Add end-to-end test case for API Platform + Gateway + Devportal integration#2471
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
💤 Files with no reviewable changes (1)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughAdds a Postgres-backed developer-portal E2E stack, new secured and devportal scenarios, lifecycle coverage, compose/database wiring, and suite changes for portal bootstrap, webhook propagation, and unversioned platform-api calls. ChangesDeveloper Portal E2E Suite
Estimated code review effort: 4 (Complex) | ~60 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.12.2)level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain modules listed in go.work or their selected dependencies" Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
.github/workflows/platform-api-devportal-e2e.yml (1)
30-71: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick winNo job-level
timeout-minutes.The
go teststep is bounded at 25m, but the preceding checkout/setup/four image-build steps have no bound and could hang (e.g. registry/network stalls) well past that, consuming the default multi-hour GitHub Actions job timeout.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/platform-api-devportal-e2e.yml around lines 30 - 71, Add a job-level timeout for the devportal-e2e workflow job so the entire `devportal-e2e` sequence cannot run indefinitely. Keep the existing `go test` timeout, but update the job definition around the `devportal-e2e` job to include a `timeout-minutes` value that covers the full checkout/setup/build/test flow and prevents hangs in steps like `actions/checkout`, `actions/setup-go`, `docker/setup-buildx-action`, or the various `make build` commands.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/platform-api-devportal-e2e.yml:
- Around line 9-20: The workflow trigger for the devportal e2e job is too broad
and causes it to run on every pull request to main, which conflicts with the
intended “off the critical path” behavior. Update the workflow’s pull_request
trigger in the platform-api-devportal-e2e workflow to include path scoping so it
only runs when the e2e/devportal stack or related workflow inputs change, while
keeping workflow_dispatch for on-demand runs. Use the workflow’s existing
trigger block as the place to narrow the PR trigger and preserve the current job
definition.
In `@tests/integration-e2e/docker-compose.yaml`:
- Around line 200-222: Update the stale header comment in the devportal service
block to match the actual wiring used by the devportal environment. The comment
near the devportal definition currently claims it uses a self-contained SQLite
store with no database wiring, but the `devportal` service is configured with
`DP_DB_DIALECT`, `DP_DB_HOST`, `DP_DB_PORT`, and the other DB env vars to use
the shared `postgres` service. Keep the inline explanation aligned with the
existing `devportal` service definition and its environment variables so readers
understand it is intentionally backed by Postgres, not SQLite.
In `@tests/integration-e2e/README.md`:
- Around line 148-154: The README text in the auth section mixes literal
wildcard scopes with Markdown bold formatting, triggering the MD037 ambiguity
warning. Update the sentence in the integration-e2e README so the scope values
in the Auth description are consistently wrapped as code, and keep the wording
around AUTH_FILE_BASED_USERS and bearer auth unchanged. Use the surrounding auth
paragraph to locate the affected text.
---
Nitpick comments:
In @.github/workflows/platform-api-devportal-e2e.yml:
- Around line 30-71: Add a job-level timeout for the devportal-e2e workflow job
so the entire `devportal-e2e` sequence cannot run indefinitely. Keep the
existing `go test` timeout, but update the job definition around the
`devportal-e2e` job to include a `timeout-minutes` value that covers the full
checkout/setup/build/test flow and prevents hangs in steps like
`actions/checkout`, `actions/setup-go`, `docker/setup-buildx-action`, or the
various `make build` commands.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 0f69e18b-0c71-42d8-a273-c987d2ab1e17
📒 Files selected for processing (14)
.github/workflows/platform-api-devportal-e2e.yml.github/workflows/platform-api-gateway-e2e.ymltests/integration-e2e/.gitignoretests/integration-e2e/README.mdtests/integration-e2e/docker-compose.yamltests/integration-e2e/features/devportal-webhook.featuretests/integration-e2e/features/secured-api-invocation.featuretests/integration-e2e/init-db.sqltests/integration-e2e/platform-api-config.tomltests/integration-e2e/steps_devportal_lifecycle_test.gotests/integration-e2e/steps_devportal_test.gotests/integration-e2e/steps_secured_test.gotests/integration-e2e/steps_test.gotests/integration-e2e/suite_test.go
…nsure it meets length requirements
| deadline := time.Now().Add(pollTimeout) | ||
| var last string | ||
| for time.Now().Before(deadline) { | ||
| st, body, err := apiCall(http.MethodGet, "/subscriptions?apiId="+w.apiID, suite.token, nil) |
There was a problem hiding this comment.
This apiCall is for the platform API, right? I think we should name it with prefixing platform API as we do for DevPortal as well. BTW we can fix this in a separate PR.
There was a problem hiding this comment.
@renuka-fernando we have the platform API calls as apiCall. So this aligns with current convention. wdyt?
This pull request introduces a full three-plane end-to-end (E2E) integration test for the platform, covering Platform API, Gateway, and Developer Portal. It adds a new GitHub Actions workflow, expands the E2E test suite and documentation, updates Docker Compose to support the developer portal, and ensures credentials and webhooks are properly exercised and tested. The changes also clarify environment variables and credential handling for complex scenarios, especially those involving the developer portal.
Major changes include:
E2E Testing Infrastructure
.github/workflows/platform-api-devportal-e2e.ymlto run developer portal E2E tests, integrating Platform API, Gateway, and Developer Portal, including credential lifecycle scenarios and webhook propagation..github/workflows/platform-api-gateway-e2e.ymlto exclude developer portal scenarios from the combined E2E job, ensuring only the new workflow runs those tests.Docker Compose and Environment
tests/integration-e2e/docker-compose.yamlto add adevportalservice, configure its environment, mount its schema, and set up webhook integration with Platform API, including correct encryption keys and admin user injection. [1] [2] [3] [4].webhook-key.it.pemto.gitignoreto ignore the world-readable copy of the devportal webhook private key generated during tests.Documentation
tests/integration-e2e/README.mdto document the developer portal E2E scenarios, how to build and run them, new environment variables, and details on the credential lifecycle and webhook trust model. [1] [2] [3] [4]Security and Configuration
DATABASE_SUBSCRIPTION_TOKEN_ENCRYPTION_KEY,DP_ADVANCED_ENCRYPTIONKEY) are the correct length and properly documented for secure credential handling and webhook encryption.These changes collectively enable robust, real-world E2E testing of the entire API platform, including developer portal integration, and provide clear documentation and configuration for contributors.