adding itewk's changes to make integration tests work

.github/actions/setup-kind-cluster-for-helm-chart-testing/action.yaml

@@ -0,0 +1,168 @@
+name: 'Setup Kind Cluster for Helm Chart Testing'
+description: 'Setup Kind cluster for testing Helm Charts that expect to run with OLM and ingress'
+inputs:
+  # renovate: datasource=github-releases depName=helm/helm
+  helm-version:
+    description: helm version to install
+    required: true
+    default: 'v3.16.3'
+
+  # renovate: datasource=github-tags depName=python/cpython
+  python-version:
+    description: python version to install
+    required: true
+    default: 'v3.13.0'
+
+  # renovate: datasource=github-releases depName=kubernetes-sigs/kind
+  kind-version:
+    description: kind version to install
+    required: true
+    default: 'v0.25.0'
+
+  # renovate: datasource=github-releases depName=operator-framework/operator-lifecycle-manager
+  olm-version:
+    description: olm version to install
+    required: true
+    default: 'v0.30.0'
+
+  local-registry-enabled:
+    description: whether to enable local authenticated registry
+    required: true
+    type: boolean
+    default: false
+
+  local-registry-user:
+    description: local authenticated registry username
+    required: false
+    default: 'registryuser1'
+
+  local-registry-password: 
+    description: local authenticated registry password
+    required: false
+    default: 'registrypassword1'
+
+  local-registry-uri:
+    description: local authenticated registry uri
+    required: false
+    default: 'registry.localhost'
+
+  local-registry-images:
+    description: space separated list of remote container images to seed into the local private registry
+    required: false
+    default: ''
+
+runs:
+  using: "composite"
+  steps:
+  - name: Setup Helm 🧰
+    uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
+    with:
+      version: ${{ inputs.helm-version }}
+
+  - name: Setup Python 🐍
+    uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
+    with:
+      python-version: ${{ inputs.python-version }}
+
+  - name: Setup kind cluster 🧰
+    uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
+    with:
+      version: ${{ inputs.kind-version }}
+      config: _test/kind-config.yaml
+
+  # for helm charts we are testing that require installing operators 
+  - name: Setup kind cluster - Install OLM 🧰
+    env:
+      OLM_VERSION: ${{ inputs.olm-version }}
+    shell: bash
+    run: |
+      curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/install.sh -o install.sh
+      chmod +x install.sh
+        ./install.sh ${OLM_VERSION}
+
+  # for helm charts we are testing that require ingress
+  - name: Setup kind cluster - Install ingress controller 🧰
+    shell: bash
+    run: |
+      helm repo add haproxy-ingress https://haproxy-ingress.github.io/charts
+      helm install haproxy-ingress haproxy-ingress/haproxy-ingress \
+          --create-namespace --namespace=ingress-controller \
+          --set controller.hostNetwork=true
+      kubectl apply -f - <<EOF
+      apiVersion: networking.k8s.io/v1
+      kind: IngressClass
+      metadata:
+        name: haproxy
+        annotations:
+          ingressclass.kubernetes.io/is-default-class: 'true'
+      spec:
+        controller: haproxy-ingress.github.io/controller
+      EOF
+
+  # for helm charts we are testing that require/expect certain default namespaces from Red Hat OpenShift
+  - name: Setup kind cluster - create expected namespaces 🧰
+    shell: bash
+    run: |
+      kubectl create namespace openshift-operators
+
+  # install private registry for those that need it
+  - name: Setup kind cluster - install private registry 🧰
+    env:
+      LOCAL_REGISTRY_USER: ${{ inputs.local-registry-user }}
+      LOCAL_REGISTRY_PASSWORD: ${{ inputs.local-registry-password }}
+      LOCAL_REGISTRY_URI: ${{ inputs.local-registry-uri }}
+    shell: bash
+    run: |
+      helm upgrade --install private-registry _test/private-registry \
+        --namespace registry \
+        --create-namespace \
+        --wait \
+        --set registryUser=${LOCAL_REGISTRY_USER} \
+        --set registryPassword=${LOCAL_REGISTRY_PASSWORD} \
+        --set registryIngressHost=${LOCAL_REGISTRY_URI}
+    if: inputs.local-registry-enabled == 'true'
+
+  # copy images needed by CT tests that use private registry to the private registry
+  - name: Setup kind cluster - Copy images into private registry 🔺
+    env:
+      LOCAL_REGISTRY_USER: ${{ inputs.local-registry-user }}
+      LOCAL_REGISTRY_PASSWORD: ${{ inputs.local-registry-password }}
+      LOCAL_REGISTRY_URI: ${{ inputs.local-registry-uri }}
+      LOCAL_REGISTRY_IMAGES: ${{ inputs.local-registry-images }}
+    shell: bash
+    run: |
+      for image in ${LOCAL_REGISTRY_IMAGES}; do
+          image_name_regex='.*\/(.*$)'
+          if [[ "${image}" =~ ${image_name_regex} ]]; then
+              image_name="${BASH_REMATCH[1]}"
+              remote_image="docker://${image}"
+              local_image="docker://${LOCAL_REGISTRY_URI}/${image_name}"
+
+              echo "Copy image (${remote_image}) to local registry (${local_image})"
+              skopeo copy \
+                --dest-creds ${LOCAL_REGISTRY_USER}:${LOCAL_REGISTRY_PASSWORD} \
+                --dest-tls-verify=false \
+                ${remote_image} \
+                ${local_image}
+          else
+              echo "ERROR: parsing image name from source image uri: ${image}"
+              exit 1
+          fi
+      done
+    if: inputs.local-registry-enabled == 'true'
+
+  # SOURCE: https://kind.sigs.k8s.io/docs/user/local-registry/
+  - name: Setup kind cluster - Add the registry config to the nodes 🧰
+    env:
+      LOCAL_REGISTRY_URI: ${{ inputs.local-registry-uri }}
+      CLUSTER_NAME: chart-testing
+    shell: bash
+    run: |
+      REGISTRY_DIR="/etc/containerd/certs.d/${LOCAL_REGISTRY_URI}"
+      for node in $(kind get nodes -n "${CLUSTER_NAME}"); do
+        docker exec "${node}" mkdir -p "${REGISTRY_DIR}"
+        cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
+      [host."http://${LOCAL_REGISTRY_URI}"]
+      EOF
+      done
+    if: inputs.local-registry-enabled == 'true'

.github/workflows/install-integration-tests-operators-installer.yaml

@@ -3,13 +3,12 @@
 #
 # NOTE: can't use chart-testing because `ct` does not allow for a fixed release so you can't run two different tests that affect the same resources
 
-name: Install Integration Test - operators-installer
+name: Install Integration Tests - operators-installer
 
 on:
   pull_request:
     paths:
     - .github/**
-    - _test/charts-integration-tests/operators-installer/**
     - charts/operators-installer/**
 
 # Declare default permissions as read only.
@@ -24,22 +23,16 @@ env:
   registry_password: registrypassword1
 
 jobs:
-  install-integration-test:
+  test-install-and-multi-stage-upgrade:
     runs-on: ubuntu-latest
     env:
-      # renovate: datasource=github-releases depName=helm/helm
-      HELM_VERSION: v3.16.3
-      # renovate: datasource=github-tags depName=python/cpython
-      PYTHON_VERSION: v3.13.0
-      # renovate: datasource=github-releases depName=kubernetes-sigs/kind
-      KIND_VERSION: v0.25.0
-      # renovate: datasource=github-releases depName=operator-framework/operator-lifecycle-manager
-      OLM_VERSION: v0.30.0
+      TEST_NAMESPACE: 'operators-installer-integration-test'
     steps:
     - name: Checkout 🛎️
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       with:
         fetch-depth: 0
+<<<<<<< HEAD
 
     - name: Setup Helm 🧰
       uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
@@ -81,6 +74,12 @@ jobs:
         spec:
           controller: haproxy-ingress.github.io/controller
         EOF
+=======
+
+    # set up kind cluster (using re-usable local composite action)
+    - name: Setup Kind Cluster for Helm Chart Testing 🧰
+      uses: ./.github/actions/setup-kind-cluster-for-helm-chart-testing
+>>>>>>> ians-fork/imagePullSecret
 
     # for testing operators-installer image from private repository
     - name: Setup private registry in kind cluster 🧰
@@ -108,8 +107,8 @@ jobs:
         echo "##########################################################################################################"
         echo "# Install argo at old version                                                                            #"
         echo "##########################################################################################################"
-        helm upgrade --install operators-installer-integration-test charts/operators-installer \
-          --namespace operators-installer-integration-test \
+        helm upgrade --install install-and-multi-stage-upgrade charts/operators-installer \
+          --namespace ${TEST_NAMESPACE} \
           --create-namespace \
           --wait \
           --values charts/operators-installer/_integration-tests/test-install-operator-0-automatic-intermediate-manual-upgrades-values.yaml \
@@ -127,8 +126,63 @@ jobs:
         echo "##########################################################################################################"
         echo "# Upgrade argo to newer version requiring many intermediate updates along the way                        #"
         echo "##########################################################################################################"
-        helm upgrade --install operators-installer-integration-test charts/operators-installer \
-          --namespace operators-installer-integration-test \
+        helm upgrade --install install-and-multi-stage-upgrade charts/operators-installer \
+          --namespace ${TEST_NAMESPACE} \
           --wait \
           --values charts/operators-installer/_integration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml \
+<<<<<<< HEAD
           --debug --timeout 35m0s
+=======
+          --debug --timeout 30m0s
+
+  test-approver-job-image-from-authenticated-registry:
+    runs-on: ubuntu-latest
+    env:
+      TEST_NAMESPACE: 'external-secrets-operator'
+      LOCAL_REGISTRY_USER: registryuser1
+      LOCAL_REGISTRY_PASSWORD: registrypassword1
+      LOCAL_REGISTRY_URI: registry.localhost
+      LOCAL_REGISTRY_IMAGES: "quay.io/openshift/origin-cli:4.15" # space separated
+    steps:
+    - name: Checkout 🛎️
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      with:
+        fetch-depth: 0
+
+    # set up kind cluster (using re-usable local composite action)
+    - name: Setup Kind Cluster for Helm Chart Testing 🧰
+      uses: ./.github/actions/setup-kind-cluster-for-helm-chart-testing
+      with:
+        local-registry-enabled: true
+        local-registry-user: ${{ env.LOCAL_REGISTRY_USER }}
+        local-registry-password: ${{ env.LOCAL_REGISTRY_PASSWORD }}
+        local-registry-uri: ${{ env.LOCAL_REGISTRY_URI }}
+        local-registry-images: "quay.io/openshift/origin-cli:4.15" # space separated
+
+    # create test namespace
+    - name: Setup kind cluster - create test namespace 🧰
+      run: |
+        kubectl create namespace ${TEST_NAMESPACE}
+
+    # create pull secret for pulling images
+    - name: Setup kind cluster - create pull secret for private registry 🧰
+      run: |
+        kubectl create secret docker-registry local-registry-pullsecret \
+          --namespace ${TEST_NAMESPACE} \
+          --docker-username="${LOCAL_REGISTRY_USER}" \
+          --docker-password="${LOCAL_REGISTRY_PASSWORD}" \
+          --docker-server=${LOCAL_REGISTRY_URI}
+
+    # NOTE: can't use chart-testing because `ct` does not allow for a fixed release so you can't run two different tests that affect the same resources
+    - name: Run integration tests 🧪
+      timeout-minutes: 10
+      run: |
+        echo "##########################################################################################################"
+        echo "# Install operator using approver job image from private authenticated registry                          #"
+        echo "##########################################################################################################"
+        helm upgrade --install approver-from-authed-registry charts/operators-installer \
+          --namespace ${TEST_NAMESPACE} \
+          --wait \
+          --values charts/operators-installer/_integration-tests/test-install-operator-with-approver-image-from-private-registry.yaml \
+          --debug --timeout 9m0s
+>>>>>>> ians-fork/imagePullSecret

.github/workflows/install-unit-test.yaml

@@ -17,31 +17,12 @@ concurrency:
 jobs:
   install-test:
     runs-on: ubuntu-latest
-    env:
-      # renovate: datasource=github-releases depName=helm/helm
-      HELM_VERSION: v3.16.3
-      # renovate: datasource=github-tags depName=python/cpython
-      PYTHON_VERSION: v3.13.0
-      # renovate: datasource=github-releases depName=kubernetes-sigs/kind
-      KIND_VERSION: v0.25.0
-      # renovate: datasource=github-releases depName=operator-framework/operator-lifecycle-manager
-      OLM_VERSION: v0.30.0
     steps:
     - name: Checkout 🛎️
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       with:
         fetch-depth: 0
 
-    - name: Setup Helm 🧰
-      uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
-      with:
-        version: ${{ env.HELM_VERSION }}
-
-    - name: Setup Python 🐍
-      uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
-      with:
-        python-version: ${{ env.PYTHON_VERSION }}
-
     - name: Setup chart-testing 🧰
       uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
 
@@ -53,44 +34,10 @@ jobs:
         if [[ -n "$changed" ]]; then
           echo "changed=true" >> $GITHUB_OUTPUT
         fi
-
-    - name: Setup kind cluster 🧰
-      uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
-      with:
-        version: ${{ env.KIND_VERSION }}
-      if: steps.changed-charts.outputs.changed == 'true'
-
-    # for helm charts we are testing that require installing operators 
-    - name: Setup kind cluster - Install OLM 🧰
-      run: |
-        curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/install.sh -o install.sh
-        chmod +x install.sh
-        ./install.sh ${OLM_VERSION}
-      if: steps.changed-charts.outputs.changed == 'true'
-
-    # for helm charts we are testing that require ingress
-    - name: Setup kind cluster - Install ingress controller 🧰
-      run: |
-        helm repo add haproxy-ingress https://haproxy-ingress.github.io/charts
-        helm install haproxy-ingress haproxy-ingress/haproxy-ingress \
-            --create-namespace --namespace=ingress-controller \
-            --set controller.hostNetwork=true
-        kubectl apply -f - <<EOF
-        apiVersion: networking.k8s.io/v1
-        kind: IngressClass
-        metadata:
-          name: haproxy
-          annotations:
-            ingressclass.kubernetes.io/is-default-class: 'true'
-        spec:
-          controller: haproxy-ingress.github.io/controller
-        EOF
-      if: steps.changed-charts.outputs.changed == 'true'
     
-    # for helm charts we are testing that require/expect certain default namespaces from Red Hat OpenShift
-    - name: Setup kind cluster - create expected namespaces 🧰
-      run: |
-        kubectl create namespace openshift-operators
+    # set up kind cluster (using re-usable local composite action)
+    - name: Setup Kind Cluster for Helm Chart Testing 🧰
+      uses: ./.github/actions/setup-kind-cluster-for-helm-chart-testing
       if: steps.changed-charts.outputs.changed == 'true'
 
     - name: Run unit tests 🧪

_test/kind-config.yaml

@@ -0,0 +1,17 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  extraPortMappings:
+  - containerPort: 5000
+    hostPort: 5000
+    protocol: TCP
+  - containerPort: 80
+    hostPort: 80
+    protocol: TCP
+
+# SOURCE: https://kind.sigs.k8s.io/docs/user/local-registry/
+containerdConfigPatches:
+- |-
+  [plugins."io.containerd.grpc.v1.cri".registry]
+    config_path = "/etc/containerd/certs.d"