From 7db42cdb500a55b1a67a252fe67f772241a69425 Mon Sep 17 00:00:00 2001 From: treagitlab Date: Thu, 6 Nov 2025 08:26:57 -0800 Subject: [PATCH] Add Oauth to test-on-cng pipeline --- .gitlab/ci/test-on-cng/main.gitlab-ci.yml | 12 +++++++ .../lib/deployment/configurations/kind.rb | 31 +++++++++++++++++++ .../lib/deployment/default_values.rb | 19 ++++++++++-- 3 files changed, 60 insertions(+), 2 deletions(-) diff --git a/.gitlab/ci/test-on-cng/main.gitlab-ci.yml b/.gitlab/ci/test-on-cng/main.gitlab-ci.yml index 8ad7628c49c419..0785e5b9f7f539 100644 --- a/.gitlab/ci/test-on-cng/main.gitlab-ci.yml +++ b/.gitlab/ci/test-on-cng/main.gitlab-ci.yml @@ -184,6 +184,18 @@ cng-relative-url: QA_RELATIVE_URL_ROOT: "/relative" EXTRA_DEPLOY_VALUES: "--set global.appConfig.relativeUrlRoot=${QA_RELATIVE_URL_ROOT}" +cng-oauth: + extends: + - .cng-test + variables: + QA_SCENARIO: Test::Instance::All + QA_RSPEC_TAGS: --tag oauth + QA_RUN_IN_PARALLEL: "false" + QA_GITHUB_OAUTH_APP_ID: $QA_GITHUB_OAUTH_APP_ID + QA_GITHUB_OAUTH_APP_SECRET: $QA_GITHUB_OAUTH_APP_SECRET + rules: + - if: $QA_SUITES =~ /Test::Integration::OAuth/ + # ========================================== # Post test stage # ========================================== diff --git a/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/configurations/kind.rb b/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/configurations/kind.rb index 67efc8e81c250a..52d52517349728 100644 --- a/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/configurations/kind.rb +++ b/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/configurations/kind.rb @@ -20,6 +20,8 @@ class Kind < Base exit 1 fi SH + # @return [String] secret name for OAuth provider + OAUTH_SECRET_NAME = "gitlab-oauth-github" # Instance of kind deployment configuration # @@ -50,6 +52,7 @@ def initialize(**args) def run_pre_deployment_setup create_initial_root_password create_pre_receive_hook + create_oauth_secret end # Run post-deployment setup @@ -195,6 +198,34 @@ def patch_registry_svc_port }.to_json puts kubeclient.patch('svc', 'gitlab-registry', patch_data) end + + # Create OAuth provider secret + # + # @return [void] + def create_oauth_secret + return unless oauth_enabled? + + log("Creating OAuth provider secret", :info) + + provider_config = <<~YAML + name: 'github' + app_id: '#{ENV['QA_GITHUB_OAUTH_APP_ID']}' + app_secret: '#{ENV['QA_GITHUB_OAUTH_APP_SECRET']}' + args: + scope: 'user:email' + YAML + + secret = Kubectl::Resources::Secret.new(OAUTH_SECRET_NAME, "provider", provider_config) + secrets_to_mask = [ENV['QA_GITHUB_OAUTH_APP_ID'], ENV['QA_GITHUB_OAUTH_APP_SECRET']] + puts mask_secrets(kubeclient.create_resource(secret), secrets_to_mask) + end + + # Check if OAuth is enabled + # + # @return [Boolean] + def oauth_enabled? + ENV['QA_RSPEC_TAGS']&.include?('oauth') + end end end end diff --git a/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/default_values.rb b/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/default_values.rb index 102248ab5db1e6..162011d3b0628f 100644 --- a/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/default_values.rb +++ b/qa/gems/gitlab-orchestrator/lib/gitlab/orchestrator/lib/deployment/default_values.rb @@ -32,7 +32,8 @@ def common_values(domain) applicationSettingsCacheSeconds: 0, dependencyProxy: { enabled: true - } + }, + omniauth: (oauth_config if ENV['QA_RSPEC_TAGS']&.include?('oauth')) } }, postgresql: { @@ -54,7 +55,7 @@ def common_values(domain) prometheus: { install: false }, "gitlab-runner": { install: false }, installCertmanager: false - } + }.delete_if { |_k, v| v.nil? } end # Key value pairs for ci specific component version values @@ -98,6 +99,20 @@ def with_semver_prefix(version) "v#{version}" end + + def oauth_config + { + enabled: true, + allowSingleSignOn: ['github'], + blockAutoCreatedUsers: false, + providers: [ + { + secret: 'gitlab-oauth-github', + key: 'provider' + } + ] + } + end end end end -- GitLab