Merge branch 'main' into kcperrs4

kyma-project · Nov 26, 2024 · b0dda63 · b0dda63
2 parents 1dc22da + 78d143a
commit b0dda63
Show file tree

Hide file tree

Showing 153 changed files with 2,906 additions and 1,110 deletions.
diff --git a/.github/workflows/create-and-promote-release.yaml b/.github/workflows/create-and-promote-release.yaml
@@ -0,0 +1,28 @@
+name: "Create and promote release"
+run-name: Create and promote release ${{ inputs.name }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      name:
+        description: 'Create release'
+        default: ""
+        required: true
+
+jobs:
+  create-release:
+    name: Create release
+    uses: "./.github/workflows/create-release.yaml"
+    with:
+      name: ${{ inputs.name }}
+      skip-sec-file-and-chart-bump: false
+      dry-run: false
+    secrets: inherit
+
+  promote:
+    name: Promote
+    needs: create-release
+    uses: "./.github/workflows/promote-keb-to-dev.yaml"
+    with:
+      releaseTag: ${{ inputs.name }}
+    secrets: inherit
diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
@@ -15,6 +15,25 @@ on:
         description: 'Create release'
         default: ""
         required: true
+      skip-sec-file-and-chart-bump:
+        type: boolean
+        description: 'Do not bump sec file and chart'
+        default: false
+      dry-run:
+        type: boolean
+        description: 'Do not publish'
+        default: false
+  workflow_call:
+    inputs:
+      name:
+        type: string
+        description: 'Create release'
+        default: ""
+        required: true
+      skip-sec-file-and-chart-bump:
+        type: boolean
+        description: 'Do not bump sec file and chart'
+        default: false
       dry-run:
         type: boolean
         description: 'Do not publish'
@@ -190,12 +209,27 @@ jobs:
       - run: git pull
 
       - name: Update sec-scanners-config.yaml
+        if: ${{ !inputs.skip-sec-file-and-chart-bump }}
         run: scripts/create_scan_config.sh "sec-scanners-config.yaml" ${{ inputs.name }}
 
       - name: Bump KEB chart
+        if: ${{ !inputs.skip-sec-file-and-chart-bump }}
         run: scripts/bump_keb_chart.sh ${{ inputs.name }} "release"
 
+      - name: Check if any PR was merged during release
+        env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[0].sha')
+          echo "Latest commit sha: $COMMIT_SHA"
+          echo "Workflow sha: ${{ github.sha }}"
+          if [ "$COMMIT_SHA" != "${{ github.sha }}" ]; then
+            echo "::error ::a PR was merged during the release. Don't rerun this workflow, create a new release with the same version"
+            exit 1
+          fi
+
       - name: Create PR if anything changed
+        if: ${{ !inputs.skip-sec-file-and-chart-bump }}
         env:
           GH_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
@@ -211,7 +245,20 @@ jobs:
             echo "PR_NUMBER=$(echo "$PR_STATUS" | tail -n 1)" >> $GITHUB_ENV
           fi
 
+      - name: Merge PR
+        if: ${{ !inputs.skip-sec-file-and-chart-bump }}
+        env:
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
+          REPOSITORY: ${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}
+        run: |
+          if [ "$PR_NUMBER" -gt 0 ]; then
+            scripts/merge_pr.sh
+          else
+            echo "Step skipped"
+          fi
+
       - name: Await PR merge
+        if: ${{ !inputs.skip-sec-file-and-chart-bump }}
         timeout-minutes: 45
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -223,6 +270,18 @@ jobs:
             echo "Step skipped"
           fi
 
+      - name: Check if any PR have been merged before merging the bump PR
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[1].sha')
+          echo "Latest commit sha: $COMMIT_SHA"
+          echo "Bump sha: ${{ github.sha }}"
+          if [ "$COMMIT_SHA" != "${{ github.sha }}" ]; then
+            echo "::error ::a PR have been merged before merging the bump PR. Don't rerun this workflow. Create a new release with the same version"
+            exit 1 
+          fi
+
       - name: Save latest commit ref
         id: pull-ref
         env:
@@ -249,6 +308,18 @@ jobs:
           fetch-depth: 0
           ref: ${{ needs.bumps.outputs.latest_commit}}
 
+      - name: Check if any PR was merged after bumps
+        env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[0].sha')
+          echo "Latest commit sha: $COMMIT_SHA"
+          echo "Bump sha: ${{ needs.bumps.outputs.latest_commit}}"
+          if [ "$COMMIT_SHA" != "${{ needs.bumps.outputs.latest_commit}}" ]; then
+            echo "::error ::a PR was merged after the bumps. Don't rerun this workflow, create a new release with the same version"
+            exit 1 
+          fi
+        
       - name: Create draft release
         id: create-draft
         env:
@@ -263,6 +334,18 @@ jobs:
           git tag ${{ github.event.inputs.name }}
           git push origin ${{ github.event.inputs.name }}
 
+      - name: Check if any PR may have been merged before creating the tag and draft release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[0].sha')
+          echo "Latest commit sha: $COMMIT_SHA"
+          echo "Bump sha: ${{ needs.bumps.outputs.latest_commit}}"
+          if [ "$COMMIT_SHA" != "${{ needs.bumps.outputs.latest_commit}}" ]; then
+            echo "::error ::a PR may have been merged before the tag and draft release were created. Delete the tag and the draft release. Don't rerun this workflow. Create a new release with the same version"
+            exit 1 
+          fi
+
     outputs:
       release_id: ${{ steps.create-draft.outputs.release_id }}
 

diff --git a/.github/workflows/promote-keb-to-dev.yaml b/.github/workflows/promote-keb-to-dev.yaml
@@ -15,6 +15,13 @@ on:
         description: "Release Tag"
         default: 'use latest release'
         required: true
+  workflow_call:
+    inputs:
+      releaseTag:
+        type: string
+        description: "Release Tag"
+        default: 'use latest release'
+        required: true
 
 jobs:
   promote:
@@ -32,7 +39,11 @@ jobs:
       - name: Use default (latest) Release Tag
         if: inputs.releaseTag == 'use latest release'
         run: |
-          latest=$(curl -s -H "Accept: application/vnd.github+json" ${KEB_API_URL}/releases/latest | jq -r '.tag_name') 
+          latest=$(curl -s -H "Accept: application/vnd.github+json" ${KEB_API_URL}/releases/latest | jq -r '.tag_name')
+          if [ -z "$latest" ]; then
+              echo "Failed to fetch the latest release tag"
+              exit 1
+          fi
           echo "TAG=${latest}" >> $GITHUB_ENV
 
       - name: Validate given release tag
@@ -77,6 +88,16 @@ jobs:
           make bump-patch
           yq -i '.dependencies |= map(select(.name == "keb").version="'${TAG}'")' keb-sap/Chart.yaml
           yq e ".appVersion = \"${TAG}\"" -i keb-sap/Chart.yaml
+        
+      - name: Check changes
+        working-directory: management-plane-charts
+        run: |
+          changes=$(git diff --shortstat)
+          echo "$changes"
+          if [[ "$changes" != *"3 insertions(+), 3 deletions(-)"* ]]; then
+            echo "Expected 3 insertions and 3 deletions, but found different changes."
+            exit 1
+          fi
 
       - name: Commit and push changes
         working-directory: management-plane-charts

diff --git a/Dockerfile.globalaccounts b/Dockerfile.globalaccounts
@@ -1,5 +1,5 @@
 # Build image
-FROM golang:1.23.2-alpine3.20 AS build
+FROM golang:1.23.3-alpine3.20 AS build
 
 WORKDIR /go/src/github.com/kyma-project/kyma-environment-broker
 

diff --git a/Dockerfile.job b/Dockerfile.job
@@ -1,5 +1,5 @@
 # Build image
-FROM golang:1.23.2-alpine3.20 AS build
+FROM golang:1.23.3-alpine3.20 AS build
 
 WORKDIR /go/src/github.com/kyma-project/kyma-environment-broker
 

diff --git a/Dockerfile.keb b/Dockerfile.keb
@@ -1,5 +1,5 @@
 # Build image
-FROM golang:1.23.2-alpine3.20 AS build
+FROM golang:1.23.3-alpine3.20 AS build
 
 WORKDIR /go/src/github.com/kyma-project/kyma-environment-broker
 

diff --git a/Dockerfile.runtimereconciler b/Dockerfile.runtimereconciler
@@ -1,5 +1,5 @@
 # Build image
-FROM golang:1.23.2-alpine3.20 AS build
+FROM golang:1.23.3-alpine3.20 AS build
 
 WORKDIR /go/src/github.com/kyma-project/kyma-environment-broker
 

diff --git a/Dockerfile.schemamigrator b/Dockerfile.schemamigrator
@@ -1,5 +1,5 @@
 # Build image
-FROM golang:1.23.2-alpine3.20 AS build
+FROM golang:1.23.3-alpine3.20 AS build
 
 WORKDIR /go/src/github.com/kyma-project/kyma-environment-broker
 

diff --git a/Dockerfile.subaccountsync b/Dockerfile.subaccountsync
@@ -1,5 +1,5 @@
 # Build image
-FROM golang:1.23.2-alpine3.20 AS build
+FROM golang:1.23.3-alpine3.20 AS build
 
 WORKDIR /go/src/github.com/kyma-project/kyma-environment-broker
 

diff --git a/cmd/broker/binding_test.go b/cmd/broker/binding_test.go
@@ -111,6 +111,32 @@ func TestBinding(t *testing.T) {
 		assert.Equal(t, http.StatusOK, resp.StatusCode)
 	})
 
+	t.Run("should return 200 when creating a second binding with the same id and params as an existing one", func(t *testing.T) {
+		bid = uuid.New().String()
+		resp = suite.CallAPI(http.MethodPut, fmt.Sprintf("oauth/v2/service_instances/%s/service_bindings/%s", iid, bid),
+			`{
+                "service_id": "47c9dcbf-ff30-448e-ab36-d3bad66ba281",
+                "plan_id": "361c511f-f939-4621-b228-d0fb79a1fe15",
+				"parameters": {
+					"expiration_seconds": 600
+				}
+               }`)
+
+		time.Sleep(2 * time.Second)
+
+		resp = suite.CallAPI(http.MethodPut, fmt.Sprintf("oauth/v2/service_instances/%s/service_bindings/%s", iid, bid),
+			`{
+                "service_id": "47c9dcbf-ff30-448e-ab36-d3bad66ba281",
+                "plan_id": "361c511f-f939-4621-b228-d0fb79a1fe15",
+				"parameters": {
+					"expiration_seconds": 600
+				}
+               }`)
+		assert.Equal(t, http.StatusOK, resp.StatusCode)
+		r, _ := io.ReadAll(resp.Body)
+		fmt.Printf("%s", r)
+	})
+
 	t.Run("should return 409 when creating a second binding with the same id as an existing one but different params", func(t *testing.T) {
 		bid = uuid.New().String()
 		resp = suite.CallAPI(http.MethodPut, fmt.Sprintf("oauth/v2/service_instances/%s/service_bindings/%s", iid, bid),
@@ -197,6 +223,81 @@ func TestDeprovisioningWithExistingBindings(t *testing.T) {
 	suite.AssertBindingRemoval(iid, bindingID2)
 }
 
+func TestFailedProvisioning(t *testing.T) {
+	// given
+	cfg := fixConfig()
+	// Disable EDP to have all steps successfully executed
+	cfg.EDP.Disabled = true
+	suite := NewBrokerSuiteTestWithConfig(t, cfg)
+	defer suite.TearDown()
+	iid := uuid.New().String()
+	bindingID1 := uuid.New().String()
+
+	response := suite.CallAPI(http.MethodPut, fmt.Sprintf("oauth/v2/service_instances/%s?accepts_incomplete=true", iid),
+		`{
+					"service_id": "47c9dcbf-ff30-448e-ab36-d3bad66ba281",
+					"plan_id": "361c511f-f939-4621-b228-d0fb79a1fe15",
+					"context": {
+						"globalaccount_id": "g-account-id",
+						"subaccount_id": "sub-id",
+						"user_id": "[email protected]"
+					},
+					"parameters": {
+						"name": "testing-cluster",
+						"region": "eu-central-1"
+					}
+		}`)
+	opID := suite.DecodeOperationID(response)
+	suite.failProvisioningByOperationID(opID)
+
+	// when we create binding
+	response = suite.CallAPI(http.MethodPut, fmt.Sprintf("oauth/v2/service_instances/%s/service_bindings/%s", iid, bindingID1),
+		`{
+                "service_id": "47c9dcbf-ff30-448e-ab36-d3bad66ba281",
+                "plan_id": "361c511f-f939-4621-b228-d0fb79a1fe15"
+               }`)
+
+	// then expect 400 as agreed in the contract
+	require.Equal(t, http.StatusBadRequest, response.StatusCode)
+}
+
+func TestProvisioningInProgress(t *testing.T) {
+	// given
+	cfg := fixConfig()
+	// Disable EDP to have all steps successfully executed
+	cfg.EDP.Disabled = true
+	suite := NewBrokerSuiteTestWithConfig(t, cfg)
+	defer suite.TearDown()
+	iid := uuid.New().String()
+	bindingID1 := uuid.New().String()
+
+	response := suite.CallAPI(http.MethodPut, fmt.Sprintf("oauth/v2/service_instances/%s?accepts_incomplete=true", iid),
+		`{
+					"service_id": "47c9dcbf-ff30-448e-ab36-d3bad66ba281",
+					"plan_id": "361c511f-f939-4621-b228-d0fb79a1fe15",
+					"context": {
+						"globalaccount_id": "g-account-id",
+						"subaccount_id": "sub-id",
+						"user_id": "[email protected]"
+					},
+					"parameters": {
+						"name": "testing-cluster",
+						"region": "eu-central-1"
+					}
+		}`)
+	opID := suite.DecodeOperationID(response)
+	suite.WaitForProvisioningState(opID, domain.InProgress)
+	// when we create binding
+	response = suite.CallAPI(http.MethodPut, fmt.Sprintf("oauth/v2/service_instances/%s/service_bindings/%s", iid, bindingID1),
+		`{
+                "service_id": "47c9dcbf-ff30-448e-ab36-d3bad66ba281",
+                "plan_id": "361c511f-f939-4621-b228-d0fb79a1fe15"
+               }`)
+
+	// then expect 400 as agreed in the contract
+	require.Equal(t, http.StatusBadRequest, response.StatusCode)
+}
+
 func TestRemoveBindingsFromSuspended(t *testing.T) {
 	// given
 	cfg := fixConfig()