From 91e2e8a51f0d9ff57f2cf6b06c364c992f64cd17 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emacchi@redhat.com>
Date: Mon, 16 Sep 2024 20:40:23 -0400
Subject: [PATCH] Make mirror-images-qe-test-images re-usable outside QE env

* Skip the step if ${SHARED_DIR}/mirror_registry_url doesn't exist.
  It allows to run that step in shared workflows and the step is skipped
  when a mirror is not used by the job.
* Allow to provide a pre-created list of images to mirror. This can be
  triggered by `QE_IMAGES` set to false (default is true for backward
  compatibility). This allows us to generate the list in a previous step
  and give the file here so the mirror can be populated.
  We are not interested by QE images but by the script to push the
  images into the mirror.
* Load proxy env for disconnected clusters and mirrors.
---
 .../mirror-images-qe-test-images-commands.sh  | 52 +++++++++++++------
 .../mirror-images-qe-test-images-ref.yaml     |  7 +++
 2 files changed, 43 insertions(+), 16 deletions(-)

diff --git a/ci-operator/step-registry/mirror-images/qe-test-images/mirror-images-qe-test-images-commands.sh b/ci-operator/step-registry/mirror-images/qe-test-images/mirror-images-qe-test-images-commands.sh
index 1d29fd0c7d64..15e79366e8db 100755
--- a/ci-operator/step-registry/mirror-images/qe-test-images/mirror-images-qe-test-images-commands.sh
+++ b/ci-operator/step-registry/mirror-images/qe-test-images/mirror-images-qe-test-images-commands.sh
@@ -8,21 +8,22 @@ trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wa
 
 new_pull_secret="${SHARED_DIR}/new_pull_secret"
 
+if [ ! -f "${SHARED_DIR}/mirror_registry_url" ]; then
+    echo "File ${SHARED_DIR}/mirror_registry_url does not exist, skipping..."
+    exit 0
+fi
 # private mirror registry host
 # <public_dns>:<port>
 MIRROR_REGISTRY_HOST=`head -n 1 "${SHARED_DIR}/mirror_registry_url"`
-if [ ! -f "${SHARED_DIR}/mirror_registry_url" ]; then
-    echo "File ${SHARED_DIR}/mirror_registry_url does not exist."
-    exit 1
-fi
 echo "MIRROR_REGISTRY_HOST: $MIRROR_REGISTRY_HOST"
 
 # since ci-operator gives steps KUBECONFIG pointing to cluster under test under some circumstances,
 # unset KUBECONFIG to ensure this step always interact with the build farm.
 unset KUBECONFIG
 
-# Create qe test image list
-cat <<EOF > "/tmp/mirror-images-list.yaml"
+if [ "${QE_IMAGES}" == "true" ]; then
+    echo "Create qe test image list"
+    cat <<EOF > "/tmp/mirror-images-list.yaml"
 quay.io/openshifttest/iperf3:latest=MIRROR_REGISTRY_PLACEHOLDER/openshifttest/iperf3:latest
 quay.io/openshifttest/hello-sdn:1.2.0=MIRROR_REGISTRY_PLACEHOLDER/openshifttest/hello-sdn:1.2.0
 quay.io/openshifttest/hello-openshift-fedora:latest=MIRROR_REGISTRY_PLACEHOLDER/openshifttest/hello-openshift-fedora:latest
@@ -98,6 +99,18 @@ quay.io/openshifttest/uiauto-operators-index:1.2.0=MIRROR_REGISTRY_PLACEHOLDER/o
 quay.io/openshifttest/ui-auto-operators:latest=MIRROR_REGISTRY_PLACEHOLDER/openshifttest/ui-auto-operators:latest
 quay.io/openshifttest/prometheus-example-app:multiarch=MIRROR_REGISTRY_PLACEHOLDER/openshifttest/prometheus-example-app:multiarch
 EOF
+    # Creating ICSP for quay.io/openshifttest is in enable-qe-catalogsource-disconnected step
+    # Set Node CA for Mirror Registry is in enable-qe-catalogsource-disconnected step
+    sed -i "s/MIRROR_REGISTRY_PLACEHOLDER/${MIRROR_REGISTRY_HOST}/g" "/tmp/mirror-images-list.yaml" 
+elif [ -f "${SHARED_DIR}/mirror-images-list.yaml" ]; then
+    echo "${SHARED_DIR}/mirror-images-list.yaml was found and will be used"
+    cp "${SHARED_DIR}/mirror-images-list.yaml" "/tmp/mirror-images-list.yaml"
+    # Format must be SRC=DEST
+    sed -i 's/ /=/g' "/tmp/mirror-images-list.yaml"
+else
+    echo "No images to mirror."
+    exit 0
+fi
 
 # combine custom registry credential and default pull secret
 registry_cred=`head -n 1 "/var/run/vault/mirror-registry/registry_creds" | base64 -w 0`
@@ -107,16 +120,23 @@ openshifttest_auth_password=$(cat "/var/run/vault/mirror-registry/registry_quay_
 openshifttest_registry_auth=`echo -n "${openshifttest_auth_user}:${openshifttest_auth_password}" | base64 -w 0`
 jq --argjson a "{\"${MIRROR_REGISTRY_HOST}\": {\"auth\": \"$registry_cred\"},\"quay.io/openshifttest\": {\"auth\": \"${openshifttest_registry_auth}\"}}" '.auths |= . + $a' "${CLUSTER_PROFILE_DIR}/pull-secret" > "${new_pull_secret}"
 
-# MIRROR IMAGES
-# Creating ICSP for quay.io/openshifttest is in enable-qe-catalogsource-disconnected step
-# Set Node CA for Mirror Registry is in enable-qe-catalogsource-disconnected step
-sed -i "s/MIRROR_REGISTRY_PLACEHOLDER/${MIRROR_REGISTRY_HOST}/g" "/tmp/mirror-images-list.yaml" 
+# For disconnected or otherwise unreachable environments, we want to
+# have steps use an HTTP(S) proxy to reach the API server. This proxy
+# configuration file should export HTTP_PROXY, HTTPS_PROXY, and NO_PROXY
+# environment variables, as well as their lowercase equivalents (note
+# that libcurl doesn't recognize the uppercase variables).
+if test -f "${SHARED_DIR}/proxy-conf.sh"
+then
+    # shellcheck disable=SC1090
+    source "${SHARED_DIR}/proxy-conf.sh"
+fi
 
-# To avoid 409 too many request error, mirroring image one by one
-for image in `cat /tmp/mirror-images-list.yaml`
-do
-    oc image mirror $image  --insecure=true -a "${new_pull_secret}" \
- --skip-missing=true --skip-verification=true --keep-manifest-list=true --filter-by-os='.*'
-done
+# MIRROR IMAGES
+ # To avoid 409 too many request error, mirroring image one by one
+ for image in `cat /tmp/mirror-images-list.yaml`
+ do
+     oc image mirror $image  --insecure=true -a "${new_pull_secret}" \
+         --skip-missing=true --skip-verification=true --keep-manifest-list=true --filter-by-os='.*' --insecure=true
+ done
 
 rm -f "${new_pull_secret}"
diff --git a/ci-operator/step-registry/mirror-images/qe-test-images/mirror-images-qe-test-images-ref.yaml b/ci-operator/step-registry/mirror-images/qe-test-images/mirror-images-qe-test-images-ref.yaml
index 079179cba28d..232cdeb02e4f 100644
--- a/ci-operator/step-registry/mirror-images/qe-test-images/mirror-images-qe-test-images-ref.yaml
+++ b/ci-operator/step-registry/mirror-images/qe-test-images/mirror-images-qe-test-images-ref.yaml
@@ -8,6 +8,13 @@ ref:
     requests:
       cpu: 10m
       memory: 100Mi
+  env:
+    - name: QE_IMAGES
+      default: 'true'
+      documentation: |-
+        Whether or not mirror QE images. This can be disabled if someone wants
+        to pre-create "${SHARED_DIR}/mirror-images-list.yaml" and mirror
+        these images instead.
   credentials:
   - namespace: test-credentials
     name: openshift-custom-mirror-registry