Test Github action to update NGINX as a Service (NGINXaaS) for Azure configurations #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# File: .github/workflows/testNginxForAzureDeploy.yml | |
name: Test Github action to update NGINX as a Service (NGINXaaS) for Azure configurations | |
on: | |
schedule: | |
- cron: "0 20 * * *" | |
env: | |
NGINX_DEPLOYMENT_NAME: github-action-test-dep | |
NGINX_TRANSFORMED_CONFIG_DIR_PATH: /etc/nginx/ | |
NGINX_ROOT_CONFIG_FILE: nginx.conf | |
TEST_RESOURCE_GROUP_NAME: testenv-0da38993-workload | |
NGINX_CERT_NAME: github-action-test-crt | |
NGINX_VAULT_NAME: nlbtest-customer | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
Update-NGINX: | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Checkout repository" | |
uses: actions/checkout@v2 | |
- name: "AZ CLI Login" | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: "Update config - single file" | |
shell: bash | |
run: | | |
sed -i 's/000000/'"$GITHUB_RUN_NUMBER"'/g' github-action/test/configs/single/nginx.conf | |
cat github-action/test/configs/single/nginx.conf | |
- name: "Sync NGINX configuration to NGINXaaS for Azure - single file" | |
uses: nginxinc/[email protected] | |
with: | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resource-group-name: $TEST_RESOURCE_GROUP_NAME | |
nginx-deployment-name: $NGINX_DEPLOYMENT_NAME | |
nginx-config-directory-path: github-action/test/configs/single/ | |
nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE | |
transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH | |
- name: "Validate config update - single file" | |
shell: bash | |
run: | | |
wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id" | test( "'"$GITHUB_RUN_NUMBER"'")' | |
- name: "Update config - multi file" | |
shell: bash | |
run: | | |
sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' github-action/test/configs/multi/nginx.conf | |
cat github-action/test/configs/multi/nginx.conf | |
sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' github-action/test/configs/multi/conf.d/proxy.conf | |
cat github-action/test/configs/multi/conf.d/proxy.conf | |
- name: "Sync NGINX configuration and certificate to NGINXaaS for Azure - multi file" | |
uses: nginxinc/[email protected] | |
with: | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resource-group-name: $TEST_RESOURCE_GROUP_NAME | |
nginx-deployment-name: $NGINX_DEPLOYMENT_NAME | |
nginx-deployment-location: "westcentralus" | |
nginx-config-directory-path: github-action/test/configs/multi/ | |
nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE | |
transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH | |
nginx-certificates: '[{"certificateName": "$NGINX_CERT_NAME", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.key" } ]' | |
- name: "Validate config update" | |
shell: bash | |
run: | | |
wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id" | test( "'"$GITHUB_RUN_ID"'")' | |
- name: "Validate certificate update" | |
uses: azure/CLI@v1 | |
with: | |
inlineScript: | | |
echo "-----BEGIN CERTIFICATE-----" > /tmp/$GITHUB_RUN_ID.tmp | |
az keyvault certificate show --vault-name $NGINX_VAULT_NAME -n $NGINX_CERT_NAME | jq -r .cer | cat >> /tmp/$GITHUB_RUN_ID.tmp | |
echo "-----END CERTIFICATE-----" >> /tmp/$GITHUB_RUN_ID.tmp | |
wget -O - -o /dev/null https://${{ secrets.NGINX_DEPLOYMENT_IP }} --ca-certificate=/tmp/$GITHUB_RUN_ID.tmp | jq '.request.headers."Github-Run-Id" | test( "'"$GITHUB_RUN_ID"'")' |