Add rudimentary docs for compliance check pipeline

Signed-off-by: Matthias Büchse <[email protected]>

Author: mbuechse

sidebarsStandards.js

@@ -18,6 +18,11 @@ const sidebars = {
             id: 'certification/scopes-versions'
           },
           items: require('./sidebarsCertificationItems.js') // this file will be generated entirely by `populateCerts.js` via npm post-install hook found in the package.json
+        },
+        {
+          type: 'doc',
+          label: 'Compliance Check Pipeline',
+          id: 'certification/pipeline'
         }
       ]
     },

standards/certification/pipeline.md

@@ -0,0 +1,139 @@
+# SCS Compliance Check Pipeline Manual
+
+## How to add a new test subject in 8 easy steps
+
+This is a how-to guide for adding your own subject if you so desire. This will probably be the quickest way,
+but we are of course happy to help.
+
+### for SCS-compatible IaaS
+
+You need an OpenStack project that allows for at least one server and one router, possibly more if it's going
+to be used for purposes other than compliance testing (such as the
+[OpenStack Health Monitor](https://github.com/SovereignCloudStack/openstack-health-monitor) or the
+[SCS Health Monitor](https://github.com/SovereignCloudStack/scs-health-monitor)).
+
+1. Create an application credential. It must be possible to create resources such as servers, routers, etc.
+2. Create a new branch in [the standards repository](https://github.com/SovereignCloudStack/standards):
+
+    - `git clone [email protected]:SovereignCloudStack/standards.git`
+    - `cd standards`
+    - `git checkout -b feat/add_my_cloud`
+
+3. Modify [playbooks/clouds.yaml.j2](https://github.com/SovereignCloudStack/standards/blob/main/playbooks/clouds.yaml.j2).
+   This is necessary so that the tests can access your cloud.
+   You can use the following template (replace all-caps parts):
+
+   ```yaml
+     SUBJECT_NAME:
+       region_name: REGION
+       interface: "public"
+       identity_api_version: 3
+       auth_type: "v3applicationcredential"
+       auth:
+         auth_url: AUTH_URL
+         application_credential_id: "{{ clouds_conf.SUBJECT_NAME_ac_id }}"
+         application_credential_secret: "{{ clouds_conf.SUBJECT_NAME_a_ac_secret }}"
+    ```
+
+   Note that you need to replace dashes (and other special characters) by underscores in the last two lines.
+
+4. Add your subject to [Tests/config.toml](https://github.com/SovereignCloudStack/standards/blob/main/Tests/config.toml).
+   This is necessary so that your cloud will be included in the nightly tests. Add a line like so:
+
+   ```diff
+    [presets.all]
+    scopes = [
+        "scs-compatible-iaas",
+    ]
+    subjects = [
+        "gx-scs",
+   +    "SUBJECT_NAME",
+   ```
+
+   Ideally insert your subject so that the list (after `gx-scs`) remains sorted.
+
+5. Add your subject to [compliance-monitor/bootstrap.yaml](https://github.com/SovereignCloudStack/standards/blob/main/compliance-monitor/bootstrap.yaml).
+   This is necessary to that the reports will be accepted as genuine. Add a section like so:
+
+   ```diff
+      - subject: artcodix
+        delegates:
+          - zuul_ci
+   +  - subject: SUBJECT_NAME
+   +    delegates:
+   +      - zuul_ci
+   ```
+
+   Again, insert your subject so that the list (after `gx-scs`) remains sorted.
+
+6. Add your subject to the results table. This is necessary so your subject shows up in the
+   [compliance monitor web-site](https://compliance.sovereignit.cloud/page/table). Add the folling lines
+   (again substituting all-caps parts):
+
+   ```diff
+    | [gx-scs](https://github.com/SovereignCloudStack/docs/blob/main/community/cloud-resources/plusserver-gx-scs.md) | Dev environment provided for SCS & GAIA-X context | plusserver GmbH | 
+    {#- #} [{{ results | pick('gx-scs', iaas) | summary }}]({{ detail_url('gx-scs', iaas) }}) {# -#}
+    | [HM](https://health.gx-scs.sovereignit.cloud:3000/) |
+   +| [SUBJECT_NAME](YOUR_URL) | DESCRIPTION | COMPANY_NAME | 
+   +{#- #} [{{ results | pick('SUBJECT_NAME', iaas) | summary }}]({{ detail_url('SUBJECT_NAME', iaas) }}) {# -#}
+   +| [HM](HEALTH_MONITOR_URL) |
+   ```
+
+   Again, insert the lines at a position that keeps the table sorted (below `gx-scs`).
+
+7. Finally, add secrets to [.zuul.d/secure.yaml](https://github.com/SovereignCloudStack/standards/blob/main/.zuul.d/secure.yaml).
+   This is necessary so the tests can access your cloud.
+
+   This step is the most involved, and you can always have us do it for you; in that case, please send us
+   the application credential id and secret via an encrypted channel, e.g. Matrix.
+
+   To proceed, you need `zuul-client` installed:
+
+   ```shell
+   pipx install zuul-client
+   ```
+
+   Then you can execute:
+
+   ```shell
+   $ zuul-client --zuul-url https://zuul.sovereignit.cloud/ encrypt --tenant scs --project SovereignCloudStack/standards
+   <PASTE application credential id HERE>
+   <HIT ctrl-d>
+
+   ...
+    - secret:
+        name: <name>
+        data:
+          <fieldname>: !encrypted/pkcs1-oaep
+            - ...
+
+   $ zuul-client --zuul-url https://zuul.sovereignit.cloud/ encrypt --tenant scs --project SovereignCloudStack/standards
+   <PASTE application credential secret HERE>
+   <HIT ctrl-d>
+
+   ...
+    - secret:
+        name: <name>
+        data:
+          <fieldname>: !encrypted/pkcs1-oaep
+            - ...
+   ```
+
+   Copy the parts of the respective outputs starting in the final line shown here (the one starting `-`).
+   Insert them like so:
+
+   ```diff
+   +   SUBJECT_NAME_ac_id: !encrypted/pkcs1-oaep
+   +     - ENCRYPTED_ID
+   +   SUBJECT_NAME_ac_secret: !encrypted/pkcs1-oaep
+   +     - ENCRYPTED_SECRET
+   ```
+
+   Note that you have to use the same keys as in Step 3 (that is, with special characters replaced).
+
+8. Commit your changes and open a pull request:
+
+   ```shell
+   git commit -asm "Add SUBJECT_NAME"
+   git push
+   ```