apigee / devrel Goto Github PK

identity facade pipeline is failing with a curl 404- @JoelGauci lets take a look

can we reinit them?

When a user specifics a DNS_NAME, one pre-requisite to add is that the domain shall be verified and a DNS zone called "apigee-dns-zone" shall be created in advance before starting the installation script. Otherwise, the later will fail with the following error "ERROR: (gcloud.dns.record-sets.transaction.execute) HTTPError 404: The 'parameters.managedZone' resource named 'apigee-dns-zone' does not exist."

Pipeline Report

run-pipelines                                                      pass
references//workspace/references/apigee-sandbox-v1 Pipeline        pass
references//workspace/references/apimocker-hostedtargets Pipeline  pass
references//workspace/references/cicd-jenkins Pipeline             pass
references//workspace/references/common-shared-flows Pipeline      pass
references//workspace/references/gcp-sa-auth-shared-flow Pipeline  pass
references//workspace/references/identity-facade Pipeline          fail
references//workspace/references/java-callout Pipeline             pass
references//workspace/references/js-callout Pipeline               pass
references//workspace/references/kvm-admin-api Pipeline            pass
references//workspace/references/oidc-mock Pipeline                pass
references//workspace/references/proxy-template Pipeline           pass
references//workspace/references/southbound-mtls Pipeline          pass
labs//workspace/labs/best-practices-hackathon Pipeline             pass
tools//workspace/tools/another-apigee-client Pipeline              pass
tools//workspace/tools/decrypt-hybrid-assets Pipeline              fail
tools//workspace/tools/hybrid-quickstart Pipeline                  pass
tools//workspace/tools/organization-cleanup Pipeline               pass
tools//workspace/tools/pipeline-linter Pipeline                    pass
tools//workspace/tools/pipeline-runner Pipeline                    pass

view details in Cloud Build (permission required)

Currently it doesn't take into consideration the value of $DIR

E.g. If I have an identity-v1 reference project in devrel, as a reader I might think that pipeline.sh is required in my own project. Hiding it could be useful.

When running the command as per the pipeline we get the following error

$ [ ! `grep -ir "blacklist\|whitelist\|master\|slave" .` ]

sh: [: too many arguments

Also the sections which contain the preferred terms are not printed.

as above

When running the pipeline without any Java files the current check reports a failure even though no checks are performed.

Steps to reproduce:

Run:

npm run pipeline -- ./references/proxy-template

Produces a Java Lint Failure

Java Lint                                                fail

even though there are no Java files in this folder:

$ find ./references/proxy-template/ -type f -name "*.java"
#no files

When setting the env variable $REGION (and $ZONE), it is worth mentioning that the Analytics are not available in all regions. If a user chooses a $REGION where Analytics are not available, the script fails.

"Encrypted variables are not available to untrusted builds such as pull requests coming from another repository."

https://docs.travis-ci.com/user/environment-variables/#defining-encrypted-variables-in-travisyml

Currently this is done using the approach as suggested here:
https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-secrets-credentials#store_credentials

We would like to create a utility to abstract this away and make it reusable for all projects.

if the only files changed were markdown/static content, can we reduce pipeline steps?

https://github.com/github/super-linter

leveraging this could reduce our cost of maintenance

Pipeline Report

run-pipelines                                                      pass
references//workspace/references/apigee-sandbox-v1 Pipeline        pass
references//workspace/references/apimocker-hostedtargets Pipeline  pass
references//workspace/references/cicd-jenkins Pipeline             pass
references//workspace/references/common-shared-flows Pipeline      pass
references//workspace/references/gcp-sa-auth-shared-flow Pipeline  pass
references//workspace/references/identity-facade Pipeline          fail
references//workspace/references/java-callout Pipeline             pass
references//workspace/references/js-callout Pipeline               pass
references//workspace/references/kvm-admin-api Pipeline            pass
references//workspace/references/oidc-mock Pipeline                pass
references//workspace/references/proxy-template Pipeline           pass
references//workspace/references/southbound-mtls Pipeline          pass
labs//workspace/labs/best-practices-hackathon Pipeline             pass
tools//workspace/tools/another-apigee-client Pipeline              pass
tools//workspace/tools/decrypt-hybrid-assets Pipeline              fail
tools//workspace/tools/hybrid-quickstart Pipeline                  pass
tools//workspace/tools/organization-cleanup Pipeline               pass
tools//workspace/tools/pipeline-linter Pipeline                    pass
tools//workspace/tools/pipeline-runner Pipeline                    pass

view details in Cloud Build (permission required)

./solutions/proxy-template/template-v1/apiproxy/targets/default.xml currently supports <URL>@TargetURL@</URL> (currently only in PR #30)

The template could/should support the use of Target Server definitions either exclusively or as an alternative.

Allow projects to publish artefacts such that casual users do not have to build the entire stack to quickly use a tool/reference.

https://github.com/features/packages

Candidates:

• Docker Image for Jenkins Reference
• Proxy Generator
• ...

https://github.com/seymen/apigee-crl

We had several broken builds lately because of patch version increments of the Alpine packages and subsequent removal of the previous versions.

I recommend we move to using minimum versions instead of fixing exact versions.

Alternatively we have to host our own container images for the pipeline to deal with disappearing dependencies.

https://github.com/apigee/devrel/actions/runs/411849328

Apigee NG requires that the cache entry has an expiry time for a cache resource.
When the shared flow does a lookup on the cache entry it exists, but when the set am header policy tries to add the bearer token it cant find the entry

To use GCP services from Apigee most services require a service account access or identity token to be available from within a flow.

Apigee SaaS provides an extension but has the following short comings:

• not available in hybrid
• no key rotation possible
• no flexibility over where to store the SA key

A shared flow could be added to perform the following tasks

• lookup access tokens in cache
• exchange a SA key for an access / id token
• cache the token for later use

https://github.com/koalaman/shellcheck

For example https://github.com/ApigeeEMEA/demo-operations-api-analytics-load-generator

Dev Rel will require:

• GCP credentials + project (with billing)
• gcloud sdk
• maven

(maybe DNS is required, or maybe IP address is okay)

Such as here ?

commit 42facea reformatted all JS files and caused the CICD reference to break at the eslint step.

Options:

1. Revert the changes to the CICD reference (Airports proxy)
2. Change the eslint preferences in the CICD reference

Also why didn't the Travis build catch this?

settting up the variables is a little clunky for new users - can we automate this as part of the pipeline?

e.g. https://github.com/ApigeeEMEA/demo-general-circuit-breaker/blob/master/postman/Circuit%20Breaker%20Cache.postman_collection.json

https://github.com/github/super-linter/issues/938

https://github.com/apps/in-solidarity

when running pipeline for a single project, we see

test -f unknown operand

Open questions:

• How to supply GCP credentials
• Non-expiring hybrid organization

it would be nice to only run the build after a code review, incase PRs contain malicious code. this may require reviews to manually triggger the build after a review.

So we don't have to remember it all the time.

Something like https://github.com/danistrebel?tab=packages

See build: https://github.com/apigee/devrel/actions/runs/271099476