Skip to content

chore: automatic update sec-scanners-config.yaml (#1570) #17

chore: automatic update sec-scanners-config.yaml (#1570)

chore: automatic update sec-scanners-config.yaml (#1570) #17

name: Post Main Workflow
permissions:
id-token: write # This is required for requesting the JWT token
contents: read # This is required for actions/checkout
on:
push:
paths-ignore:
- "docs/**"
- "**/*.md"
- "CODEOWNERS"
- "sec-scanners-config.yaml"
- "external-images.yaml"
branches:
- main
schedule:
- cron: '0 5 * * *' # Run every day at 05:00 AM
jobs:
build:
name: build api-gateway image
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
if: ${{ github.event_name != 'schedule' }}
with:
name: api-gateway/main/api-gateway-manager
dockerfile: Dockerfile
context: .
build-args: |
VERSION=${{ github.sha }}
tags: "${{ github.sha }}"
get-sha:
name: Get manager SHA
runs-on: ubuntu-latest
needs: [ build ]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
outputs:
sha: ${{ steps.get-sha.outputs.sha }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- id: get-sha
uses: ./.github/actions/get-latest-sha
unit-tests:
name: Unit, integration tests & lint
if: ${{ always() && !failure() && !cancelled() }}
needs: [get-sha]
uses: ./.github/workflows/call-unit-lint.yaml
secrets: inherit
e2e-tests-k3d:
name: E2E tests K3D
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
strategy:
fail-fast: false
matrix:
test_make_target: [ "test-integration-ory", "test-integration-istio", "test-integration-v2alpha1", "test-integration-gateway" ]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/e2e-test-k3d
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
test_client_id: ${{ secrets.CLIENT_ID }}
test_client_secret: ${{ secrets.CLIENT_SECRET }}
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
test_make_target: ${{ matrix.test_make_target }}
e2e-tests-aws:
name: E2E tests AWS
runs-on: ubuntu-latest
needs: [ get-sha ]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
strategy:
fail-fast: false
matrix:
test_make_target: [ "test-integration-ory", "test-integration-istio", "test-integration-v2alpha1", "test-integration-gateway" ]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- uses: ./.github/actions/e2e-test-gardener
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
gardener_secret: ${{ secrets.GARDENER_TOKEN }}
gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }}
gardener_provider: aws
test_client_id: ${{ secrets.CLIENT_ID }}
test_client_secret: ${{ secrets.CLIENT_SECRET }}
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
test_make_target: ${{ matrix.test_make_target }}
migration-downtime-tests:
name: Zero Downtime Migration Tests
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
strategy:
fail-fast: false
matrix:
handler: [ "no_auth", "allow", "noop", "jwt", "oauth2_introspection" ]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/e2e-test-k3d
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HANDLER: ${{ matrix.handler }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
test_make_target: test-migration-zero-downtime-${{ matrix.handler }}
migration-downtime-tests-aws:
name: Zero Downtime Migration Tests AWS
runs-on: ubuntu-latest
needs: [ get-sha ]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
strategy:
fail-fast: false
matrix:
handler: [ "no_auth", "allow", "noop", "jwt", "oauth2_introspection" ]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/e2e-test-gardener
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
gardener_secret: ${{ secrets.GARDENER_TOKEN }}
gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }}
gardener_provider: aws
test_client_id: ${{ secrets.CLIENT_ID }}
test_client_secret: ${{ secrets.CLIENT_SECRET }}
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
test_make_target: test-migration-zero-downtime-${{ matrix.handler }}
upgrade-tests-k3d:
name: Upgrade tests
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/upgrade-test
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
test_client_id: ${{ secrets.CLIENT_ID }}
test_client_secret: ${{ secrets.CLIENT_SECRET }}
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
target_branch: ${{github.ref_name}}
e2e-custom-domain-gcp:
name: E2E custom domain tests GCP
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- uses: ./.github/actions/e2e-test-gardener
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
gardener_secret: ${{ secrets.GARDENER_TOKEN }}
gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }}
gardener_provider: gcp
test_client_id: ${{ secrets.CLIENT_ID }}
test_client_secret: ${{ secrets.CLIENT_SECRET }}
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
dns_secret_json: ${{ secrets.DNS_SECRET_JSON }}
test_custom_domain: ${{ vars.TEST_CUSTOM_DOMAIN }}
test_make_target: 'test-custom-domain'
e2e-custom-domain-aws:
name: E2E custom domain tests AWS
runs-on: ubuntu-latest
needs: [get-sha]
# The additional if is required, because there are optional jobs
if: ${{ always() && !failure() && !cancelled() }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- uses: ./.github/actions/e2e-test-gardener
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}"
gardener_secret: ${{ secrets.GARDENER_TOKEN }}
gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }}
gardener_provider: aws
test_client_id: ${{ secrets.CLIENT_ID }}
test_client_secret: ${{ secrets.CLIENT_SECRET }}
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration"
dns_secret_json: ${{ secrets.DNS_SECRET_JSON }}
test_custom_domain: ${{ vars.TEST_CUSTOM_DOMAIN }}
test_make_target: 'test-custom-domain'
slack_failed_notification:
name: Slack Notification
runs-on: ubuntu-latest
if: ${{ failure() }}
needs: [e2e-tests-k3d, e2e-tests-aws, upgrade-tests-k3d, e2e-custom-domain-gcp, e2e-custom-domain-aws, migration-downtime-tests, migration-downtime-tests-aws]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Notify
uses: ./.github/actions/slack-notification-failed-workflow
with:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}