Merge pull request #246 from permitio/dan/per-12033-cherrypick-changes-from-pdp-070

Dan/per 12033 cherrypick changes from pdp 070

Author: omer9564

.github/workflows/dockerhub_push.yml

@@ -2,12 +2,12 @@ name: Helm Release Workflow
 
 on:
   push:
-    branches:
-      - v2
-  workflow_dispatch:
+    paths:
+      - 'charts/pdp/Chart.yaml'
 
 jobs:
   helm-release:
+    if: github.event_name == 'push' && github.ref == 'refs/heads/v2'
     permissions:
       contents: write
     runs-on: ubuntu-latest
@@ -16,6 +16,7 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
+
       - name: Configure Git
         run: |
           git config user.name "elimoshkovich"
@@ -30,3 +31,4 @@ jobs:
           CR_TOKEN: "${{ secrets.PAGES }}"
         with:
           skip_existing: true
+          mark_as_latest: false

.github/workflows/helm_release.yml

@@ -4,69 +4,15 @@ on:
   release:
     types: [published]
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   pdp-tests:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - uses: actions/checkout@v3
-      with:
-        repository: permitio/permit-opa
-        ref: main
-        path: './permit-opa'
-        token: ${{ secrets.CLONE_REPO_TOKEN }}
-
-    - name: Pre build PDP tests
-      run: |
-        echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version
-        rm -rf custom
-        mkdir custom
-        build_root="$PWD"
-        cd ./permit-opa
-        find * -name '*go*' -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*'
-
-    - name: Build and load image for PDP E2E tests
-      uses: docker/build-push-action@v5
-      with:
-        push: false
-        load: true
-        context: .
-        platforms: linux/amd64
-        tags: permitio/pdp-v2:test
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-
-    - uses: actions/checkout@v3
-      with:
-        repository: permitio/permit-backend
-        ref: main
-        path: './permit-backend'
-        token: ${{ secrets.CLONE_REPO_TOKEN }}
-
-    - name: Python setup
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.11.8'
-
-    - name: Run Pytests
-      run: |
-        python -m pip install --upgrade pip
-        pip install ".[dev]"
-        pytest -s --cache-clear horizon/tests/
-
-    - name: Run E2E tests
-      working-directory: ./permit-backend/proactive_tests/sidecar
-      run: |
-        pip install requests pydantic==1.8.2 docker
-        python sidecar_tester.py -k ${{ secrets.PERMIT_TESTS_TOKEN }} -u https://api.permit.io -2 permitio/pdp-v2:test --no-pull
+    # Call the reusable tests workflow.
+    uses: ./.github/workflows/tests.yml
+    secrets: inherit
 
   build-and-push-pdp-vanilla:
     needs: pdp-tests
@@ -145,7 +91,7 @@ jobs:
         mkdir custom
         build_root="$PWD"
         cd ./permit-opa
-        find * -name '*go*' -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*'
+        find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*'
 
     - name: Build and push PDP image - (pre-release)
       if: "github.event.release.prerelease"
@@ -168,3 +114,21 @@ jobs:
         tags: permitio/pdp-v2:${{ github.event.release.tag_name }},permitio/pdp-v2:latest
         cache-from: type=gha
         cache-to: type=gha,mode=max
+
+  update-pdp-api-ecs-service:
+    needs: build-and-push-pdp
+    runs-on: ubuntu-latest
+    if: "!github.event.release.prerelease"
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.PDP_CICD_AWS_ROLE }}
+          aws-region: us-east-1
+
+      - name: Redeploy ECS service - pdp-general-redoc-service
+        run: |
+          aws ecs update-service \
+            --cluster public-pdps-us-east-1 \
+            --service pdp-general-redoc-service-731a74c \
+            --force-new-deployment

.github/workflows/pdp_tests.yml

@@ -0,0 +1,122 @@
+name: PDP CI Tests
+
+on:
+  pull_request:
+  push:
+    branches: [master, main, v*]
+  workflow_call:
+    secrets:
+      PDP_TESTER_API_KEY:
+        required: true
+      CLONE_REPO_TOKEN:
+        required: true
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v3
+    - uses: pre-commit/[email protected]
+
+  pytests:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Python setup
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11.8'
+
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Run Pytests
+      run: |
+        python -m pip install --upgrade pip
+        pip install ".[dev]"
+        pytest -s --cache-clear horizon/tests/
+
+  pdp-tester:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - uses: actions/checkout@v4
+        with:
+          repository: permitio/permit-opa
+          ref: main
+          path: './permit-opa'
+          token: ${{ secrets.CLONE_REPO_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Pre build PDP tests
+        run: |
+          echo "next" > permit_pdp_version
+          rm -rf custom
+          mkdir custom
+          build_root="$PWD"
+          cd ./permit-opa
+          find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*'
+
+      - name: Build and load PDP Docker image
+        uses: docker/build-push-action@v5
+        with:
+          push: false
+          load: true
+          context: .
+          platforms: linux/amd64
+          tags: permitio/pdp-v2:next
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Checkout the pdp-tester repository
+      - name: Checkout pdp-tester repository
+        uses: actions/checkout@v3
+        with:
+          repository: "permitio/pdp-tester"
+          token: ${{ secrets.CLONE_REPO_TOKEN }}
+          path: './pdp-tester'
+
+      # Setup Python environment
+      - name: Setup Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: "3.12"
+
+      # Install dependencies for pdp-tester
+      - name: Install pdp-tester dependencies
+        working-directory: ./pdp-tester
+        run: |
+          pip install -r requirements.txt
+
+      # Run pdp-tester
+      - name: Run pdp-tester
+        working-directory: ./pdp-tester
+        env:
+          TOKEN: ${{ secrets.PDP_TESTER_API_KEY }}
+          LOCAL_TAGS: '["next"]'
+          INCLUDE_TAGS: '[]'
+          AUTO_REMOVE: "False"
+          SKIP_GENERATE: "True"
+          ENABLE_APM: "False"
+        run: |
+          python -m pdp_tester.main
+
+      - name: Print Docker container logs
+        if: always()
+        run: |
+          echo "Fetching logs for all Docker containers..."
+          for container in $(docker ps -aq); do
+            echo "========================================"
+            echo "Logs for container: $container"
+            echo "----------------------------------------"
+            docker logs "$container" || true
+            echo "========================================"
+            echo ""
+          done

.github/workflows/pdp_cicd.yml .github/workflows/release.yml.github/workflows/pdp_cicd.yml renamed to .github/workflows/release.yml

@@ -130,3 +130,11 @@ dmypy.json
 
 # editors
 .vscode/
+.idea/
+
+# PDP specific
+/opa
+/permit_pdp_version
+
+# MacOS specific
+.DS_Store