Refactor common Makefile to use ansible playbooks rather than scripts in common

Makefile

@@ -1,72 +1,6 @@
-NAME ?= $(shell basename "`pwd`")
-
-ifneq ($(origin TARGET_SITE), undefined)
-  TARGET_SITE_OPT=--set main.clusterGroupName=$(TARGET_SITE)
-endif
-
-# Set this to true if you want to skip any origin validation
-DISABLE_VALIDATE_ORIGIN ?= false
-ifeq ($(DISABLE_VALIDATE_ORIGIN),true)
-  VALIDATE_ORIGIN :=
-else
-  VALIDATE_ORIGIN := validate-origin
-endif
-
-# This variable can be set in order to pass additional helm arguments from the
-# the command line. I.e. we can set things without having to tweak values files
-EXTRA_HELM_OPTS ?=
-
-# This variable can be set in order to pass additional ansible-playbook arguments from the
-# the command line. I.e. we can set -vvv for more verbose logging
-EXTRA_PLAYBOOK_OPTS ?=
-
-# INDEX_IMAGES=registry-proxy.engineering.redhat.com/rh-osbs/iib:394248
-# or
-# INDEX_IMAGES=registry-proxy.engineering.redhat.com/rh-osbs/iib:394248,registry-proxy.engineering.redhat.com/rh-osbs/iib:394249
-INDEX_IMAGES ?=
-
-# git branch --show-current is also available as of git 2.22, but we will use this for compatibility
-TARGET_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
-
-#default to the branch remote
-TARGET_ORIGIN ?= $(shell git config branch.$(TARGET_BRANCH).remote)
-
-# The URL for the configured origin (could be HTTP/HTTPS/SSH)
-TARGET_REPO_RAW := $(shell git ls-remote --get-url --symref $(TARGET_ORIGIN))
-
-UUID_FILE ?= ~/.config/validated-patterns/pattern-uuid
-UUID_HELM_OPTS ?=
-
-# --set values always take precedence over the contents of -f
-ifneq ("$(wildcard $(UUID_FILE))","")
-	UUID := $(shell cat $(UUID_FILE))
-	UUID_HELM_OPTS := --set main.analyticsUUID=$(UUID)
-endif
-
-# Set the secret name *and* its namespace when deploying from private repositories
-# The format of said secret is documented here: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories
-TOKEN_SECRET ?=
-TOKEN_NAMESPACE ?=
-
-ifeq ($(TOKEN_SECRET),)
-  # SSH agents are not created for public repos (repos with no secret token) by the patterns operator so we convert to HTTPS
-  TARGET_REPO := $(shell echo "$(TARGET_REPO_RAW)" | sed 's/^git@\(.*\):\(.*\)/https:\/\/\1\/\2/')
-  SECRET_OPTS :=
-else
-  TARGET_REPO := $(TARGET_REPO_RAW)
-  SECRET_OPTS := --set main.tokenSecret=$(TOKEN_SECRET) --set main.tokenSecretNamespace=$(TOKEN_NAMESPACE)
-endif
-
-HELM_OPTS := -f values-global.yaml \
-             --set main.git.repoURL="$(TARGET_REPO)" \
-             --set main.git.revision=$(TARGET_BRANCH) \
-             $(SECRET_OPTS) \
-             $(TARGET_SITE_OPT) \
-             $(UUID_HELM_OPTS) \
-             $(EXTRA_HELM_OPTS)
-
-# Helm does the right thing and fetches all the tags and detects the newest one
-PATTERN_INSTALL_CHART ?= oci://quay.io/hybridcloudpatterns/pattern-install
+MAKEFLAGS += --no-print-directory
+# ANSIBLE_RUN = ansible-playbook $(EXTRA_PLAYBOOK_OPTS) -vvv
+ANSIBLE_RUN = ANSIBLE_STDOUT_CALLBACK=null ansible-playbook $(EXTRA_PLAYBOOK_OPTS)
 
 ##@ Pattern Common Tasks
 
@@ -79,193 +13,79 @@ help: ## This help message
 #  e.g. from industrial-edge: make -f common/Makefile show
 .PHONY: show
 show: ## show the starting template without installing it
-	helm template $(PATTERN_INSTALL_CHART) --name-template $(NAME) $(HELM_OPTS)
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.show
 
 preview-all: ## (EXPERIMENTAL) Previews all applications on hub and managed clusters
-	@echo "NOTE: This is just a tentative approximation of rendering all hub and managed clusters templates"
-	@common/scripts/preview-all.sh $(TARGET_REPO) $(TARGET_BRANCH)
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.preview_all
 
 preview-%:
-	$(eval CLUSTERGROUP ?= $(shell yq ".main.clusterGroupName" values-global.yaml))
-	@common/scripts/preview.sh $(CLUSTERGROUP) $* $(TARGET_REPO) $(TARGET_BRANCH)
+	@$(ANSIBLE_RUN) -e app=$* rhvp.cluster_utils.preview
 
 .PHONY: operator-deploy
-operator-deploy operator-upgrade: validate-prereq $(VALIDATE_ORIGIN) validate-cluster ## runs helm install
-	@common/scripts/deploy-pattern.sh $(NAME) $(PATTERN_INSTALL_CHART) $(HELM_OPTS)
-
-.PHONY: uninstall
-uninstall: ## runs helm uninstall
-	$(eval CSV := $(shell oc get subscriptions -n openshift-operators openshift-gitops-operator -ojsonpath={.status.currentCSV}))
-	helm uninstall $(NAME)
-	@oc delete csv -n openshift-operators $(CSV)
+operator-deploy operator-upgrade: ## validates the pattern repo and installs via the pattern-install chart
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.operator_deploy
 
 .PHONY: load-secrets
 load-secrets: ## loads the secrets into the backend determined by values-global setting
-	common/scripts/process-secrets.sh $(NAME)
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.process_secrets
 
 .PHONY: legacy-load-secrets
 legacy-load-secrets: ## loads the secrets into vault (only)
-	common/scripts/vault-utils.sh push_secrets $(NAME)
+	@$(ANSIBLE_RUN) -t push_secrets rhvp.cluster_utils.vault
 
 .PHONY: secrets-backend-vault
 secrets-backend-vault: ## Edits values files to use default Vault+ESO secrets config
-	common/scripts/set-secret-backend.sh vault
-	common/scripts/manage-secret-app.sh vault present
-	common/scripts/manage-secret-app.sh golang-external-secrets present
-	common/scripts/manage-secret-namespace.sh validated-patterns-secrets absent
-	@git diff --exit-code || echo "Secrets backend set to vault, please review changes, commit, and push to activate in the pattern"
+	@$(ANSIBLE_RUN) -e secrets_backing_store=vault rhvp.cluster_utils.configure_secrets_backend
 
 .PHONY: secrets-backend-kubernetes
 secrets-backend-kubernetes: ## Edits values file to use Kubernetes+ESO secrets config
-	common/scripts/set-secret-backend.sh kubernetes
-	common/scripts/manage-secret-namespace.sh validated-patterns-secrets present
-	common/scripts/manage-secret-app.sh vault absent
-	common/scripts/manage-secret-app.sh golang-external-secrets present
-	@git diff --exit-code || echo "Secrets backend set to kubernetes, please review changes, commit, and push to activate in the pattern"
+	@$(ANSIBLE_RUN) -e secrets_backing_store=kubernetes rhvp.cluster_utils.configure_secrets_backend
 
 .PHONY: secrets-backend-none
 secrets-backend-none: ## Edits values files to remove secrets manager + ESO
-	common/scripts/set-secret-backend.sh none
-	common/scripts/manage-secret-app.sh vault absent
-	common/scripts/manage-secret-app.sh golang-external-secrets absent
-	common/scripts/manage-secret-namespace.sh validated-patterns-secrets absent
-	@git diff --exit-code || echo "Secrets backend set to none, please review changes, commit, and push to activate in the pattern"
+	@$(ANSIBLE_RUN) -e secrets_backing_store=none rhvp.cluster_utils.configure_secrets_backend
 
 .PHONY: load-iib
 load-iib: ## CI target to install Index Image Bundles
-	@set -e; if [ x$(INDEX_IMAGES) != x ]; then \
-		ansible-playbook $(EXTRA_PLAYBOOK_OPTS) rhvp.cluster_utils.iib_ci; \
-	else \
-		echo "No INDEX_IMAGES defined. Bailing out"; \
-		exit 1; \
-	fi
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.iib_ci
 
 .PHONY: token-kubeconfig
 token-kubeconfig: ## Create a local ~/.kube/config with password (not usually needed)
-	common/scripts/write-token-kubeconfig.sh
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.write_token_kubeconfig
 
 ##@ Validation Tasks
 
 # If the main repoUpstreamURL field is set, then we need to check against
 # that and not target_repo
 .PHONY: validate-origin
 validate-origin: ## verify the git origin is available
-	@echo "Checking repository:"
-	$(eval UPSTREAMURL := $(shell yq -r '.main.git.repoUpstreamURL // (.main.git.repoUpstreamURL = "")' values-global.yaml))
-	@if [ -z "$(UPSTREAMURL)" ]; then\
-		echo -n "  $(TARGET_REPO) - branch '$(TARGET_BRANCH)': ";\
-		git ls-remote --exit-code --heads $(TARGET_REPO) $(TARGET_BRANCH) >/dev/null &&\
-			echo "OK" || (echo "NOT FOUND"; exit 1);\
-	else\
-		echo "Upstream URL set to: $(UPSTREAMURL)";\
-		echo -n "  $(UPSTREAMURL) - branch '$(TARGET_BRANCH)': ";\
-		git ls-remote --exit-code --heads $(UPSTREAMURL) $(TARGET_BRANCH) >/dev/null &&\
-			echo "OK" || (echo "NOT FOUND"; exit 1);\
-	fi
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.validate_origin
 
 .PHONY: validate-cluster
 validate-cluster: ## Do some cluster validations before installing
-	@echo "Checking cluster:"
-	@echo -n "  cluster-info: "
-	@oc cluster-info >/dev/null && echo "OK" || (echo "Error"; exit 1)
-	@echo -n "  storageclass: "
-	@if [ `oc get storageclass -o go-template='{{printf "%d\n" (len .items)}}'` -eq 0 ]; then\
-		echo "WARNING: No storageclass found";\
-	else\
-		echo "OK";\
-	fi
-
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.validate_cluster
 
 .PHONY: validate-schema
 validate-schema: ## validates values files against schema in common/clustergroup
-	$(eval VAL_PARAMS := $(shell for i in ./values-*.yaml; do echo -n "$${i} "; done))
-	@echo -n "Validating clustergroup schema of: "
-	@set -e; for i in $(VAL_PARAMS); do echo -n " $$i"; helm template oci://quay.io/hybridcloudpatterns/clustergroup $(HELM_OPTS) -f "$${i}" >/dev/null; done
-	@echo
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.validate_schema
 
 .PHONY: validate-prereq
 validate-prereq: ## verify pre-requisites
-	$(eval GLOBAL_PATTERN := $(shell yq -r .global.pattern values-global.yaml))
-	@if [ $(NAME) != $(GLOBAL_PATTERN) ]; then\
-		echo "";\
-		echo "WARNING: folder directory is \"$(NAME)\" and global.pattern is set to \"$(GLOBAL_PATTERN)\"";\
-		echo "this can create problems. Please make sure they are the same!";\
-		echo "";\
-	fi
-	@if [ ! -f /run/.containerenv ]; then\
-	  echo "Checking prerequisites:";\
-	  echo -n "  Check for python-kubernetes: ";\
-	  if ! ansible -m ansible.builtin.command -a "{{ ansible_python_interpreter }} -c 'import kubernetes'" localhost > /dev/null 2>&1; then echo "Not found"; exit 1; fi;\
-	  echo "OK";\
-	  echo -n "  Check for kubernetes.core collection: ";\
-	  if ! ansible-galaxy collection list | grep kubernetes.core > /dev/null 2>&1; then echo "Not found"; exit 1; fi;\
-	  echo "OK";\
-	else\
-		if [ -f values-global.yaml ]; then\
-			OUT=`yq -r '.main.multiSourceConfig.enabled // (.main.multiSourceConfig.enabled = "false")' values-global.yaml`;\
-			if [ "$${OUT,,}" = "false" ]; then\
-				echo "You must set \".main.multiSourceConfig.enabled: true\" in your 'values-global.yaml' file";\
-				echo "because your common subfolder is the slimmed down version with no helm charts in it";\
-				exit 1;\
-			fi;\
-		fi;\
-	fi
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.validate_prereq
 
 .PHONY: argo-healthcheck
 argo-healthcheck: ## Checks if all argo applications are synced
-	@echo "Checking argo applications"
-	$(eval APPS := $(shell oc get applications.argoproj.io -A -o jsonpath='{range .items[*]}{@.metadata.namespace}{","}{@.metadata.name}{"\n"}{end}'))
-	@NOTOK=0; \
-	for i in $(APPS); do\
-		n=`echo "$${i}" | cut -f1 -d,`;\
-		a=`echo "$${i}" | cut -f2 -d,`;\
-		STATUS=`oc get -n "$${n}" applications.argoproj.io/"$${a}" -o jsonpath='{.status.sync.status}'`;\
-		if [[ $$STATUS != "Synced" ]]; then\
-			NOTOK=$$(( $${NOTOK} + 1));\
-		fi;\
-		HEALTH=`oc get -n "$${n}" applications.argoproj.io/"$${a}" -o jsonpath='{.status.health.status}'`;\
-		if [[ $$HEALTH != "Healthy" ]]; then\
-			NOTOK=$$(( $${NOTOK} + 1));\
-		fi;\
-		echo "$${n} $${a} -> Sync: $${STATUS} - Health: $${HEALTH}";\
-	done;\
-	if [ $${NOTOK} -gt 0 ]; then\
-	    echo "Some applications are not synced or are unhealthy";\
-	    exit 1;\
-	fi
-
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.argo_healthcheck
 
 ##@ Test and Linters Tasks
 
 .PHONY: qe-tests
 qe-tests: ## Runs the tests that QE runs
-	@set -e; if [ -f ./tests/interop/run_tests.sh ]; then \
-		pushd ./tests/interop; ./run_tests.sh; popd; \
-	else \
-		echo "No ./tests/interop/run_tests.sh found skipping"; \
-	fi
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.qe_tests
 
 .PHONY: super-linter
 super-linter: ## Runs super linter locally
-	rm -rf .mypy_cache
-	podman run -e RUN_LOCAL=true -e USE_FIND_ALGORITHM=true	\
-					-e VALIDATE_ANSIBLE=false \
-					-e VALIDATE_BASH=false \
-					-e VALIDATE_CHECKOV=false \
-					-e VALIDATE_DOCKERFILE_HADOLINT=false \
-					-e VALIDATE_JSCPD=false \
-					-e VALIDATE_JSON_PRETTIER=false \
-					-e VALIDATE_MARKDOWN_PRETTIER=false \
-					-e VALIDATE_KUBERNETES_KUBECONFORM=false \
-					-e VALIDATE_PYTHON_PYLINT=false \
-					-e VALIDATE_SHELL_SHFMT=false \
-					-e VALIDATE_TEKTON=false \
-					-e VALIDATE_YAML=false \
-					-e VALIDATE_YAML_PRETTIER=false \
-					$(DISABLE_LINTERS) \
-					-v $(PWD):/tmp/lint:rw,z \
-					-w /tmp/lint \
-					ghcr.io/super-linter/super-linter:slim-v7
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.super_linter
 
 .PHONY: deploy upgrade legacy-deploy legacy-upgrade
 deploy upgrade legacy-deploy legacy-upgrade: