From 2e9615aa1e706c49bd984d39936c3e769f64e263 Mon Sep 17 00:00:00 2001
From: Christian Adams <chadams@redhat.com>
Date: Tue, 19 Aug 2025 11:50:19 -0400
Subject: [PATCH] Add configurable pull secret file support to up.sh (#2073)

- Applies a pull-secret yaml file if it exists at hacking/awx-cr.yml
- The operator will look for a pull secret called
  redhat-operators-pull-secret
- This makes it possible to use a private operator image on your quay.io
  registry out of the box with the up.sh
- Add PULL_SECRET_FILE environment variable with default hacking/pull-secret.yml
---
 docs/development.md | 48 ++++++++++++++++++++++++++++++++++++++++++++-
 up.sh               |  6 ++++++
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/docs/development.md b/docs/development.md
index c511c496..e434a95e 100644
--- a/docs/development.md
+++ b/docs/development.md
@@ -3,6 +3,52 @@
 There are development scripts and yaml exaples in the [`dev/`](../dev) directory that, along with the up.sh and down.sh scripts in the root of the repo, can be used to build, deploy and test changes made to the awx-operator.
 
 
+## Prerequisites
+
+You will need to have the following tools installed:
+
+* [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [podman](https://podman.io/docs/installation) or [docker](https://docs.docker.com/get-docker/)
+* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+* [oc](https://docs.openshift.com/container-platform/4.11/cli_reference/openshift_cli/getting-started-cli.html) (if using Openshift)
+
+You will also need to have a container registry account. This guide uses quay.io, but any container registry will work. You will need to create a robot account and login at the CLI with `podman login` or `docker login`.
+
+## Quay.io Setup for Development
+
+Before using the development scripts, you'll need to set up a Quay.io repository and pull secret:
+
+### 1. Create a Private Quay.io Repository
+- Go to [quay.io](https://quay.io) and create a private repository named `awx-operator` under your username
+- The repository URL should be `quay.io/username/awx-operator`
+
+### 2. Create a Bot Account
+- In your Quay.io repository, go to Settings → Robot Accounts
+- Create a new robot account with write permissions to your repository
+- Click on the robot account name to view its credentials
+
+### 3. Generate Kubernetes Pull Secret
+- In the robot account details, click "Kubernetes Secret"
+- Copy the generated YAML content from the pop-up
+
+### 4. Create Local Pull Secret File
+- Create a file at `hacking/pull-secret.yml` in your awx-operator checkout
+- Paste the Kubernetes secret YAML content into this file
+- **Important**: Change the `name` field in the secret from the default to `redhat-operators-pull-secret`
+- The `hacking/` directory is in `.gitignore`, so this file won't be committed to git
+
+Example `hacking/pull-secret.yml`:
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: redhat-operators-pull-secret  # Change this name
+  namespace: awx
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: <base64-encoded-credentials>
+```
+
 ## Build and Deploy
 
 
@@ -17,7 +63,7 @@ export TAG=test
 
 You can add those variables to your .bashrc file so that you can just run `./up.sh` in the future.
 
-> Note: the first time you run this, it will create quay.io repos on your fork. You will need to either make those public, or create a global pull secret on your Openshift cluster.
+> Note: the first time you run this, it will create quay.io repos on your fork. If you followed the Quay.io setup steps above and created the `hacking/pull-secret.yml` file, the script will automatically handle the pull secret. Otherwise, you will need to either make those repos public, or create a global pull secret on your cluster.
 
 To get the URL, if on **Openshift**, run:
 
diff --git a/up.sh b/up.sh
index 4852aeb7..6e28f437 100755
--- a/up.sh
+++ b/up.sh
@@ -5,6 +5,7 @@
 
 # -- Usage
 #   NAMESPACE=awx TAG=dev QUAY_USER=developer ./up.sh
+#   NAMESPACE=awx TAG=dev QUAY_USER=developer PULL_SECRET_FILE=my-secret.yml ./up.sh
 
 # -- User Variables
 NAMESPACE=${NAMESPACE:-awx}
@@ -12,6 +13,7 @@ QUAY_USER=${QUAY_USER:-developer}
 TAG=${TAG:-$(git rev-parse --short HEAD)}
 DEV_TAG=${DEV_TAG:-dev}
 DEV_TAG_PUSH=${DEV_TAG_PUSH:-true}
+PULL_SECRET_FILE=${PULL_SECRET_FILE:-hacking/pull-secret.yml}
 
 # -- Check for required variables
 # Set the following environment variables
@@ -72,6 +74,10 @@ for file in "${files[@]}"; do
   fi
 done
 
+# Create redhat-operators-pull-secret if pull credentials file exists
+if [ -f "$PULL_SECRET_FILE" ]; then
+  $KUBE_APPLY $PULL_SECRET_FILE
+fi
 
 # Delete old operator deployment
 kubectl delete deployment awx-operator-controller-manager