Skip to content

Add end-to-end test case for API Platform + Gateway + Devportal integration#2471

Merged
renuka-fernando merged 9 commits into
wso2:mainfrom
DinithHerath:main
Jul 7, 2026
Merged

Add end-to-end test case for API Platform + Gateway + Devportal integration#2471
renuka-fernando merged 9 commits into
wso2:mainfrom
DinithHerath:main

Conversation

@DinithHerath

Copy link
Copy Markdown
Contributor

This pull request introduces a full three-plane end-to-end (E2E) integration test for the platform, covering Platform API, Gateway, and Developer Portal. It adds a new GitHub Actions workflow, expands the E2E test suite and documentation, updates Docker Compose to support the developer portal, and ensures credentials and webhooks are properly exercised and tested. The changes also clarify environment variables and credential handling for complex scenarios, especially those involving the developer portal.

Major changes include:

E2E Testing Infrastructure

  • Added a new workflow .github/workflows/platform-api-devportal-e2e.yml to run developer portal E2E tests, integrating Platform API, Gateway, and Developer Portal, including credential lifecycle scenarios and webhook propagation.
  • Updated .github/workflows/platform-api-gateway-e2e.yml to exclude developer portal scenarios from the combined E2E job, ensuring only the new workflow runs those tests.

Docker Compose and Environment

  • Extended tests/integration-e2e/docker-compose.yaml to add a devportal service, configure its environment, mount its schema, and set up webhook integration with Platform API, including correct encryption keys and admin user injection. [1] [2] [3] [4]
  • Added .webhook-key.it.pem to .gitignore to ignore the world-readable copy of the devportal webhook private key generated during tests.

Documentation

  • Expanded tests/integration-e2e/README.md to document the developer portal E2E scenarios, how to build and run them, new environment variables, and details on the credential lifecycle and webhook trust model. [1] [2] [3] [4]

Security and Configuration

  • Ensured all encryption keys (e.g., DATABASE_SUBSCRIPTION_TOKEN_ENCRYPTION_KEY, DP_ADVANCED_ENCRYPTIONKEY) are the correct length and properly documented for secure credential handling and webhook encryption.

These changes collectively enable robust, real-world E2E testing of the entire API platform, including developer portal integration, and provide clear documentation and configuration for contributors.

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a1d90dc0-ee86-429f-ae2e-1c4eac76c3c4

📥 Commits

Reviewing files that changed from the base of the PR and between 7e74fdd and 0c24b1a.

📒 Files selected for processing (3)
  • tests/integration-e2e/features/devportal-webhook.feature
  • tests/integration-e2e/steps_devportal_lifecycle_test.go
  • tests/integration-e2e/steps_devportal_test.go
💤 Files with no reviewable changes (1)
  • tests/integration-e2e/steps_devportal_test.go
🚧 Files skipped from review as they are similar to previous changes (2)
  • tests/integration-e2e/steps_devportal_lifecycle_test.go
  • tests/integration-e2e/features/devportal-webhook.feature

📝 Walkthrough

Walkthrough

Adds a Postgres-backed developer-portal E2E stack, new secured and devportal scenarios, lifecycle coverage, compose/database wiring, and suite changes for portal bootstrap, webhook propagation, and unversioned platform-api calls.

Changes

Developer Portal E2E Suite

Layer / File(s) Summary
CI workflows
.github/workflows/platform-api-devportal-e2e.yml, .github/workflows/platform-api-gateway-e2e.yml
Adds a devportal E2E workflow and updates gateway E2E tag filtering to exclude devportal and multigateway scenarios where needed.
Stack provisioning
tests/integration-e2e/docker-compose.yaml, tests/integration-e2e/init-db.sql, tests/integration-e2e/.gitignore, tests/integration-e2e/platform-api-config.toml, tests/integration-e2e/docker-compose.sqlite.yaml, tests/integration-e2e/docker-compose.sqlserver.yaml
Adds devportal database/schema setup, compose services, webhook/private-key wiring, encryption-key settings, and supporting ignore/config updates.
Secured API flow
tests/integration-e2e/features/secured-api-invocation.feature, tests/integration-e2e/steps_secured_test.go
Adds a secured API scenario and Go steps that create protected APIs, issue credentials, and verify gateway enforcement.
Developer portal flow
tests/integration-e2e/features/devportal-webhook.feature, tests/integration-e2e/steps_devportal_test.go
Adds devportal webhook scenarios and Go steps for portal bootstrap, plan/API publication, subscription creation, and API key generation.
Credential lifecycle flow
tests/integration-e2e/features/devportal-webhook.feature, tests/integration-e2e/steps_devportal_lifecycle_test.go
Adds lifecycle coverage for key expiry, plan change, token regeneration, pause/resume, revocation, and subscription removal.
Suite wiring and API paths
tests/integration-e2e/steps_test.go, tests/integration-e2e/suite_test.go
Registers the new step groups, prepares webhook key material, conditionally starts devportal, and switches platform-api helper paths to unversioned resources.
Scenario documentation
tests/integration-e2e/README.md
Expands the E2E README with devportal stack setup, environment variables, and scenario descriptions.

Estimated code review effort: 4 (Complex) | ~60 minutes

Possibly related PRs

Suggested reviewers: malinthaprasan, renuka-fernando, VirajSalaka, Tharsanan1, RakhithaRR, Krishanx92, Arshardh

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description summarizes the change, but it omits most required template sections like Purpose, Goals, Approach, tests, and environment. Rewrite it to follow the template and fill in Purpose, Goals, Approach, User stories, Automation tests, Security checks, Samples, Related PRs, and Test environment.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the main change: adding a new end-to-end integration test for Platform API, Gateway, and Developer Portal.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain modules listed in go.work or their selected dependencies"


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
.github/workflows/platform-api-devportal-e2e.yml (1)

30-71: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

No job-level timeout-minutes.

The go test step is bounded at 25m, but the preceding checkout/setup/four image-build steps have no bound and could hang (e.g. registry/network stalls) well past that, consuming the default multi-hour GitHub Actions job timeout.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/platform-api-devportal-e2e.yml around lines 30 - 71, Add a
job-level timeout for the devportal-e2e workflow job so the entire
`devportal-e2e` sequence cannot run indefinitely. Keep the existing `go test`
timeout, but update the job definition around the `devportal-e2e` job to include
a `timeout-minutes` value that covers the full checkout/setup/build/test flow
and prevents hangs in steps like `actions/checkout`, `actions/setup-go`,
`docker/setup-buildx-action`, or the various `make build` commands.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/platform-api-devportal-e2e.yml:
- Around line 9-20: The workflow trigger for the devportal e2e job is too broad
and causes it to run on every pull request to main, which conflicts with the
intended “off the critical path” behavior. Update the workflow’s pull_request
trigger in the platform-api-devportal-e2e workflow to include path scoping so it
only runs when the e2e/devportal stack or related workflow inputs change, while
keeping workflow_dispatch for on-demand runs. Use the workflow’s existing
trigger block as the place to narrow the PR trigger and preserve the current job
definition.

In `@tests/integration-e2e/docker-compose.yaml`:
- Around line 200-222: Update the stale header comment in the devportal service
block to match the actual wiring used by the devportal environment. The comment
near the devportal definition currently claims it uses a self-contained SQLite
store with no database wiring, but the `devportal` service is configured with
`DP_DB_DIALECT`, `DP_DB_HOST`, `DP_DB_PORT`, and the other DB env vars to use
the shared `postgres` service. Keep the inline explanation aligned with the
existing `devportal` service definition and its environment variables so readers
understand it is intentionally backed by Postgres, not SQLite.

In `@tests/integration-e2e/README.md`:
- Around line 148-154: The README text in the auth section mixes literal
wildcard scopes with Markdown bold formatting, triggering the MD037 ambiguity
warning. Update the sentence in the integration-e2e README so the scope values
in the Auth description are consistently wrapped as code, and keep the wording
around AUTH_FILE_BASED_USERS and bearer auth unchanged. Use the surrounding auth
paragraph to locate the affected text.

---

Nitpick comments:
In @.github/workflows/platform-api-devportal-e2e.yml:
- Around line 30-71: Add a job-level timeout for the devportal-e2e workflow job
so the entire `devportal-e2e` sequence cannot run indefinitely. Keep the
existing `go test` timeout, but update the job definition around the
`devportal-e2e` job to include a `timeout-minutes` value that covers the full
checkout/setup/build/test flow and prevents hangs in steps like
`actions/checkout`, `actions/setup-go`, `docker/setup-buildx-action`, or the
various `make build` commands.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0f69e18b-0c71-42d8-a273-c987d2ab1e17

📥 Commits

Reviewing files that changed from the base of the PR and between d633052 and 72d9033.

📒 Files selected for processing (14)
  • .github/workflows/platform-api-devportal-e2e.yml
  • .github/workflows/platform-api-gateway-e2e.yml
  • tests/integration-e2e/.gitignore
  • tests/integration-e2e/README.md
  • tests/integration-e2e/docker-compose.yaml
  • tests/integration-e2e/features/devportal-webhook.feature
  • tests/integration-e2e/features/secured-api-invocation.feature
  • tests/integration-e2e/init-db.sql
  • tests/integration-e2e/platform-api-config.toml
  • tests/integration-e2e/steps_devportal_lifecycle_test.go
  • tests/integration-e2e/steps_devportal_test.go
  • tests/integration-e2e/steps_secured_test.go
  • tests/integration-e2e/steps_test.go
  • tests/integration-e2e/suite_test.go

Comment thread .github/workflows/platform-api-devportal-e2e.yml
Comment thread tests/integration-e2e/docker-compose.yaml
Comment thread tests/integration-e2e/README.md
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 6, 2026
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 6, 2026
Comment thread .github/workflows/platform-api-devportal-e2e.yml
Comment thread tests/integration-e2e/steps_secured_test.go Outdated
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 7, 2026
deadline := time.Now().Add(pollTimeout)
var last string
for time.Now().Before(deadline) {
st, body, err := apiCall(http.MethodGet, "/subscriptions?apiId="+w.apiID, suite.token, nil)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This apiCall is for the platform API, right? I think we should name it with prefixing platform API as we do for DevPortal as well. BTW we can fix this in a separate PR.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@renuka-fernando we have the platform API calls as apiCall. So this aligns with current convention. wdyt?

Comment thread tests/integration-e2e/features/devportal-webhook.feature Outdated
Comment thread tests/integration-e2e/features/devportal-webhook.feature Outdated
Comment thread tests/integration-e2e/features/devportal-webhook.feature
@renuka-fernando
renuka-fernando merged commit a73f12e into wso2:main Jul 7, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants