[TT-15971]Add cross-repo dashboard build workflow for API tests#7517
[TT-15971]Add cross-repo dashboard build workflow for API tests#7517jeffy-mathew wants to merge 22 commits intomasterfrom
Conversation
|
API Changes --- prev.txt 2025-11-17 12:18:32.071548708 +0000
+++ current.txt 2025-11-17 12:18:22.007529054 +0000
@@ -12681,10 +12681,12 @@
package crypto // import "github.com/TykTechnologies/tyk/pkg/alias/crypto"
+Package crypto provides alias exports for internal crypto utilities.
VARIABLES
var (
+ // HashStr provides string hashing functionality
HashStr = crypto.HashStr
)
# Package: ./pkg/alias/gateway |
🔍 Code Analysis ResultsThis PR introduces a sophisticated CI workflow to automatically build a compatible Files Changed AnalysisThe vast majority of changes are in Architecture & Impact AssessmentThis PR automates on-demand, cross-repository dependency building within the CI pipeline.
Workflow Visualizationgraph TD
A[PR Opened/Updated] --> B(goreleaser);
B --> C[resolve-dashboard-image];
subgraph "Image Resolution Strategy"
C --> D{Relevant package changes?};
D -- Yes --> J[Strategy: build-required];
D -- No --> E{Matching branch in tyk-analytics?};
E -- Yes --> F[Strategy: gromit-branch];
E -- No --> G{ECR image for PR exists?};
G -- Yes --> H[Strategy: reuse-pr-image];
G -- No --> I[Strategy: gromit-default];
end
J --> K(build-dashboard-image);
subgraph "API Testing"
L[api-tests]
end
C -- image resolution info --> L;
K -- optional built image --> L;
F --> L;
H --> L;
I --> L;
Scope Discovery & Context Expansion
Metadata
Powered by Visor from Probelabs Last updated: 2025-11-17T12:19:49.608Z | Triggered by: synchronize | Commit: 64eff4c 💡 TIP: You can chat with Visor using |
🔍 Code Analysis ResultsSecurity Issues (3)
Architecture Issues (2)
✅ Performance Check PassedNo performance issues found – changes LGTM. Quality Issues (4)
✅ Dependency Check PassedNo dependency issues found – changes LGTM. ✅ Connectivity Check PassedNo connectivity issues found – changes LGTM. Powered by Visor from Probelabs Last updated: 2025-11-17T12:19:50.856Z | Triggered by: synchronize | Commit: 64eff4c 💡 TIP: You can chat with Visor using |
372b4e9 to
501114d
Compare
This change implements intelligent dashboard image resolution for API tests, enabling tests to run even when no matching tyk-analytics branch exists. New jobs added: 1. resolve-dashboard-image: Determines which dashboard image to use - Strategy 1: Use gromit policy if matching branch exists (no override) - Strategy 2: Use existing ECR image if available - Strategy 3: Build dashboard from target branch with PR gateway ref 2. build-dashboard-image: Conditionally builds dashboard (only when needed) - Checks out tyk-analytics on target branch - Updates gateway dependency to PR commit SHA - Builds dashboard binary with goreleaser - Pushes Docker image to ECR Changes to api-tests job: - Added dependency on resolve-dashboard-image - Updated env-up action to use new branch with dashboard_image input - Passes resolved dashboard image to env-up action This enables: - PRs without matching dashboard branches to build custom dashboard - Reuse of existing ECR images when available - Backward compatible with existing workflows Related: TT-15971
Only trigger custom dashboard builds when changes affect relevant packages that could impact dashboard compatibility. Changes: - Add checkout step to resolve-dashboard-image job - Add check_changes step to detect changes in specified packages: pkg, apidef, lib, common, certs, log, config, test, user, header - Update resolve logic with new strategy: no-relevant-changes - If no relevant changes detected, always use gromit default - This avoids unnecessary dashboard builds for unrelated changes This optimization ensures: - Faster CI for PRs that don't affect dashboard - Dashboard builds only when truly needed - No false positives for workflow/docs/test-only changes
Minor documentation improvement to test cross-repo dashboard build workflow. This change in the pkg/ directory should trigger the package change detection and test the dashboard build logic.
Ensure base commits/refs are fetched before running git diff: - For PR events: Fetch base SHA explicitly - For push events: Fetch base ref explicitly - Use two-dot syntax for PR diffs (more reliable with fetched commits) - Add error handling to prevent workflow failures Related: TT-15971
Add build-dashboard-image to api-tests dependencies with conditional execution. The api-tests job will now wait for the build to complete (or be skipped) before starting. This ensures that when a custom dashboard build is needed, the tests don't start until the image is available in ECR. Related: TT-15971
Add go mod edit -replace to update the replace directive in go.mod after updating the gateway dependency. This is needed because tyk-analytics uses a replace directive for the tyk dependency. Related: TT-15971
Changes: - Check only latest commit for package changes (not full PR diff) - Use tyk-<pr-number> tagging instead of sha-<commit> - Update gateway dependency using branch name instead of commit SHA - Reorder resolution strategy: 1. Matching branch in tyk-analytics → use gromit 2. Latest commit has changes → build new image 3. PR image exists and no changes → reuse image 4. Fallback to gromit default This avoids commit SHA availability issues and simplifies image management. Each PR gets one reusable image tag that's rebuilt when relevant packages change. Related: TT-15971
Add base branch check to ensure custom dashboard builds only run for PRs targeting master. For PRs targeting release branches or other branches, always use gromit default. This prevents unnecessary custom builds and ensures release branches follow their normal workflow. Related: TT-15971
Use correct build context (dist) and Dockerfile (ci/Dockerfile.distroless) for dashboard image build, matching the tyk-analytics release workflow. Add BUILD_PACKAGE_NAME build arg to specify tyk-dashboard package. Related: TT-15971
Change from 'goreleaser build --single-target' to 'goreleaser release --skip=sign,docker' to build complete .deb packages for all platforms (amd64, arm64) needed for Docker multi-platform build. Also update golang-cross version to 1.24-bookworm to match tyk-analytics. Related: TT-15971
Detect runner architecture dynamically and build only for that platform: - Auto-detect x86_64 (amd64) or aarch64 (arm64) - Pass GOARCH to goreleaser with --single-target flag - Build Docker image for single platform only This is faster and sufficient for CI testing since tests run on the same architecture as the build. Related: TT-15971
- Add ref parameter to checkout PR head SHA explicitly - Add git log debug output to verify commit exists - Add comment to HashStr to trigger package change detection
…mmit - Check all commits in the current push (github.event.before..github.sha) - Handles first push by comparing against base branch (when before is null SHA) - More efficient: only rebuilds if new commits have relevant changes - Reuses PR image if no new relevant changes in current push
- Use github.event.pull_request.head.sha for AFTER_SHA - GitHub Actions creates temporary merge commits for pull_request events - This job only runs on PRs so no fallback needed
- Compare PR against base branch instead of tracking individual pushes - Simpler and more reliable than trying to track push commit ranges - May rebuild on pushes without new pkg changes, but ensures correctness - Docker layer caching will make rebuilds fast when nothing changed
- --single-target only works with 'goreleaser build', not 'release' - GOOS and GOARCH env vars already limit the build to current platform - Goreleaser will respect the environment variables
- Use DASHBOARD_DEPENDENCY_PACKAGES repository variable - Fallback to default list if variable not set - Allows changing packages without modifying workflow file
6ef3686 to
64eff4c
Compare
|



Summary
This PR implements intelligent dashboard image resolution for API tests, enabling tests to run even when no matching tyk-analytics branch exists.
Changes
New Jobs Added
1.
resolve-dashboard-imageDetermines which dashboard image to use based on multiple criteria:
2.
build-dashboard-image(Conditional)Only runs when
needs_build=true:Modified Jobs
api-testsresolve-dashboard-imagefeat/TT-15971/add-dashboard-image-inputBenefits
✅ PRs without matching dashboard branches can now build custom dashboard automatically
✅ Reuses existing ECR images when available (faster CI)
✅ Smart package detection - only builds when changes affect relevant packages
✅ Backward compatible - existing workflows continue to work unchanged
✅ No false positives - workflow/docs/test-only changes don't trigger builds
Testing Strategy
The workflow intelligently handles different scenarios:
Related
Related to: TT-15971
Ticket Details
TT-15971
Generated at: 2025-11-25 16:46:32