fix: fix installing with ./hack/dev/kind.sh

Updated CI workflow and associated scripts to enhance the end-to-end
testing setup. This involved modifying environment variables for
controller URLs, docker repositories, and kubeconfig paths.
Additionally, the gosmee replay URLs were adjusted to use HTTP instead
of HTTPS, and specific Gitea-related gosmee URL generation was
refactored to utilize a dynamic approach. The scripts also saw updates
for creating GitHub app secrets and controllers on GHE, along with
changes to how Gitea tests are segmented. Minor adjustments were made to
Makefile and the collect_logs function to reflect these changes.
Fix installing on latest kind for local registry.

Signed-off-by: Chmouel Boudjnah <chmouel@redhat.com>

Author: chmouel

.github/workflows/e2e.yaml

@@ -53,10 +53,10 @@ jobs:
           ]
 
     env:
-      CONTROLLER_DOMAIN_URL: paac.paac-127-0-0-1.nip.io
+      CONTROLLER_DOMAIN_URL: controller.paac-127-0-0-1.nip.io
       KOCACHE: /tmp/ko-cache
-      KO_DOCKER_REPO: registry.paac-127-0-0-1.nip.io
-      KUBECONFIG: /home/runner/.kube/config.local
+      KO_DOCKER_REPO: localhost:5000
+      KUBECONFIG: /home/runner/.kube/config.kind
       TARGET_TEAM_SLUGS: "pipeline-as-code,pipeline-as-code-contributors"
       TEST_BITBUCKET_CLOUD_API_URL: https://api.bitbucket.org/2.0
       TEST_BITBUCKET_CLOUD_E2E_REPOSITORY: cboudjna/pac-e2e-tests
@@ -66,21 +66,20 @@ jobs:
       TEST_BITBUCKET_SERVER_TOKEN: ${{ secrets.BITBUCKET_SERVER_TOKEN }}
       TEST_BITBUCKET_SERVER_USER: pipelines
       TEST_BITBUCKET_SERVER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_SERVER_WEBHOOK_SECRET }}
-      TEST_EL_URL: https://paac.paac-127-0-0-1.nip.io
+      TEST_EL_URL: http://controller.paac-127-0-0-1.nip.io
       TEST_EL_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
       TEST_GITEA_API_URL: http://localhost:3000
-      TEST_GITEA_INTERNAL_URL: http://forgejo-http.forgejo.svc.cluster.local:3000
+      TEST_GITEA_INTERNAL_URL: http://gitea.gitea:3000
       TEST_GITEA_PASSWORD: pac
       TEST_GITEA_REPO_OWNER: pac/pac
-      TEST_GITEA_SMEEURL: ${{ secrets.TEST_GITEA_SMEEURL }}
       TEST_GITEA_USERNAME: pac
       TEST_GITHUB_API_URL: api.github.com
       TEST_GITHUB_PRIVATE_TASK_NAME: task-remote
       TEST_GITHUB_PRIVATE_TASK_URL: https://github.com/openshift-pipelines/pipelines-as-code-e2e-tests-private/blob/main/remote_task.yaml
       TEST_GITHUB_REPO_OWNER_GITHUBAPP: openshift-pipelines/pipelines-as-code-e2e-tests
       TEST_GITHUB_REPO_OWNER_WEBHOOK: openshift-pipelines/pipelines-as-code-e2e-tests-webhook
       TEST_GITHUB_SECOND_API_URL: ghe.pipelinesascode.com
-      TEST_GITHUB_SECOND_EL_URL: https://ghe.paac-127-0-0-1.nip.io
+      TEST_GITHUB_SECOND_EL_URL: http://ghe.paac-127-0-0-1.nip.io
       TEST_GITHUB_SECOND_REPO_INSTALLATION_ID: 1
       TEST_GITHUB_SECOND_REPO_OWNER_GITHUBAPP: pipelines-as-code/e2e
       TEST_GITLAB_API_URL: https://gitlab.com
@@ -291,64 +290,95 @@ jobs:
         with:
           repo: chmouel/snazy
 
-      - name: Install minica
-        run: |
-          go install github.com/jsha/minica@latest
-          echo "$HOME/go/bin" >> "$GITHUB_PATH"
-
-      - name: Clone startpaac
-        uses: actions/checkout@v6
-        with:
-          repository: openshift-pipelines/startpaac
-          path: startpaac
-
       - name: Run gosmee for main controller
         run: |
-          nohup gosmee client --saveDir /tmp/gosmee-replay ${{ secrets.PYSMEE_URL }} "https://${CONTROLLER_DOMAIN_URL}" > /tmp/gosmee-main.log 2>&1 &
+          nohup gosmee client --saveDir /tmp/gosmee-replay ${{ secrets.PYSMEE_URL }} "http://${CONTROLLER_DOMAIN_URL}" > /tmp/gosmee-main.log 2>&1 &
 
-      - name: Run gosmee for main controller (Gitea)
-        if: startsWith(matrix.provider, 'gitea') || matrix.provider == 'concurrency'
-        run: |
-          nohup gosmee client --saveDir /tmp/gosmee-replay ${{ secrets.TEST_GITEA_SMEEURL }} "https://${CONTROLLER_DOMAIN_URL}" >> /tmp/gosmee-main.log 2>&1 &
+      # - name: Run gosmee for main controller (Gitea)
+      #   if: startsWith(matrix.provider, 'gitea') || matrix.provider == 'concurrency'
+      #   run: |
+      #     nohup gosmee client --saveDir /tmp/gosmee-replay ${{ secrets.TEST_GITEA_SMEEURL }} "http://${CONTROLLER_DOMAIN_URL}" >> /tmp/gosmee-main.log 2>&1 &
 
       - name: Run gosmee for second controller (GHE)
         if: matrix.provider == 'github_second_controller' || matrix.provider == 'concurrency'
         run: |
-          nohup gosmee client --saveDir /tmp/gosmee-replay-ghe ${{ secrets.TEST_GITHUB_SECOND_SMEE_URL }} "https://ghe.paac-127-0-0-1.nip.io" > /tmp/gosmee-ghe.log 2>&1 &
+          nohup gosmee client --saveDir /tmp/gosmee-replay-ghe ${{ secrets.TEST_GITHUB_SECOND_SMEE_URL }} "http://ghe.paac-127-0-0-1.nip.io" > /tmp/gosmee-ghe.log 2>&1 &
+
+      - name: Generate unique gosmee URL for Gitea tests
+        if: startsWith(matrix.provider, 'gitea') || matrix.provider == 'concurrency'
+        id: gosmee-url
+        run: |
+          SMEE_URL=$(curl -s https://hook.pipelinesascode.com -o /dev/null -w '%{redirect_url}')
+          echo "Generated unique smee URL: ${SMEE_URL}"
+          echo "url=${SMEE_URL}" >> "$GITHUB_OUTPUT"
+          echo "TEST_GITEA_SMEEURL=${SMEE_URL}" >> "$GITHUB_ENV"
 
       - name: Setup tmate session
         uses: mxschmitt/action-tmate@v3
+        # add all environment so we can debug easily
+        env:
+          CONTROLLER_DOMAIN_URL: controller.paac-127-0-0-1.nip.io
+          KOCACHE: /tmp/ko-cache
+          KO_DOCKER_REPO: localhost:5000
+          KUBECONFIG: /home/runner/.kube/config.kind
+          TARGET_TEAM_SLUGS: "pipeline-as-code,pipeline-as-code-contributors"
+          TEST_BITBUCKET_CLOUD_API_URL: https://api.bitbucket.org/2.0
+          TEST_BITBUCKET_CLOUD_E2E_REPOSITORY: cboudjna/pac-e2e-tests
+          TEST_BITBUCKET_CLOUD_USER: cboudjna
+          TEST_BITBUCKET_SERVER_API_URL: ${{ secrets.BITBUCKET_SERVER_API_URL }}
+          TEST_BITBUCKET_SERVER_E2E_REPOSITORY: PAC/pac-e2e-tests
+          TEST_BITBUCKET_SERVER_TOKEN: ${{ secrets.BITBUCKET_SERVER_TOKEN }}
+          TEST_BITBUCKET_SERVER_USER: pipelines
+          TEST_BITBUCKET_SERVER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_SERVER_WEBHOOK_SECRET }}
+          TEST_EL_URL: http://controller.paac-127-0-0-1.nip.io
+          TEST_EL_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
+          TEST_GITEA_API_URL: http://localhost:3000
+          TEST_GITEA_PASSWORD: pac
+          TEST_GITEA_REPO_OWNER: pac/pac
+          TEST_GITEA_USERNAME: pac
+          TEST_GITHUB_API_URL: api.github.com
+          TEST_GITHUB_PRIVATE_TASK_NAME: task-remote
+          TEST_GITHUB_PRIVATE_TASK_URL: https://github.com/openshift-pipelines/pipelines-as-code-e2e-tests-private/blob/main/remote_task.yaml
+          TEST_GITHUB_REPO_OWNER_GITHUBAPP: openshift-pipelines/pipelines-as-code-e2e-tests
+          TEST_GITHUB_REPO_OWNER_WEBHOOK: openshift-pipelines/pipelines-as-code-e2e-tests-webhook
+          TEST_GITHUB_SECOND_API_URL: ghe.pipelinesascode.com
+          TEST_GITHUB_SECOND_EL_URL: http://ghe.paac-127-0-0-1.nip.io
+          TEST_GITHUB_SECOND_REPO_INSTALLATION_ID: 1
+          TEST_GITHUB_SECOND_REPO_OWNER_GITHUBAPP: pipelines-as-code/e2e
+          TEST_GITLAB_API_URL: https://gitlab.com
+          TEST_GITLAB_PROJECT_ID: ${{ vars.TEST_GITLAB_PROJECT_ID }}
+          TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
+          TEST_GITHUB_REPO_INSTALLATION_ID: ${{ vars.INSTALLATION_ID }}
+          TEST_GITHUB_TOKEN: ${{ secrets.GH_APPS_TOKEN }}
+          TEST_GITHUB_SECOND_TOKEN: ${{ secrets.TEST_GITHUB_SECOND_TOKEN }}
+          TEST_GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
+          TEST_PROVIDER: ${{ matrix.provider }}
         if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
         with:
           detached: true
           limit-access-to-actor: true
 
-      - name: Start installing cluster with startpaac
+      - name: Start installing cluster
+        run: |
+          export PAC_DIR=${PWD}
+          bash -x ./hack/dev/kind/install.sh
+
+      - name: Create PAC github-app-secret
         env:
-          PAC_DIR: ${{ github.workspace }}
-          PAAC_DOMAIN: paac-127-0-0-1.nip.io
-          TEST_GITEA_SMEEURL: ${{ secrets.TEST_GITEA_SMEEURL }}
+          PAC_GITHUB_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
+          PAC_GITHUB_APPLICATION_ID: ${{ vars.APPLICATION_ID }}
+          PAC_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
         run: |
-          # Create real secrets for startpaac (not dummy)
-          mkdir -p ~/secrets
-          echo "${{ vars.APPLICATION_ID }}" > ~/secrets/github-application-id
-          echo "${{ secrets.APP_PRIVATE_KEY }}" > ~/secrets/github-private-key
-          echo "${{ secrets.WEBHOOK_SECRET }}" > ~/secrets/webhook.secret
-          echo "${{ secrets.PYSMEE_URL }}" > ~/secrets/smee
-
-          # Create second controller secrets
-          mkdir -p ~/secrets-second
-          echo "${{ vars.TEST_GITHUB_SECOND_APPLICATION_ID }}" > ~/secrets-second/github-application-id
-          echo "${{ secrets.TEST_GITHUB_SECOND_PRIVATE_KEY }}" > ~/secrets-second/github-private-key
-          echo "${{ secrets.TEST_GITHUB_SECOND_WEBHOOK_SECRET }}" > ~/secrets-second/webhook.secret
-          echo "${{ secrets.TEST_GITHUB_SECOND_SMEE_URL }}" > ~/secrets-second/smee
-
-          export PAC_SECRET_FOLDER=~/secrets
-          export PAC_SECOND_SECRET_FOLDER=~/secrets-second
-          export TARGET_HOST=local
-
-          cd startpaac
-          ./startpaac --ci -a
+          ./hack/gh-workflow-ci.sh create_pac_github_app_secret
+
+      - name: Create second Github APP Controller on GHE
+        env:
+          TEST_GITHUB_SECOND_SMEE_URL: ${{ secrets.TEST_GITHUB_SECOND_SMEE_URL }}
+          TEST_GITHUB_SECOND_PRIVATE_KEY: ${{ secrets.TEST_GITHUB_SECOND_PRIVATE_KEY }}
+          TEST_GITHUB_SECOND_WEBHOOK_SECRET: ${{ secrets.TEST_GITHUB_SECOND_WEBHOOK_SECRET }}
+          TEST_GITHUB_SECOND_APPLICATION_ID: ${{ vars.TEST_GITHUB_SECOND_APPLICATION_ID }}
+        run: |
+          ./hack/gh-workflow-ci.sh create_second_github_app_controller_on_ghe
 
       - name: Enable debug logging for e2e
         run: |
@@ -360,29 +390,6 @@ jobs:
             kubectl -n pipelines-as-code rollout status deployment/pipelines-as-code-$name --timeout=120s
           done
 
-      - name: Install minica CA certificate to system trust store
-        run: |
-          set -x
-          echo "=== Installing minica CA certificate to system trust store ==="
-          if [ -f /tmp/certs/minica.pem ]; then
-            sudo mkdir -p /usr/local/share/ca-certificates/
-            sudo cp /tmp/certs/minica.pem /usr/local/share/ca-certificates/minica.crt
-            sudo update-ca-certificates
-            echo "✓ CA certificate installed to system trust store"
-
-            # Verify installation
-            ls -la /usr/local/share/ca-certificates/minica.crt
-            echo "System will now trust HTTPS connections to *.127-0-0-1.nip.io domains"
-          else
-            echo "✗ ERROR: /tmp/certs/minica.pem not found"
-            echo "startpaac should have created this file"
-            exit 1
-          fi
-
-      - name: Configure git to skip TLS verification
-        run: |
-          git config --global http.sslVerify false
-
       # Adjusted step-level conditions based on the new job-level logic
       - name: Run E2E Tests
         # This step runs for schedule, PR target (if job started), or workflow_dispatch (if job started)
@@ -392,7 +399,6 @@ jobs:
           TEST_PROVIDER: ${{ matrix.provider }}
           TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
           TEST_EL_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
-          TEST_GITEA_SMEEURL: ${{ secrets.TEST_GITEA_SMEEURL }}
           TEST_GITHUB_REPO_INSTALLATION_ID: ${{ vars.INSTALLATION_ID }}
           TEST_GITHUB_TOKEN: ${{ secrets.GH_APPS_TOKEN }}
           TEST_GITHUB_SECOND_TOKEN: ${{ secrets.TEST_GITHUB_SECOND_TOKEN }}
@@ -411,7 +417,6 @@ jobs:
           TEST_PROVIDER: ${{ matrix.provider }}
           TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
           TEST_EL_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
-          TEST_GITEA_SMEEURL: ${{ secrets.TEST_GITEA_SMEEURL }}
           TEST_GITHUB_REPO_INSTALLATION_ID: ${{ vars.INSTALLATION_ID }}
           TEST_GITHUB_TOKEN: ${{ secrets.GH_APPS_TOKEN }}
           TEST_GITHUB_SECOND_TOKEN: ${{ secrets.TEST_GITHUB_SECOND_TOKEN }}
@@ -425,7 +430,6 @@ jobs:
       - name: Collect logs
         if: ${{ always() }}
         env:
-          TEST_GITEA_SMEEURL: ${{ secrets.TEST_GITEA_SMEEURL }}
           TEST_GITHUB_SECOND_SMEE_URL: ${{ secrets.TEST_GITHUB_SECOND_SMEE_URL }}
         run: |
           ./hack/gh-workflow-ci.sh collect_logs

Makefile

@@ -72,7 +72,7 @@ test-e2e-cleanup: ## cleanup test e2e namespace/pr left open
 	@./hack/dev/e2e-tests-cleanup.sh
 
 .PHONY: test-e2e
-test-e2e:  test-e2e-cleanup ## run e2e tests
+test-e2e:  ## run e2e tests
 	env GODEBUG=asynctimerchan=1 \
 		$(GO) test $(DEFAULT_GO_TEST_FLAGS) $(GO_TEST_FLAGS) -timeout $(TIMEOUT_E2E)  -failfast -count=1 -tags=e2e ./test
 

hack/dev/kind/install.sh

@@ -84,14 +84,23 @@ function reinstall_kind() {
   cat <<EOF >>${TMPD}/kconfig.yaml
 containerdConfigPatches:
 - |-
-  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:${REG_PORT}"]
-    endpoint = ["http://${REG_NAME}:5000"]
+  [plugins."io.containerd.grpc.v1.cri".registry]
+    config_path = "/etc/containerd/certs.d"
 EOF
 
   ${SUDO} ${kind} create cluster --name ${KIND_CLUSTER_NAME} --config ${TMPD}/kconfig.yaml
   mkdir -p $(dirname ${KUBECONFIG})
   ${SUDO} ${kind} --name ${KIND_CLUSTER_NAME} get kubeconfig >${KUBECONFIG}
 
+  # Configure registry on each node
+  REGISTRY_DIR="/etc/containerd/certs.d/localhost:${REG_PORT}"
+  for node in $(${SUDO} ${kind} get nodes --name ${KIND_CLUSTER_NAME}); do
+    docker exec "${node}" mkdir -p "${REGISTRY_DIR}"
+    cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
+[host."http://${REG_NAME}:5000"]
+EOF
+  done
+
   docker network connect "kind" "${REG_NAME}" 2>/dev/null || true
   cat <<EOF | kubectl apply -f -
 apiVersion: v1

hack/gh-workflow-ci.sh

@@ -42,15 +42,8 @@ create_second_github_app_controller_on_ghe() {
   local test_github_second_application_id="${TEST_GITHUB_SECOND_APPLICATION_ID}"
   local test_github_second_webhook_secret="${TEST_GITHUB_SECOND_WEBHOOK_SECRET}"
 
-  if [[ -n "$(type -p apt)" ]]; then
-    sudo apt update &&
-      sudo apt install -y python3-yaml
-  elif [[ -n "$(type -p dnf)" ]]; then
-    dnf install -y python3-pyyaml
-  else
-    # TODO(chmouel): setup a virtualenvironment instead
-    python3 -m pip install --break-system-packages PyYAML
-  fi
+  # install uv
+  type -p uv >/dev/null 2>&1 || { curl -LsSf https://astral.sh/uv/install.sh | sh; }
 
   ./hack/second-controller.py \
     --controller-image="ko" \
@@ -78,7 +71,6 @@ get_tests() {
   all_tests=$(grep -hioP '^func[[:space:]]+Test[[:alnum:]_]+' "${testfiles[@]}" | sed -E 's/^func[[:space:]]+//')
 
   local -a gitea_tests
-  local chunk_size remainder
   if [[ "${target}" == *"gitea"* ]]; then
     # Filter Gitea tests, excluding Concurrency tests
     mapfile -t gitea_tests < <(echo "${all_tests}" | grep -iP '^TestGitea' 2>/dev/null | grep -ivP 'Concurrency' 2>/dev/null | sort 2>/dev/null)
@@ -90,6 +82,11 @@ get_tests() {
       fi
     done
     gitea_tests=("${filtered_tests[@]}")
+  fi
+
+  # Calculate chunk sizes for splitting gitea tests into 3 parts
+  local chunk_size remainder
+  if [[ ${#gitea_tests[@]} -gt 0 ]]; then
     chunk_size=$((${#gitea_tests[@]} / 3))
     remainder=$((${#gitea_tests[@]} % 3))
   fi
@@ -123,10 +120,6 @@ get_tests() {
       printf '%s\n' "${gitea_tests[@]:${start_idx}:$((chunk_size + remainder))}"
     fi
     ;;
-  gitea_others)
-    # Deprecated: Use gitea_1, gitea_2, gitea_3 instead
-    printf '%s\n' "${all_tests}" | grep -ivP 'Github|Gitlab|Bitbucket|Concurrency'
-    ;;
   *)
     echo "Invalid target: ${target}"
     echo "supported targets: github, github_second_controller, gitlab_bitbucket, gitea_1, gitea_2, gitea_3, concurrency"
@@ -160,9 +153,9 @@ output_logs() {
 }
 
 collect_logs() {
-  # Read from environment variables
-  local test_gitea_smee_url="${TEST_GITEA_SMEEURL}"
-  local github_ghe_smee_url="${TEST_GITHUB_SECOND_SMEE_URL}"
+  # Read from environment variables (use default empty value for optional vars)
+  local test_gitea_smee_url="${TEST_GITEA_SMEEURL:-}"
+  local github_ghe_smee_url="${TEST_GITHUB_SECOND_SMEE_URL:-}"
 
   mkdir -p /tmp/logs
   # Output logs to stdout so we can see via the web interface directly
@@ -365,7 +358,7 @@ help() {
 
   collect_logs
     Collect logs from the cluster
-    Required env vars: TEST_GITEA_SMEEURL, TEST_GITHUB_SECOND_SMEE_URL
+    Optional env vars: TEST_GITEA_SMEEURL, TEST_GITHUB_SECOND_SMEE_URL (for scrubbing URLs from logs)
 
   output_logs
     Will output logs using snazzy formatting when available or otherwise through a simple