e2e CI fixes, granularity in GHA CI, bump dependencies & images

.github/CODEOWNERS

@@ -0,0 +1 @@
+*       @rancher/observation-backup

.github/workflows/ci.yaml

@@ -0,0 +1,25 @@
+name: CI-pullrequest
+
+on: [pull_request]
+
+env:
+  YQ_VERSION: v4.25.1
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name : Checkout repository
+        uses : actions/checkout@v4
+      - name : setup go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+      - name: Install mikefarah/yq
+        run: sudo wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq;
+      - name : Install helm 
+        run : curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 |bash
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Run CI
+        run: make ci

.github/workflows/e2e-ci.yaml

@@ -28,72 +28,118 @@ on:
 env:
   GOARCH: amd64
   CGO_ENABLED: 0
-  SETUP_GO_VERSION: '^1.18'
+  SETUP_GO_VERSION: '^1.22'
   YQ_VERSION: v4.25.1
   E2E_CI: true
   REPO: rancher
   TAG: dev
   APISERVER_PORT: 8001
-  DEFAULT_SLEEP_TIMEOUT_SECONDS: 10
+  DEFAULT_SLEEP_TIMEOUT_SECONDS: 60
   KUBECTL_WAIT_TIMEOUT: 120s
   DEBUG: ${{ github.event.inputs.debug || false }}
+  CLUSTER_NAME : e2e-ci-helm-project-operator
 
 permissions:
   contents: write
 
 jobs:
+  build-rancher-manager:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout rancher repository
+        uses: actions/checkout@v4
+        with:
+          repository: rancher/rancher
+          ref: v2.8.3
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+      - name: Build rancher
+        run: go build -o ./bin/rancher ./main.go && chmod +x ./bin/rancher
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: rancher-manager-build-artifact
+          path: ./bin
   e2e-helm-project-operator:
+    needs : [
+      build-rancher-manager
+    ]
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        k3s_version:
-          # k3d version list k3s | sed 's/+/-/' | sort -h
-          - ${{ github.event.inputs.k3s_version || 'v1.20.15-k3s1' }}
+    # TODO : for now hardcode k3s version
+    # strategy:
+    #   matrix:
+    #     k3s_version:
+    #       - ${{ github.event.inputs.k3s_version || 'v1.27.7-k3s2' }}
     steps:
-      -
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      -
-        name: Install mikefarah/yq
+      - name : Fetch build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: rancher-manager-build-artifact
+          path: ./bin
+      - name : Debug artifacts
+        run : ls -l ./bin
+      - run : chmod +x ./bin/rancher
+      - name: Install mikefarah/yq
         run: |
           sudo wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq;
-      -
-        name: Perform CI
-        run: |
-          REPO=${REPO} TAG=${TAG} ./scripts/build;
-          REPO=${REPO} TAG=${TAG} ./scripts/package;
-      -
-        name: Provision k3d Cluster
-        uses: AbsaOSS/k3d-action@v2
-        # k3d will automatically create a network named k3d-test-cluster-1 with the range 172.18.0.0/16
+      - name: setup Go
+        uses: actions/setup-go@v5
         with:
-          cluster-name: "e2e-ci-helm-project-operator"
-          args: >-
-            --agents 1
-            --network "nw01"
-            --image docker.io/rancher/k3s:${{matrix.k3s_version}}
-      -
-        name: Import Images Into k3d
+          go-version: '1.22'
+      - name: Perform CI
         run: |
-          k3d image import ${REPO}/helm-project-operator:${TAG} -c e2e-ci-helm-project-operator;
-      -
-        name: Setup kubectl context
-        run: |
-          kubectl config use-context k3d-e2e-ci-helm-project-operator;
+          REPO=${REPO} TAG=${TAG} ./scripts/package;
+      - name : Install k3d
+        run : ./.github/workflows/e2e/scripts/install-k3d.sh
+      - name : Setup k3d cluster
+        run : K3S_VERSION=v1.27.7-k3s2 ./.github/workflows/e2e/scripts/setup-cluster.sh
+      - name : Bootstrap cluster
+        run : |
+          k3d kubeconfig get $CLUSTER_NAME > kubeconfig.yaml && export KUBECONFIG=$(pwd)/kubeconfig.yaml
+          CATTLE_DEV_MODE=30 CATTLE_BOOTSTRAP_PASSWORD=admin ./bin/rancher --trace=false --add-local=true --no-cacerts &
+      #   name: Provision k3d Cluster
+      #   uses: AbsaOSS/k3d-action@v2
+      #   # k3d will automatically create a network named k3d-test-cluster-1 with the range 172.18.0.0/16
+      #   with:
+      #     cluster-name: "e2e-ci-helm-project-operator"
+      #     args: >-
+      #       --agents 1
+      #       --network "nw01"
+      #       --image docker.io/rancher/k3s:${{matrix.k3s_version}}
+      # -
+      #   name: Import Images Into k3d
+      #   run: |
+      #     k3d image import ${REPO}/helm-project-operator:${TAG} -c e2e-ci-helm-project-operator;
+      # -
+      #   name: Setup kubectl context
+      #   run: |
+      #     kubectl config use-context k3d-e2e-ci-helm-project-operator;
       -
         name: Set Up Tmate Debug Session
         if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.enable_tmate == 'true' }}
         uses: mxschmitt/action-tmate@v3
         timeout-minutes: 15
         with:
-          limit-access-to-actor: true
+          limit-access-to-actor: true    
+
+      # - 
+      #   name: Install rancher manager
+      #   run: ./.github/workflows/e2e/scripts/install-rancher.sh;
+      # - 
+      #   name: Validate rancher manager
+      #   run: ./.github/workflows/e2e/scripts/validate-rancher.sh;
       -
         name: Install Helm Project Operator
         run: ./.github/workflows/e2e/scripts/install-helm-project-operator.sh;
       - 
         name: Check if Helm Project Operator is up
         run: ./.github/workflows/e2e/scripts/validate-helm-project-operator.sh;
+
       -
         name: Check if Project Registration Namespace is auto-created on namespace detection
         run: ./.github/workflows/e2e/scripts/create-project-namespace.sh;

.github/workflows/e2e/scripts/create-project-namespace.sh

@@ -6,9 +6,11 @@ source $(dirname $0)/entry
 cd $(dirname $0)/../../../..
 
 kubectl create namespace e2e-hpo || true
-kubectl label namespace e2e-hpo field.cattle.io/projectId=p-example --overwrite
+kubectl annotate namespace e2e-hpo field.cattle.io/projectId=local:p-example --overwrite
 sleep "${DEFAULT_SLEEP_TIMEOUT_SECONDS}"
 if ! kubectl get namespace cattle-project-p-example; then
+    echo "DEBUG"
+    kubectl get ns
     echo "ERROR: Expected cattle-project-p-example namespace to exist after ${DEFAULT_SLEEP_TIMEOUT_SECONDS} seconds, not found"
     exit 1
 fi

.github/workflows/e2e/scripts/create-projecthelmchart.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 set -e
+set -x
 
 source $(dirname $0)/entry
 

.github/workflows/e2e/scripts/install-helm-project-operator.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 set -e
+set -x
 
 source $(dirname $0)/entry
 

.github/workflows/e2e/scripts/install-k3d.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+set -x
+
+K3D_URL=https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh
+DEFAULT_K3D_VERSION=v5.4.6
+
+install_k3d(){
+  local k3dVersion=${K3D_VERSION:-${DEFAULT_K3D_VERSION}}
+  echo -e "Downloading k3d@${k3dVersion} see: ${K3D_URL}"
+  curl --silent --fail ${K3D_URL} | TAG=${k3dVersion} bash
+}
+
+install_k3d
+
+k3d version

.github/workflows/e2e/scripts/install-rancher.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
+
+helm repo update
+
+kubectl create namespace cattle-system
+
+helm install -n cattle-system rancher rancher-stable/rancher

.github/workflows/e2e/scripts/setup-cluster.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+set -e
+
+source ./scripts/version
+
+if [ -z "$CLUSTER_NAME" ]; then
+    echo "CLUSTER_NAME must be specified when setting up a cluster"
+    exit 1
+fi
+
+if [ -z "$K3S_VERSION" ]; then
+  echo "K3S_VERSION must be specified when setting up a cluster, use $(k3d version list k3s) to find valid versions"
+  exit 1
+fi
+
+# waits until all nodes are ready
+wait_for_nodes(){
+  timeout=120
+  start_time=$(date +%s)
+  echo "wait until all agents are ready"
+  while :
+  do
+    current_time=$(date +%s)
+    elapsed_time=$((current_time - start_time))
+    if [ $elapsed_time -ge $timeout ]; then
+        echo "Timeout reached, exiting..."
+        exit 1
+    fi
+
+    readyNodes=1
+    statusList=$(kubectl get nodes --no-headers | awk '{ print $2}')
+    # shellcheck disable=SC2162
+    while read status
+    do
+      current_time=$(date +%s)
+      elapsed_time=$((current_time - start_time))
+      if [ $elapsed_time -ge $timeout ]; then
+          echo "Timeout reached, exiting..."
+          exit 1
+      fi
+      if [ "$status" == "NotReady" ] || [ "$status" == "" ]
+      then
+        readyNodes=0
+        break
+      fi
+    done <<< "$(echo -e  "$statusList")"
+    # all nodes are ready; exit
+    if [[ $readyNodes == 1 ]]
+    then
+      break
+    fi
+    sleep 1
+  done
+}
+
+k3d cluster delete $CLUSTER_NAME || true
+k3d cluster create $CLUSTER_NAME --image "docker.io/rancher/k3s:${K3S_VERSION}"
+
+wait_for_nodes
+
+echo "$CLUSTER_NAME ready"
+
+kubectl cluster-info --context k3d-${CLUSTER_NAME}
+kubectl config use-context k3d-${CLUSTER_NAME}
+kubectl get nodes -o wide
+
+echo "Importing image ${IMAGE}"
+k3d image import ${IMAGE} -c $CLUSTER_NAME

.github/workflows/e2e/scripts/validate-rancher.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+sleep "${DEFAULT_SLEEP_TIMEOUT_SECONDS}"
+# Check deployment status
+kubectl -n cattle-system rollout status deploy/rancher
+
+# Capture the exit status of the previous command
+exit_status=$?
+
+if [ $exit_status -eq 0 ]; then
+    echo "rancher deployment is healthy."
+else
+    echo "rancher deployment is not healthy."
+fi
+
+exit $exit_status

.github/workflows/label-all-new-issues.yaml

@@ -18,5 +18,5 @@ jobs:
       - name: Label issues
         uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90
         with:
-          add-labels: "team/area3"
+          add-labels: "team/observability&backup"
           repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint.yaml

@@ -0,0 +1,36 @@
+name: golangci-lint
+on:
+  pull_request:
+    paths-ignore:
+    - 'docs/**'
+    - '*.md'
+    - '.gitignore'
+    - 'CODEOWNERS'
+    - 'LICENSE'
+    - 'scripts/'
+    - 'Makefile'
+
+permissions:
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  # pull-requests: read
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+      # hack we require embedding an example chart in the dummy HPO
+      - name: Place empty chart
+        run: mkdir -p ./bin/example-chart && touch ./bin/example-chart/example-chart.tgz.base64
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          # Require: The version of golangci-lint to use.
+          # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version.
+          # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit.
+          version: v1.56