tests: run e2e with kind cluster

.github/workflows/tests.yaml

@@ -11,18 +11,6 @@ on:
     - cron: '0 5 * * *'
 
 jobs:
-  style:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '11'
-          cache: 'gradle'
-      - name: Check style
-        run: make -C functionaltest-jenkins-plugin style
-
   build:
     runs-on: ubuntu-latest
     steps:
@@ -39,92 +27,37 @@ jobs:
         with:
           languages: java, javascript
 
+      - name: Check style
+        run: make -C functionaltest-jenkins-plugin style
+
       - name: Build with Maven
         run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom
-      - uses: actions/upload-artifact@v4
-        with:
-          name: stackrox-container-image-scanner.hpi
-          path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi
-      - uses: actions/upload-artifact@v4
-        with:
-          name: stackrox-container-image-scanner.jar
-          path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar
 
       - name: Perform CodeQL Analysis
         if: github.event_name == 'push'
         uses: github/codeql-action/analyze@v3
 
-  e2e:
-    if: github.event_name == 'push' || !github.event.pull_request.head.repo.fork
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup infractl
-        uses: stackrox/actions/infra/install-infractl@main
+      - name: Run jenkins in background
+        run: cd stackrox-container-image-scanner && ./mvnw hpi:run -Djetty.port=8080 &
+      - name: Create k8s Kind Cluster
+        uses: helm/kind-action@v1
       - uses: actions/checkout@v4
         with:
           repository: stackrox/stackrox
           path: stackrox
-      - uses: docker/setup-buildx-action@v3
-      - uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '11'
-          cache: 'gradle'
-
-      - uses: actions/download-artifact@v4
-        with:
-          name: stackrox-container-image-scanner.hpi
-          path: jenkins
-      - uses: actions/download-artifact@v4
-        with:
-          name: stackrox-container-image-scanner.hpi
-          path: stackrox-container-image-scanner/target/
-      - name: Build jenkins image
-        uses: docker/build-push-action@v6
-        with:
-          tags: jenkins-test
-          context: jenkins
-          push: false
-          load: true
-      - name: Run jenkins in background
-        run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test
-
-      - name: Create GKE infra cluster
-        uses: stackrox/actions/infra/create-cluster@v1.0.21
-        with:
-          token: ${{ secrets.INFRA_TOKEN }}
-          flavor: qa-demo
-          name: jenkins-plugin-${{ github.run_id }}
-          lifespan: 1h
-          args: main-image=quay.io/stackrox-io/main:latest
-          wait: "true"
-          no-slack: "true"
-      - name: Setup environment from cluster artifacts
+      - name: Install Stackrox
         env:
-          CLUSTER_NAME: jenkins-plugin-${{ github.run_id }}
-          INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
-          ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts
+          MAIN_IMAGE_TAG: "latest"
+          SENSOR_HELM_DEPLOY: "true"
+          ROX_SCANNER_V4: "false"
         run: |
-          # Fetch the artifacts for the GKE cluster.
-          infractl artifacts --download-dir=${ARTIFACTS_DIR} ${CLUSTER_NAME} >/dev/null
-          # Set both URL and admin password.
-          ROX_PASSWORD=$(cat ${ARTIFACTS_DIR}/admin-password)
-          ROX_ENDPOINT=$(cat ${ARTIFACTS_DIR}/url)
+          stackrox/deploy/k8s/deploy-local.sh
+          ROX_PASSWORD=$(cat stackrox/deploy/k8s/central-deploy/password)
           echo "::add-mask::$ROX_PASSWORD"
-          echo "::add-mask::$ROX_ENDPOINT"
           echo "ROX_PASSWORD=$ROX_PASSWORD" >> $GITHUB_ENV
-          echo "ROX_ENDPOINT=$ROX_ENDPOINT" >> $GITHUB_ENV   
-
+      - name: Add stackrox certificate
+        run: scripts/set-certificates.sh
       - name: Run tests
-        run: |
-          echo $ROX_ENDPOINT
-          make -C functionaltest-jenkins-plugin test
-
-      - name: Teardown cluster
-        if: always()
         env:
-          INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
-        run: |
-          infractl delete jenkins-plugin-${{ github.run_id }} || echo "Failed to remove the infra cluster"
+          ROX_ENDPOINT: 'https://central.stackrox:8000'
+        run: make -C functionaltest-jenkins-plugin test

functionaltest-jenkins-plugin/src/main/groovy/JenkinsClient.groovy

@@ -10,17 +10,15 @@ import groovy.xml.XmlUtil
 
 @CompileStatic
 class JenkinsClient {
-    private final static JENKINSPORT = "8080"
-    private final static JENKINSPROTOCOL = "http"
     private final static boolean USE_CRUMB_AUTHENTICATION = true
     public static final String JOB_TEMPLATE_WITH_IMAGE_NAMES = "resources/templateNoFile.xml"
     public static final String TEMPLATE_WITHOUT_IMAGE_NAMES = "resources/template.xml"
     private final JenkinsServer jenkins
 
     JenkinsClient() {
         def env = System.getenv()
-        String jenkinsAddress = env.getOrDefault('JENKINS_IP', "localhost")
-        jenkins = new JenkinsServer(new URI("${JENKINSPROTOCOL}://${jenkinsAddress}:${JENKINSPORT}"))
+        String jenkinsAddress = env.getOrDefault('JENKINS_ADDRESS', "http://localhost:8080/jenkins/")
+        jenkins = new JenkinsServer(new URI("${jenkinsAddress}"))
     }
 
     String version() {

scripts/set-certificates.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+set -euo pipefail
+
+HOST="central.stackrox"
+PORT="8000"
+TRUSTSTORE="$JAVA_HOME/lib/security/cacerts"
+TRUSTSTORE_PASS="changeit"
+KEYTOOL="${JAVA_HOME:-/usr}/bin/keytool"
+IP="127.0.0.1"
+LINE="$IP $HOST"
+
+echo "🔍 Checking /etc/hosts for '$HOST'..."
+
+if grep -qE "^[^#]*\b$HOST\b" /etc/hosts; then
+    echo "✅ Entry for '$HOST' already exists in /etc/hosts."
+else
+    echo "✍️  Adding '$LINE' to /etc/hosts..."
+    echo "$LINE" | sudo tee -a /etc/hosts >/dev/null
+    echo "✅ Added successfully."
+fi
+
+echo "📡 Fetching certificates from $HOST:$PORT..."
+openssl s_client -connect "$HOST:$PORT" -servername "$HOST" -showcerts </dev/null 2>/dev/null |
+    sed -n '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >fullchain.crt
+
+if ! grep -q "BEGIN CERTIFICATE" fullchain.crt; then
+    echo "❌ Failed to extract any certificates from $HOST:$PORT"
+    exit 1
+fi
+
+echo "🔍 Splitting certificate chain into individual cert files..."
+csplit -f cert -b "%d.crt" fullchain.crt '/-----BEGIN CERTIFICATE-----/' '{*}' >/dev/null 2>&1
+
+echo "📥 Importing certificates into $TRUSTSTORE..."
+for crt in cert*.crt; do
+    if [ ! -s "$crt" ]; then
+        echo "⚠️ Skipping empty file: $crt"
+        continue
+    fi
+
+    alias_name=$(basename "$crt" .crt)
+    echo "  🔑 Importing $crt as alias '$alias_name'..."
+    sudo "$KEYTOOL" -importcert \
+        -alias "$alias_name" \
+        -keystore "$TRUSTSTORE" \
+        -storepass "$TRUSTSTORE_PASS" \
+        -file "$crt" \
+        -noprompt
+done
+
+echo "🎉 Done. Truststore '$TRUSTSTORE' is ready."