Merge branch 'main' into main

Author: kanmitcode

.github/workflows/core-test.yml

@@ -1,6 +1,9 @@
 name: 🌊 Ocean Core Tests
 
 on:
+  push:
+    branches:
+      - main
   pull_request:
   workflow_dispatch:
 
@@ -31,7 +34,7 @@ jobs:
 
       - name: Unit Test Core
         env:
-          PYTEST_ADDOPTS: --junitxml=junit/unit-test-results-ocean/core.xml
+          PYTEST_ADDOPTS: --cov --cov-report= --cov-append --junitxml=junit/unit-test-results-ocean/core.xml
         run: |
           make test
 
@@ -50,7 +53,7 @@ jobs:
 
       - name: Smoke Test Core
         env:
-          PYTEST_ADDOPTS: --junitxml=junit/smoke-test-results-ocean/core.xml
+          PYTEST_ADDOPTS: --cov --cov-report= --cov-append --junitxml=junit/smoke-test-results-ocean/core.xml
           PORT_CLIENT_ID: ${{ secrets.PORT_CLIENT_ID }}
           PORT_CLIENT_SECRET: ${{ secrets.PORT_CLIENT_SECRET }}
           PORT_BASE_URL: ${{ secrets.PORT_BASE_URL }}
@@ -61,7 +64,7 @@ jobs:
       - name: Cleanup Smoke Test
         if: always()
         env:
-          PYTEST_ADDOPTS: --junitxml=junit/smoke-test-results-ocean/core.xml
+          PYTEST_ADDOPTS: --cov --cov-report= --cov-append --junitxml=junit/smoke-test-results-ocean/core.xml
           PORT_CLIENT_ID: ${{ secrets.PORT_CLIENT_ID }}
           PORT_CLIENT_SECRET: ${{ secrets.PORT_CLIENT_SECRET }}
           PORT_BASE_URL: ${{ secrets.PORT_BASE_URL }}
@@ -77,7 +80,112 @@ jobs:
       - name: Test all integrations with current core
         run: |
           echo "Testing all integrations with local core"
-          SCRIPT_TO_RUN="PYTEST_ADDOPTS=--junitxml=${PWD}/junit/test-results-core-change/\`pwd | xargs basename\`.xml make test" make execute/all
+          SCRIPT_TO_RUN="PYTEST_ADDOPTS=\"--cov --cov-report= --cov-append --junitxml=${PWD}/junit/test-results-core-change/\`pwd | xargs basename\`.xml\" make test" make execute/all
+
+      - name: Get PR_NUMBER
+        id: pr-number
+        run: |
+          if [ ! -z ${{ inputs.PR_NUMBER }} ]; then
+            echo "PR_NUMBER=${{ inputs.PR_NUMBER }}" >> $GITHUB_OUTPUT
+          elif [ ! -z ${{ github.event.pull_request.number }} ]; then
+            echo "PR_NUMBER=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
+          else
+            echo "PR_NUMBER=0" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Produce coverage report
+        run: |
+          mkdir -p coverage-merge
+          i=0
+          find . -type f -name ".coverage" | while read -r file; do
+            i=$((i + 1))
+            cp "$file" "coverage-merge/.coverage.$i"
+          done
+          make coverage
+
+      - name: Upload coverage report
+        id: upload-coverage
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-report
+          path: htmlcov
+
+      - name: Set repo code coverage percentage by the percentage of statements covered in the tests
+        id: set-stmts-coverage
+        run: |
+          stmts=$(jq '.totals.percent_covered | . * 100 | round | . / 100' coverage.json)
+          echo "STMTS_COVERAGE=$stmts" >> $GITHUB_OUTPUT
+
+      - name: Comment PR with code coverage summary
+        uses: actions/github-script@v7
+        env:
+          CODE_COVERAGE_ARTIFACT_URL: ${{ steps.upload-coverage.outputs.artifact-url }}
+          PR_NUMBER: ${{ steps.pr-number.outputs.PR_NUMBER }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Code Coverage Artifact 📈: ${{ env.CODE_COVERAGE_ARTIFACT_URL }}
+            #### Code Coverage Total Percentage: \`${{ steps.set-stmts-coverage.outputs.STMTS_COVERAGE }}%\``;
+
+            github.rest.issues.createComment({
+              issue_number: ${{ env.PR_NUMBER }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+
+      - name: Get current repo coverage percentage from Port
+        uses: port-labs/port-github-action@v1
+        id: get-current-coverage
+        with:
+          clientId: ${{ secrets.PORT_MAIN_CLIENT_ID }}
+          clientSecret: ${{ secrets.PORT_MAIN_CLIENT_SECRET }}
+          baseUrl: https://api.getport.io
+          operation: GET
+          identifier: ocean
+          blueprint: repository
+
+      - name: Set current code coverage
+        id: set-current-coverage
+        run: echo "CURRENT_COVERAGE=${{ fromJson(steps.get-current-coverage.outputs.entity).properties.coverage_percent }}" >> $GITHUB_OUTPUT
+
+      - name: Comment if Coverage Regression
+        if: ${{ (fromJson(steps.set-stmts-coverage.outputs.STMTS_COVERAGE) < fromJson(steps.set-current-coverage.outputs.CURRENT_COVERAGE)) && (steps.pr-number.outputs.PR_NUMBER != 0) }}
+        uses: actions/github-script@v7
+        env:
+          PR_NUMBER: ${{ steps.pr-number.outputs.PR_NUMBER }}
+          CURRENT_COVERAGE: ${{ steps.set-current-coverage.outputs.CURRENT_COVERAGE }}
+          NEW_COVERAGE: ${{ steps.set-stmts-coverage.outputs.STMTS_COVERAGE }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `🚨 The new code coverage percentage is lower than the current one. Current coverage: \`${{ env.CURRENT_COVERAGE }}\`\n While the new one is: \`${{ env.NEW_COVERAGE }}\``;
+
+            github.rest.issues.createComment({
+              issue_number: ${{ env.PR_NUMBER }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+
+      - name: Fail PR if current code coverage percentage is higher than the new one
+        if: ${{ (fromJson(steps.set-stmts-coverage.outputs.STMTS_COVERAGE) < fromJson(steps.set-current-coverage.outputs.CURRENT_COVERAGE)) && (vars.CODE_COVERAGE_ENFORCEMENT == 'true') }}
+        run: exit 1
+
+      - name: Update service code coverage percentage in Port
+        if: ${{ (github.event_name == 'push') }}
+        uses: port-labs/port-github-action@v1
+        with:
+          clientId: ${{ secrets.PORT_MAIN_CLIENT_ID }}
+          clientSecret: ${{ secrets.PORT_MAIN_CLIENT_SECRET }}
+          baseUrl: https://api.getport.io
+          operation: UPSERT
+          identifier: ocean
+          blueprint: repository
+          properties: |-
+            {
+              "coverage_percent": "${{ steps.set-stmts-coverage.outputs.STMTS_COVERAGE }}"
+            }
 
       - name: Publish Test Report
         uses: mikepenz/action-junit-report@v5

.github/workflows/docker-images-security-scan.yml

@@ -1,5 +1,7 @@
 name: Scan docker images
 on:
+  schedule:
+    - cron: '0 0 * * *'  # Every day at midnight
   workflow_dispatch:
     inputs:
       image:
@@ -51,7 +53,7 @@ jobs:
         id: set-images
         run: |
           PROJECTS=$(ls --color=never ./integrations | grep -Ev '_infra')
-          if [[ "${{ inputs.image }}" != "all" ]]; then
+          if [[ "${{ inputs.image }}" != "all" && "${{ github.event_name }}" == "workflow_dispatch" ]]; then
             PROJECTS="${{ inputs.image }}"
           fi
           IMAGES_WITH_VERSIONS=()
@@ -126,3 +128,44 @@ jobs:
               echo "</details>"
             } >> $GITHUB_STEP_SUMMARY
           fi
+
+      - name: Set output for trivy results
+        run: |
+          echo "VULNERABILITIES_COUNT=$(cat trivy-${{ steps.enrich-version.outputs.integration }}.txt | grep -i "total:" | awk '{print $2}')" >> $GITHUB_ENV
+          echo ${{ env.VULNERABILITIES_COUNT }}
+
+      - name: Send slack alert if vulnerabilities found
+        if: ${{ env.VULNERABILITIES_COUNT != '0' }}
+        uses: slackapi/[email protected]
+        with:
+          webhook-type: incoming-webhook
+          payload: |
+            {
+              "text": "Vulnerabilities found in `${{ steps.enrich-version.outputs.integration }}` image",
+              "attachments": [
+                {
+                  "text": "${{ steps.enrich-version.outputs.integration }} image has vulnerabilities",
+                  "fields": [
+                    {
+                      "title": "Image",
+                      "value": "${{ steps.enrich-version.outputs.image_tag }}",
+                      "short": true
+                    },
+                    {
+                      "title": "Vulnerabilities",
+                      "value": "Count: ${{ env.VULNERABILITIES_COUNT }}",
+                      "short": true
+                    },
+                    {
+                      "title": "link",
+                      "value": "https://github.com/port-labs/ocean/actions/runs/${{ github.run_id }}",
+                      "short": true
+                    }
+                  ],
+
+                  "color": "#FF0000"
+                }
+              ]
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_RND_ECOSYSTEM_DEPENDABOT_ALERTS_WEBHOOK_URL }}

CHANGELOG.md

@@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 <!-- towncrier release notes start -->
+## 0.22.1 (2025-04-02)
+
+### Features
+
+- Added support for team search query in entity mapping
+- Enhanced batch_upsert_entities to return tuples with success status.
+- Improved null property handling in entity field comparisons.
+- Updated upsert logic to use batch upsert consistently.
+- Added unit tests for null property handling in entity comparisons.
 
 ## 0.22.0 (2025-03-17)
 

Makefile

@@ -163,3 +163,9 @@ smoke/start-mock-api:
 
 smoke/stop-mock-api:
 	ps aux | grep fake_port_api | egrep -v grep | awk '{print $$2};' | xargs kill -9
+
+coverage:
+	$(ACTIVATE) && \
+	coverage combine coverage-merge && \
+	coverage html && \
+	coverage json

integrations/amplication/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.1.10 (2025-04-03)
+
+
+### Improvements
+
+- Bumped ocean version to ^0.22.1
+
+
 ## 0.1.9 (2025-03-24)
 
 

integrations/amplication/poetry.lock

@@ -1,12 +1,12 @@
 [tool.poetry]
 name = "amplication"
-version = "0.1.9"
+version = "0.1.10"
 description = "Allowing Amplication users to integrate with Port"
 authors = ["Itai Nathaniel <[email protected]>"]
 
 [tool.poetry.dependencies]
 python = "^3.12"
-port_ocean = {version = "^0.22.0", extras = ["cli"]}
+port_ocean = {version = "^0.22.1", extras = ["cli"]}
 
 [tool.poetry.group.dev.dependencies]
 # Uncomment this if you want to debug the ocean core together with your integration

integrations/amplication/pyproject.toml

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- towncrier release notes start -->
 
+## 0.1.150 (2025-04-03)
+
+
+### Improvements
+
+- Bumped ocean version to ^0.22.1
+
+
 ## 0.1.149 (2025-03-24)
 
 

integrations/argocd/CHANGELOG.md

@@ -1,12 +1,12 @@
 [tool.poetry]
 name = "argocd"
-version = "0.1.149"
+version = "0.1.150"
 description = "Argo CD integration powered by Ocean"
 authors = ["Isaac Coffie <[email protected]>"]
 
 [tool.poetry.dependencies]
 python = "^3.12"
-port_ocean = {version = "^0.22.0", extras = ["cli"]}
+port_ocean = {version = "^0.22.1", extras = ["cli"]}
 
 [tool.poetry.group.dev.dependencies]
 # Uncomment this if you want to debug the ocean core together with your integration

integrations/argocd/poetry.lock

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- towncrier release notes start -->
 
+## 0.2.114 (2025-04-03)
+
+
+### Improvements
+
+- Bumped ocean version to ^0.22.1
+
+
 ## 0.2.113 (2025-03-24)
 
 

integrations/argocd/pyproject.toml

@@ -1,12 +1,12 @@
 [tool.poetry]
 name = "aws"
-version = "0.2.113"
+version = "0.2.114"
 description = "This integration will map all your resources in all the available accounts to your Port entities"
 authors = ["Shalev Avhar <[email protected]>", "Erik Zaadi <[email protected]>"]
 
 [tool.poetry.dependencies]
 python = "^3.12"
-port_ocean = {version = "^0.22.0", extras = ["cli"]}
+port_ocean = {version = "^0.22.1", extras = ["cli"]}
 python-dotenv = "^1.0.1"
 aioboto3 = "^12.4.0"
 boto3-stubs = {version = "1.34.76", extras = ["acm", "apigateway", "appconfig", "athena", "cloudcontrol", "cloudformation", "cloudwatch", "dynamodb", "ec2", "ec2-instance-connect", "ecr", "ecs", "elasticache", "elb", "elbv2", "events", "iam", "lambda", "logs", "organizations", "rds", "route53", "s3", "sagemaker", "secretsmanager", "sns", "sqs", "ssm", "sts"]}