Fix scripts: remove duplications, hardcoded credentials, and restore proper workflow

- Remove hardcoded Quay.io credentials from build-and-push.sh
- Create common.sh with shared functions to eliminate duplication
- Create rollout-restart.sh for simple updates (recommended workflow)
- Refactor deploy-complete.sh and rollout-restart.sh to use common functions
- Add comprehensive README.md explaining proper workflow
- Restore correct process: git push -> GitHub Actions -> rollout-restart
- Fix security issues and improve maintainability

scripts/README.md

@@ -0,0 +1,94 @@
+# OpenShift Resource Governance Tool - Scripts
+
+## Overview
+This directory contains scripts for building, deploying, and updating the OpenShift Resource Governance Tool.
+
+## Scripts
+
+### 1. `deploy-complete.sh` - Initial Deployment
+**Purpose**: Complete deployment from scratch
+**When to use**: First time deployment or when you need to recreate everything
+
+**What it does**:
+- Creates namespace
+- Applies RBAC (ServiceAccount, ClusterRole, ClusterRoleBinding)
+- Applies ConfigMap
+- Creates ServiceAccount token secret
+- Deploys application
+- Creates Service and Route
+- Configures TLS
+
+**Usage**:
+```bash
+./scripts/deploy-complete.sh
+```
+
+### 2. `rollout-restart.sh` - Updates (Recommended)
+**Purpose**: Update existing deployment with new image
+**When to use**: After code changes and GitHub Actions has built new image
+
+**What it does**:
+- Restarts deployment to pull new image
+- Waits for rollout completion
+- Checks pod status and logs
+- Shows application URL
+
+**Usage**:
+```bash
+./scripts/rollout-restart.sh
+```
+
+### 3. `build-and-push.sh` - Manual Build
+**Purpose**: Build and push image manually (when GitHub Actions is not available)
+**When to use**: Manual builds or when GitHub Actions is not working
+
+**What it does**:
+- Builds container image with Podman
+- Tests image
+- Pushes to Quay.io registry
+
+**Usage**:
+```bash
+# Login to Quay.io first
+podman login quay.io
+
+# Then build and push
+./scripts/build-and-push.sh
+```
+
+### 4. `undeploy-complete.sh` - Cleanup
+**Purpose**: Remove all resources
+**When to use**: When you want to completely remove the application
+
+**Usage**:
+```bash
+echo 'yes' | ./scripts/undeploy-complete.sh
+```
+
+## Recommended Workflow
+
+### For Development Updates (Most Common):
+1. Make code changes
+2. `git add . && git commit -m "Your changes" && git push`
+3. Wait for GitHub Actions to build new image
+4. `./scripts/rollout-restart.sh`
+
+### For Initial Deployment:
+1. `./scripts/deploy-complete.sh`
+
+### For Manual Build (if needed):
+1. `podman login quay.io`
+2. `./scripts/build-and-push.sh`
+3. `./scripts/rollout-restart.sh`
+
+## Security Notes
+
+- **No hardcoded credentials**: All scripts require manual login to Quay.io
+- **Common functions**: Shared code is in `common.sh` to avoid duplication
+- **Error handling**: All scripts have proper error checking and validation
+
+## Troubleshooting
+
+- **Not connected to cluster**: Run `oc login` first
+- **Deployment not found**: Run `./scripts/deploy-complete.sh` first
+- **Image not found**: Ensure GitHub Actions completed successfully or run `./scripts/build-and-push.sh`

scripts/build-and-push.sh

@@ -51,12 +51,14 @@ fi
 
 # Login to Quay.io
 echo -e "${YELLOW}Logging into Quay.io...${NC}"
-podman login -u="rh_ee_anobre+oru" -p="EJNIJD7FPO5IN33ZGQZ4OM8BIB3LICASBVRGOJCX4WP84Y0ZG5SMQLTZ0S6DOZEC" quay.io
+echo -e "${YELLOW}Please ensure you have logged in with: podman login quay.io${NC}"
 
-if [ $? -eq 0 ]; then
-    echo -e "${GREEN}SUCCESS: Login successful!${NC}"
+# Check if already logged in
+if podman search quay.io/rh_ee_anobre/resource-governance > /dev/null 2>&1; then
+    echo -e "${GREEN}SUCCESS: Already logged in to Quay.io${NC}"
 else
-    echo -e "${RED}ERROR: Login failed!${NC}"
+    echo -e "${RED}ERROR: Not logged in to Quay.io. Please run: podman login quay.io${NC}"
+    echo -e "${YELLOW}Then run this script again.${NC}"
     exit 1
 fi
 

scripts/common.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Common functions and variables for OpenShift Resource Governance Tool scripts
+# This file is sourced by other scripts to avoid duplication
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Common configuration
+NAMESPACE="resource-governance"
+DEPLOYMENT_NAME="resource-governance"
+SERVICE_ACCOUNT="resource-governance-sa"
+SECRET_NAME="resource-governance-sa-token"
+
+# Function to check if connected to OpenShift cluster
+check_openshift_connection() {
+    if ! oc whoami > /dev/null 2>&1; then
+        echo -e "${RED}ERROR: Not connected to OpenShift cluster. Please run 'oc login' first.${NC}"
+        exit 1
+    fi
+    echo -e "${GREEN}SUCCESS: Connected to OpenShift cluster as $(oc whoami)${NC}"
+}
+
+# Function to check if deployment exists
+check_deployment_exists() {
+    if ! oc get deployment $DEPLOYMENT_NAME -n $NAMESPACE > /dev/null 2>&1; then
+        echo -e "${RED}ERROR: Deployment $DEPLOYMENT_NAME not found in namespace $NAMESPACE${NC}"
+        echo -e "${YELLOW}Please run ./scripts/deploy-complete.sh first for initial deployment${NC}"
+        exit 1
+    fi
+}
+
+# Function to check pod status and logs
+check_pod_status() {
+    echo -e "${YELLOW}Checking pod status...${NC}"
+    oc get pods -n $NAMESPACE -l app.kubernetes.io/name=resource-governance
+
+    echo -e "${YELLOW}Checking application logs...${NC}"
+    POD_NAME=$(oc get pods -n $NAMESPACE -l app.kubernetes.io/name=resource-governance -o jsonpath='{.items[0].metadata.name}')
+    if [ -n "$POD_NAME" ]; then
+        echo -e "${BLUE}Recent logs from $POD_NAME:${NC}"
+        oc logs $POD_NAME -n $NAMESPACE --tail=10
+    fi
+}
+
+# Function to get application URL
+get_application_url() {
+    ROUTE_URL=$(oc get route resource-governance-route -n $NAMESPACE -o jsonpath='{.spec.host}' 2>/dev/null)
+    if [ -n "$ROUTE_URL" ]; then
+        echo -e "${GREEN}URL: https://$ROUTE_URL${NC}"
+        echo -e "${GREEN}Health check: https://$ROUTE_URL/health${NC}"
+    else
+        echo -e "${YELLOW}WARNING: Route not found${NC}"
+    fi
+}

scripts/deploy-complete.sh

@@ -5,27 +5,14 @@
 
 set -e
 
-# Colors for output
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-BLUE='\033[0;34m'
-NC='\033[0m' # No Color
-
-# Configuration
-NAMESPACE="resource-governance"
-SERVICE_ACCOUNT="resource-governance-sa"
-SECRET_NAME="resource-governance-sa-token"
+# Source common functions
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/common.sh"
 
 echo -e "${BLUE}Deploying OpenShift Resource Governance Tool${NC}"
 
 # Check if connected to cluster
-if ! oc whoami > /dev/null 2>&1; then
-    echo -e "${RED}ERROR: Not connected to OpenShift cluster. Please run 'oc login' first.${NC}"
-    exit 1
-fi
-
-echo -e "${GREEN}SUCCESS: Connected to OpenShift cluster as $(oc whoami)${NC}"
+check_openshift_connection
 
 # Create namespace if it doesn't exist
 echo -e "${YELLOW}Creating namespace...${NC}"
@@ -78,17 +65,8 @@ oc patch route resource-governance-route -n $NAMESPACE -p '{"spec":{"tls":{"term
 echo -e "${YELLOW}Waiting for deployment to be ready...${NC}"
 oc rollout status deployment/resource-governance -n $NAMESPACE --timeout=300s
 
-# Check pod status
-echo -e "${YELLOW}Checking pod status...${NC}"
-oc get pods -n $NAMESPACE -l app.kubernetes.io/name=resource-governance
-
-# Check logs for errors
-echo -e "${YELLOW}Checking application logs...${NC}"
-POD_NAME=$(oc get pods -n $NAMESPACE -l app.kubernetes.io/name=resource-governance -o jsonpath='{.items[0].metadata.name}')
-if [ -n "$POD_NAME" ]; then
-    echo -e "${BLUE}Recent logs from $POD_NAME:${NC}"
-    oc logs $POD_NAME -n $NAMESPACE --tail=10
-fi
+# Check pod status and logs
+check_pod_status
 
 # Get application URL
 echo -e "${YELLOW}Getting application URL...${NC}"
@@ -105,13 +83,8 @@ else
     oc get routes -n $NAMESPACE
     ROUTE_URL=""
 fi
-if [ -n "$ROUTE_URL" ]; then
-    echo -e "${GREEN}SUCCESS: Application deployed successfully!${NC}"
-    echo -e "${GREEN}URL: https://$ROUTE_URL${NC}"
-    echo -e "${GREEN}Health check: https://$ROUTE_URL/health${NC}"
-else
-    echo -e "${YELLOW}WARNING: Route not found, checking service...${NC}"
-    oc get svc -n $NAMESPACE
-fi
+
+echo -e "${GREEN}SUCCESS: Application deployed successfully!${NC}"
+get_application_url
 
 echo -e "${GREEN}SUCCESS: Deployment completed successfully!${NC}"

scripts/rollout-restart.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Simple rollout restart script for OpenShift Resource Governance Tool
+# Use this for updates after GitHub Actions has built the new image
+
+set -e
+
+# Source common functions
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/common.sh"
+
+echo -e "${BLUE}Rolling out new image for OpenShift Resource Governance Tool${NC}"
+
+# Check if connected to cluster
+check_openshift_connection
+
+# Check if deployment exists
+check_deployment_exists
+
+# Restart deployment to pull new image
+echo -e "${YELLOW}Restarting deployment to pull new image...${NC}"
+oc rollout restart deployment/$DEPLOYMENT_NAME -n $NAMESPACE
+
+# Wait for rollout to complete
+echo -e "${YELLOW}Waiting for rollout to complete...${NC}"
+oc rollout status deployment/$DEPLOYMENT_NAME -n $NAMESPACE --timeout=300s
+
+# Check pod status and logs
+check_pod_status
+
+# Get application URL
+get_application_url
+
+echo -e "${GREEN}SUCCESS: Rollout completed successfully!${NC}"
+
+echo -e "${BLUE}Process completed!${NC}"
+echo -e "${YELLOW}Note: This script only restarts the deployment.${NC}"
+echo -e "${YELLOW}For initial deployment, use: ./scripts/deploy-complete.sh${NC}"