Skip to content

Add end-to-end test case for API Platform + Gateway + Devportal integration#2471

Open
DinithHerath wants to merge 5 commits into
wso2:mainfrom
DinithHerath:main
Open

Add end-to-end test case for API Platform + Gateway + Devportal integration#2471
DinithHerath wants to merge 5 commits into
wso2:mainfrom
DinithHerath:main

Conversation

@DinithHerath

Copy link
Copy Markdown
Contributor

This pull request introduces a full three-plane end-to-end (E2E) integration test for the platform, covering Platform API, Gateway, and Developer Portal. It adds a new GitHub Actions workflow, expands the E2E test suite and documentation, updates Docker Compose to support the developer portal, and ensures credentials and webhooks are properly exercised and tested. The changes also clarify environment variables and credential handling for complex scenarios, especially those involving the developer portal.

Major changes include:

E2E Testing Infrastructure

  • Added a new workflow .github/workflows/platform-api-devportal-e2e.yml to run developer portal E2E tests, integrating Platform API, Gateway, and Developer Portal, including credential lifecycle scenarios and webhook propagation.
  • Updated .github/workflows/platform-api-gateway-e2e.yml to exclude developer portal scenarios from the combined E2E job, ensuring only the new workflow runs those tests.

Docker Compose and Environment

  • Extended tests/integration-e2e/docker-compose.yaml to add a devportal service, configure its environment, mount its schema, and set up webhook integration with Platform API, including correct encryption keys and admin user injection. [1] [2] [3] [4]
  • Added .webhook-key.it.pem to .gitignore to ignore the world-readable copy of the devportal webhook private key generated during tests.

Documentation

  • Expanded tests/integration-e2e/README.md to document the developer portal E2E scenarios, how to build and run them, new environment variables, and details on the credential lifecycle and webhook trust model. [1] [2] [3] [4]

Security and Configuration

  • Ensured all encryption keys (e.g., DATABASE_SUBSCRIPTION_TOKEN_ENCRYPTION_KEY, DP_ADVANCED_ENCRYPTIONKEY) are the correct length and properly documented for secure credential handling and webhook encryption.

These changes collectively enable robust, real-world E2E testing of the entire API platform, including developer portal integration, and provide clear documentation and configuration for contributors.

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@DinithHerath, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 17 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ff2048cb-dc49-4a66-8ce4-b1ab7086bf03

📥 Commits

Reviewing files that changed from the base of the PR and between 72d9033 and 7578fb4.

📒 Files selected for processing (5)
  • .github/workflows/platform-api-devportal-e2e.yml
  • tests/integration-e2e/README.md
  • tests/integration-e2e/docker-compose.yaml
  • tests/integration-e2e/steps_devportal_test.go
  • tests/integration-e2e/suite_test.go
📝 Walkthrough

Walkthrough

Adds a new Postgres-based developer-portal E2E test stack: a GitHub Actions workflow, a devportal docker-compose service with webhook wiring, DB provisioning, secured-API and devportal-webhook/lifecycle feature files with Go step implementations, and suite wiring including a switch from versioned to unversioned platform-api resource paths.

Changes

Developer Portal E2E Suite

Layer / File(s) Summary
CI workflow additions
.github/workflows/platform-api-devportal-e2e.yml, .github/workflows/platform-api-gateway-e2e.yml
New devportal E2E workflow builds images and runs postgres-only devportal tests; existing gateway workflow now filters E2E_TAGS to exclude devportal/multigateway scenarios appropriately.
Compose stack and DB provisioning
tests/integration-e2e/docker-compose.yaml, tests/integration-e2e/init-db.sql, tests/integration-e2e/.gitignore, tests/integration-e2e/platform-api-config.toml
Adds a devportal compose service backed by Postgres, enables webhook receiver on platform-api, provisions/loads the devportal DB schema, ignores generated webhook key, and documents file-based-user override behavior.
Secured API feature and steps
tests/integration-e2e/features/secured-api-invocation.feature, tests/integration-e2e/steps_secured_test.go
New feature and Go steps create a subscription plan, publish a secured REST API, deploy it, and verify gateway enforcement with/without credentials.
Devportal webhook feature and steps
tests/integration-e2e/features/devportal-webhook.feature, tests/integration-e2e/steps_devportal_test.go
New feature and Go steps bootstrap the portal, register a webhook subscriber, publish plans/APIs, and create applications/subscriptions/API keys, verifying gateway propagation.
Credential lifecycle steps
tests/integration-e2e/steps_devportal_lifecycle_test.go
New Go steps cover API key expiry/restore, plan change, token regeneration, pause/resume, revoke, and subscription removal with expected gateway rejection codes.
Suite wiring and API path updates
tests/integration-e2e/steps_test.go, tests/integration-e2e/suite_test.go
Registers new step groups, switches platform-api calls from versioned /api/v0.9/... paths to unversioned resource paths, adds devportal tag selection and webhook key preparation logic, and conditionally starts/bootstraps the devportal service.
Documentation
tests/integration-e2e/README.md
Documents the devportal stack, build steps, environment variables, and expanded scenario descriptions.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant TestSuite as E2E Suite
  participant Portal as developer-portal
  participant PlatformAPI as platform-api
  participant Gateway

  TestSuite->>Portal: bootstrap (health check, org link, webhook subscribe)
  Portal->>PlatformAPI: register webhook subscriber (HMAC secret, RSA public key)
  TestSuite->>Portal: create application, subscription, API key
  Portal->>PlatformAPI: webhook event (subscription.created, apikey.created)
  PlatformAPI->>Gateway: propagate credential/subscription state
  TestSuite->>Gateway: invoke with API-Key/Subscription-Key
  Gateway-->>TestSuite: 200 (valid) or 401/403 (invalid/revoked/expired)
Loading

Possibly related PRs

  • wso2/api-platform#2048: The new devportal E2E bootstrap relies on the developer-portal /health endpoint added in this PR.
  • wso2/api-platform#2325: The lifecycle E2E steps exercise plan change and token regeneration endpoints/webhook events introduced in this PR.
  • wso2/api-platform#2404: The devportal-webhook feature exercises the platform-api webhook receiver, crypto, and handler flow implemented in this PR.

Suggested reviewers: RakhithaRR, Tharsanan1, VirajSalaka, renuka-fernando, malinthaprasan

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description covers the change broadly, but it misses most required template sections like Purpose, Goals, Approach, tests, and security checks. Add the missing template sections with issue links, implementation approach, automation and security test details, samples, related PRs, and test environment.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: adding an end-to-end Platform API, Gateway, and Devportal integration test.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
.github/workflows/platform-api-devportal-e2e.yml (1)

30-71: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

No job-level timeout-minutes.

The go test step is bounded at 25m, but the preceding checkout/setup/four image-build steps have no bound and could hang (e.g. registry/network stalls) well past that, consuming the default multi-hour GitHub Actions job timeout.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/platform-api-devportal-e2e.yml around lines 30 - 71, Add a
job-level timeout for the devportal-e2e workflow job so the entire
`devportal-e2e` sequence cannot run indefinitely. Keep the existing `go test`
timeout, but update the job definition around the `devportal-e2e` job to include
a `timeout-minutes` value that covers the full checkout/setup/build/test flow
and prevents hangs in steps like `actions/checkout`, `actions/setup-go`,
`docker/setup-buildx-action`, or the various `make build` commands.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/platform-api-devportal-e2e.yml:
- Around line 9-20: The workflow trigger for the devportal e2e job is too broad
and causes it to run on every pull request to main, which conflicts with the
intended “off the critical path” behavior. Update the workflow’s pull_request
trigger in the platform-api-devportal-e2e workflow to include path scoping so it
only runs when the e2e/devportal stack or related workflow inputs change, while
keeping workflow_dispatch for on-demand runs. Use the workflow’s existing
trigger block as the place to narrow the PR trigger and preserve the current job
definition.

In `@tests/integration-e2e/docker-compose.yaml`:
- Around line 200-222: Update the stale header comment in the devportal service
block to match the actual wiring used by the devportal environment. The comment
near the devportal definition currently claims it uses a self-contained SQLite
store with no database wiring, but the `devportal` service is configured with
`DP_DB_DIALECT`, `DP_DB_HOST`, `DP_DB_PORT`, and the other DB env vars to use
the shared `postgres` service. Keep the inline explanation aligned with the
existing `devportal` service definition and its environment variables so readers
understand it is intentionally backed by Postgres, not SQLite.

In `@tests/integration-e2e/README.md`:
- Around line 148-154: The README text in the auth section mixes literal
wildcard scopes with Markdown bold formatting, triggering the MD037 ambiguity
warning. Update the sentence in the integration-e2e README so the scope values
in the Auth description are consistently wrapped as code, and keep the wording
around AUTH_FILE_BASED_USERS and bearer auth unchanged. Use the surrounding auth
paragraph to locate the affected text.

---

Nitpick comments:
In @.github/workflows/platform-api-devportal-e2e.yml:
- Around line 30-71: Add a job-level timeout for the devportal-e2e workflow job
so the entire `devportal-e2e` sequence cannot run indefinitely. Keep the
existing `go test` timeout, but update the job definition around the
`devportal-e2e` job to include a `timeout-minutes` value that covers the full
checkout/setup/build/test flow and prevents hangs in steps like
`actions/checkout`, `actions/setup-go`, `docker/setup-buildx-action`, or the
various `make build` commands.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0f69e18b-0c71-42d8-a273-c987d2ab1e17

📥 Commits

Reviewing files that changed from the base of the PR and between d633052 and 72d9033.

📒 Files selected for processing (14)
  • .github/workflows/platform-api-devportal-e2e.yml
  • .github/workflows/platform-api-gateway-e2e.yml
  • tests/integration-e2e/.gitignore
  • tests/integration-e2e/README.md
  • tests/integration-e2e/docker-compose.yaml
  • tests/integration-e2e/features/devportal-webhook.feature
  • tests/integration-e2e/features/secured-api-invocation.feature
  • tests/integration-e2e/init-db.sql
  • tests/integration-e2e/platform-api-config.toml
  • tests/integration-e2e/steps_devportal_lifecycle_test.go
  • tests/integration-e2e/steps_devportal_test.go
  • tests/integration-e2e/steps_secured_test.go
  • tests/integration-e2e/steps_test.go
  • tests/integration-e2e/suite_test.go

Comment thread .github/workflows/platform-api-devportal-e2e.yml
Comment thread tests/integration-e2e/docker-compose.yaml
Comment thread tests/integration-e2e/README.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant