Merge pull request #73 from Kong/workflow/tag-all-managed-entities

Workflow/tag all managed entities
Kong · Jul 27, 2023 · 8cba4cb · 8cba4cb
2 parents cef74ee + 323bc48
commit 8cba4cb
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 6 deletions.
diff --git a/.github/workflows/deploy-kong-PRD.yaml b/.github/workflows/deploy-kong-PRD.yaml
@@ -36,6 +36,7 @@ jobs:
 
       - name: deck sync
         run: |
-          deck sync -s PRD/kong/kong.yaml \
+          deck sync --select-tag platform-repo-managed \
+              -s PRD/kong/kong.yaml \
               --konnect-runtime-group-name KongAir-PRD \
               --konnect-token ${{ secrets.KONNECT_PAT }}
diff --git a/.github/workflows/stage-changes-for-kong.yaml b/.github/workflows/stage-changes-for-kong.yaml
@@ -113,17 +113,28 @@ jobs:
       - name: Platform Team Kong Additions
         # The platform team has their own things to add to the final Kong configuration.
         # The platform-kong-base.yaml is a base file for any platform defaults. It will "win" over
-        # any settings in the domain teams Kong configurations.
-        # The platform/kong/.generated/kong.yaml is the final product and is stored in the repository
-        # Storing the generated file in the repo is intentional, it should help with PR reviews, transparency, and debugging.
+        #   any settings in the domain teams Kong configurations.
+        # Then the platform adds in some objects like plugins, consumers, vaults, etc..
+        # Also the platform/kong/patches.yaml is used to patch anything from the upstream
+        #   team configurations
+        # And finally a tag is added to everything managed in this process to allow
+        #   the deck tool to isolate what is managed here from entities that may be managed
+        #   elsewhere or by other tools
+        # The platform/kong/.generated/kong.yaml is the final product and is stored in the repository.
+        #   Storing the generated file in the repo is intentional,
+        #   it should help with PR reviews, transparency, and debugging.
         run: |
           deck file merge \
             .github/artifacts/kong/kong-combined.yaml \
             platform/kong/platform-kong-base.yaml     \
             platform/kong/consumers/*                 \
             platform/kong/plugins/*                   \
             platform/kong/vaults/* |                  \
-          deck file patch -o platform/kong/.generated/kong.yaml platform/kong/patches.yaml
+          deck file patch \
+            platform/kong/patches.yaml |
+          deck file add-tags \
+            -o platform/kong/.generated/kong.yaml \
+            "platform-repo-managed"
 
       - name: Upload Artifacts
         # Artifacts are the files that are built along the way of the pipeline but are not committed to the repo

diff --git a/.github/workflows/stage-kong-for-PRD.yaml b/.github/workflows/stage-kong-for-PRD.yaml
@@ -46,7 +46,10 @@ jobs:
         run: |
           EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
           echo "DIFF<<$EOF" >> $GITHUB_ENV
-          deck diff -s PRD/kong/kong.yaml --konnect-runtime-group-name KongAir-PRD --konnect-token ${{ secrets.KONNECT_PAT }} >> $GITHUB_ENV
+          deck diff --select-tag platform-repo-managed \
+            -s PRD/kong/kong.yaml \
+            --konnect-runtime-group-name KongAir-PRD \
+            --konnect-token ${{ secrets.KONNECT_PAT }} >> $GITHUB_ENV
           echo "$EOF" >> $GITHUB_ENV
 
       - name: Create PR to stage changes for the Kong Gateway in production

diff --git a/platform/kong/patches.yaml b/platform/kong/patches.yaml
@@ -19,3 +19,4 @@ patches:
         key_claim_name: "iss"
         secret_is_base64: false
         maximum_expiration: 86400
+