Merge branch 'TargetURL-Replacement' of https://github.com/TykTechnol… #3

Workflow file for this run

.github/workflows/tyk-staging.yml at a70e452

	# Basic env promotion with GH secret store substituion triggered on successful PR reviews and approval with a push to main branch.
	# This workflow will substitution env specific values for both staging and prod and deploy them as required.
	name: API and Policy Promotion

	# Perform the env promotion only on push to main branch
	on:
	push:
	branches: [ TargetURL-Replacement ]

	jobs:
	staging-env-promotion:
	runs-on: ubuntu-latest

	steps:
	# Check out the current repo and fetch only the current commits (JTBD)
	- name: 'Checkout Repository'
	uses: actions/checkout@v4
	with:
	fetch-depth: 1

	# List the content that exists within the repo to validate the files
	- name: 'List Repository Contents'
	run: \|
	ls -la
	pwd
	cd dev
	ls -la

	# Install JQ library used to introspect the API and Policy definitions
	- name: 'Install JQ Library'
	uses: dcarbone/install-jq-action@v2
	- name: 'Check JQ Library'
	run: \|
	which jq
	jq --version

	# Create stg directory if needed
	- name: "Create stg directory"
	run: \|
	if [ ! -d stg ]; then
	mkdir stg
	echo "Created 'stg' directory."
	else
	echo "'stg' directory already exists."
	fi

	# Substitute with staging specific environment variables
	- name: Replace proxy.target_url in JSON files
	env:
	STG_US_PROXY_TARGET_URL: ${{ secrets.STG_US_PROXY_TARGET_URL }}
	run: \|
	cd ./dev
	for file in $(find . -name "api*.json"); do
	echo "Processing Tyk Classic API Definition: $file"
	# Create a new file path in the stg directory with a stg- prefix
	new_file="stg-$(basename "$file")"
	# Replace proxy.target_url with the GitHub secret value and write to the new file
	echo ${{secrets.STG_US_PROXY_TARGET_URL}} \| sed 's/./& /g'
	jq --arg url "$STG_US_PROXY_TARGET_URL" '.proxy.target_url = $url' "$file" > "../stg/$new_file"
	echo "Updated target_url in $new_file"
	done
	# List the content that exists within the repo to validate the files

	# Substitute config_data with Stg Version
	- name: Replace config_data with Stg Version
	env:
	STG_US_CONFIG_DATA: ${{ secrets.STG_US_CONFIG_DATA }}
	run: \|
	# cd ./stg
	# ls -la
	# pwd
	for file in $(find . -name "stg-api*.json"); do
	echo "Adding config_data to Tyk Classic API Definition: $file"
	#echo "Config_Data Before:"
	#jq '.api_definition.config_data' $file
	#echo "Replacing with:"
	#echo $STG_US_CONFIG_DATA \| sed 's/./& /g'
	jq --arg config_data "$STG_US_CONFIG_DATA" '.api_definition.config_data = ($config_data \| fromjson)' "$file" > tmp_api.json
	mv tmp_api.json $file
	echo "Updated config_data in $file"
	done
	# for file in $(find . -name "stgoas.json"); do
	# echo "Processing Tyk OAS Definitions"
	# # Create a new file path in the stg directory with a stg- prefix
	# new_file="stg-$(basename "$file")"
	# echo "Config_Data Before:"
	# cat $file \| jq '.oas["x-tyk-api-gateway"].middleware.global.pluginConfig.data.value'
	# #echo "Replacing with:"
	# #cat $STG_US_CONFIG_DATA
	# #cat $STG_US_CONFIG_DATA \| sed 's/./& /g'
	# jq --arg config_data "$STG_US_CONFIG_DATA" '.oas["x-tyk-api-gateway"].middleware.global.pluginConfig.data.value = ($config_data \| fromjson)' "$file" > tmp_api.json mv temp.oas $file
	# # "../stg/$new_file"
	# done

	# Substitute mTLS Root Certificate(s) with Stg Version
	- name: Replace mTLS Root Certificates(s) with Stg Version
	env:
	STG_US_MTLS_ROOT_CERT: ${{ secrets.STG_US_MTLS_ROOT_CERT }}
	run: \|
	cd ./stg
	for file in $(find . -name "stg-api*.json"); do
	mtls_api=$(jq '.api_definition.use_mutual_tls_auth' $file)
	if [ "$mtls_api" = "true" ]; then
	echo "Adding root cert(s) to Tyk Classic Definition: $file"
	jq --arg root_cert "$STG_US_MTLS_ROOT_CERT" '.api_definition.client_certificates = ($root_cert)' "$file" > tmp_api.json
	mv tmp_api.json $file
	echo "Updated root cert(s) in $file"
	fi
	done
	#OAS
	# for file in $(find . -name "oas.json"); do
	# echo "Processing Tyk OAS Definitions"
	# # Create a new file path in the stg directory with a stg- prefix
	# # new_file="stg-$(basename "$file")"
	# # Check if .oas["x-tyk-api-gateway"].server.clientCertificates.enabled is true
	# ENABLED=$(jq '.oas["x-tyk-api-gateway"].server.clientCertificates.enabled' "$file")
	# echo $ENABLED
	# if [ "$ENABLED" = "true" ]; then
	# echo "Certificate AllowList Before:"
	# cat $file \| jq '.oas["x-tyk-api-gateway"].server.clientCertificates.allowlist'
	# echo "Replacing with:"
	# echo $STG_US_MTLS_ROOT_CERT \| sed 's/./& /g'
	# jq --arg root_cert "$STG_US_MTLS_ROOT_CERT" '.oas["x-tyk-api-gateway"].server.clientCertificates.allowlist = ($root_cert \| fromjson)' "$file" > tmp.json && mv tmp.json $file
	# else
	# echo "Client Certificates are not enabled. No changes made."
	# fi
	# done

	# List repo content post sub
	# - name: 'List Repository Contents Post-Substitution'
	# run: \|
	# cd stg
	# pwd
	# cat stg*.json \| grep "target_url"
	# ls -la

	# Check for modified files
	- name: Check for modified files
	id: git-check
	run: \|
	if [ -n "$(git status --porcelain)" ]; then
	echo "modified=true" >> $GITHUB_ENV
	else
	echo "modified=false" >> $GITHUB_ENV
	fi

	# Push changes to remote repository
	- name: Commit changes
	if: env.modified == 'true'
	env:
	ORG_NAME: ${{ secrets.ORG_NAME }}
	ORG_EMAIL: ${{ secrets.ORG_EMAIL }}
	run: \|
	git config --global user.name "$ORG_NAME"
	git config --global user.email "$ORG_EMAIL"
	git add .
	git commit -am "CI: Update staging assets"
	git push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge branch 'TargetURL-Replacement' of https://github.com/TykTechnol… #3

Workflow file

Merge branch 'TargetURL-Replacement' of https://github.com/TykTechnol… #3

Jobs

Run details

Workflow file for this run