From b2931c95b43bdc042095793e2fdd7b5326947ea0 Mon Sep 17 00:00:00 2001
From: chandramerla <Chandra.Merla@ibm.com>
Date: Thu, 1 Aug 2024 20:43:07 +0530
Subject: [PATCH] Added func in bootstrap/runner.sh to upload a file to GCS via
 REST API as gsutils not supported for s390x

Signed-off-by: chandramerla <Chandra.Merla@ibm.com>
---
 .../kubevirtci/kubevirtci-postsubmits.yaml    |  6 +--
 images/bootstrap/Dockerfile                   |  1 +
 images/bootstrap/runner.sh                    | 53 +++++++++++++++++++
 3 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/github/ci/prow-deploy/files/jobs/kubevirt/kubevirtci/kubevirtci-postsubmits.yaml b/github/ci/prow-deploy/files/jobs/kubevirt/kubevirtci/kubevirtci-postsubmits.yaml
index 35525f9150..2586d278d4 100644
--- a/github/ci/prow-deploy/files/jobs/kubevirt/kubevirtci/kubevirtci-postsubmits.yaml
+++ b/github/ci/prow-deploy/files/jobs/kubevirt/kubevirtci/kubevirtci-postsubmits.yaml
@@ -28,7 +28,7 @@ postsubmits:
             type: Directory
           name: devices
         containers:
-        - image: quay.io/kubevirtci/golang:v20240711-f55d15c
+        - image: quay.io/kubevirtci/golang:v20240723-b778c41
           command:
           - "/usr/local/bin/runner.sh"
           - "/bin/bash"
@@ -90,7 +90,7 @@ postsubmits:
             type: Directory
           name: devices
         containers:
-        - image: quay.io/kubevirtci/golang:v20240711-f55d15c
+        - image: quay.io/kubevirtci/golang:v20240723-b778c41
           command:
           - "/usr/local/bin/runner.sh"
           - "/bin/bash"
@@ -99,7 +99,7 @@ postsubmits:
             cat $QUAY_PASSWORD | podman login --username $(<$QUAY_USER) --password-stdin quay.io &&
             SHORT_SHA=$(git rev-parse --short HEAD) &&
             GCS_FILE_PATH=gs://kubevirt-prow/release/kubevirt/kubevirtci/s390x-$SHORT_SHA &&
-            CHECK_INTERVAL=60 &&
+            CHECK_INTERVAL=30 &&
             while true; do
                 if gsutil -q stat "$GCS_FILE_PATH"; then
                     echo "File $GCS_FILE_PATH is now available."
diff --git a/images/bootstrap/Dockerfile b/images/bootstrap/Dockerfile
index 453250434a..0012451a6c 100644
--- a/images/bootstrap/Dockerfile
+++ b/images/bootstrap/Dockerfile
@@ -59,6 +59,7 @@ RUN dnf install -y \
     qemu-user-static \
     bind-utils \
     wget \
+    openssl \
     python3-jinja2 &&\
   dnf -y clean all
 
diff --git a/images/bootstrap/runner.sh b/images/bootstrap/runner.sh
index 976fad15b2..3836f72277 100755
--- a/images/bootstrap/runner.sh
+++ b/images/bootstrap/runner.sh
@@ -125,6 +125,59 @@ if [[ -n "${GOOGLE_APPLICATION_CREDENTIALS:-}" ]]; then
   gcloud auth activate-service-account --key-file="${GOOGLE_APPLICATION_CREDENTIALS}" || true
 fi
 
+#Function to get access token
+get_access_token() {
+    local sa_email=$(jq -r '.client_email' $GOOGLE_APPLICATION_CREDENTIALS)
+    local sa_key=$(jq -r '.private_key' $GOOGLE_APPLICATION_CREDENTIALS)
+    local jwt_header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 -w 0 | tr '+/' '-_' | tr -d '=')
+    local jwt_claim=$(echo -n '{"iss":"'$sa_email'","scope":"https://www.googleapis.com/auth/cloud-platform","aud":"https://oauth2.googleapis.com/token","exp":'$(($(date +%s) + 3600))',"iat":'$(date +%s)'}' | base64 -w 0 | tr '+/' '-_' | tr -d '=')
+    local jwt_signature=$(echo -n "$jwt_header.$jwt_claim" | openssl dgst -binary -sha256 -sign <(echo "$sa_key") | base64 -w 0 | tr '+/' '-_' | tr -d '=')
+    local jwt="$jwt_header.$jwt_claim.$jwt_signature"
+
+    local response=$(curl -s -X POST https://oauth2.googleapis.com/token \
+         -H "Content-Type: application/x-www-form-urlencoded" \
+         -d "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt")
+
+    echo $(echo $response | jq -r '.access_token')
+}
+export -f get_access_token
+
+# Function to upload a file to Google Cloud Storage via REST APIs as gsutil not supported on s390x
+upload_to_gcs() {
+    local source_file="$1"
+    local destination_blob="$2"
+    local bucket_name="kubevirt-prow"
+    local content_type="application/octet-stream"
+
+    if [ -z "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then
+        echo "GOOGLE_APPLICATION_CREDENTIALS is not set. Please set it to the path of your service account key file."
+        exit 1
+    fi
+
+    # Get the access token using the service account key file
+    access_token=$(get_access_token)
+    if [ -z "$access_token" ]; then
+        echo "Failed to obtain access token. Check your service account key file."
+        exit 1
+    fi
+
+    # Upload file
+    upload_response=$(curl -X POST \
+      --data-binary @"$source_file" \
+      -H "Authorization: Bearer $access_token" \
+      -H "Content-Type: application/octet-stream" \
+      "https://storage.googleapis.com/upload/storage/v1/b/$bucket_name/o?uploadType=media&name=$destination_blob")
+
+    # Check response
+    if echo $upload_response | jq -e '.name' > /dev/null; then
+       echo "File $source_file uploaded successfully as $destination_blob"
+    else
+       echo "Upload failed. Response:"
+       echo $upload_response | jq '.'
+    fi
+}
+export -f upload_to_gcs
+
 # Set up Container Registry Auth file
 mkdir -p "${HOME}/containers" && echo "{}" > "${HOME}/containers/auth.json"
 export REGISTRY_AUTH_FILE="${HOME}/containers/auth.json"