Skip to content

Feature toggle for rate limiting (#1451) #777

Feature toggle for rate limiting (#1451)

Feature toggle for rate limiting (#1451) #777

name: Main Integration
permissions:
id-token: write # This is required for requesting the JWT token
contents: read # This is required for actions/checkout
on:
push:
paths-ignore:
- "docs/**"
- "**/*.md"
- "CODEOWNERS"
- "sec-scanners-config.yaml"
- ".github/**" #Ignoring since build job isn't triggered on the workflow directory changes
- "external-images.yaml"
branches:
- main
schedule:
- cron: '0 5 * * *' # Run every day at 05:00 AM
jobs:
build:
name: build api-gateway image
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
if: ${{ github.event_name != 'schedule' }}
with:
name: api-gateway/main/api-gateway-manager
dockerfile: Dockerfile
context: .
build-args: |
VERSION=${{ github.sha }}
tags: "${{ github.sha }}"
get-sha:
name: Get manager SHA
runs-on: ubuntu-latest
needs: [ build ]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
outputs:
sha: ${{ steps.get-sha.outputs.sha }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- id: get-sha
uses: ./.github/actions/get-latest-sha
integration-tests:
name: Integration tests
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/integration-tests
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
client_id: ${{ secrets.CLIENT_ID }}
client_secret: ${{ secrets.CLIENT_SECRET }}
oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
migration-downtime-tests:
name: Zero Downtime Migration Tests
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
strategy:
fail-fast: false
matrix:
test_make_target: [ "test-migration-zero-downtime HANDLER=no_auth", "test-migration-zero-downtime HANDLER=allow", "test-migration-zero-downtime HANDLER=noop", "test-migration-zero-downtime HANDLER=jwt", "test-migration-zero-downtime HANDLER=oauth2_introspection" ]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/integration-tests
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
test_make_target: ${{ matrix.test_make_target }}
upgrade-tests:
name: Upgrade tests
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/upgrade-test
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
client_id: ${{ secrets.CLIENT_ID }}
client_secret: ${{ secrets.CLIENT_SECRET }}
oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
target_branch: ${{github.ref_name}}
custom-domain-integration-gcp:
name: Custom domain integration GCP
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- uses: ./.github/actions/integration-test-gardener
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
gardener_secret: ${{ secrets.GARDENER_TOKEN }}
script: ./hack/ci/custom-domain-gardener-gcp.sh
client_id: ${{ secrets.CLIENT_ID }}
client_secret: ${{ secrets.CLIENT_SECRET }}
oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
dns_secret_json: ${{ secrets.DNS_SECRET_JSON }}
custom-domain-integration-aws:
name: Custom domain integration AWS
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- uses: ./.github/actions/integration-test-gardener
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
gardener_secret: ${{ secrets.GARDENER_TOKEN }}
script: ./hack/ci/custom-domain-gardener-aws.sh
client_id: ${{ secrets.CLIENT_ID }}
client_secret: ${{ secrets.CLIENT_SECRET }}
oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
dns_secret_json: ${{ secrets.DNS_SECRET_JSON }}
slack_failed_notification:
name: Slack Notification
runs-on: ubuntu-latest
if: ${{ failure() }}
needs: [integration-tests, upgrade-tests, custom-domain-integration-gcp, custom-domain-integration-aws, migration-downtime-tests]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Notify
uses: ./.github/actions/slack-notification-failed-workflow
with:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}