test(ui): add ui tests with local-deploy

.github/workflows/ui.yaml

@@ -0,0 +1,128 @@
+name: UI tests
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  ui-e2e-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Free disk space (delete unused tools)
+        id: delete-unused-tools
+        continue-on-error: true
+        shell: bash
+        run: |
+          free_disk_space=22
+          # delete preinstalled unused tools
+          cleanup=(
+            /usr/share/dotnet
+            /usr/share/miniconda
+            /usr/share/swift
+            /usr/share/kotlinc
+            /opt/ghc
+            /opt/hostedtoolcache/CodeQL
+            /opt/hostedtoolcache/Ruby
+            /opt/az
+            /usr/local/lib/android
+          )
+          for d in "${cleanup[@]}"; do
+            if [[ -d "$d" ]]; then
+              rm -rf -- "$d" && echo "deleted $d"
+            else
+              echo "$d not found"
+              continue
+            fi
+            free=$(df -BGB --output=avail / | tail -1)
+            if [[ ${free%GB} -ge "${free_disk_space}" ]]; then
+              echo "Reached requested free disk space ${free_disk_space} [${free} free]."
+              exit 0
+            fi
+          done
+          df -h
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Create KinD Cluster
+        uses: helm/kind-action@v1
+        with:
+          cluster_name: kind
+
+      - name: tags
+        run: |
+          echo "TAG=$(make tag)" | tee -a "$GITHUB_ENV"
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          file: image/Dockerfile
+          context: .
+          push: false
+          load: true
+          tags: quay.io/rhacs-eng/infra-server:${{ env.TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Load into KinD
+        run: |
+          # Check cluster name
+          kind get clusters
+          #docker build -t quay.io/rhacs-eng/infra-server:${{ env.TAG }} -f image/Dockerfile .
+          kind load docker-image quay.io/rhacs-eng/infra-server:${{ env.TAG }} --name kind
+          docker images | grep infra-server
+
+      - name: Deploy
+        run: make deploy-local
+
+      - name: Wait for pods
+        run: kubectl wait --for=condition=ready pod -l app=infra-server -n infra --timeout=3m
+
+      - name: Start port-forward
+        run: |
+          kubectl port-forward -n infra svc/infra-server-service 8443:8443 >/dev/null 2>&1 &
+          echo "PORT_FORWARD_PID=$!" >> "$GITHUB_ENV"
+          sleep 5
+          # Verify port-forward is working
+          timeout 10 sh -c 'until curl -k -f https://localhost:8443/v1/whoami 2>/dev/null; do sleep 1; done' || echo "Warning: Backend may not be ready"
+
+      - name: Run E2E tests
+        uses: cypress-io/github-action@v6
+        with:
+          working-directory: ui
+          start: npm run start
+          wait-on: 'http://localhost:3001'
+          wait-on-timeout: 60
+          command: npm run cypress:run:e2e
+        env:
+          BROWSER: none
+          PORT: 3001
+          # Backend uses HTTPS with self-signed cert (see scripts/deploy/helm.sh)
+          INFRA_API_ENDPOINT: https://localhost:8443
+
+      - name: Upload test artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: cypress-artifacts
+          path: |
+            ui/cypress/videos
+            ui/cypress/screenshots
+          retention-days: 7
+
+      - name: Cleanup port-forward
+        if: always()
+        run: |
+          # Kill by PID if available, otherwise kill by process name
+          if [ -n "${{ env.PORT_FORWARD_PID }}" ]; then
+            echo "Cleaning up port-forward (PID: ${{ env.PORT_FORWARD_PID }})..."
+            kill ${{ env.PORT_FORWARD_PID }} 2>/dev/null || true
+          fi
+          # Fallback: kill any remaining port-forward processes
+          pkill -f "kubectl port-forward.*8443:8443" 2>/dev/null || true

DEPLOYMENT.md

@@ -116,6 +116,12 @@ Use the environment variable `TEST_MODE` to disable certain infra service behavi
 
 This is used in the infra PR clusters to set the login referer and disable telemetry.
 
+#### Deployments for testing only (no secrets)
+
+For test clusters (such as a local KinD/Colima), you can use the deploy-local make target to skip loading secrets. The flavor provisioning actions that require secrets will not be accessible, and integrations such as with Slack will be disabled.
+
+`make deploy-local`
+
 ### Rollback
 
 Use `helm rollback infra-server <REVISION>`.

Makefile

@@ -253,6 +253,31 @@ helm-deploy: pre-check helm-dependency-update create-namespaces
 helm-diff: pre-check helm-dependency-update create-namespaces
 	@./scripts/deploy/helm.sh diff $(VERSION) $(ENVIRONMENT) $(SECRET_VERSION)
 
+## Deploy to local cluster (e.g., Colima) without GCP Secret Manager
+.PHONY: deploy-local
+deploy-local: helm-dependency-update create-namespaces
+	TEST_MODE=true ./scripts/deploy/helm.sh deploy-local $(shell make tag) local
+
+## Run UI E2E tests against local deployment
+.PHONY: test-e2e
+test-e2e:
+	@echo "test-e2e starting..." >&2
+	@echo "Waiting for infra-server to be ready..." >&2
+	@kubectl wait --for=condition=ready pod -l app=infra-server -n infra --timeout=3m >&2 || \
+		(echo "ERROR: infra-server pods did not become ready" >&2 && exit 1)
+	@echo "Starting port-forward and running E2E tests..." >&2
+	@kubectl port-forward -n infra svc/infra-server-service 8443:8443 >/dev/null 2>&1 & \
+	PF_PID=$$!; \
+	cleanup() { \
+		echo "" >&2; \
+		echo "Cleaning up port-forward (PID: $$PF_PID)..." >&2; \
+		kill $$PF_PID 2>/dev/null || true; \
+	}; \
+	trap cleanup EXIT; \
+	sleep 5; \
+	echo "Running Cypress E2E tests..." >&2; \
+	cd ui && BROWSER=none PORT=3001 INFRA_API_ENDPOINT=http://localhost:8443 npm run test:e2e
+
 ## Bounce pods
 .PHONY: bounce-infra-pods
 bounce-infra-pods:

chart/infra-server/configuration/local-values.yaml

@@ -0,0 +1,30 @@
+environment: local
+
+# Set local deploy mode to true for local development
+localDeploy: true
+
+# Enable test mode for faster cluster resume intervals
+testMode: true
+
+# Use local Docker images when available, pull from registry if not present
+# Works with Colima (shared Docker daemon) and kind (after kind load docker-image)
+# IfNotPresent provides flexibility: uses local images when available, pulls when needed
+imagePullPolicy: IfNotPresent
+
+# Pull secrets for container registries - dummy values for local development
+pullSecrets:
+  docker:
+    registry: "docker.io"
+    username: "dummy"
+    password: "dummy"
+  quay:
+    registry: "quay.io"
+    username: "dummy"
+    password: "dummy"
+  stackrox:
+    registry: "stackrox.io"
+    username: "dummy"
+    password: "dummy"
+
+# Alertmanager configuration
+alertmanagerSlackTeam: "dummy-team"

chart/infra-server/templates/argo/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 apiVersion: v1
 kind: Secret
@@ -7,3 +8,4 @@ metadata:
 data:
   credentials.json: |-
     {{ required ".Values.google_credentials_json is undefined" .Values.google_credentials_json }}
+{{- end }}

chart/infra-server/templates/aro/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 apiVersion: v1
 kind: Secret
@@ -16,3 +17,4 @@ data:
     {{ .Values.aroClusterManager.azureSPSecretVal | b64enc }}
   REDHAT_PULL_SECRET_BASE64: |-
     {{ .Values.aroClusterManager.redHatPullSecretBase64 | b64enc }}
+{{- end }}

chart/infra-server/templates/aws/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 apiVersion: v1
 kind: Secret
@@ -10,3 +11,4 @@ data:
     {{ .Values.aws.accessKeyId | b64enc }}
   AWS_SECRET_ACCESS_KEY: |-
     {{ .Values.aws.secretAccessKey | b64enc }}
+{{- end }}

chart/infra-server/templates/azure/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 
 ---
 
@@ -18,3 +19,4 @@ data:
     {{ .Values.azure.sp_tenant | b64enc }}
   ACR_TO_ATTACH: |-
     {{ .Values.azure.aks_attached_acr | b64enc }}
+{{- end }}

chart/infra-server/templates/demo/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 
 apiVersion: v1
@@ -90,3 +91,4 @@ data:
   .dockerconfigjson: {{ template "pull-secret" .Values.pullSecrets.quay }}
 
 ---
+{{- end }}

chart/infra-server/templates/deployment.yaml

@@ -27,8 +27,10 @@ spec:
         - name: infra-server
           image: quay.io/rhacs-eng/infra-server:{{ required "A valid .Values.tag entry is required!" .Values.tag }}
           env:
+{{- if not .Values.localDeploy }}
             - name: GOOGLE_APPLICATION_CREDENTIALS
               value: /configuration/google-credentials.json
+{{- end }}
             - name: TEST_MODE
               value: "{{ .Values.testMode }}"
           readinessProbe:
@@ -47,7 +49,7 @@ spec:
               containerPort: 8443
             - name: metrics
               containerPort: 9101
-          imagePullPolicy: Always
+          imagePullPolicy: {{ .Values.imagePullPolicy | default "Always" }}
           volumeMounts:
             - mountPath: /configuration
               name: configuration

chart/infra-server/templates/gke/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 
 apiVersion: v1
@@ -13,3 +14,4 @@ data:
     {{ required ".Values.gke__gke_provisioner_json is undefined" .Values.gke__gke_provisioner_json }}
 
 ---
+{{- end }}

chart/infra-server/templates/ibm/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 apiVersion: v1
 kind: Secret
@@ -8,3 +9,4 @@ metadata:
 data:
   IBM_ROKS_API_KEY: |-
     {{ .Values.ibmCloudSecrets.ibmRoksApiKey | b64enc }}
+{{- end }}

chart/infra-server/templates/monitoring/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 apiVersion: v1
 kind: Secret
@@ -6,3 +7,4 @@ metadata:
   namespace: monitoring
 data:
   webhookURL: "{{ .Values.alertmanagerSlackWebhook | b64enc }}"
+{{- end }}

chart/infra-server/templates/openshift-4/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 apiVersion: v1
 kind: Secret
 type: Opaque
@@ -43,3 +44,4 @@ metadata:
 data:
   REDHAT_PULL_SECRET: |-
     {{ required ".Values.openshift_4__redhat_pull_secret_json is undefined" .Values.openshift_4__redhat_pull_secret_json }}
+{{- end }}

chart/infra-server/templates/openshift/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 apiVersion: v1
 kind: Secret
 type: Opaque
@@ -9,3 +10,4 @@ metadata:
 data:
   google-credentials.json: |-
     {{ required ".Values.openshift__google_credentials_json is undefined" .Values.openshift__google_credentials_json }}
+{{- end }}

chart/infra-server/templates/osd/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 apiVersion: v1
 kind: Secret
@@ -19,3 +20,4 @@ data:
     {{ .Values.osdClusterManager.gcpSaCredsJsonBase64 | b64enc }}
   GCP_SERVICE_ACCOUNT_KEY_BASE64: |-
     {{ .Values.osdClusterManager.gcpServiceAccountKeyBase64 | b64enc }}
+{{- end }}