[chore] Adding nightly tests against next RHDH tag

[OpinionatedHeron]

Description

Added a nightly workflow to RHDH Local in order to run tests against the next RHDH tag. Tried to ensure that it would test all release branches, even if new ones are created.

Which issue(s) does this PR fix or relate to

RHIDP-12133

PR acceptance criteria

• Tests updated and passing
• Documentation updated
• Built-in TechDocs updated if needed. Note that TechDocs changes may need to be reviewed by a Product Manager and/or Architect to ensure content accuracy, clarity, and alignment with user needs.

How to test changes / Special notes to the reviewer

Tested workflow in my own fork, all tests seem to have run as expected but there were some failures for 1.8 and 1.7 - mostly related to arm, so I think they are to be expected.

[rhdh-qodo-merge]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶 RHIDP-12133 - Partially compliant Compliant requirements: Add a nightly GitHub Actions workflow for RHDH Local. Run tests against the unstable/next RHDH tag (to catch breakages before users hit them). Ensure the workflow covers all release branches (including newly created ones) without needing manual workflow updates. Non-compliant requirements: Requires further human verification: Confirm the scheduled cron time is correct for the intended timezone/maintenance window and that the workflow reliably triggers nightly in the target repo.

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🔒 Security concerns Supply chain: The workflow executes npx --yes dclint ., which can fetch and run unpinned code during CI. Consider pinning the dclint version (or installing via the repository lockfile) to reduce supply-chain exposure and improve reproducibility.

⚡ Recommended focus areas for review Action Version The workflow uses actions/checkout@v6, which is likely an invalid/nonexistent major version and would cause the workflow to fail at runtime. Consider switching to a known supported major version (and ideally pin to a SHA for supply-chain hardening). - uses: actions/checkout@v6 - name: Lint Supply Chain The lint step runs npx --yes dclint ., which may download and execute the latest package at runtime. This can lead to non-reproducible runs and increases supply-chain risk. Consider pinning the package/version (or using a lockfile-based install) to keep the workflow deterministic. - name: Lint run: | npx --yes dclint .

📚 Focus areas based on broader codebase context Reproducibility The workflow pins several tool versions, but CORPORATE_PROXY_IMAGE is set to docker.io/ubuntu/squid:latest (line 73), which can change over time and make nightly results non-deterministic. Consider pinning this image to a specific version/digest (and optionally documenting the update policy) to keep failures attributable to code changes rather than drifting dependencies. (Ref 6, Ref 1) env: # Using the next tag from the release branch RHDH_TAG: ${{ github.event.inputs.rhdh_tag || vars.NEXT_RHDH_TAG }} RHDH_IMAGE: quay.io/rhdh-community/rhdh:next DOCKER_COMPOSE_VERSION: v5.0.1 PODMAN_IMAGE: quay.io/podman/stable:v5 CORPORATE_PROXY_IMAGE: docker.io/ubuntu/squid:latest Reference reasoning: Existing YAML in the codebase commonly uses explicit, stable image tags for test tooling and components (e.g., a fixed scorecard-test version and explicitly tagged component images), which avoids unexpected behavior changes from floating tags like latest.

📄 References redhat-developer/rhdh-operator/pkg/model/testdata/rhdh-deployment.yaml [36-58] redhat-developer/rhdh-chart/charts/orchestrator-infra/values.yaml [37-41] redhat-developer/rhdh-chart/charts/orchestrator-software-templates-infra/values.yaml [141-163] redhat-developer/rhdh-chart/charts/orchestrator-infra/templates/tests/infra-test.yaml [0-2] redhat-developer/rhdh-chart/charts/orchestrator-software-templates-infra/templates/tests/infra-test.yaml [0-2] redhat-developer/rhdh-operator/bundle/rhdh/tests/scorecard/config.yaml [5-47] redhat-developer/rhdh-operator/bundle/backstage.io/tests/scorecard/config.yaml [5-47] redhat-developer/rhdh-operator/config/scorecard/patches/olm.config.yaml [1-40]

[rhdh-qodo-merge]

PR Type

Tests, Enhancement

---

Description

• Add nightly workflow to test RHDH Local against next RHDH tag

• Dynamically discover and test all release branches at runtime

• Test matrix includes multiple OS, container tools, and configurations

• Lint checks and comprehensive health verification included

---

File Walkthrough

Relevant files

Tests

nightly.yaml Create nightly test workflow for RHDH releases                      .github/workflows/nightly.yaml New nightly workflow scheduled daily and manually triggerable via workflow_dispatch Lint job validates code quality using dclint Dynamic branch discovery job finds main and release-* branches at runtime Comprehensive test matrix covering ubuntu-24.04/arm, docker/podman, 6 compose configurations, and user config variations Health checks include container engine version display, compose config validation, app startup verification, and detailed logging on failure +244/-0

---

[rhdh-qodo-merge]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Reduce the nightly test matrix The test matrix is too large for a nightly run, leading to high costs and long execution times. It should be reduced for scheduled runs, with the full matrix reserved for manual triggers. Examples: .github/workflows/nightly.yaml [38-63] strategy: fail-fast: false matrix: branch: ${{ fromJson(needs.discover-branches.outputs.branches) }} os: - ubuntu-24.04 - ubuntu-24.04-arm tool: - docker - podman ... (clipped 16 lines) Solution Walkthrough: Before: jobs: test: strategy: fail-fast: false matrix: branch: ${{ fromJson(needs.discover-branches.outputs.branches) }} os: - ubuntu-24.04 - ubuntu-24.04-arm tool: - docker - podman userConfig: - "false" - "true" composeConfig: - name: "default" - ... (5 more configurations) After: jobs: test: strategy: fail-fast: false matrix: # For nightly schedule, run a smaller, representative set of tests branch: ${{ github.event_name == 'schedule' && '["main"]' || fromJson(needs.discover-branches.outputs.branches) }} os: ${{ github.event_name == 'schedule' && '["ubuntu-24.04"]' || '["ubuntu-24.04", "ubuntu-24.04-arm"]' }} tool: ${{ github.event_name == 'schedule' && '["docker"]' || '["docker", "podman"]' }} userConfig: ${{ github.event_name == 'schedule' && '["false"]' || '["false", "true"]' }} composeConfig: ${{ github.event_name == 'schedule' && fromJson(''[{"name": "default", "cliArgs": ""}]'') || fromJson(needs.discover-branches.outputs.composeConfigs) }} ... Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a massive test matrix that would be excessively costly and slow for a nightly run, proposing a practical solution to run a smaller, representative set on schedule.	High
Possible issue	Fix invalid docker-compose version Update the DOCKER_COMPOSE_VERSION from the invalid v5.0.1 to a valid version like v2.27.0 to prevent the download step from failing. .github/workflows/nightly.yaml [71] -DOCKER_COMPOSE_VERSION: v5.0.1 +DOCKER_COMPOSE_VERSION: v2.27.0 Apply / Chat Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies that v5.0.1 is an invalid version for docker/compose, which would cause the workflow to fail. This is a critical bug fix.	High
	✅ Add non-interactive install flag Suggestion Impact: The workflow no longer runs the `sudo apt-get install ca-certificates curl` command at all—the entire "Update Docker version" step containing it was removed/refactored into a reusable action, eliminating the interactive install risk the suggestion targeted. code diff: - - name: Update Docker version - run: | - # Add Docker's official GPG key: - sudo apt-get update - sudo apt-get install ca-certificates curl - sudo install -m 0755 -d /etc/apt/keyrings - sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc - sudo chmod a+r /etc/apt/keyrings/docker.asc - - # Add the repository to Apt sources: - echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ - $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - sudo apt-get update - sudo apt-get install -y docker-ce \ Add the -y flag to the apt-get install command to ensure it runs non-interactively. .github/workflows/nightly.yaml [100] -sudo apt-get install ca-certificates curl +sudo apt-get install -y ca-certificates curl [Suggestion processed] Suggestion importance[1-10]: 7 __ Why: The suggestion correctly points out the missing -y flag, which is crucial for non-interactive execution in a CI environment to prevent the job from hanging.	Medium
General	Add workflow_dispatch input Define the rhdh_tag input under the workflow_dispatch trigger to make github.event.inputs.rhdh_tag available for manual runs. .github/workflows/nightly.yaml [3-4] on: workflow_dispatch: + inputs: + rhdh_tag: + description: 'Override RHDH tag' + required: false Apply / Chat Suggestion importance[1-10]: 8 __ Why: This suggestion correctly identifies that for github.event.inputs.rhdh_tag to be used, it must be defined as an input for the workflow_dispatch trigger, fixing a potential runtime error.	Medium
Update

[OpinionatedHeron]

Jobs are passing for main, but failing for 1.9, 1.8, and 1.7 because it cannot find the action file without cherry-picking:

https://github.com/OpinionatedHeron/rhdh-local/actions/runs/25003559224

[OpinionatedHeron]

Test Fail reason - Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/home/runner/work/rhdh-local/rhdh-local/.github/actions/rhdh-local-compose-test'. Did you forget to run actions/checkout before running your local action?

[OpinionatedHeron]

/agentic_review

[OpinionatedHeron]

Made recommended changes, and removed developer-lightspeed/compose-with-ollama.yaml as tests were failing because this file was removed in a previous commit.

Nightly tests passing on main:
https://github.com/OpinionatedHeron/rhdh-local/actions/runs/25174317550

[OpinionatedHeron]

Should pull the correct catalog image index tag now - added create .env so that the compose config would use the correct tag during testing.

Nightly tests are passing for main: https://github.com/OpinionatedHeron/rhdh-local/actions/runs/25502242340

[rm3l]

/agentic_review

[rhdh-qodo-merge]

Persistent review updated to latest commit d513065

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud