search

TykTechnologies / tyk

Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols
Other
9.75k stars 1.09k forks source link

[TT-13508] Downgrade Bento to v1.2.0 and use our own fork to cherry-pick some changes from latest main branch. #6700

Closed buraksezer closed 2 weeks ago

buraksezer commented 2 weeks ago

User description

Bento >=1.3.0 requires an OpenTelemetry upgrade and it breaks our E2E tests. Here is some details: https://tyktech.atlassian.net/browse/TT-13518

This PR downgrades Bento to v1.2.0 and cherry-picks some changes from the main branch to fix TT-13508. See this https://github.com/TykTechnologies/tyk/pull/6697

PR Type

enhancement, dependencies

Description

Changes walkthrough πŸ“

Relevant files
Dependencies
go.mod
Downgrade dependencies and switch to a forked Bento version
go.mod
  • Downgraded google.golang.org/grpc from v1.67.0 to v1.66.2.
  • Downgraded github.com/warpstreamlabs/bento from v1.3.1 to v1.2.0 and
    replaced it with a fork.
  • Downgraded go.opentelemetry.io/otel and related packages from v1.29.0
    to v1.24.0.
  • Updated multiple indirect dependencies to earlier versions.
    		•  +47/-65 
    Additional files (token-limit)
    go.sum
    ...                                                                                                           
    go.sum ...
    		+103/-1054

    πŸ’‘ PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    buger commented 2 weeks ago

    :broken_heart: The detected issue is not in one of the allowed statuses :broken_heart:

    Detected Status Closed :x:
    Allowed Statuses In Dev,In Code Review,Ready for Testing,In Test,In Progress,In Review :heavy_check_mark:

    Please ensure your jira story is in one of the allowed statuses

    github-actions[bot] commented 2 weeks ago

    PR Reviewer Guide πŸ”

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 4 πŸ”΅πŸ”΅πŸ”΅πŸ”΅βšͺ
    πŸ§ͺ No relevant tests
    πŸ”’ No security concerns identified
    ⚑ Recommended focus areas for review

    Dependency Downgrades
    The PR includes multiple downgrades of dependencies. Each downgrade should be verified to ensure that it does not introduce any breaking changes or regressions in functionality. Special attention should be given to major version downgrades and dependencies that are critical to the application's core functionality. Indirect Dependencies
    Changes to indirect dependencies are extensive and could impact the stability and performance of the system. Each indirect dependency's downgrade should be reviewed to ensure compatibility with the application and other libraries.
    github-actions[bot] commented 2 weeks ago

    API Changes

    no api changes detected
    github-actions[bot] commented 2 weeks ago

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Score
    Possible issue
    Ensure compatibility and stability by reviewing the version downgrade of google.golang.org/grpc ___ **Review the downgrade of google.golang.org/grpc from v1.67.0 to v1.66.2 to ensure
    compatibility with other dependencies and overall stability.** [go.mod [70]](https://github.com/TykTechnologies/tyk/pull/6700/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R70-R70) ```diff -google.golang.org/grpc v1.66.2 +google.golang.org/grpc v1.67.0 ```
    Suggestion importance[1-10]: 5 Why: The suggestion to review the downgrade of `google.golang.org/grpc` is valid as it could impact compatibility and stability. However, it does not directly address a specific bug or critical issue, hence a moderate score.
    		5
    Confirm that the downgraded version of github.com/aws/aws-sdk-go-v2 supports all necessary features ___ **Verify the downgrade of github.com/aws/aws-sdk-go-v2 to ensure that the older
    version supports all required features and APIs used in the project.** [go.mod [163]](https://github.com/TykTechnologies/tyk/pull/6700/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R163-R163) ```diff -github.com/aws/aws-sdk-go-v2 v1.25.0 +github.com/aws/aws-sdk-go-v2 v1.32.2 ```
    Suggestion importance[1-10]: 5 Why: This suggestion is relevant as it addresses potential issues with API support in the downgraded version of `github.com/aws/aws-sdk-go-v2`. It's a precautionary check, thus scored moderately.
    		5
    Check that the downgraded go.opentelemetry.io/otel packages still meet observability needs ___ **Ensure that the downgrade of go.opentelemetry.io/otel and related packages does not
    remove critical functionality or performance improvements essential for
    observability.** [go.mod [469]](https://github.com/TykTechnologies/tyk/pull/6700/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R469-R469) ```diff -go.opentelemetry.io/otel v1.24.0 +go.opentelemetry.io/otel v1.29.0 ```
    Suggestion importance[1-10]: 5 Why: The suggestion to verify the functionality of downgraded `go.opentelemetry.io/otel` packages is important for maintaining observability features. It's a valid concern but not a direct bug fix, so it receives a moderate score.
    		5
    Ensure the forked github.com/TykTechnologies/bento is fully compatible and meets the project's custom needs ___ **Confirm that the replaced github.com/warpstreamlabs/bento with the fork
    github.com/TykTechnologies/bento includes all necessary custom changes and is
    compatible with the project's requirements.** [go.mod [510]](https://github.com/TykTechnologies/tyk/pull/6700/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R510-R510) ```diff +replace github.com/warpstreamlabs/bento v1.2.0 => github.com/TykTechnologies/bento v0.0.0-20241108123210-93d1717c7171 - ```
    Suggestion importance[1-10]: 5 Why: This suggestion is crucial for ensuring that the forked repository meets all project requirements and compatibility, especially when replacing a dependency. It's preventive and important for project integrity, hence a moderate score.
    		5
    sonarcloud[bot] commented 2 weeks ago

    Quality Gate Failed Quality Gate failed

    Failed conditions
    0.0% Coverage on New Code (required β‰₯ 80%)

    See analysis details on SonarCloud