Merge branch 'master' into as/reqd-tests

TykTechnologies · Jul 27, 2023 · 88f3354 · 88f3354
2 parents 321fc84 + 1854228
commit 88f3354
Show file tree

Hide file tree

Showing 19 changed files with 265 additions and 350 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,6 +1,6 @@
 
 # Generated by: gromit policy
-# Generated on: Wed May 10 05:25:19 UTC 2023
+# Generated on: Wed Jul 26 07:55:16 UTC 2023
 
 version: 2
 updates:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,15 +1,12 @@
-
 # Generated by: gromit policy
-# Generated on: Wed May 10 05:25:19 UTC 2023
-
+# Generated on: Wed Jul 26 07:55:16 UTC 2023
 
 # Distribution channels covered by this workflow
 # - Ubuntu and Debian
-# - RHEL/OL
-# - tarballs
+# - RHEL and AL
 # - docker hub
 # - devenv ECR
-# - AWS mktplace
+# - AWS mktplace (not active atm)
 # - Cloudsmith
 
 name: Release
@@ -40,7 +37,7 @@ jobs:
           - golang_cross: 1.19-bullseye
             go_version: 1.19
             goreleaser: 'ci/goreleaser/goreleaser.yml'
-            rpmvers: 'el/8 el/9'
+            rpmvers: 'el/8 el/9 amazon/2023'
             debvers: 'ubuntu/bionic ubuntu/focal ubuntu/jammy debian/buster debian/bullseye'
     outputs:
       tag: ${{ steps.targets.outputs.tag }}
@@ -107,7 +104,7 @@ jobs:
 
       - uses: goreleaser/goreleaser-action@v4
         with:
-          version: 1.18.2
+          version: latest
           args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -122,7 +119,6 @@ jobs:
           RPMVERS: ${{ matrix.rpmvers }}
           PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
           DOCKER_CLI_EXPERIMENTAL: "enabled"
-
       - uses: actions/upload-artifact@v3
         with:
           name: deb
@@ -142,37 +138,21 @@ jobs:
     needs:
       - goreleaser
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write   # This is required for requesting the JWT
+      contents: read    # This is required for actions/checkout
 
     steps:
       - name: Shallow checkout of tyk
         uses: actions/checkout@v3
         with:
           fetch-depth: 1
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v2
-        with:
-          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
-          terraform_wrapper: false
 
-      - name: Get AWS creds from Terraform remote state
-        id: aws-creds
-        run: |
-          cd ci/terraform
-          terraform init -input=false
-          terraform refresh 2>&1 >/dev/null
-          eval $(terraform output -json tyk | jq -r 'to_entries[] | [.key,.value] | join("=")')
-          region=$(terraform output region | xargs)
-          [ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1
-          echo "secret=$secret" >> $GITHUB_OUTPUT
-          echo "key=$key" >> $GITHUB_OUTPUT
-          echo "region=$region" >> $GITHUB_OUTPUT
-
-      - name: Configure AWS credentials for use
-        uses: aws-actions/configure-aws-credentials@v1
+      - uses: aws-actions/configure-aws-credentials@v2
         with:
-          aws-access-key-id: ${{ steps.aws-creds.outputs.key }}
-          aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }}
-          aws-region: ${{ steps.aws-creds.outputs.region }}
+          role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
+          role-session-name: cipush
+          aws-region: eu-central-1
 
       - name: Login to Amazon ECR
         id: login-ecr
@@ -182,50 +162,36 @@ jobs:
         with:
           name: deb
 
+      - name: Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ steps.login-ecr.outputs.registry }}/tyk
+          flavor: |
+            latest=false
+            prefix=v
+          tags: |
+              type=semver,pattern=v{{version}}
+              type=semver,pattern=v{{major}}.{{minor}}
+              type=semver,pattern=v{{major}}
+              type=ref,event=branch
+
       - uses: docker/setup-qemu-action@v2
 
       - uses: docker/setup-buildx-action@v2
 
       - name: CI build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           push: true
           context: "."
           file: ci/Dockerfile.std
           platforms: linux/amd64,linux/arm64
           tags: |
+            ${{ steps.metadata.outputs.tags }}
             ${{ steps.login-ecr.outputs.registry }}/tyk:${{ needs.goreleaser.outputs.tag }}
             ${{ steps.login-ecr.outputs.registry }}/tyk:${{ github.sha }}
 
-      - name: Tell gromit about new build
-        id: gromit
-        run: |
-          # Remember to remove the true when TD-626 is fixed
-          curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \
-                 -X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true
-
-      - name: Tell integration channel
-        if: ${{ failure() }}
-        run: |
-          colour=bad
-          pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about."
-          curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack
-          /tmp/slack chat send \
-          --actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \
-          --author 'Bender' \
-          --author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \
-          --author-link 'https://github.com/TykTechnologies/tyk-ci' \
-          --channel '#service-integration' \
-          --color $colour \
-          --fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \
-          --footer 'github-actions' \
-          --footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
-          --image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
-          --pretext "$pretext" \
-          --text 'Commit message: ${{ github.event.head_commit.message }}' \
-          --title 'Failed to add new build for CD' \
-          --title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
-
   sbom:
     needs: ci
     uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
@@ -235,11 +201,21 @@ jobs:
       DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
       ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
 
+  tat:
+    needs: ci
+    uses: tyklabs/tyk-pro/.github/workflows/tests.yml@v1
+    permissions:
+      id-token: write   # This is required for requesting the JWT
+      contents: read    # This is required for actions/checkout
+    with:
+      tyk-version: ${{ github.ref_name }}
+      tyk-analytics-version: ${{ github.ref_name }}
+
   upgrade-deb:
+    if: startsWith(github.ref, 'refs/tags')
     services:
       httpbin.org:
         image: kennethreitz/httpbin
-    if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
     runs-on: ubuntu-latest
     needs: goreleaser
     strategy:
@@ -284,7 +260,7 @@ jobs:
           ' > Dockerfile
 
       - name: install on ${{ matrix.distro }}
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           context: "."
           platforms: linux/${{ matrix.arch }}
@@ -298,10 +274,10 @@ jobs:
           docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }}
 
   upgrade-rpm:
+    if: startsWith(github.ref, 'refs/tags')
     services:
       httpbin.org:
         image: kennethreitz/httpbin
-    if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
     needs: goreleaser
     runs-on: ubuntu-latest
     strategy:
@@ -326,7 +302,7 @@ jobs:
         run: |
           echo 'FROM registry.access.redhat.com/${{ matrix.distro }}
           COPY tyk-gateway*.x86_64.rpm /tyk-gateway.rpm
-          RUN yum install --allowerasing  -y curl
+          RUN yum install --allowerasing -y curl
           RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.rpm.sh | bash && yum install -y tyk-gateway-3.0.8-1
           RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-gateway.key && rpm --import tyk-gateway.key
           RUN rpm --checksig tyk-gateway.rpm
@@ -340,7 +316,7 @@ jobs:
           ' > Dockerfile
 
       - name: install on ${{ matrix.distro }}
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           context: "."
           file: Dockerfile
@@ -353,7 +329,7 @@ jobs:
           docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }}
 
   smoke-tests:
-    if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
+    if: startsWith(github.ref, 'refs/tags')
     needs:
       - goreleaser
     runs-on: ubuntu-latest
@@ -395,34 +371,3 @@ jobs:
               fi
           done
 
-  # AWS updates only for stable releases
-  aws-mktplace-byol:
-    if: ( 'a' == 'b' )
-    runs-on: ubuntu-latest
-    needs:
-      - smoke-tests
-    strategy:
-      matrix:
-        flavour:
-          - al2
-          - rhel
-
-    steps:
-      - name: Checkout tyk
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 1
-
-      - uses: actions/download-artifact@v3
-        with:
-          name: rpm
-          path: aws
-
-      - name: Packer build
-        working-directory: ./ci/aws
-        run: |
-          export VERSION=${{ needs.goreleaser.outputs.tag }}
-          packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
-          packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
-
-
diff --git a/apidef/oas/oas.go b/apidef/oas/oas.go
@@ -283,7 +283,8 @@ func (s *OAS) getTykSecurityScheme(name string) interface{} {
 	return securitySchemes[name]
 }
 
-func (s *OAS) getTykMiddleware() (middleware *Middleware) {
+// GetTykMiddleware returns middleware section from XTykAPIGateway.
+func (s *OAS) GetTykMiddleware() (middleware *Middleware) {
 	if s.GetTykExtension() != nil {
 		middleware = s.GetTykExtension().Middleware
 	}
@@ -292,8 +293,8 @@ func (s *OAS) getTykMiddleware() (middleware *Middleware) {
 }
 
 func (s *OAS) getTykOperations() (operations Operations) {
-	if s.getTykMiddleware() != nil {
-		operations = s.getTykMiddleware().Operations
+	if s.GetTykMiddleware() != nil {
+		operations = s.GetTykMiddleware().Operations
 	}
 
 	return

diff --git a/apidef/oas/old_oas.go b/apidef/oas/old_oas.go
@@ -0,0 +1,27 @@
+package oas
+
+import (
+	"github.com/getkin/kin-openapi/openapi3"
+
+	openapifork "github.com/TykTechnologies/kin-openapi/openapi3"
+)
+
+type OldOAS struct {
+	openapifork.T
+}
+
+// ConvertToNewerOAS converts a deprecated OldOAS object to the newer OAS representation.
+func (o *OldOAS) ConvertToNewerOAS() (*OAS, error) {
+	outBytes, err := o.MarshalJSON()
+	if err != nil {
+		return nil, err
+	}
+
+	loader := openapi3.NewLoader()
+	t, err := loader.LoadFromData(outBytes)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OAS{T: *t}, nil
+}
diff --git a/ci/Dockerfile.std b/ci/Dockerfile.std
@@ -1,6 +1,6 @@
 
 # Generated by: gromit policy
-# Generated on: Wed May 10 05:25:19 UTC 2023
+# Generated on: Wed Jul 26 07:55:16 UTC 2023
 
 FROM debian:bullseye-slim
 ARG TARGETARCH

diff --git a/ci/aws/byol.pkr.hcl b/ci/aws/byol.pkr.hcl
@@ -1,6 +1,6 @@
 
 # Generated by: gromit policy
-# Generated on: Wed May 10 05:25:19 UTC 2023
+# Generated on: Wed Jul 26 07:55:16 UTC 2023
 
 packer {
   required_plugins {