From 0e44d584cd0874586242313b05cea5bb29f0236c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Apr 2024 11:24:52 +0000
Subject: [PATCH 1/2] chore(deps): bump peter-evans/create-pull-request from
 6.0.4 to 6.0.5 (#226)

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.4 to 6.0.5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/9153d834b60caba6d51c9b9510b087acf9f33f83...6d6857d36972b65feb161a90e484f2984215f83e)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/__release-workflow.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/__release-workflow.yaml b/.github/workflows/__release-workflow.yaml
index 129457427..3adaf3040 100644
--- a/.github/workflows/__release-workflow.yaml
+++ b/.github/workflows/__release-workflow.yaml
@@ -268,7 +268,7 @@ jobs:
 
       # PRs to the base branch will update the version file and manifests
       - name: Create a release PR
-        uses: peter-evans/create-pull-request@9153d834b60caba6d51c9b9510b087acf9f33f83
+        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
         if: ${{ (inputs.base == 'main' && matrix.base == 'main') || (inputs.base != 'main') }}
         with:
           token: ${{ secrets.gh-pat }}

From 822d0630199cafc797c8a334220d39dac8c284a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20Ma=C5=82ek?= <patryk.malek@konghq.com>
Date: Thu, 25 Apr 2024 14:15:59 +0200
Subject: [PATCH 2/2] tests: fix flaky ControlPlane assertion in webhook checks
 (#227)

---
 test/integration/test_controlplane.go | 41 +++++++++++++++++----------
 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/test/integration/test_controlplane.go b/test/integration/test_controlplane.go
index 750a28b7e..60f4f968d 100644
--- a/test/integration/test_controlplane.go
+++ b/test/integration/test_controlplane.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"reflect"
 	"slices"
+	"strings"
 	"testing"
 	"time"
 
@@ -339,7 +340,7 @@ func TestControlPlaneEssentials(t *testing.T) {
 	require.Eventually(t, testutils.ControlPlaneHasAdmissionWebhookConfiguration(t, GetCtx(), controlplane, clients), testutils.ControlPlaneCondDeadline, testutils.ControlPlaneCondTick)
 
 	t.Log("verifying controlplane's webhook is functional")
-	verifyControlPlaneWebhookIsFunctional(t, GetCtx(), clients)
+	eventuallyVerifyControlPlaneWebhookIsFunctional(t, GetCtx(), clients)
 
 	t.Log("verifying that controlplane's ClusterRole is patched if it goes out of sync")
 	clusterRoles = testutils.MustListControlPlaneClusterRoles(t, GetCtx(), controlplane, clients)
@@ -445,22 +446,32 @@ func verifyControlPlaneDeploymentAdmissionWebhookMount(t *testing.T, deployment
 	require.Equal(t, consts.ControlPlaneAdmissionWebhookVolumeMountPath, volumeMount.MountPath)
 }
 
-// verifyControlPlaneWebhookIsFunctional verifies that the controlplane validating webhook is functional by
-// creating a resource that should be rejected by the webhook and verifying that it is rejected.
-func verifyControlPlaneWebhookIsFunctional(t *testing.T, ctx context.Context, clients testutils.K8sClients) {
-	keyAuthSecretWithNoKey := corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			GenerateName: "test-cred-",
-			Namespace:    "default",
-			Labels: map[string]string{
-				"konghq.com/credential": "key-auth",
+// eventuallyVerifyControlPlaneWebhookIsFunctional verifies that the controlplane validating webhook
+// is functional by creating a resource that should be rejected by the webhook and verifying that
+// it is rejected.
+func eventuallyVerifyControlPlaneWebhookIsFunctional(t *testing.T, ctx context.Context, clients testutils.K8sClients) {
+	require.Eventually(t, func() bool {
+		keyAuthSecretWithNoKey := corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				GenerateName: "test-cred-",
+				Namespace:    "default",
+				Labels: map[string]string{
+					"konghq.com/credential": "key-auth",
+				},
 			},
-		},
-	}
+		}
 
-	err := clients.MgrClient.Create(ctx, &keyAuthSecretWithNoKey)
-	require.Error(t, err)
-	require.ErrorContains(t, err, "admission webhook \"secrets.validation.ingress-controller.konghq.com\" denied the request")
+		err := clients.MgrClient.Create(ctx, &keyAuthSecretWithNoKey)
+		if err == nil {
+			t.Log("ControlPlane webhook accepted an invalid secret, retrying and waiting for webhook to become functional")
+			return false
+		}
+		if !strings.Contains(err.Error(), "admission webhook \"secrets.validation.ingress-controller.konghq.com\" denied the request") {
+			t.Logf("unexpected error: %v", err)
+			return false
+		}
+		return true
+	}, testutils.ControlPlaneCondDeadline, testutils.ControlPlaneCondTick)
 }
 
 func TestControlPlaneUpdate(t *testing.T) {