Open questions:

• How to supply GCP credentials
• Non-expiring hybrid organization

https://github.com/apps/in-solidarity

./solutions/proxy-template/template-v1/apiproxy/targets/default.xml currently supports <URL>@TargetURL@</URL> (currently only in PR #30)

The template could/should support the use of Target Server definitions either exclusively or as an alternative.

can we reinit them?

We had several broken builds lately because of patch version increments of the Alpine packages and subsequent removal of the previous versions.

I recommend we move to using minimum versions instead of fixing exact versions.

Alternatively we have to host our own container images for the pipeline to deal with disappearing dependencies.

When running the pipeline without any Java files the current check reports a failure even though no checks are performed.

Steps to reproduce:

Run:

npm run pipeline -- ./references/proxy-template

Produces a Java Lint Failure

Java Lint                                                fail

even though there are no Java files in this folder:

$ find ./references/proxy-template/ -type f -name "*.java"
#no files

when running pipeline for a single project, we see

test -f unknown operand

When setting the env variable $REGION (and $ZONE), it is worth mentioning that the Analytics are not available in all regions. If a user chooses a $REGION where Analytics are not available, the script fails.

When a user specifics a DNS_NAME, one pre-requisite to add is that the domain shall be verified and a DNS zone called "apigee-dns-zone" shall be created in advance before starting the installation script. Otherwise, the later will fail with the following error "ERROR: (gcloud.dns.record-sets.transaction.execute) HTTPError 404: The 'parameters.managedZone' resource named 'apigee-dns-zone' does not exist."

https://github.com/github/super-linter

leveraging this could reduce our cost of maintenance

Currently it doesn't take into consideration the value of $DIR

it would be nice to only run the build after a code review, incase PRs contain malicious code. this may require reviews to manually triggger the build after a review.

commit 42facea reformatted all JS files and caused the CICD reference to break at the eslint step.

Options:

1. Revert the changes to the CICD reference (Airports proxy)
2. Change the eslint preferences in the CICD reference

Also why didn't the Travis build catch this?

Pipeline Report

run-pipelines                                                      pass
references//workspace/references/apigee-sandbox-v1 Pipeline        pass
references//workspace/references/apimocker-hostedtargets Pipeline  pass
references//workspace/references/cicd-jenkins Pipeline             pass
references//workspace/references/common-shared-flows Pipeline      pass
references//workspace/references/gcp-sa-auth-shared-flow Pipeline  pass
references//workspace/references/identity-facade Pipeline          fail
references//workspace/references/java-callout Pipeline             pass
references//workspace/references/js-callout Pipeline               pass
references//workspace/references/kvm-admin-api Pipeline            pass
references//workspace/references/oidc-mock Pipeline                pass
references//workspace/references/proxy-template Pipeline           pass
references//workspace/references/southbound-mtls Pipeline          pass
labs//workspace/labs/best-practices-hackathon Pipeline             pass
tools//workspace/tools/another-apigee-client Pipeline              pass
tools//workspace/tools/decrypt-hybrid-assets Pipeline              fail
tools//workspace/tools/hybrid-quickstart Pipeline                  pass
tools//workspace/tools/organization-cleanup Pipeline               pass
tools//workspace/tools/pipeline-linter Pipeline                    pass
tools//workspace/tools/pipeline-runner Pipeline                    pass

view details in Cloud Build (permission required)

Allow projects to publish artefacts such that casual users do not have to build the entire stack to quickly use a tool/reference.

https://github.com/features/packages

Candidates:

• Docker Image for Jenkins Reference
• Proxy Generator
• ...

e.g. https://github.com/ApigeeEMEA/demo-general-circuit-breaker/blob/master/postman/Circuit%20Breaker%20Cache.postman_collection.json

E.g. If I have an identity-v1 reference project in devrel, as a reader I might think that pipeline.sh is required in my own project. Hiding it could be useful.

For example https://github.com/ApigeeEMEA/demo-operations-api-analytics-load-generator

Dev Rel will require:

• GCP credentials + project (with billing)
• gcloud sdk
• maven

(maybe DNS is required, or maybe IP address is okay)

Such as here ?

"Encrypted variables are not available to untrusted builds such as pull requests coming from another repository."

https://docs.travis-ci.com/user/environment-variables/#defining-encrypted-variables-in-travisyml

Pipeline Report

run-pipelines                                                      pass
references//workspace/references/apigee-sandbox-v1 Pipeline        pass
references//workspace/references/apimocker-hostedtargets Pipeline  pass
references//workspace/references/cicd-jenkins Pipeline             pass
references//workspace/references/common-shared-flows Pipeline      pass
references//workspace/references/gcp-sa-auth-shared-flow Pipeline  pass
references//workspace/references/identity-facade Pipeline          fail
references//workspace/references/java-callout Pipeline             pass
references//workspace/references/js-callout Pipeline               pass
references//workspace/references/kvm-admin-api Pipeline            pass
references//workspace/references/oidc-mock Pipeline                pass
references//workspace/references/proxy-template Pipeline           pass
references//workspace/references/southbound-mtls Pipeline          pass
labs//workspace/labs/best-practices-hackathon Pipeline             pass
tools//workspace/tools/another-apigee-client Pipeline              pass
tools//workspace/tools/decrypt-hybrid-assets Pipeline              fail
tools//workspace/tools/hybrid-quickstart Pipeline                  pass
tools//workspace/tools/organization-cleanup Pipeline               pass
tools//workspace/tools/pipeline-linter Pipeline                    pass
tools//workspace/tools/pipeline-runner Pipeline                    pass

view details in Cloud Build (permission required)

Currently this is done using the approach as suggested here:
https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-secrets-credentials#store_credentials

We would like to create a utility to abstract this away and make it reusable for all projects.

When running the command as per the pipeline we get the following error

$ [ ! `grep -ir "blacklist\|whitelist\|master\|slave" .` ]

sh: [: too many arguments

Also the sections which contain the preferred terms are not printed.

as above

See build: https://github.com/apigee/devrel/actions/runs/271099476

https://github.com/koalaman/shellcheck

settting up the variables is a little clunky for new users - can we automate this as part of the pipeline?

https://github.com/seymen/apigee-crl

if the only files changed were markdown/static content, can we reduce pipeline steps?

Apigee NG requires that the cache entry has an expiry time for a cache resource.
When the shared flow does a lookup on the cache entry it exists, but when the set am header policy tries to add the bearer token it cant find the entry

identity facade pipeline is failing with a curl 404- @JoelGauci lets take a look

Something like https://github.com/danistrebel?tab=packages

So we don't have to remember it all the time.

To use GCP services from Apigee most services require a service account access or identity token to be available from within a flow.

Apigee SaaS provides an extension but has the following short comings:

• not available in hybrid
• no key rotation possible
• no flexibility over where to store the SA key

A shared flow could be added to perform the following tasks

• lookup access tokens in cache
• exchange a SA key for an access / id token
• cache the token for later use

https://github.com/github/super-linter/issues/938

https://github.com/apigee/devrel/actions/runs/411849328