-
Notifications
You must be signed in to change notification settings - Fork 0
158 lines (146 loc) · 6.16 KB
/
tyk-staging.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# Basic env promotion with GH secret store substituion triggered on successful PR reviews and approval with a push to main branch.
# This workflow will substitution env specific values for both staging and prod and deploy them as required.
name: API and Policy Promotion
# Perform the env promotion only on push to main branch
on:
push:
branches: [ TargetURL-Replacement ]
jobs:
staging-env-promotion:
runs-on: ubuntu-latest
steps:
# Check out the current repo and fetch only the current commits (JTBD)
- name: 'Checkout Repository'
uses: actions/checkout@v4
with:
fetch-depth: 1
# List the content that exists within the repo to validate the files
- name: 'List Repository Contents'
run: |
ls -la
pwd
cd dev
ls -la
# Install JQ library used to introspect the API and Policy definitions
- name: 'Install JQ Library'
uses: dcarbone/install-jq-action@v2
- name: 'Check JQ Library'
run: |
which jq
jq --version
# Create stg directory if needed
- name: "Create stg directory"
run: |
if [ ! -d stg ]; then
mkdir stg
echo "Created 'stg' directory."
else
echo "'stg' directory already exists."
fi
# Substitute with staging specific environment variables
- name: Replace proxy.target_url in JSON files
env:
STG_US_PROXY_TARGET_URL: ${{ secrets.STG_US_PROXY_TARGET_URL }}
run: |
cd ./dev
for file in $(find . -name "api*.json"); do
echo "Processing Tyk Classic API Definition: $file"
# Create a new file path in the stg directory with a stg- prefix
new_file="stg-$(basename "$file")"
# Replace proxy.target_url with the GitHub secret value and write to the new file
echo ${{secrets.STG_US_PROXY_TARGET_URL}} | sed 's/./& /g'
jq --arg url "$STG_US_PROXY_TARGET_URL" '.proxy.target_url = $url' "$file" > "../stg/$new_file"
echo "Updated target_url in $new_file"
done
# List the content that exists within the repo to validate the files
# Substitute config_data with Stg Version
- name: Replace config_data with Stg Version
env:
STG_US_CONFIG_DATA: ${{ secrets.STG_US_CONFIG_DATA }}
run: |
# cd ./stg
# ls -la
# pwd
for file in $(find . -name "stg-api*.json"); do
echo "Adding config_data to Tyk Classic API Definition: $file"
#echo "Config_Data Before:"
#jq '.api_definition.config_data' $file
#echo "Replacing with:"
#echo $STG_US_CONFIG_DATA | sed 's/./& /g'
jq --arg config_data "$STG_US_CONFIG_DATA" '.api_definition.config_data = ($config_data | fromjson)' "$file" > tmp_api.json
mv tmp_api.json $file
echo "Updated config_data in $file"
done
# for file in $(find . -name "stg*oas*.json"); do
# echo "Processing Tyk OAS Definitions"
# # Create a new file path in the stg directory with a stg- prefix
# new_file="stg-$(basename "$file")"
# echo "Config_Data Before:"
# cat $file | jq '.oas["x-tyk-api-gateway"].middleware.global.pluginConfig.data.value'
# #echo "Replacing with:"
# #cat $STG_US_CONFIG_DATA
# #cat $STG_US_CONFIG_DATA | sed 's/./& /g'
# jq --arg config_data "$STG_US_CONFIG_DATA" '.oas["x-tyk-api-gateway"].middleware.global.pluginConfig.data.value = ($config_data | fromjson)' "$file" > tmp_api.json mv temp.oas $file
# # "../stg/$new_file"
# done
# Substitute mTLS Root Certificate(s) with Stg Version
- name: Replace mTLS Root Certificates(s) with Stg Version
env:
STG_US_MTLS_ROOT_CERT: ${{ secrets.STG_US_MTLS_ROOT_CERT }}
run: |
cd ./stg
for file in $(find . -name "stg-api*.json"); do
mtls_api=$(jq '.api_definition.use_mutual_tls_auth' $file)
if [ "$mtls_api" = "true" ]; then
echo "Adding root cert(s) to Tyk Classic Definition: $file"
jq --arg root_cert "$STG_US_MTLS_ROOT_CERT" '.api_definition.client_certificates = ($root_cert)' "$file" > tmp_api.json
mv tmp_api.json $file
echo "Updated root cert(s) in $file"
fi
done
#OAS
# for file in $(find . -name "*oas*.json"); do
# echo "Processing Tyk OAS Definitions"
# # Create a new file path in the stg directory with a stg- prefix
# # new_file="stg-$(basename "$file")"
# # Check if .oas["x-tyk-api-gateway"].server.clientCertificates.enabled is true
# ENABLED=$(jq '.oas["x-tyk-api-gateway"].server.clientCertificates.enabled' "$file")
# echo $ENABLED
# if [ "$ENABLED" = "true" ]; then
# echo "Certificate AllowList Before:"
# cat $file | jq '.oas["x-tyk-api-gateway"].server.clientCertificates.allowlist'
# echo "Replacing with:"
# echo $STG_US_MTLS_ROOT_CERT | sed 's/./& /g'
# jq --arg root_cert "$STG_US_MTLS_ROOT_CERT" '.oas["x-tyk-api-gateway"].server.clientCertificates.allowlist = ($root_cert | fromjson)' "$file" > tmp.json && mv tmp.json $file
# else
# echo "Client Certificates are not enabled. No changes made."
# fi
# done
# List repo content post sub
# - name: 'List Repository Contents Post-Substitution'
# run: |
# cd stg
# pwd
# cat stg*.json | grep "target_url"
# ls -la
# Check for modified files
- name: Check for modified files
id: git-check
run: |
if [ -n "$(git status --porcelain)" ]; then
echo "modified=true" >> $GITHUB_ENV
else
echo "modified=false" >> $GITHUB_ENV
fi
# Push changes to remote repository
- name: Commit changes
if: env.modified == 'true'
env:
ORG_NAME: ${{ secrets.ORG_NAME }}
ORG_EMAIL: ${{ secrets.ORG_EMAIL }}
run: |
git config --global user.name "$ORG_NAME"
git config --global user.email "$ORG_EMAIL"
git add .
git commit -am "CI: Update staging assets"
git push