Add volumeMount for dynamic-plugins-registry-auth

[durandom]

For secure container registry we need a auth.json file that contains auth tokens. The file is stored as a secret like

oc create secret generic dynamic-plugins-registry-auth --from-file=~/.config/containers/auth.json

It is then picked up by skopeo during the dynamic plugin install process.

Accompanying PR for dynamic plugins:

janus-idp/backstage-showcase#1479

[rm3l]

From the error in CI, it looks like you need to bump the chart version: https://github.com/redhat-developer/rhdh-chart/actions/runs/10466892802/job/28984592226?pr=41#step:7:38

[durandom]

thanks, I wanted to wait until #40 get's merged and then bump the version again :)

[rm3l]

thanks, I wanted to wait until #40 get's merged and then bump the version again :)

Just reviewed and merged #40 ;)

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[durandom]

changed the defaultMode to 416, thanks for pointing it out on redhat-developer/rhdh-operator#102 (comment)

[durandom]

/retest

[rm3l]

From the CI logs, it looks like the latest tag of RHDH used in this Chart is now pointing to an old version of RHDH.

/opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1481
          throw new Error(
                ^

Error: Failed to instantiate service 'core.tokenManager' for 'search' because the factory function threw an error, Error: Failed to instantiate service 'core.tokenManager' because createRootContext threw an error, Error: You must configure at least one key in backend.auth.keys for production.
    at /opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1481:17
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async BackendInitializer.getInitDeps_fn (/opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1644:20)
    at async /opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1779:32
    at async processNode (/opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1302:22)
    at async Promise.all (index 0)
    at async processMoreNodes (/opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1297:7)
    at async _DependencyGraph.parallelTopologicalTraversal (/opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1308:5)
    at async /opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1777:9
    at async Promise.all (index 4)
    at async BackendInitializer.doStart_fn (/opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1757:3)
    at async BackendInitializer.start (/opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1611:5)
    at async BackstageBackend.start (/opt/app-root/src/node_modules/@backstage/backend-app-api/dist/index.cjs.js:1881:5)

Node.js v18.20.2

I get the same error on the main branch when deploying the Chart with its defaults.

To fix this, I think we should switch to the next tag by default (just like what we did for the operator: https://github.com/redhat-developer/rhdh-operator/blob/main/config/manager/default-config/deployment.yaml#L86).

[durandom]

@rm3l #42

[durandom]

@rm3l interestingly https://github.com/redhat-developer/rhdh-chart/actions/runs/10355552516/job/28663454790 did work for the latest release. And I just saw, that the failing test is specifically overriding the tag. So I dont think changing it to next does anything to the test.

[durandom]

/retest

[rm3l]

@rm3l interestingly redhat-developer/rhdh-chart/actions/runs/10355552516/job/28663454790 did work for the latest release.

Yeah, I noticed that as well. But that run was 2 weeks ago, and the latest tag was updated 5 days ago (it seems to have the same digest as 1.1). It is still confusing what latest means. If it is supposed to be the latest stable release of RHDH, it should be 1.2 to me.

And I just saw, that the failing test is specifically overriding the tag. So I dont think changing it to next does anything to the test.

You're right. Maybe the test should be explicit about the tag it is using and use --set upstream.backstage.image.tag=1.2 ? https://github.com/redhat-developer/rhdh-chart/blob/main/.github/workflows/test.yml#L73
WDYT?

[durandom]

let's wait for @nickboldt to chime in. The last latest from the last successful run pointed to https://quay.io/repository/rhdh/rhdh-hub-rhel9/manifest/sha256:57321cec47aa00cf65f9b872b55e5283f2ced4f6e4ad820726d7cd764068de30 which is 1.2-133

I would also expect latest to be the latest stable release

[nickboldt]

Something has gone horribly wrong with https://quay.io/repository/rhdh/rhdh-hub-rhel9?tab=tags as 1.1 should NOT link to latest (that is reserved for the current stable release and its z-stream updates

next meanwhile points to builds from main (1.3 currently)

once we branch for feature freeze, after a couple days the latest tag will move to 1.3 and next will move to 1.4.

I've fixed the borked :latest tags like this:

skopeo --insecure-policy copy --all docker://quay.io/rhdh/rhdh-hub-rhel9:{1.2,latest}
skopeo --insecure-policy copy --all docker://quay.io/rhdh/rhdh-rhel9-operator:{1.2,latest} 
skopeo --insecure-policy copy --all docker://quay.io/rhdh/rhdh-operator-bundle:{1.2,latest} 

[rm3l]

I've fixed the borked :latest tags like this:

skopeo --insecure-policy copy --all docker://quay.io/rhdh/rhdh-hub-rhel9:{1.2,latest}
skopeo --insecure-policy copy --all docker://quay.io/rhdh/rhdh-rhel9-operator:{1.2,latest} 
skopeo --insecure-policy copy --all docker://quay.io/rhdh/rhdh-operator-bundle:{1.2,latest} 

Thanks! CI passes with the fixed latest tag.

/lgtm