diff --git a/.github/workflows/tyk-env-promotion.yml b/.github/workflows/tyk-env-promotion.yml index ada53a6..a535f83 100644 --- a/.github/workflows/tyk-env-promotion.yml +++ b/.github/workflows/tyk-env-promotion.yml @@ -15,4 +15,30 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 1 - \ No newline at end of file + + # - name: Create .tyk.json + # run: | + # cd ./stg + # echo '{' > .tyk.json + # echo ' "type": "apidef",' >> .tyk.json + # echo ' "files": [' >> .tyk.json + # find . -type f -name '*.json' -path './apis/*' -exec echo ' {"file": "{}"},' \; | sed '$ s/,$//' >> .tyk.json + # echo ' ],' >> .tyk.json + # echo ' "policies": [' >> .tyk.json + # find . -type f -name '*.json' -path './policies/*' -exec echo ' {"file": "{}"},' \; | sed '$ s/,$//' >> .tyk.json + # echo ' ],' >> .tyk.json + # echo ' "assets": [' >> .tyk.json + # find . -type f -name '*.json' -path './assets/*' -exec echo ' {"file": "{}"},' \; | sed '$ s/,$//' >> .tyk.json + # echo ' ]' >> .tyk.json + # echo '}' >> .tyk.json + # cat .tyk.json + + # - name: Sync with Tyk + # env: + # TYK_SYNC_REPO: ${{ vars.TYK_SYNC_REPO }} + # TYK_SYNC_VERSION: ${{ vars.TYK_SYNC_VERSION }} + # TYK_DASHBOARD_URL: ${{ secrets.TYK_DASHBOARD_URL }} + # TYK_DASHBOARD_SECRET: ${{ secrets.TYK_DASHBOARD_SECRET }} + # run: | + # docker run ${TYK_SYNC_REPO}:${TYK_SYNC_VERSION} version + # docker run -v ${{ github.workspace }}:/app/data ${TYK_SYNC_REPO}:${TYK_SYNC_VERSION} sync --path /app/data --dashboard ${TYK_DASHBOARD_URL} --secret ${TYK_DASHBOARD_SECRET} \ No newline at end of file diff --git a/.github/workflows/tyk-production.yml b/.github/workflows/tyk-production.yml index 1c3f718..2030c46 100644 --- a/.github/workflows/tyk-production.yml +++ b/.github/workflows/tyk-production.yml @@ -1,3 +1,4 @@ +# Please refer to staging for an example on automating production level assets. name: Generate Production Tyk Assets # Perform the env promotion only on push to main branch @@ -15,4 +16,37 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 1 + + - name: 'Perform workflow to generate production assets' + run: | + echo "Hello, World!" + + # # Check for modified files + # - name: Check for modified files + # id: git-check + # run: | + # if [ -n "$(git status --porcelain)" ]; then + # echo "modified=true" >> $GITHUB_ENV + # else + # echo "modified=false" >> $GITHUB_ENV + # fi + + # # Push changes to remote repository + # - name: Commit changes + # if: env.modified == 'true' + # env: + # ORG_NAME: ${{ secrets.ORG_NAME }} + # ORG_EMAIL: ${{ secrets.ORG_EMAIL }} + # run: | + # git config --global user.name "$ORG_NAME" + # git config --global user.email "$ORG_EMAIL" + # git add . + # git commit -am "CI: Update staging assets" + # git push + + # # Promote to staging env + # tyk-env-promotion: + # uses: ./.github/workflows/tyk-env-promotion.yml + # with: + # environment: 'stg' \ No newline at end of file diff --git a/.github/workflows/tyk-staging.yml b/.github/workflows/tyk-staging.yml index 50cb787..7617a95 100644 --- a/.github/workflows/tyk-staging.yml +++ b/.github/workflows/tyk-staging.yml @@ -5,9 +5,10 @@ name: Generate Staging Tyk Assets # Perform the env promotion only on push to main branch on: push: - branches: [ TargetURL-Replacement ] + branches: [ main ] jobs: + # Set up staging assets set-up-stg-tyk-assets: runs-on: ubuntu-latest @@ -56,7 +57,7 @@ jobs: new_file="stg-$(basename "$file")" # Replace proxy.target_url with the GitHub secret value and write to the new file echo ${{secrets.STG_US_PROXY_TARGET_URL}} | sed 's/./& /g' - jq --arg url "$STG_US_PROXY_TARGET_URL" '.proxy.target_url = $url' "$file" > "../stg/$new_file" + jq --arg url "$STG_US_PROXY_TARGET_URL" '.proxy.target_url = $url' "$file" > "../stg/apis/$new_file" echo "Updated target_url in $new_file" done # List the content that exists within the repo to validate the files @@ -69,6 +70,7 @@ jobs: # cd ./stg # ls -la # pwd + # Tyk Classic API Definitions for file in $(find . -name "stg-api*.json"); do echo "Adding config_data to Tyk Classic API Definition: $file" #echo "Config_Data Before:" @@ -79,6 +81,7 @@ jobs: mv tmp_api.json $file echo "Updated config_data in $file" done + # OAS Definitions # for file in $(find . -name "stg*oas*.json"); do # echo "Processing Tyk OAS Definitions" # # Create a new file path in the stg directory with a stg- prefix @@ -98,6 +101,7 @@ jobs: STG_US_MTLS_ROOT_CERT: ${{ secrets.STG_US_MTLS_ROOT_CERT }} run: | cd ./stg + # Tyk Classic API Definitions for file in $(find . -name "stg-api*.json"); do mtls_api=$(jq '.api_definition.use_mutual_tls_auth' $file) if [ "$mtls_api" = "true" ]; then @@ -107,7 +111,7 @@ jobs: echo "Updated root cert(s) in $file" fi done - #OAS + # OAS Definitions # for file in $(find . -name "*oas*.json"); do # echo "Processing Tyk OAS Definitions" # # Create a new file path in the stg directory with a stg- prefix @@ -155,4 +159,10 @@ jobs: git config --global user.email "$ORG_EMAIL" git add . git commit -am "CI: Update staging assets" - git push \ No newline at end of file + git push + + # Promote to staging env + tyk-env-promotion: + uses: ./.github/workflows/tyk-env-promotion.yml + with: + environment: 'stg' \ No newline at end of file diff --git a/README.md b/README.md index 54c6358..0a6978b 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,19 @@ # tyk-cicd-dev-demo Demo of CICD using Tyk Sync and GH Actions + +Tyk Sync Dump Command Example +``` docker run -it --rm -v $(pwd):/tmp/data tykio/tyk-sync:v1.5.1 dump -d="http://host.docker.internal:3000" -s="{TYK_DASHBOARD_API_CREDENTIAL}" -t="/tmp/data" --apis="{API_ID}" +``` + +Execute Pipeline using Act Example +``` +act push -s STG_US_CONFIG_DATA={\"hello\"\:\"world\"} -s ORG_NAME=tyk -s ORG_EMAIL=long@tyk.io -s STG_US_PROXY_TARGET_URL=httpbin2.org +``` +Spectral / Stoplight Ruleset Example +``` # no-empty-target-url: # description: APIs must have a target_url # given: "$.api_definition.proxy" @@ -34,4 +45,5 @@ docker run -it --rm -v $(pwd):/tmp/data tykio/tyk-sync:v1.5.1 dump -d="http://ho # functionOptions: # negation: true # Should not be false # severity: error - # message: "At least one of 'api_definition.enable_jwt' or 'api_definition.use_mutual_tls_auth' must be true." \ No newline at end of file + # message: "At least one of 'api_definition.enable_jwt' or 'api_definition.use_mutual_tls_auth' must be true." +``` \ No newline at end of file diff --git a/dev/apis/README.md b/dev/apis/README.md new file mode 100644 index 0000000..669ab00 --- /dev/null +++ b/dev/apis/README.md @@ -0,0 +1 @@ +# Tyk - Dev APIs \ No newline at end of file diff --git a/dev/policies/README.md b/dev/policies/README.md new file mode 100644 index 0000000..da1534b --- /dev/null +++ b/dev/policies/README.md @@ -0,0 +1 @@ +# Tyk - Dev Policies \ No newline at end of file diff --git a/prod/apis/README.md b/prod/apis/README.md new file mode 100644 index 0000000..a1fe2db --- /dev/null +++ b/prod/apis/README.md @@ -0,0 +1 @@ +# Tyk - Production APIs \ No newline at end of file diff --git a/prod/policies/README.md b/prod/policies/README.md new file mode 100644 index 0000000..75b053e --- /dev/null +++ b/prod/policies/README.md @@ -0,0 +1 @@ +# Tyk - Production Policies \ No newline at end of file diff --git a/stg/apis/README.md b/stg/apis/README.md new file mode 100644 index 0000000..83f3e14 --- /dev/null +++ b/stg/apis/README.md @@ -0,0 +1 @@ +# Tyk - Staging APIs \ No newline at end of file diff --git a/stg/policies/README.md b/stg/policies/README.md new file mode 100644 index 0000000..dcfa60d --- /dev/null +++ b/stg/policies/README.md @@ -0,0 +1 @@ +# Tyk - Staging Policies \ No newline at end of file