feat(ISV-5130): add Atlas secrets to e2e tests

[jedinym]

Description

In ISV-5130, the rh-advisories pipeline gained the ability to upload component and product-level SBOMs to the Atlas release instance.

The upload of SBOMs requires a new k8s Secret containing the SSO account and token for the stage Atlas release instance. The secrets have been added to the QE vault.

This PR makes the e2e test use the new secrets and refactors secret creation to avoid duplicate code. I left the other tests use the old way of creating the secrets but I can refactor those as well if you wish.

Issue ticket number and link

ISV-5130 - Add new pipeline steps in rh-advisories for sbom upload
ISV-5394 - Update rh-advisories pipeline e2e tests

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Checklist:

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added meaningful description with JIRA/GitHub issue key(if applicable), for example HASSuiteDescribe("STONE-123456789 devfile source")
• I have updated labels (if needed)

[openshift-ci]

Hi @jedinym. Thanks for your PR.

I'm waiting for a konflux-ci member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[johnbieren]

Looks sane to me, @jinqi7 does it look okay to you too?

[jinqi7]

There are some lint issues need to be resolved.

[johnbieren]

Looks good to me, will let Jing approve if it looks good to her as well

[johnbieren]

/ok-to-test

[jedinym]

@johnbieren still waiting on @.shebert's manual action before the tests can work

[jinqi7]

The indent issues seems not has fixed. Please leave the conversation to unresolved. And can you please squash the commits in the PR to one commit?

[jedinym]

@jinqi7 I will squash the commits once I'm sure nothing will change. As of now I'm still waiting on the manual creation of secrets, so we cannot test yet.

[jedinym]

/retest

[jedinym]

@jinqi7 I squashed the commits and added the secrets to the Vault. The tests should run now.

[johnbieren]

/ok-to-test

[johnbieren]

/test images

[jedinym]

@johnbieren Could you please run the tests again? There was a last minute change in the catalog PR.

[jinqi7]

/ok-to-test

[jedinym]

/retest

[jedinym]

@jinqi7 I did not realize some secrets have to be base64-encoded in the vault. Could you please rerun the tests?

[jedinym]

@jinqi7 I disabled the false gosec positive, it should be ready to go now

[johnbieren]

/ok-to-test

[jedinym]

Could you please retest? The tests succeeded before I added a comment so I don't think I broke them 🙃

[jinqi7]

The konflux-e2e-tests failed for ""pod status "PodScheduled":"False"; message: "0/11 nodes are available: 3 node(s) had untolerated taint {node-role.kubernetes.io/infra: }, 3 node(s) had untolerated taint {node-role.kubernetes.io/master: }, 5 node(s) didn't match Pod's node affinity/selector. preemption: 0/11 nodes are available: 11 Preemption is not helpful for scheduling.." in staging cluster. So, some test in CI will fail." It's out of resource in staging cluster now.

[jinqi7]

/retest

[jinqi7]

/retest

[jinqi7]

/retest

[jinqi7]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: johnbieren, psturc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [psturc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[konflux-ci-qe-bot]

@jedinym: The following test has Failed, say /retest to rerun failed tests.

PipelineRun Name	Status	Rerun command	Build Log	Test Log
konflux-e2e-xlnrx	Failed	/retest	View Pipeline Log	View Test Logs

Inspecting Test Artifacts

To inspect your test artifacts, follow these steps:

1. Install ORAS (see the ORAS installation guide).
2. Download artifacts with the following commands:

mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/e2e-tests:konflux-e2e-xlnrx