ermirizio commented 1 month ago

[x] Images not being pushed to dockerhub on tag when distroless feature is missing
[x] Policy match fix
[x] Fix github ref name for test-controller ui on push trigger
[x] Test controller UI missing conf for push event and other missconfigs
[x] Test controller UI duplicated lines under pump & sink
[ ] Quality gates for tyk-analitycs UI and API regression tests
[x] release-5.3 is not treated correctly in test-controller logic
[ ] Implement custom rules for enterprise artifacts in package promotion
[x] Test controller UI
[x] Accomodate templates for new controller UI
[x] Add mongo7 and redis7 with cache_DB config field

github-actions[bot] commented 1 month ago

API Changes

no api changes detected

github-actions[bot] commented 1 month ago

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Key issues to review

**Variable Consistency:** The renaming of `NFPM_STD_PASSPHRASE` to `NFPM_PASSPHRASE` is not consistently applied across all scripts and configurations. Ensure that all references to the old variable name are updated to prevent runtime errors. **Docker Build Optimization:** The changes in `.github/workflows/release.yml` introduce additional complexity in Docker image building and pushing. Review the necessity of each step and ensure that they are optimized for performance and maintainability. **Security Configuration:** The handling of secrets and environment variables in Docker commands and GitHub Actions needs careful review to ensure that sensitive information is not inadvertently exposed. **Code Duplication:** The addition of similar blocks of code for different architectures in `ci/goreleaser/goreleaser.yml` could be optimized to reduce duplication and improve maintainability.

github-actions[bot] commented 1 month ago

PR Code Suggestions ✨

Category	Suggestion	Score
Possible bug	Combine all build tags into a single '-tags' option to ensure they are applied correctly ___ The build flags for the 'std' build configuration include both '-tags=ignore' and '-tags=goplugin'. Combining multiple '-tags' options in this way will not work as expected because the last one will override the previous. Instead, you should combine all tags in a single '-tags' option. [ci/goreleaser/goreleaser.yml [11-13]](https://github.com/TykTechnologies/tyk/pull/6387/files#diff-fb944a05459e4d713bc7541efd6e721cbe992a556353c09c4eb66a8eae9b856eR11-R13) ```diff -- -tags=ignore +- -tags="ignore,goplugin" - -trimpath -- -tags=goplugin ``` Suggestion importance[1-10]: 9 Why: This suggestion addresses a potential bug where multiple '-tags' options could lead to only the last one being effective. Combining them into a single '-tags' option ensures all tags are applied correctly.	9
Best practice	Add double quotes around shell variable expansions to ensure correct handling of potentially empty or multi-word values ___ Consider using double quotes around variable expansions to prevent word splitting and globbing issues, which can lead to unexpected behavior or security vulnerabilities. [ci/bin/unlock-agent.sh [36]](https://github.com/TykTechnologies/tyk/pull/6387/files#diff-dbe46dfd0ff7046494da4cb3ccfc6e7bba7c029f7ef9f0588d8926c585fcbd61R36-R36) ```diff -/usr/lib/gnupg2/gpg-preset-passphrase --passphrase $NFPM_PASSPHRASE --preset $GPG_FINGERPRINT +/usr/lib/gnupg2/gpg-preset-passphrase --passphrase "$NFPM_PASSPHRASE" --preset "$GPG_FINGERPRINT" ``` Suggestion importance[1-10]: 8 Why: This suggestion improves the robustness of the script by preventing word splitting and globbing issues, which can lead to unexpected behavior or security vulnerabilities.	8
	Separate commands into distinct RUN instructions to enhance the Dockerfile's clarity and maintainability ___ Ensure that the removal of specific `.deb` files and the installation of others is clearly separated for better readability and maintainability. [ci/Dockerfile.std [24]](https://github.com/TykTechnologies/tyk/pull/6387/files#diff-a3b3e9cabd877d0bd0fc8f20a9fdca7f44d102547a5fdfcd398ea01637e5dfaeR24-R24) ```diff -RUN rm -f /fips.deb && dpkg -i /tyk-gateway${TARGETARCH}.deb && rm /.deb +RUN rm -f /fips.deb +RUN dpkg -i /tyk-gateway${TARGETARCH}.deb +RUN rm /.deb ``` Suggestion importance[1-10]: 7 Why: Separating the commands improves readability and maintainability, although it slightly increases the number of layers in the Docker image.	7
	Review the use of '-tags=ignore' to ensure it's appropriate for production builds ___ The 'std' and 'fips' build configurations are using '-tags=ignore' which might be intended for debugging or development purposes. If these tags are not meant for production builds, consider removing them or ensuring they are included conditionally. [ci/goreleaser/goreleaser.yml [11]](https://github.com/TykTechnologies/tyk/pull/6387/files#diff-fb944a05459e4d713bc7541efd6e721cbe992a556353c09c4eb66a8eae9b856eR11-R11) ```diff -- -tags=ignore +# Remove or conditionally include the tag if not for production +- -tags="goplugin" ``` Suggestion importance[1-10]: 7 Why: This suggestion highlights a best practice by questioning the use of '-tags=ignore' in production builds, which could improve the reliability and appropriateness of the build configurations.	7
	Add a 'shell' specification to all run commands for consistency and clarity ___ It's recommended to use the 'shell' key consistently in all steps that specify a 'run' command for clarity and maintainability. [.github/workflows/release.yml [56]](https://github.com/TykTechnologies/tyk/pull/6387/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34R56-R56) ```diff +shell: bash run: \| echo "commit_author=$(git show -s --format='%ae' HEAD)" >> $GITHUB_OUTPUT ``` Suggestion importance[1-10]: 6 Why: Adding the 'shell' key improves consistency and clarity, but it is a minor improvement and not critical for functionality.	6
Enhancement	Consolidate all tags into a single '-tags' option for the 'fips' build configuration ___ The 'fips' build configuration includes redundant '-tags=goplugin,fips,boringcrypto' along with separate '-tags=ignore' and '-tags=goplugin'. It's better to consolidate all tags into a single '-tags' option to avoid conflicts and ensure clarity. [ci/goreleaser/goreleaser.yml [26-29]](https://github.com/TykTechnologies/tyk/pull/6387/files#diff-fb944a05459e4d713bc7541efd6e721cbe992a556353c09c4eb66a8eae9b856eR26-R29) ```diff -- -tags=ignore +- -tags="ignore,goplugin,fips,boringcrypto" - -trimpath -- -tags=goplugin -- -tags=goplugin,fips,boringcrypto ``` Suggestion importance[1-10]: 8 Why: Consolidating all tags into a single '-tags' option avoids potential conflicts and ensures clarity, improving the maintainability and correctness of the build configuration.	8
Possible issue	Combine all '-tags' options into one to ensure all tags are effectively applied ___ The 'fips' build configuration specifies multiple '-tags' options which can lead to only the last one being effective. Combine these into a single '-tags' option to ensure all intended tags are used. [ci/goreleaser/goreleaser.yml [26-29]](https://github.com/TykTechnologies/tyk/pull/6387/files#diff-fb944a05459e4d713bc7541efd6e721cbe992a556353c09c4eb66a8eae9b856eR26-R29) ```diff -- -tags=ignore -- -tags=goplugin -- -tags=goplugin,fips,boringcrypto +- -tags="ignore,goplugin,fips,boringcrypto" ``` Suggestion importance[1-10]: 8 Why: This suggestion is similar to the previous one and addresses the same issue of ensuring all tags are effectively applied by combining them into a single '-tags' option.	8
Maintainability	Use consistent environment variable names for the passphrase to avoid confusion and potential errors in scripts ___ To maintain consistency and avoid potential errors, consider using the same environment variable name for the passphrase across different scripts and configurations. [.github/workflows/release.yml [83]](https://github.com/TykTechnologies/tyk/pull/6387/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34R83-R83) ```diff -NFPM_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} +NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} ``` Suggestion importance[1-10]: 3 Why: While consistency is generally good for maintainability, the PR already changes the variable name to NFPM_PASSPHRASE, which seems to be the new standard. Reverting to the old name would be counterproductive.	3