e2e: add Quay -lite end to end testing

Signed-off-by: tarilabs <[email protected]>

.github/workflows/e2e.yaml

@@ -60,3 +60,36 @@ jobs:
     - name: Run E2E tests
       run: |
         make test-e2e
+  e2e-quay-lite:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.9' 
+    - name: Install Poetry
+      run: |
+        pipx install poetry
+    - name: Install dependencies
+      run: |
+        make install
+    - name: Install ORAS (using it for login) # https://oras.land/docs/installation#linux
+      run: |
+        VERSION="1.2.0"
+        curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz"
+        mkdir -p oras-install/
+        tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/
+        sudo mv oras-install/oras /usr/local/bin/
+        rm -rf oras_${VERSION}_*.tar.gz oras-install/
+    - name: Start Kind Cluster
+      uses: helm/kind-action@v1
+      with:
+        cluster_name: kind
+    - name: Start Quay-lite
+      run: |
+        ./e2e/deploy_quay_lite.sh
+    - name: Run E2E tests
+      run: |
+        make test-e2e

e2e/deploy_quay_lite.sh

@@ -0,0 +1,118 @@
+#!/bin/bash
+
+SCRIPT_DIR="$(dirname "$(realpath "$BASH_SOURCE")")"
+set -e
+
+ALLOW_OPTION="--force-login"
+if [[ "$1" != "$ALLOW_OPTION" ]] && jq -e '.auths["localhost:5001"]' ~/.docker/config.json > /dev/null 2>&1; then
+    echo "Error: Entry for 'auths.localhost:5001' found in ~/.docker/config.json. You can use '$ALLOW_OPTION' to by-pass this check."
+    exit 1
+else
+    echo "No entry for localhost:5001 in ~/.docker/config.json, or bypassing check with '$ALLOW_OPTION'."
+fi
+
+echo "Deploying quay K8s Secret with config.yaml ..."
+FILE_NAME="config.yaml"
+SECRET_NAME="quay-app-config"
+ENCODED_CONTENT=$(base64 -i "$SCRIPT_DIR/quay-lite/$FILE_NAME")
+cat <<EOF > "$SCRIPT_DIR/quay-lite/$SECRET_NAME.yaml"
+apiVersion: v1
+kind: Secret
+metadata:
+  name: $SECRET_NAME
+type: Opaque
+data:
+  $(basename $FILE_NAME): $ENCODED_CONTENT
+EOF
+kubectl apply -f "$SCRIPT_DIR/quay-lite/$SECRET_NAME.yaml"
+
+echo "Deploying quay-lite ..."
+kubectl apply -f "$SCRIPT_DIR/quay-lite/quay-all-in-one.yaml"
+
+sleep 1
+kubectl get deployments
+
+echo "Waiting for Deployment (this will take a while)..."
+kubectl wait --for=condition=available deployment/quay-app --timeout=5m
+kubectl logs deployment/quay-app
+echo "Deployment looks ready."
+
+echo "Trying port-fwd until successfull (this will take a while)..."
+while true; do
+  echo "Starting port-forward..."
+  kubectl port-forward service/quay-app 5001:5001 &
+  PID=$!
+  sleep 2
+  echo "I have launched port-forward in background with: $PID."
+
+  response=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:5001 || true) # needed because in general we have `set -e`
+
+  if [[ $response -ge 200 && $response -lt 300 ]]; then
+    echo "Service is up and running with response code: $response"
+    break
+  else
+    echo "Waiting for service to be available. Current response code: $response"
+  fi
+
+  sleep 5
+done
+
+echo "Beginning quay admin user/initialize ..."
+USER_INITALIZE=$(curl -X POST -k  http://localhost:5001/api/v1/user/initialize -H 'Content-Type: application/json' --data '{ "username": "admin", "password": "quaypass12345", "email": "[email protected]", "access_token": true}')
+echo $USER_INITALIZE
+TOKEN=$(echo $USER_INITALIZE | jq -r ".access_token")
+echo $TOKEN
+if [[ -z "$TOKEN" ]]; then
+    echo "Error: Access token is null or empty."
+    exit 1
+fi
+
+echo "Creating testorgns organization namespace ..."
+curl -X POST -k -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN" http://localhost:5001/api/v1/organization/ --data '{"name": "testorgns", "email": "[email protected]"}'
+
+echo "Preparing ml-model-artifact repository ..."
+curl -X 'POST' \
+  'http://localhost:5001/api/v1/repository' \
+  -H 'Content-Type: application/json' \
+  -H "Authorization: Bearer $TOKEN" \
+  -d '{
+  "repository": "ml-model-artifact",
+  "visibility": "public",
+  "namespace": "testorgns",
+  "description": "string",
+  "repo_kind": "image"
+}'
+
+echo "Preparing testuser quay user ..."
+curl -X 'POST' \
+  'http://localhost:5001/api/v1/superuser/users/' \
+  -H 'Content-Type: application/json' \
+  -H "Authorization: Bearer $TOKEN" \
+  -d '{
+  "username": "testuser",
+  "email": "testuser"
+}'
+curl -X 'PUT' \
+  'http://localhost:5001/api/v1/superuser/users/testuser' \
+  -H 'Content-Type: application/json' \
+  -H "Authorization: Bearer $TOKEN" \
+  -d '{
+  "username": "testuser",
+  "email": "testuser",
+  "password": "quaypass12345"
+}'
+
+echo "Granting testuser write access to testorgns/ml-model-artifact repository ..."
+curl -X 'PUT' \
+  'http://localhost:5001/api/v1/repository/testorgns%2Fml-model-artifact/permissions/user/testuser' \
+  -H 'Content-Type: application/json' \
+  -H "Authorization: Bearer $TOKEN" \
+  -d '{
+  "role": "write"
+}'
+
+echo "Executing oras login for testuser ..."
+oras login localhost:5001 --plain-http --username testuser --password quaypass12345
+
+echo "Current logins in ~/.docker/config.json :"
+jq -r '.auths | keys[]' ~/.docker/config.json

e2e/quay-lite/README.md

@@ -0,0 +1,2 @@
+Quay is typically installed via Operator.
+This is a variation on barebone quay-lite for the scope of this project.

e2e/quay-lite/config.yaml

@@ -0,0 +1,80 @@
+DATA_MODEL_CACHE_CONFIG:
+  engine: redis
+  redis_config:
+    primary:
+      host: quay-redis
+SUPER_USERS:
+- admin
+- user1
+AUTHENTICATION_TYPE: Database
+DB_URI: postgresql://quay:quay@quay-postgresql:5432/quay
+BUILDLOGS_REDIS:
+  host: quay-redis
+  port: 6379
+USER_EVENTS_REDIS:
+  host: quay-redis
+  port: 6379
+BITTORRENT_FILENAME_PEPPER: 0ee18f90-5b6d-42d2-ab5e-ec9fcd846272
+DATABASE_SECRET_KEY: '30060361640793187613697366923211113205676925445650250274752125083971638376224'
+DEFAULT_TAG_EXPIRATION: 2w
+DISTRIBUTED_STORAGE_CONFIG:
+  default:
+  - LocalStorage
+  - storage_path: /datastorage/registry
+DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: []
+DISTRIBUTED_STORAGE_PREFERENCE:
+- default
+ENTERPRISE_LOGO_URL: /static/img/quay-horizontal-color.svg
+EXTERNAL_TLS_TERMINATION: true
+FEATURE_ANONYMOUS_ACCESS: true
+FEATURE_APP_REGISTRY: false
+FEATURE_APP_SPECIFIC_TOKENS: true
+FEATURE_BUILD_SUPPORT: false
+FEATURE_CHANGE_TAG_EXPIRATION: true
+FEATURE_DIRECT_LOGIN: true
+FEATURE_MAILING: false
+FEATURE_PARTIAL_USER_AUTOCOMPLETE: true
+FEATURE_REPO_MIRROR: false
+FEATURE_REQUIRE_TEAM_INVITE: true
+FEATURE_RESTRICTED_V1_PUSH: false
+FEATURE_SECURITY_NOTIFICATIONS: false
+FEATURE_SECURITY_SCANNER: false
+FEATURE_USERNAME_CONFIRMATION: true
+FEATURE_USER_INITIALIZE: true
+FEATURE_USER_CREATION: true
+FEATURE_USER_LOG_ACCESS: true
+FEATURE_PROXY_CACHE: true
+GITHUB_LOGIN_CONFIG: {}
+GITHUB_TRIGGER_CONFIG: {}
+GITLAB_TRIGGER_KIND: {}
+LOG_ARCHIVE_LOCATION: default
+MAIL_DEFAULT_SENDER: [email protected]
+MAIL_PORT: 587
+MAIL_USE_TLS: true
+PREFERRED_URL_SCHEME: http
+REGISTRY_TITLE: Red Hat Quay LITE
+REGISTRY_TITLE_SHORT: Red Hat Quay LITE
+REPO_MIRROR_SERVER_HOSTNAME: null
+REPO_MIRROR_TLS_VERIFY: true
+SETUP_COMPLETE: true
+SIGNING_ENGINE: gpg2
+TAG_EXPIRATION_OPTIONS:
+- 0s
+- 1d
+- 1w
+- 2w
+- 4w
+TEAM_RESYNC_STALE_TIME: 60m
+TESTING: false
+USERFILES_LOCATION: default
+USERFILES_PATH: userfiles/
+USE_CDN: false
+FEATURE_QUOTA_MANAGEMENT: True
+SERVER_HOSTNAME: localhost:5001
+BROWSER_API_CALLS_XHR_ONLY: False
+CORS_ORIGIN:
+  - "https://stage.foo.redhat.com:1337"
+  - "http://localhost:9000"
+FEATURE_UI_V2: True
+FEATURE_USER_METADATA: True
+IGNORE_UNKNOWN_MEDIATYPES: True