The API Gateway module contains several pipelines that run on pull requests, on the main branch, on the release branch, and periodically. They perform various tasks such as running a linter, executing unit tests with code coverage, generating artifacts for development and production purposes, and running integration tests. The integration tests ensure the functional correctness of Kyma API Gateway Operator and verify if upgrading to the new version of Kyma API Gateway Operator is possible.
In this repository, certain jobs are set up to run within the context of the repository environment. This ensures that the jobs that require access to repository Secrets are manually allowed by repository maintainers.
There are two environments configured:
- 'internal' - used when a repository collaborator runs a job in the repository
- 'restricted' - used when an outside collaborator runs a job in the repository. The run must be approved by @kyma-project/goat.
The tests use an OAuth2 authorization server mock that is deployed internally in the test cluster. In case of E2E tests running on Gardener, SAP Cloud Identity Services provider is used instead.
GARDENER_TOKEN- Kubeconfig token used to provision test-purpose shoots and for later cleanupDNS_SECRET_JSON- DNS ServiceAccount used to set up the custom domain using Gardener capabilities (Base64 encoded)
The following CI jobs are part of the development cycle.
| Name | Description |
|---|---|
PR Integration / Wait for image build |
Waits for the operator image build to finish so that the image-dependent jobs can be executed. |
pull-api-gateway-manager-build |
Builds Kyma API Gateway Operator image and pushes it to the dev registry. |
PR Integration / Integration tests |
Executes the main integration test suite for the API Gateway module on a k3d cluster. The job installs the Istio module using Kyma CLI. |
PR Integration / Kubernetes version compatibility test |
Executes the main integration test suite for the API Gateway module and checks for any incompatibilities with the latest Kubernetes version. |
PR Integration / Upgrade tests (pull_request) |
Executes the upgrade integration test suite for the API Gateway module and verifies if the existing release can be successfully upgraded to the new version. |
Pull Request / Golang lint check (pull_request) |
Performs linting. |
UI Tests / Run UI tests |
Runs UI tests for Busola extensions of the API Gateway module and APIRules. |
Pull Request / Run unit tests (pull_request) |
Runs unit tests with code coverage information. |
pre-api-gateway-presubmit-scanner |
Runs the Gitleaks presubmit scanner to detect any sensitive data that might have been committed. |
Workflow validation / Ensure SHA pinned actions |
Verifies that all external actions are pinned to a commit. |
pull-gitleaks / scan |
Runs the Gitleaks scan to detect any leaks of secrets. |
The following CI jobs are part of the release cycle.
| Name | Description |
|---|---|
PR Integration Release / Wait for image build |
Waits for the operator image build to finish so that the image-dependent jobs can be executed. |
pull-api-gateway-manager-build |
Builds Kyma API Gateway Operator image and pushes it to the dev registry. |
PR Integration Release / Integration tests |
Executes the main integration test suite for the API Gateway module on a k3d cluster. The job installs the Istio module using Kyma CLI. |
PR Integration Release / Kubernetes version compatibility test |
Executes the main integration test suite for the API Gateway module and checks for any incompatibilities with the latest Kubernetes version. |
PR Integration Release / Upgrade tests (pull_request) |
Executes the upgrade integration test suite for the API Gateway module and verifies if the existing release can be successfully upgraded to the new version. |
Pull Request / Golang lint check (pull_request) |
Performs linting. |
Pull Request / Run unit tests (pull_request) |
Runs unit tests with code coverage information. |
pre-api-gateway-presubmit-scanner |
Runs the Gitleaks presubmit scanner to detect any sensitive data that might have been committed. |
UI Tests / Run UI tests |
Runs UI tests for Busola extenstions of API Gateway module and API Rules |
PR Integration Release / Custom domain GCP |
Executes the integration test suite that verifies the functional correctness of Kyma API Gateway Operator. The test suite uses a custom domain and a Gardener GCP cluster. |
PR Integration Release / Custom domain AWS |
Executes the integration test suite that verifies the functional correctness of the API Gateway Operator. The test suite uses a custom domain and a Gardener AWS cluster. |
The following CI jobs are executed when you merge changes to the main branch and also run daily at 5:00 AM.
The following CI jobs run on the main branch.
| Name | Description |
|---|---|
Main Integration / Wait for image build |
Waits for the operator image build to finish so that the image-dependent jobs can be executed. |
post-api-gateway-manager-build |
Builds Kyma API Gateway Operator image and pushes it to the prod registry. |
Main Integration / Integration tests |
Executes the main integration test suite for the API Gateway module on a k3d cluster. The job uses Istio module. |
Main Integration / Upgrade tests |
Executes the upgrade integration test suite for the API Gateway module and verifies if the existing release can be successfully upgraded to the new version. |
Main Integration / Custom domain integration GCP |
Executes the integration test suite that verifies the functional correctness of Kyma API Gateway Operator. The test suite uses a custom domain and a Gardener GCP cluster. |
Main Integration / Custom domain integration AWS |
Executes the integration test suite that verifies the functional correctness of the API Gateway Operator. The test suite uses a custom domain and a Gardener AWS cluster. |
Main Integration / Slack Notification |
Sends a Slack notification to the team's channel if any pipelines fail on the main branch. |
The following CI jobs generate release artifacts. They are triggered on Git tag creation.
| Name | Description |
|---|---|
rel-api-gateway-manager-build |
Builds Kyma API Gateway Operator image on the release and pushes it to the prod registry. |
Create release / Check release prerequisites |
Checks whether all pre-requesites for release are met |
Create release / Create draft release |
Create a draft release that will be updated with release artifacts |
Create release / Publish release |
Publish the previously created draft release |