From 836e50fa9cbba5ff6de3010c76a7fd74527d43b1 Mon Sep 17 00:00:00 2001
From: "privilegedescalation-engineer[bot]"
 <269729446+privilegedescalation-engineer[bot]@users.noreply.github.com>
Date: Wed, 6 May 2026 16:45:33 +0000
Subject: [PATCH] fix(e2e): add kubeconfig step for ARC runners with no static
 kubeconfig (#149)

The shared plugin-e2e.yaml workflow lacks a Get kubeconfig step. The
ARC runner (runners-privilegedescalation) has no static kubeconfig at
any expected path (/runner/config, ~/.kube/config). It DOES have an
in-cluster service account at /var/run/secrets/kubernetes.io/serviceaccount/token.

This fix adds the same three-tier kubeconfig detection used in
headlamp-polaris-plugin#144:
1. /runner/config (not present on this runner)
2. ~/.kube/config (not present on this runner)
3. Generate from in-cluster service account credentials

This unbreaks E2E for all plugins using the shared workflow:
- headlamp-argocd-plugin
- headlamp-kube-vip-plugin
- headlamp-tns-csi-plugin

Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
---
 .github/workflows/plugin-e2e.yaml | 36 +++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/.github/workflows/plugin-e2e.yaml b/.github/workflows/plugin-e2e.yaml
index e1dc1b0..7fdbbe4 100644
--- a/.github/workflows/plugin-e2e.yaml
+++ b/.github/workflows/plugin-e2e.yaml
@@ -37,6 +37,42 @@ jobs:
       - name: Setup kubectl
         uses: azure/setup-kubectl@v4
 
+      - name: Get kubeconfig
+        run: |
+          set -euo pipefail
+          in_cluster=false
+          if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then
+            in_cluster=true
+          fi
+          if [ -f /runner/config ]; then
+            echo "KUBECONFIG=/runner/config" >> "$GITHUB_ENV"
+          elif [ -f /home/runner/.kube/config ]; then
+            echo "KUBECONFIG=/home/runner/.kube/config" >> "$GITHUB_ENV"
+          elif [ -f "${HOME:-}/.kube/config" ]; then
+            echo "KUBECONFIG=${HOME:-}/.kube/config" >> "$GITHUB_ENV"
+          elif [ "$in_cluster" = true ]; then
+            KUBECFG_DIR="${HOME:-}/.kube"
+            mkdir -p "$KUBECFG_DIR"
+            kubectl config set-cluster in-cluster \
+              --server="https://${KUBERNETES_SERVICE_HOST:-kubernetes.default.svc}:${KUBERNETES_SERVICE_PORT:-443}" \
+              --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
+              --embed-certs=true \
+              --kubeconfig="$KUBECFG_DIR/config" 2>&1
+            kubectl config set-credentials in-cluster \
+              --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
+              --kubeconfig="$KUBECFG_DIR/config" 2>&1
+            kubectl config set-context in-cluster \
+              --cluster=in-cluster \
+              --user=in-cluster \
+              --kubeconfig="$KUBECFG_DIR/config" 2>&1
+            kubectl config use-context in-cluster \
+              --kubeconfig="$KUBECFG_DIR/config" 2>&1
+            echo "KUBECONFIG=$KUBECFG_DIR/config" >> "$GITHUB_ENV"
+          else
+            echo "::error::No kubeconfig found"
+            exit 1
+          fi
+
       - name: Install dependencies
         run: npm ci