Skip to content

ARO-HCP: add optional hypershift in-place upgrade E2E workflow #80778

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
patriksuba wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

ARO-HCP: add optional hypershift in-place upgrade E2E workflow #80778

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions ci-operator/config/Azure/ARO-HCP/Azure-ARO-HCP-main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -502,6 +502,17 @@ tests:
ARO_HCP_SUITE_PARALLELISM: "55"
MULTISTAGE_PARAM_OVERRIDE_LOCATION: westus3
workflow: aro-hcp-local-e2e
- as: e2e-parallel-hypershift-upgrade
optional: true
run_if_changed: ^(?:dev-infrastructure/|config/|.*hypershift.*|\.ci-operator\.yaml$)
steps:
env:
ALLOWED_SUBSCRIPTIONS: ARO HCP E2E Hosted Clusters - Dev - 03
ARO_HCP_CLOUD: dev
ARO_HCP_DEPLOY_ENV: ci01
MULTISTAGE_PARAM_OVERRIDE_LOCATION: westus3
workflow: aro-hcp-local-e2e-upgrade
timeout: 12h0m0s
- as: global-pipeline-postsubmit
max_concurrency: 4
postsubmit: true
Expand Down
87 changes: 87 additions & 0 deletions ci-operator/jobs/Azure/ARO-HCP/Azure-ARO-HCP-main-presubmits.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -525,6 +525,93 @@ presubmits:
secret:
secretName: result-aggregator
trigger: (?m)^/test( | .* )e2e-parallel,?($|\s.*)
- agent: kubernetes
always_run: false
branches:
- ^main$
- ^main-
cluster: build05
context: ci/prow/e2e-parallel-hypershift-upgrade
decorate: true
decoration_config:
sparse_checkout_files:
- admin/Dockerfile
- backend/Dockerfile
- fleet/Dockerfile
- frontend/Dockerfile
- hcp-recovery/Dockerfile
- image-sync/oc-mirror/Dockerfile
- kube-applier/Dockerfile
- mgmt-agent/Dockerfile
- sessiongate/Dockerfile
- test/Containerfile.e2e
- tooling/aro-hcp-exporter/Dockerfile
timeout: 12h0m0s
labels:
ci.openshift.io/generator: prowgen
pj-rehearse.openshift.io/can-be-rehearsed: "true"
name: pull-ci-Azure-ARO-HCP-main-e2e-parallel-hypershift-upgrade
optional: true
rerun_command: /test e2e-parallel-hypershift-upgrade
run_if_changed: ^(?:dev-infrastructure/|config/|.*hypershift.*|\.ci-operator\.yaml$)
spec:
containers:
- args:
- --gcs-upload-secret=/secrets/gcs/service-account.json
- --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
- --lease-server-credentials-file=/etc/boskos/credentials
- --report-credentials-file=/etc/report/credentials
- --target=e2e-parallel-hypershift-upgrade
command:
- ci-operator
env:
- name: HTTP_SERVER_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
imagePullPolicy: Always
name: ""
ports:
- containerPort: 8080
name: http
resources:
requests:
cpu: 10m
volumeMounts:
- mountPath: /etc/boskos
name: boskos
readOnly: true
- mountPath: /secrets/gcs
name: gcs-credentials
readOnly: true
- mountPath: /secrets/manifest-tool
name: manifest-tool-local-pusher
readOnly: true
- mountPath: /etc/pull-secret
name: pull-secret
readOnly: true
- mountPath: /etc/report
name: result-aggregator
readOnly: true
serviceAccountName: ci-operator
volumes:
- name: boskos
secret:
items:
- key: credentials
path: credentials
secretName: boskos-credentials
- name: manifest-tool-local-pusher
secret:
secretName: manifest-tool-local-pusher
- name: pull-secret
secret:
secretName: registry-pull-credentials
- name: result-aggregator
secret:
secretName: result-aggregator
trigger: (?m)^/test( | .* )e2e-parallel-hypershift-upgrade,?($|\s.*)
- agent: kubernetes
always_run: true
branches:
Expand Down
8 changes: 8 additions & 0 deletions ci-operator/step-registry/aro-hcp/git/checkout-head/OWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
approvers:
- aro-hcp-sl-approvers
- geoberle
- deads2k
reviewers:
- aro-hcp-sl-reviewers
- geoberle
- deads2k
21 changes: 21 additions & 0 deletions ci-operator/step-registry/aro-hcp/git/checkout-head/aro-hcp-git-checkout-head-commands.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail

ref="${GIT_REF:-${PULL_PULL_SHA:-}}"
if [[ -z "${ref}" ]]; then
echo "ERROR: PR head ref unknown; set GIT_REF or run on a presubmit with PULL_PULL_SHA"
exit 1
fi

echo "Checking out PR head ${ref}"
git fetch --tags origin "${ref}" 2>/dev/null || git fetch origin "${ref}"
git fetch --unshallow origin 2>/dev/null || true
Comment on lines +13 to +14

@coderabbitai coderabbitai Bot Jun 19, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify SHA input path and strict fetch behavior in checkout-head step.
rg -n 'ref="\$\{GIT_REF:-\$\{PULL_PULL_SHA:-\}\}"|PULL_PULL_SHA|git fetch --tags origin "\$\{ref\}"|git fetch origin "\$\{ref\}"' \
  ci-operator/step-registry/aro-hcp/git/checkout-head/aro-hcp-git-checkout-head-commands.sh

Repository: openshift/release

Length of output: 269

🏁 Script executed:

cat -n ci-operator/step-registry/aro-hcp/git/checkout-head/aro-hcp-git-checkout-head-commands.sh

Repository: openshift/release

Length of output: 794

🏁 Script executed:

# Also check if there's documentation about how clonerefs works and whether it pre-fetches
rg -l "clonerefs" ci-operator/step-registry/ | head -5

Repository: openshift/release

Length of output: 267

🏁 Script executed:

# Look for other git checkout steps to see how they handle SHA refs
fd -e "commands.sh" ci-operator/step-registry/ | xargs grep -l "git fetch.*origin.*\${ref}" | head -5

Repository: openshift/release

Length of output: 471

🏁 Script executed:

# Check the other git checkout steps found earlier
cat ci-operator/step-registry/openshift/microshift/includes/openshift-microshift-includes-commands.sh | grep -A 10 -B 5 "git fetch"

Repository: openshift/release

Length of output: 43

🏁 Script executed:

# Look for documentation on clonerefs or how the repo is prepared
rg "clonerefs|clone.*repository" ci-operator/config/ --max-count 5

Repository: openshift/release

Length of output: 353

🏁 Script executed:

# Search for git checkout patterns in step registry to see how others handle SHA refs
rg "git fetch.*origin.*ref\}" ci-operator/step-registry/ --max-count 10 -A 2 -B 2

Repository: openshift/release

Length of output: 1278

🏁 Script executed:

# Check if git checkout works on a locally existing SHA without fetching
# First, understand the actual git behavior with SHAs
git --version

# Search for documentation on how clonerefs/cloner works
rg "cloner|clonerefs" --type yaml ci-operator/ | head -10

Repository: openshift/release

Length of output: 1640

🏁 Script executed:

# Look for git clone or git fetch patterns that handle SHAs properly
rg "git.*checkout|git.*fetch" ci-operator/step-registry/ --type sh -B 2 -A 2 | grep -E "(fetch|checkout|SHA|ref)" | head -20

Repository: openshift/release

Length of output: 3074

🏁 Script executed:

# Check the base image used for git steps to understand what git capabilities are available
fd "checkout-head" -e "ref.yaml" ci-operator/step-registry/aro-hcp/git/

Repository: openshift/release

Length of output: 43

🏁 Script executed:

# Verify: Can you fetch a raw commit SHA with git fetch?
# Create a test to understand git fetch behavior with SHAs
cat > /tmp/test_git_sha.md << 'EOF'
Git fetch behavior with SHAs:
- `git fetch origin <BRANCH>` - works (refs/heads/BRANCH)
- `git fetch origin <TAG>` - works (refs/tags/TAG)  
- `git fetch origin <SHA>` - FAILS (SHA is not a ref name)

Presubmit context:
- PULL_PULL_SHA is a commit SHA (e.g., "abc123def456...")
- Remote doesn't have this as a named ref
- Attempt to fetch SHA directly will fail

Solution:
- If clonerefs pre-clones the repo, SHA already exists locally
- Don't need to fetch it
- Just verify it exists locally and checkout
EOF
cat /tmp/test_git_sha.md

Repository: openshift/release

Length of output: 567

🏁 Script executed:

# Check what clonerefs does - look at CI operator config documentation
rg "clone|git.*fetch" ci-operator/config/openshift/ -t yaml --max-count 5 | head -20

Repository: openshift/release

Length of output: 3076

🏁 Script executed:

# Look at the step reference file to understand environment setup
cat ci-operator/step-registry/aro-hcp/git/checkout-head/aro-hcp-git-checkout-head-ref.yaml

Repository: openshift/release

Length of output: 523

Soften git fetch for commit SHA refs to prevent presubmit failures.

When PULL_PULL_SHA is used (standard for presubmits), ${ref} is a commit SHA. Git cannot fetch raw commit SHAs directly—only branch/tag names. The hard-fail on line 13 will always fail for SHA refs and break the step, even though the commit is already available locally after clonerefs clones the PR. The fallback also fails for the same reason.

Change line 13-14 to soft-fail all fetches and verify the ref exists locally before checkout:

Suggested fix 
- git fetch --tags origin "${ref}" 2>/dev/null || git fetch origin "${ref}"
- git fetch --unshallow origin 2>/dev/null || true
+ git fetch --tags origin 2>/dev/null || true
+ git fetch --unshallow origin 2>/dev/null || true
+ git fetch origin "${ref}" 2>/dev/null || true
+ git rev-parse --verify --quiet "${ref}^{commit}" >/dev/null || {
+   echo "ERROR: ref ${ref} is not available locally after fetch"
+   exit 1
+ }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
git fetch --tags origin "${ref}" 2>/dev/null || git fetch origin "${ref}"
git fetch --unshallow origin 2>/dev/null || true
git fetch --tags origin 2>/dev/null || true
git fetch --unshallow origin 2>/dev/null || true
git fetch origin "${ref}" 2>/dev/null || true
git rev-parse --verify --quiet "${ref}^{commit}" >/dev/null || {
echo "ERROR: ref ${ref} is not available locally after fetch"
exit 1
}
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/aro-hcp/git/checkout-head/aro-hcp-git-checkout-head-commands.sh`
around lines 13 - 14, The git fetch commands on lines 13-14 fail hard when the
ref is a commit SHA (from PULL_PULL_SHA in presubmits) because git cannot fetch
raw commit SHAs directly. Since the commit is already available locally after
clonerefs clones the PR, change both git fetch commands to soft-fail by
appending || true to each command, and add a verification step after the fetches
to check if the ref exists locally (using git rev-parse --verify "${ref}")
before attempting the git checkout to ensure the ref is available.

git checkout "${ref}" || {
echo "ERROR: failed to checkout ${ref}"
exit 1
}
git rev-parse HEAD
echo "${ref}" > "${SHARED_DIR}/git-checkout-ref"
git rev-parse HEAD > "${SHARED_DIR}/git-checkout-sha"
15 changes: 15 additions & 0 deletions ...rator/step-registry/aro-hcp/git/checkout-head/aro-hcp-git-checkout-head-ref.metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{
"path": "aro-hcp/git/checkout-head/aro-hcp-git-checkout-head-ref.yaml",
"owners": {
"approvers": [
"aro-hcp-sl-approvers",
"geoberle",
"deads2k"
],
"reviewers": [
"aro-hcp-sl-reviewers",
"geoberle",
"deads2k"
]
}
}
16 changes: 16 additions & 0 deletions ci-operator/step-registry/aro-hcp/git/checkout-head/aro-hcp-git-checkout-head-ref.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
ref:
as: aro-hcp-git-checkout-head
from: aro-hcp-e2e-tools
commands: aro-hcp-git-checkout-head-commands.sh
grace_period: 15s
resources:
requests:
cpu: 100m
memory: 256Mi
env:
- name: GIT_REF
default: ""
documentation: |-
Override for the PR head. When empty, uses PULL_PULL_SHA from the Prow job.
documentation: |-
Checkout the PR head revision after baseline tests and before in-place operator upgrade.
8 changes: 8 additions & 0 deletions ci-operator/step-registry/aro-hcp/git/checkout/OWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
approvers:
- aro-hcp-sl-approvers
- geoberle
- deads2k
reviewers:
- aro-hcp-sl-reviewers
- geoberle
- deads2k
20 changes: 20 additions & 0 deletions ci-operator/step-registry/aro-hcp/git/checkout/aro-hcp-git-checkout-commands.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail

ref="${GIT_REF:-main}"
if [[ -z "${GIT_REF:-}" ]]; then
echo "GIT_REF unset; using default ref=${ref}"
fi

echo "Checking out ${ref}"
git fetch --tags origin "${ref}" 2>/dev/null || git fetch origin "${ref}"
git fetch --unshallow origin 2>/dev/null || true
git checkout "${ref}" || {
Comment on lines +12 to +14

@coderabbitai coderabbitai Bot Jun 19, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify this script advertises SHA support but currently hard-fails on fetch.
rg -n 'Git ref to checkout \(branch, tag, or SHA\)|git fetch --tags origin "\$\{ref\}"|git fetch origin "\$\{ref\}"|git checkout "\$\{ref\}"' \
  ci-operator/step-registry/aro-hcp/git/checkout/aro-hcp-git-checkout-ref.yaml \
  ci-operator/step-registry/aro-hcp/git/checkout/aro-hcp-git-checkout-commands.sh

Repository: openshift/release

Length of output: 489

🏁 Script executed:

cat -n ci-operator/step-registry/aro-hcp/git/checkout/aro-hcp-git-checkout-commands.sh

Repository: openshift/release

Length of output: 721

🏁 Script executed:

# Check for similar fetch patterns in step registry
rg 'git fetch.*\$\{ref\}.*\|\|' ci-operator/step-registry/ -A1 -B1

# Also check if there's any documentation about git fetch limitations with SHAs
rg 'SHA|commit.*hash|fetch.*tag' ci-operator/step-registry/aro-hcp/git/checkout/ -A2 -B2

Repository: openshift/release

Length of output: 2525

🏁 Script executed:

# Check if these are the only two occurrences and examine the checkout-head variant
cat -n ci-operator/step-registry/aro-hcp/git/checkout-head/aro-hcp-git-checkout-head-commands.sh

Repository: openshift/release

Length of output: 794

Fetch pattern hard-fails on SHA refs when remote rejects SHA-based fetches.

The step documentation explicitly allows SHA refs ("Git ref to checkout (branch, tag, or SHA)"), but line 12 fails hard if the remote does not support fetching by SHA. With set -o errexit, the script exits before checkout can try resolving a valid local commit.

Make all fetch attempts best-effort, then explicitly verify the ref is locally resolvable:

Suggested patch 
- git fetch --tags origin "${ref}" 2>/dev/null || git fetch origin "${ref}"
+ git fetch --tags origin 2>/dev/null || true
+ git fetch origin "${ref}" 2>/dev/null || true
+ git rev-parse --verify --quiet "${ref}^{commit}" >/dev/null || {
+   echo "ERROR: ref ${ref} is not available locally after fetch"
+   exit 1
+ }

Note: The same pattern exists in aro-hcp-git-checkout-head-commands.sh.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/aro-hcp/git/checkout/aro-hcp-git-checkout-commands.sh`
around lines 12 - 14, The git fetch command on line 12 fails hard when the
remote does not support SHA-based fetches, causing the entire script to exit due
to set -o errexit before the git checkout command can attempt to resolve a valid
local commit. Make both fetch attempts best-effort by ensuring they do not cause
script failure (using || true pattern), then add an explicit verification step
that validates the ref is locally resolvable before attempting the git checkout
on line 14. Apply the same pattern fix to aro-hcp-git-checkout-head-commands.sh
which has the identical issue.

echo "ERROR: failed to checkout ${ref}"
exit 1
}
git rev-parse HEAD
echo "${ref}" > "${SHARED_DIR}/git-checkout-ref"
git rev-parse HEAD > "${SHARED_DIR}/git-checkout-sha"
15 changes: 15 additions & 0 deletions ci-operator/step-registry/aro-hcp/git/checkout/aro-hcp-git-checkout-ref.metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{
"path": "aro-hcp/git/checkout/aro-hcp-git-checkout-ref.yaml",
"owners": {
"approvers": [
"aro-hcp-sl-approvers",
"geoberle",
"deads2k"
],
"reviewers": [
"aro-hcp-sl-reviewers",
"geoberle",
"deads2k"
]
}
}
19 changes: 19 additions & 0 deletions ci-operator/step-registry/aro-hcp/git/checkout/aro-hcp-git-checkout-ref.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
ref:
as: aro-hcp-git-checkout
from: aro-hcp-e2e-tools
commands: aro-hcp-git-checkout-commands.sh
grace_period: 15s
resources:
requests:
cpu: 100m
memory: 256Mi
env:
- name: GIT_REF
default: "main"
documentation: |-
Git ref to checkout (branch, tag, or SHA). Defaults to main for the base
provision phase. Override via job env when a different base ref is needed.
documentation: |-
Fetch and checkout the base git ref before regional provision. Defaults to main
so infrastructure is bootstrapped from the stable branch; later steps checkout
the PR head for upgrade validation.
12 changes: 12 additions & 0 deletions ci-operator/step-registry/aro-hcp/local-e2e-upgrade/OWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
approvers:
- geoberle
- mmazur
- roivaz
- venkateshsredhat
- deads2k
reviewers:
- geoberle
- mmazur
- roivaz
- venkateshsredhat
- deads2k
19 changes: 19 additions & 0 deletions .../step-registry/aro-hcp/local-e2e-upgrade/aro-hcp-local-e2e-upgrade-workflow.metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"path": "aro-hcp/local-e2e-upgrade/aro-hcp-local-e2e-upgrade-workflow.yaml",
"owners": {
"approvers": [
"geoberle",
"mmazur",
"roivaz",
"venkateshsredhat",
"deads2k"
],
"reviewers": [
"geoberle",
"mmazur",
"roivaz",
"venkateshsredhat",
"deads2k"
]
}
}
33 changes: 33 additions & 0 deletions ci-operator/step-registry/aro-hcp/local-e2e-upgrade/aro-hcp-local-e2e-upgrade-workflow.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
workflow:
as: aro-hcp-local-e2e-upgrade
steps:
allow_best_effort_post_steps: true
leases:
- env: LEASED_MSI_MOCK_SP
resource_type: aro-hcp-msi-mock-cs-sp-dev
pre:
- ref: aro-hcp-lease-acquire
- ref: aro-hcp-git-checkout
- ref: aro-hcp-write-config
- ref: aro-hcp-provision-environment
test:
- ref: aro-hcp-test-local-pre-upgrade
- ref: aro-hcp-git-checkout-head
- ref: aro-hcp-upgrade-infra
- ref: aro-hcp-test-local-post-upgrade
post:
- ref: aro-hcp-gather-provision-failure
- ref: aro-hcp-gather-visualization
- ref: aro-hcp-gather-test-visualization
- ref: aro-hcp-gather-custom-link-tools
- ref: aro-hcp-gather-observability
- ref: aro-hcp-gather-snapshot
- ref: aro-hcp-deprovision-environment
- ref: aro-hcp-lease-release
documentation: |-
Acquire runtime leases, checkout main (or GIT_REF override), provision regional infrastructure, run upgrade/create tests, checkout the PR head,
rerun pipeline/RP.HypershiftOperator using hypershift.image and hypershift.sharedIngressImage
digests from PR-head config/config.yaml, then run upgrade/post-infra tests.
Uses the dedicated aro-hcp-dev-upgrade-westus3-slot pool (Dev - 03, slot_count: 1)
so the provisioned cluster persists isolated across both upgrade suite phases.
Override GIT_REF on git-checkout steps via job env when needed.
12 changes: 12 additions & 0 deletions ci-operator/step-registry/aro-hcp/test/local-post-upgrade/OWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
approvers:
- geoberle
- mmazur
- roivaz
- venkateshsredhat
- deads2k
reviewers:
- geoberle
- mmazur
- roivaz
- venkateshsredhat
- deads2k
58 changes: 58 additions & 0 deletions ...step-registry/aro-hcp/test/local-post-upgrade/aro-hcp-test-local-post-upgrade-commands.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail

: "${ARO_HCP_SUITE_NAME:?ARO_HCP_SUITE_NAME must be set}"

# Must match aro-hcp-test-local-pre-upgrade: post-infra loads cluster state via setup.go.
export SETUP_FILEPATH="${SETUP_FILEPATH:-${SHARED_DIR}/e2e-setup.json}"
if [[ ! -f "${SETUP_FILEPATH}" ]]; then
printf 'Missing e2e setup file: %s (upgrade/create must run in a prior step)\n' "${SETUP_FILEPATH}" >&2
exit 1
fi

env_file="${SHARED_DIR}/aro-hcp-slot.env"
if [[ ! -f "${env_file}" ]]; then
printf 'Missing runtime lease export file: %s\n' "${env_file}" >&2
exit 1
fi

# shellcheck disable=SC1090
source "${env_file}"

export LOCATION="${SELECTED_LOCATION:-${LOCATION:-}}"
: "${LOCATION:?LOCATION must be provided by SELECTED_LOCATION or the legacy runtime slot export file}"

export CLUSTER_PROFILE_DIR="/var/run/aro-hcp-${VAULT_SECRET_PROFILE}"

export AZURE_CLIENT_ID; AZURE_CLIENT_ID=$(cat "${CLUSTER_PROFILE_DIR}/client-id")
export AZURE_TENANT_ID; AZURE_TENANT_ID=$(cat "${CLUSTER_PROFILE_DIR}/tenant")
export AZURE_CLIENT_SECRET; AZURE_CLIENT_SECRET=$(cat "${CLUSTER_PROFILE_DIR}/client-secret")
export INFRA_SUBSCRIPTION_ID; INFRA_SUBSCRIPTION_ID=$(cat "${CLUSTER_PROFILE_DIR}/infra-${ARO_HCP_DEPLOY_ENV}-subscription-id")
export DEPLOY_ENV="${ARO_HCP_DEPLOY_ENV}"

az login --service-principal -u "${AZURE_CLIENT_ID}" -p "${AZURE_CLIENT_SECRET}" --tenant "${AZURE_TENANT_ID}" --output none

unset GOFLAGS

# This block prepares the environment to run the tests in.
# It runs against INFRA_SUBSCRIPTION.
az account set --subscription "${INFRA_SUBSCRIPTION_ID}"
make -C dev-infrastructure/ svc.aks.kubeconfig.pipeline SVC_KUBECONFIG_FILE=../kubeconfig DEPLOY_ENV="${DEPLOY_ENV}"
export KUBECONFIG=kubeconfig
export AZURE_TOKEN_CREDENTIALS=prod
FRONTEND_ADDRESS="https://$(kubectl get virtualservice -n aro-hcp aro-hcp-vs-frontend -o jsonpath='{.spec.hosts[0]}')"
make frontend-grant-ingress DEPLOY_ENV="${DEPLOY_ENV}"

# This block runs the tests against CUSTOMER_SUBSCRIPTION.
az account set --subscription "${CUSTOMER_SUBSCRIPTION}"
make e2e-local/setup FRONTEND_ADDRESS="${FRONTEND_ADDRESS}"

./test/aro-hcp-tests run-suite "${ARO_HCP_SUITE_NAME}" \
--junit-path="${ARTIFACT_DIR}/junit.xml" \
--html-path="${ARTIFACT_DIR}/extension-test-result-summary.html" \
--max-concurrency 100

junit_shared_name="${E2E_JUNIT_SHARED_NAME:-junit-e2e-suite.xml.gz}"
gzip -c "${ARTIFACT_DIR}/junit.xml" > "${SHARED_DIR}/${junit_shared_name}"
Loading