From a28b58c9e105ea9a44055b8d29a87d0c5f01c238 Mon Sep 17 00:00:00 2001
From: Kurt Garloff <kurt@garloff.de>
Date: Fri, 10 Nov 2023 21:39:26 +0100
Subject: [PATCH] Add compliance workflow for PCO Prod3. (#373)

* Add compliance workflow for PCO Prod3.
  Using an application credential, because it's more elegant.
* Display results of v2 tests, which I expect Prod3 to pass.
* Consistent naming.
* Fix region of pco3 to read "prod3"
  Thanks to @mbuechse for spotting!

Signed-off-by: Kurt Garloff <kurt@garloff.de>
---
 .../openstack/clouds.yaml                     |  8 +++++++
 .github/workflows/check-pco-prod3-v1.yml      | 23 +++++++++++++++++++
 .github/workflows/check-pco-prod3-v2.yml      | 23 +++++++++++++++++++
 .github/workflows/check-pco-prod3-v3.yml      | 23 +++++++++++++++++++
 README.md                                     |  1 +
 5 files changed, 78 insertions(+)
 create mode 100644 .github/workflows/check-pco-prod3-v1.yml
 create mode 100644 .github/workflows/check-pco-prod3-v2.yml
 create mode 100644 .github/workflows/check-pco-prod3-v3.yml

diff --git a/.github/scs-compliance-check/openstack/clouds.yaml b/.github/scs-compliance-check/openstack/clouds.yaml
index d6e340a73..f6829dd54 100644
--- a/.github/scs-compliance-check/openstack/clouds.yaml
+++ b/.github/scs-compliance-check/openstack/clouds.yaml
@@ -29,6 +29,14 @@ clouds:
     region_name: "prod2"
     interface: "public"
     identity_api_version: 3
+  pco-prod3:
+    auth_type: "v3applicationcredential"
+    auth:
+      auth_url: https://prod3.api.pco.get-cloud.io:5000
+      application_credential_id: "fe66c4c8cd3b4ea08262424783e1c58f"
+    region_name: "prod3"
+    interface: "public"
+    identity_api_version: 3
   wavestack:
     auth:
       auth_url: https://api.wavestack.de:5000
diff --git a/.github/workflows/check-pco-prod3-v1.yml b/.github/workflows/check-pco-prod3-v1.yml
new file mode 100644
index 000000000..6845a5a9c
--- /dev/null
+++ b/.github/workflows/check-pco-prod3-v1.yml
@@ -0,0 +1,23 @@
+name: "Compliance of pco-prod3"
+
+on:
+  # Trigger compliance check every day at 4:30 UTC
+  schedule:
+    - cron:  '30 4 * * *'
+  # Trigger compliance check after Docker image has been built
+  workflow_run:
+    workflows: [Build and publish scs-compliance-check Docker image]
+    types:
+      - completed
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  check-pco-prod3:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
+    with:
+      version: v1
+      layer: iaas
+      cloud: "pco-prod3"
+      secret_name: "OS_PASSWORD_PCOPROD3"
+    secrets: inherit
diff --git a/.github/workflows/check-pco-prod3-v2.yml b/.github/workflows/check-pco-prod3-v2.yml
new file mode 100644
index 000000000..b7a4905cd
--- /dev/null
+++ b/.github/workflows/check-pco-prod3-v2.yml
@@ -0,0 +1,23 @@
+name: "Compliance of pco-prod3"
+
+on:
+  # Trigger compliance check every day at 4:30 UTC
+  schedule:
+    - cron:  '30 4 * * *'
+  # Trigger compliance check after Docker image has been built
+  workflow_run:
+    workflows: [Build and publish scs-compliance-check Docker image]
+    types:
+      - completed
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  check-pco-prod3:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
+    with:
+      version: v2
+      layer: iaas
+      cloud: "pco-prod3"
+      secret_name: "OS_PASSWORD_PCOPROD3"
+    secrets: inherit
diff --git a/.github/workflows/check-pco-prod3-v3.yml b/.github/workflows/check-pco-prod3-v3.yml
new file mode 100644
index 000000000..eee566c4d
--- /dev/null
+++ b/.github/workflows/check-pco-prod3-v3.yml
@@ -0,0 +1,23 @@
+name: "Compliance of pco-prod3"
+
+on:
+  # Trigger compliance check every day at 4:30 UTC
+  schedule:
+    - cron:  '30 4 * * *'
+  # Trigger compliance check after Docker image has been built
+  workflow_run:
+    workflows: [Build and publish scs-compliance-check Docker image]
+    types:
+      - completed
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  check-pco-prod3:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
+    with:
+      version: v3
+      layer: iaas
+      cloud: "pco-prod3"
+      secret_name: "OS_PASSWORD_PCOPROD3"
+    secrets: inherit
diff --git a/README.md b/README.md
index 792ea2cd4..6475cef95 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ This is a list of clouds that we test on a nightly basis against our `scs-compat
 | [gx-scs](https://github.com/SovereignCloudStack/docs/blob/main/community/cloud-resources/plusserver-gx-scs.md) | Dev environment provided for SCS & GAIA-X context | plusserver GmbH               | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-gx-scs-v1.yml?label=compliant)   |                                   [HM](https://health.gx-scs.sovereignit.cloud:3000/)                                    |
 | [pluscloud open - prod1](https://www.plusserver.com/en/products/pluscloud-open)                                | Public cloud for customers                        | plusserver GmbH               | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-pco-prod1-v1.yml?label=compliant) |                               [HM](https://health.prod1.plusserver.sovereignit.cloud:3000)                               |
 | [pluscloud open - prod2](https://www.plusserver.com/en/products/pluscloud-open)                                | Public cloud for customers                        | plusserver GmbH               | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-pco-prod2-v1.yml?label=compliant) |                               [HM](https://health.prod1.plusserver.sovereignit.cloud:3000)                               |
+| [pluscloud open - prod3](https://www.plusserver.com/en/products/pluscloud-open)                                | Public cloud for customers                        | plusserver GmbH               | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-pco-prod3-v2.yml?label=compliant) |                               [HM](https://health.prod1.plusserver.sovereignit.cloud:3000)                               |
 | [Wavestack](https://www.noris.de/wavestack-cloud/)                                                             | Public cloud for customers                        | noris network AG/Wavecon GmbH | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-wavestack-v3.yml?label=compliant) |                                 [HM](https://health.wavestack1.sovereignit.cloud:3000/)                                  |
 | [REGIO.cloud](https://regio.digital)                                                                           | Public cloud for customers                        | OSISM GmbH                    | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-regio-a-v3.yml?label=compliant)  | [Dashboard](https://apimon.services.regio.digital/public-dashboards/17cf094a47404398a5b8e35a4a3968d4?orgId=1&refresh=5m) |