feat: OAS break test, API contract test, load test, security test.

.github/ISSUE_TEMPLATE/breaking-change.md

@@ -0,0 +1,7 @@
+---
+title: 'Breaking Change Detected for "{{ env.APP_NAME }}":'
+---
+
+A breaking change was detected in the OpenAPI specification. Please review the changes.
+
+{{ env.BREAKING_CHANGES }}

.github/workflows/deploy-kong-PRD.yaml

@@ -7,6 +7,7 @@ on:
     paths:
       - PRD/kong/kong.yaml
       - .github/workflows/deploy-kong-PRD.yaml
+  workflow_dispatch:
 
 jobs:
 
@@ -23,6 +24,8 @@ jobs:
   deploy-kong:
     name: Deploy Kong to PRD
     runs-on: ubuntu-latest
+    env:
+      DEPLOY_TARGET: KONNECT
 
     steps:
       - name: Checkout
@@ -31,12 +34,27 @@ jobs:
       - name: Setup deck
         uses: kong/setup-deck@v1
         with:
-          deck-version: '1.26.0'
+          deck-version: '1.38.0'
           wrapper: false
 
-      - name: deck sync
+      - name: deck sync konnect
+        if: env.DEPLOY_TARGET == 'KONNECT' || env.DEPLOY_TARGET == ''
         run: |
-          deck sync --select-tag platform-repo-managed \
-              -s PRD/kong/kong.yaml \
-              --konnect-runtime-group-name KongAir-PRD \
-              --konnect-token ${{ secrets.KONNECT_PAT }}
+           deck gateway sync --select-tag platform-repo-managed \
+               --konnect-control-plane-name ${{ env.KONNECT_CP_NAME }}\
+               --konnect-token ${{ secrets.KONNECT_PAT }} \
+               --konnect-addr ${{ env.KONNECT_ADDR }} \
+               PRD/kong/kong.yaml
+
+      - name: deck sync Kong EE
+        if: env.DEPLOY_TARGET == 'EE'
+        run: |
+            deck gateway sync --select-tag platform-repo-managed \
+                --kong-addr ${{ env.KONG_EE_ADMIN_API }} \
+                PRD/kong/kong.yaml
+
+      - name: deck sync Kong Ingress Controller
+        if: env.DEPLOY_TARGET == 'KIC'
+        run: |
+            deck file kong2kic --select-tag platform-repo-managed \
+                -s PRD/kong/kong.yaml | kubectl apply -f -

.github/workflows/docker.yaml

@@ -7,6 +7,7 @@ on:
     paths-ignore:
       - 'PRD/**'
       - 'platform/kong/.generated/kong.yaml'
+  workflow_dispatch:
 
 jobs:
   docker:
@@ -43,4 +44,4 @@ jobs:
           context: "${{ matrix.app.dir }}/${{ matrix.app.name }}"
           push: true
           platforms: linux/amd64,linux/arm64
-          tags: ghcr.io/kong/kongair-${{ matrix.app.name }}:latest
+          tags: ghcr.io/battlebyte/kongair-${{ matrix.app.name }}:latest

.github/workflows/stage-changes-for-kong.yaml

@@ -5,9 +5,11 @@ on:
     branches:
       - main
       - workflow/**
+      - contract-test
     paths-ignore:
       - 'PRD/**'
       - 'platform/kong/.generated/kong.yaml'
+  workflow_dispatch:
 
 jobs:
 
@@ -48,23 +50,189 @@ jobs:
               - 'sales/customer/kong/**'
               - 'experience/kong/**'
               - 'platform/kong/**'
-
-  oas-to-kong:
-    name: Convert OAS to Kong configurations
-
+
+  # Check if there are breaking changes in the OAS
+  # specifications of the services. If there are breaking
+  # changes, create an issue in the repository.
+  oas-break:
+    name: Check breaking changes
+
     needs: has-changes
     if: ${{ needs.has-changes.outputs.are-changes == 'true' }}
 
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        app:
+          - dir: flight-data
+            name: flights
+            port: 8080
+          - dir: flight-data
+            name: routes
+            port: 8081
+          - dir: sales
+            name: bookings
+            port: 8082
+          - dir: sales
+            name: customer
+            port: 8083
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      # The base OAS file is the version of the OAS file from the previous commit
+      - name: Base OAS
+        run: |
+          git show HEAD~1:${{ matrix.app.dir }}/${{ matrix.app.name }}/openapi.yaml > ${{ matrix.app.dir }}/${{ matrix.app.name }}/base.yaml
+      # Check breaking changes in the OAS and create an issue if there are any
+      - name: Check OAS breaking changes
+        uses: oasdiff/oasdiff-action/breaking@main
+        id: oasdiff  # Static ID
+        with:
+          base: ${{ matrix.app.dir }}/${{ matrix.app.name }}/base.yaml
+          revision: ${{ matrix.app.dir }}/${{ matrix.app.name }}/openapi.yaml
+      - name: Create Issue on Breaking Change
+        if: steps.oasdiff.outputs.breaking != 'No breaking changes'
+        uses: JasonEtco/create-an-issue@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          APP_NAME: ${{ matrix.app.name }}
+          BREAKING_CHANGES: ${{ steps.oasdiff.outputs.breaking }}
+        with:
+          filename: .github/ISSUE_TEMPLATE/breaking-change.md
+
+  # Run contract testing with SchemaThesis.
+  # The tests are based on the OpenAPI specifications of the services.
+  contract-test:
+    name: Contract testing
+    needs: has-changes
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      # Start the API implementation services and execute contract testing
+      # If you have a schemathesis token, you can uncomment the token line and use it
+      - name: Start services
+        run: chmod +x run-all.sh && ./run-all.sh
+      - name: Contract testing flights
+        uses: schemathesis/action@v1
+        with:
+          schema: flight-data/flights/openapi.yaml
+          base-url: http://localhost:8080
+          #token: ${{ secrets.SCHEMATHESIS_TOKEN }}
+      - name: Contract testing routes
+        uses: schemathesis/action@v1
+        with:
+          schema: flight-data/routes/openapi.yaml
+          base-url: http://localhost:8081
+          #token: ${{ secrets.SCHEMATHESIS_TOKEN }}
+      - name: Contract testing bookings
+        uses: schemathesis/action@v1
+        with:
+          schema: sales/bookings/openapi.yaml
+          base-url: http://localhost:8082
+          args: '-H "x-consumer-username: dfreese"'
+          #token: ${{ secrets.SCHEMATHESIS_TOKEN }}
+      - name: Contract testing customer
+        uses: schemathesis/action@v1
+        with:
+          schema: sales/customer/openapi.yaml
+          base-url: http://localhost:8083
+          args: '-H "x-consumer-username: jsmith"'
+          #token: ${{ secrets.SCHEMATHESIS_TOKEN }}
+
+  # Run security testing with OWASP ZAP Scan.
+  # The test is based on the OpenAPI specifications of the services.
+  security-test:
+    name: Security testing
+    runs-on: ubuntu-latest
+    needs: has-changes
+    strategy:
+      matrix:
+        app:
+          - dir: flight-data
+            name: flights
+          - dir: flight-data
+            name: routes
+          - dir: sales
+            name: bookings
+          - dir: sales
+            name: customer
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Start services
+        run: chmod +x run-all.sh && ./run-all.sh
+      - name: ZAP Scan
+        uses: zaproxy/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          format: openapi
+          target: '${{ matrix.app.dir }}/${{ matrix.app.name }}/openapi.yaml'
 
+  # Run load testing with K6. The script is generated from the OpenAPI specification.
+  load-test:
+    name: Load testing
+    runs-on: ubuntu-latest
+    needs: has-changes
+    strategy:
+      matrix:
+        app:
+          - dir: flight-data
+            name: flights
+          - dir: flight-data
+            name: routes
+          - dir: sales
+            name: bookings
+          - dir: sales
+            name: customer
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - name: Generate K6 script from openapi
+        uses: hatamiarash7/[email protected]
+        with:
+          openapi-file: '${{ matrix.app.dir }}/${{ matrix.app.name }}/openapi.yaml'
+          generator: 'k6'
+          output-dir: '${{ matrix.app.dir }}/${{ matrix.app.name }}/k6'
+      - name: Specifiy username
+        # if app name is bookings, use dfreese as username
+        # change string "TODO_EDIT_THE_X-CONSUMER-USERNAME" to "dfreese" in the script.js file
+        # if the app name is customer, use jsmith as username
+        # change string "TODO_EDIT_THE_X-CONSUMER-USERNAME" to "jsmith" in the script.js file
+        run: |
+          if [ "${{ matrix.app.name }}" == "bookings" ]; then
+            sed -i 's/TODO_EDIT_THE_X-CONSUMER-USERNAME/dfreese/g' '${{ matrix.app.dir }}/${{ matrix.app.name }}/k6/script.js'
+          fi
+          if [ "${{ matrix.app.name }}" == "customer" ]; then
+            sed -i 's/TODO_EDIT_THE_X-CONSUMER-USERNAME/jsmith/g' '${{ matrix.app.dir }}/${{ matrix.app.name }}/k6/script.js'
+          fi
+      - name: Start services
+        run: chmod +x run-all.sh && ./run-all.sh
+      - name: Run load test
+        run: |
+          curl https://github.com/grafana/k6/releases/download/v0.52.0/k6-v0.52.0-linux-amd64.tar.gz -L | tar xvz --strip-components 1
+          ./k6 run '${{ matrix.app.dir }}/${{ matrix.app.name }}/k6/script.js' --vus 10 --duration 10s
 
+
+  oas-to-kong:
+    name: Convert OAS to Kong configurations
+    needs: [has-changes, oas-break, contract-test]
+    if: ${{ needs.has-changes.outputs.are-changes == 'true' }}
+    runs-on: ubuntu-latest
+    outputs:
+      pull-request-number: ${{ steps.create_pr.outputs.pull-request-number }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
       - name: Setup deck
         uses: kong/setup-deck@v1
         with:
-          deck-version: '1.26.0'
+          deck-version: '1.38.0'
           wrapper: false
 
       - name: Convert Flights API to Kong
@@ -143,6 +311,9 @@ jobs:
             -o platform/kong/.generated/kong.yaml \
             "platform-repo-managed"
 
+      - name: Kong linting
+        run: deck file lint -s platform/kong/.generated/kong.yaml platform/kong/lint-rulesets.yaml
+
       - name: Upload Artifacts
         # Artifacts are the files that are built along the way of the pipeline but are not committed to the repo
         uses: actions/upload-artifact@v3
@@ -151,7 +322,52 @@ jobs:
           path: .github/artifacts/kong/*.yaml
 
       - name: Create PR for changed Kong Gateway Configuration
+        id: create_pr
         # The only file that should be changed for this PR is platform/kong/.generated/kong.yaml
         uses: peter-evans/create-pull-request@v5
         with:
           title: Stage Kong Gateway Configuration
+
+  # Obtain the changelog between the previous and current OAS for all services
+  # and create a PR comment with the changelog. This is useful for tracking changes
+  # and provides details in case of breaking changes.
+  oas-changelog:
+    # obtain the changelog between the previous and current OAS for all services
+    # and create a PR comment with the changelog
+    needs: oas-to-kong
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        app:
+          - dir: flight-data
+            name: flights
+          - dir: flight-data
+            name: routes
+          - dir: sales
+            name: bookings
+          - dir: sales
+            name: customer
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      # The base OAS file is the version of the OAS file from the previous commit
+      - name: Base OAS
+        run: |
+          git show HEAD~1:${{ matrix.app.dir }}/${{ matrix.app.name }}/openapi.yaml > ${{ matrix.app.dir }}/${{ matrix.app.name }}/base.yaml
+      - name: Obtain Changelog OAS
+        id: oaschangelog
+        uses: oasdiff/oasdiff-action/changelog@main
+        with:
+          base: ${{ matrix.app.dir }}/${{ matrix.app.name }}/base.yaml
+          revision: ${{ matrix.app.dir }}/${{ matrix.app.name }}/openapi.yaml
+          output-to-file: ${{ matrix.app.dir }}/${{ matrix.app.name }}/changelog.txt
+      - name: Create PR Comment with Changelog
+        id: create_comment
+        if: steps.oaschangelog.outputs.changelog != 'No changelog changes'
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          issue-number: ${{ needs.oas-to-kong.outputs.pull-request-number }}
+          body-path: ${{ matrix.app.dir }}/${{ matrix.app.name }}/changelog.txt
+

.github/workflows/stage-kong-for-PRD.yaml

@@ -8,6 +8,7 @@ on:
     paths:
       - platform/kong/.generated/kong.yaml
       - .github/workflows/stage-kong-for-PRD.yaml
+  workflow_dispatch:
 
 jobs:
 
@@ -32,7 +33,7 @@ jobs:
       - name: Setup deck
         uses: kong/setup-deck@v1
         with:
-          deck-version: '1.26.0'
+          deck-version: '1.38.0'
           wrapper: false
 
       - name: stage combined file for PRD
@@ -46,7 +47,7 @@ jobs:
         run: |
           EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
           echo "DIFF<<$EOF" >> $GITHUB_ENV
-          deck diff --select-tag platform-repo-managed -s PRD/kong/kong.yaml --konnect-runtime-group-name KongAir-PRD --konnect-token ${{ secrets.KONNECT_PAT }} >> $GITHUB_ENV
+          deck gateway diff --select-tag platform-repo-managed --konnect-control-plane-name KongAir-PRD --konnect-token ${{ secrets.KONNECT_PAT }} PRD/kong/kong.yaml >> $GITHUB_ENV
           echo "$EOF" >> $GITHUB_ENV
 
       - name: Create PR to stage changes for the Kong Gateway in production

.gitignore

@@ -6,3 +6,4 @@ kong-quickstart.*
 kong.env
 kong.yaml
 *.pid
+.hypothesis/