENV + value: "production" + - name: ENABLE_CORE_ROOTHTTPROUTER_OVERRIDE + value: "true" + extraAppConfig: + - configMapRef: app-config-rhdh + filename: app-config-rhdh.yaml + - configMapRef: dynamic-plugins-config + filename: dynamic-plugins-config.yaml + - configMapRef: dynamic-global-floating-action-button-config + filename: dynamic-global-floating-action-button-config.yaml + - configMapRef: dynamic-global-header-config + filename: dynamic-global-header-config.yaml + startupProbe: + # This gives enough time upon container startup before the liveness and readiness probes are triggered. + # Giving (120s = initialDelaySeconds + failureThreshold * periodSeconds) to account for the worst case scenario. + httpGet: + path: /.backstage/health/v1/liveness + port: backend + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 4 + periodSeconds: 20 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /.backstage/health/v1/readiness + port: backend + scheme: HTTP + # Both liveness and readiness probes won't be triggered until the startup probe is successful. + # The startup probe is already configured to give enough time for the application to be started. + # So removing the additional delay here allows the readiness probe to be checked right away after the startup probe, + # which helps make the application available faster to the end-user. + # initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 2 + timeoutSeconds: 4 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /.backstage/health/v1/liveness + port: backend + scheme: HTTP + # Both liveness and readiness probes won't be triggered until the startup probe is successful. + # The startup probe is already configured to give enough time for the application to be started. + # So removing the additional delay here allows the liveness probe to be checked right away after the startup probe, + # which helps make the application available faster to the end-user. + # initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 4 + extraEnvVarsSecrets: + - rhdh-secrets + - redis-secret + ingress: + host: "{{ .Values.global.host }}" + + service: + extraPorts: + - name: http-metrics + port: 9464 + targetPort: 9464 + postgresql: + enabled: true + image: + registry: quay.io + repository: fedora/postgresql-16 + tag: latest + primary: + # podSecurityContext: + # enabled: false + # containerSecurityContext: + # enabled: false + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + # resources: + # requests: + # cpu: 250m + # memory: 256Mi + # limits: + # cpu: 250m + # memory: 1024Mi + # ephemeral-storage: 20Mi + # persistence: + # enabled: true + # size: 1Gi + # mountPath: /var/lib/pgsql/data + extraEnvVars: + - name: POSTGRESQL_UPGRADE + value: "copy" + - name: POSTGRESQL_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: '{{- include "postgresql.v1.secretName" . }}'