update Makefile and run scripts to support the new feature

Author: hoxhaeris

Makefile

@@ -8,15 +8,26 @@ git_commit=$(shell git describe --tags --always --dirty)
 build_date=$(shell date -u '+%Y%m%d')
 version=v${build_date}-${git_commit}
 
+# Default build flags (can be overridden via BUILD_FLAGS env var)
+BUILD_FLAGS ?=
+
 SOURCE_GIT_TAG=v1.0.0+$(shell git rev-parse --short=7 HEAD)
 
 GO_LD_EXTRAFLAGS=-X github.com/openshift/ci-chat-bot/vendor/k8s.io/client-go/pkg/version.gitCommit=$(shell git rev-parse HEAD) -X github.com/openshift/ci-chat-bot/vendor/k8s.io/client-go/pkg/version.gitVersion=${SOURCE_GIT_TAG} -X sigs.k8s.io/prow/version.Name=ci-chat-bot -X sigs.k8s.io/prow/version.Version=${version}
 GOLINT=golangci-lint run
 
+# Support for build flags (e.g., -tags gcs)
+GO_BUILD_FLAGS=$(BUILD_FLAGS)
+
 debug:
-	go build -gcflags="all=-N -l" ${GO_LD_FLAGS} -mod vendor -o ci-chat-bot ./cmd/...
+	go build ${GO_BUILD_FLAGS} -gcflags="all=-N -l" ${GO_LD_FLAGS} -mod vendor -o ci-chat-bot ./cmd/...
 .PHONY: debug
 
+# Override build target to support BUILD_FLAGS
+build:
+	go build ${GO_BUILD_FLAGS} ${GO_LD_FLAGS} -mod vendor -o ci-chat-bot ./cmd/...
+.PHONY: build
+
 vendor:
 	go mod tidy
 	go mod vendor
@@ -31,6 +42,38 @@ run:
 	./hack/run.sh
 .PHONY: run
 
+run-gcs:
+	./hack/run-with-gcs.sh
+.PHONY: run-gcs
+
+run-local:
+	USE_GCS_ORGDATA=false ./hack/run.sh
+.PHONY: run-local
+
+help-ci-chat-bot:
+	@echo "CI Chat Bot specific targets:"
+	@echo "  build            - Build ci-chat-bot binary"
+	@echo "  debug            - Build with debug symbols"
+	@echo "  run              - Run ci-chat-bot with hack/run.sh (auto-detects GCS vs local)"
+	@echo "  run-gcs          - Run with GCS backend explicitly"
+	@echo "  run-local        - Run with local file backend explicitly"
+	@echo ""
+	@echo "Build flags:"
+	@echo "  BUILD_FLAGS      - Pass build flags (e.g., BUILD_FLAGS='-tags gcs' make build)"
+	@echo ""
+	@echo "Environment variables for hack scripts:"
+	@echo "  USE_GCS_ORGDATA  - Set to 'true' to use GCS backend"
+	@echo "  GCS_BUCKET       - GCS bucket name (default: resolved-org)"
+	@echo "  GCS_PROJECT_ID   - GCS project ID (default: openshift-crt-mce)"
+	@echo "  ORGDATA_PATHS    - Local orgdata file path"
+	@echo "  AUTH_CONFIG      - Authorization config file path"
+	@echo ""
+	@echo "Examples:"
+	@echo "  make BUILD_FLAGS='-tags gcs' build    # Build with GCS support"
+	@echo "  make run-gcs                          # Run with GCS backend"
+	@echo "  ORGDATA_PATHS=/my/file.json make run  # Run with custom local file"
+.PHONY: help-ci-chat-bot
+
 lint: verify-golint
 
 sonar-reports:

hack/DEVELOPMENT.md

@@ -0,0 +1,170 @@
+# Development Scripts Configuration
+
+## Environment Variables
+
+### Required Variables
+These must be set before running any hack scripts:
+
+```bash
+export BOT_TOKEN="your-slack-bot-token"
+export BOT_SIGNING_SECRET="your-slack-signing-secret"
+```
+
+### Optional Configuration
+
+#### Organizational Data Backend
+
+**Option 1: Use GCS Backend (Production)**
+```bash
+export USE_GCS_ORGDATA=true
+export GCS_BUCKET="resolved-org"                    # Default: resolved-org
+export GCS_OBJECT_PATH="orgdata/comprehensive_index_dump.json"  # Default path
+export GCS_PROJECT_ID="openshift-crt-mce"           # Default project
+export GCS_CHECK_INTERVAL="5m"                      # Default: 5 minutes
+export GCS_CREDENTIALS_JSON='{"type":"service_account",...}'  # Optional: explicit creds
+```
+
+**Option 2: Use Local Files (Development)**
+```bash
+export ORGDATA_PATHS="/path/to/your/comprehensive_index_dump.json"
+# Default: ../cyborg/org_tools/comprehensive_index_dump.json (relative to ci-chat-bot)
+```
+
+#### Authorization Configuration
+```bash
+export AUTH_CONFIG="/path/to/your/authorization.yaml"
+# Default: ./test-authorization.yaml (relative to ci-chat-bot root)
+```
+
+## GCS Authentication Setup
+
+### Using Application Default Credentials (Recommended)
+```bash
+# Authenticate with gcloud
+gcloud auth login
+gcloud config set project openshift-crt-mce
+```
+
+### Using Service Account (Production)
+```bash
+# Set credentials via environment variable
+export GCS_CREDENTIALS_JSON='{"type":"service_account",...}'
+
+# OR via file
+export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"
+```
+
+### GCS Bucket Security
+The GCS bucket should be configured with:
+- ✅ **Public access prevention**: Enforced
+- ✅ **Uniform bucket-level access**: Enabled  
+- ✅ **IAM-based access control**: Project members only
+- ✅ **Bucket-level encryption**: Enabled
+
+## Directory Structure Assumptions
+
+The scripts assume this directory layout (relative to ci-chat-bot):
+```
+workspace/
+├── ci-chat-bot/          # This repository
+│   ├── hack/
+│   │   ├── run.sh        # Main development script
+│   │   └── run-with-gcs.sh  # GCS convenience script
+│   └── test-authorization.yaml  # Default auth config
+├── cyborg/               # Optional: orgdata repository
+│   └── org_tools/
+│       └── comprehensive_index_dump.json
+└── release/              # OpenShift release repository (required)
+    ├── ci-operator/
+    └── core-services/
+```
+
+## Usage Examples
+
+### Quick Start with GCS
+```bash
+# Set required tokens
+export BOT_TOKEN="xoxb-your-token"
+export BOT_SIGNING_SECRET="your-secret"
+
+# Use GCS backend
+./hack/run-with-gcs.sh
+```
+
+### Development with Local Files
+```bash
+# Set required tokens
+export BOT_TOKEN="xoxb-your-token"
+export BOT_SIGNING_SECRET="your-secret"
+
+# Point to your local orgdata file
+export ORGDATA_PATHS="/your/path/to/comprehensive_index_dump.json"
+
+# Run with local file backend
+./hack/run.sh
+```
+
+### Custom Configuration
+```bash
+# Required tokens
+export BOT_TOKEN="xoxb-your-token"
+export BOT_SIGNING_SECRET="your-secret"
+
+# Custom GCS configuration
+export USE_GCS_ORGDATA=true
+export GCS_BUCKET="my-org-bucket"
+export GCS_PROJECT_ID="my-project"
+export GCS_CREDENTIALS_JSON="$(cat /path/to/service-account.json)"
+
+# Custom auth config
+export AUTH_CONFIG="/path/to/my-auth-config.yaml"
+
+./hack/run.sh
+```
+
+## Script Behavior
+
+1. **`hack/run.sh`** - Main development script
+   - Detects GCS vs local file mode via `USE_GCS_ORGDATA`
+   - Uses sensible defaults for file paths relative to project
+   - Extracts secrets from OpenShift CI clusters
+   - Builds and runs ci-chat-bot with appropriate flags
+
+2. **`hack/run-with-gcs.sh`** - Convenience wrapper
+   - Sets `USE_GCS_ORGDATA=true` 
+   - Uses production GCS defaults
+   - Calls `hack/run.sh`
+
+## Troubleshooting
+
+### File Not Found Errors
+If you see errors about missing files:
+1. Check that `ORGDATA_PATHS` points to a valid file
+2. Ensure the `../cyborg` directory exists if using defaults
+3. Verify the `../release` directory exists (OpenShift release repo)
+
+### GCS Authentication Errors
+If GCS fails to authenticate:
+1. **Check authentication**: `gcloud auth list`
+2. **Test access**: `gcloud storage ls gs://resolved-org/orgdata/`
+3. **Verify permissions**: Check bucket IAM settings
+4. **Try service account**: Set `GCS_CREDENTIALS_JSON` if ADC fails
+
+Common GCS errors:
+- **"Authentication failed"**: Run `gcloud auth login`
+- **"Access denied"**: Check bucket IAM permissions
+- **"Object not found"**: Verify `GCS_BUCKET` and `GCS_OBJECT_PATH`
+
+### Authorization Issues
+If authorization is too restrictive:
+1. Check `AUTH_CONFIG` points to a valid YAML file
+2. Review the authorization rules in that file
+3. Set `AUTH_CONFIG=""` to disable authorization for testing
+
+### Migration from File-based to GCS
+1. **Upload your existing data**:
+   ```bash
+   gcloud storage cp comprehensive_index_dump.json gs://resolved-org/orgdata/
+   ```
+2. **Test GCS access**: `./hack/run-with-gcs.sh`
+3. **Update your workflow**: Set `USE_GCS_ORGDATA=true` in your environment