diff --git a/.github/workflows/azure-pipeline-build.yml b/.github/workflows/azure-pipeline-build.yml index 0d7719a..61d6fa3 100644 --- a/.github/workflows/azure-pipeline-build.yml +++ b/.github/workflows/azure-pipeline-build.yml @@ -1,3 +1,4 @@ +--- name: Build and Release for Azure Pipeline on: push: diff --git a/.github/workflows/github-action-test-nginxaas-deploy.yml b/.github/workflows/github-action-test-nginxaas-deploy.yml index 700eecd..6073e6f 100644 --- a/.github/workflows/github-action-test-nginxaas-deploy.yml +++ b/.github/workflows/github-action-test-nginxaas-deploy.yml @@ -1,15 +1,21 @@ +--- # File: .github/workflows/testNginxForAzureDeploy.yml name: Test Github action to update NGINX as a Service (NGINXaaS) for Azure configurations on: + push: + branches: + - '*' + pull_request: schedule: - cron: "0 20 * * *" env: - NGINX_DEPLOYMENT_NAME: github-action-test-dep - NGINX_TRANSFORMED_CONFIG_DIR_PATH: /etc/nginx/ - NGINX_ROOT_CONFIG_FILE: nginx.conf - TEST_RESOURCE_GROUP_NAME: testenv-0da38993-workload + NGINX_CONFIG_DIRECTORY: github-action/test/configs + NGINX_DEPLOYMENT_NAME: n4a-long-westcent-nginxaas + NGINX_TRANSFORMED_CONFIG_DIR_PATH: / + NGINX_ROOT_CONFIG_FILE: /etc/nginx/nginx.conf + TEST_RESOURCE_GROUP_NAME: n4a-long-westcent-workload NGINX_CERT_NAME: github-action-test-crt NGINX_VAULT_NAME: nlbtest-customer @@ -18,64 +24,73 @@ permissions: contents: read jobs: + Fetch-NGINX-State: + runs-on: ubuntu-latest + steps: + - name: "AZ CLI Login" + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: "Fetch deployment state" + uses: azure/CLI@v1 + with: + azcliversion: 2.40.0 + inlineScript: | + az extension add --source https://azcliprod.blob.core.windows.net/cli-extensions/nginx-0.1.1-py2.py3-none-any.whl -y + az nginx deployment show -g $TEST_RESOURCE_GROUP_NAME -n $NGINX_DEPLOYMENT_NAME --output json > nginx.json + az nginx deployment configuration show -g $TEST_RESOURCE_GROUP_NAME --deployment-name $NGINX_DEPLOYMENT_NAME -n default --output json > nginx.config.json + name: nginx-state + path: | + nginx.json + nginx.config.json + Update-NGINX: runs-on: ubuntu-latest steps: - - name: "Checkout repository" - uses: actions/checkout@v2 - - name: "AZ CLI Login" - uses: azure/login@v1 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: "Checkout repository" + uses: actions/checkout@v2 + + - name: "AZ CLI Login" + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: "Update config - single file" - shell: bash - run: | - sed -i 's/000000/'"$GITHUB_RUN_NUMBER"'/g' github-action/test/configs/single/nginx.conf - cat github-action/test/configs/single/nginx.conf - - name: "Sync NGINX configuration to NGINXaaS for Azure - single file" - uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1 - with: - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - resource-group-name: $TEST_RESOURCE_GROUP_NAME - nginx-deployment-name: $NGINX_DEPLOYMENT_NAME - nginx-config-directory-path: github-action/test/configs/single/ - nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE - transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH - - name: "Validate config update - single file" - shell: bash - run: | - wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id" | test( "'"$GITHUB_RUN_NUMBER"'")' - - name: "Update config - multi file" - shell: bash - run: | - sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' github-action/test/configs/multi/nginx.conf - cat github-action/test/configs/multi/nginx.conf - sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' github-action/test/configs/multi/conf.d/proxy.conf - cat github-action/test/configs/multi/conf.d/proxy.conf - - name: "Sync NGINX configuration and certificate to NGINXaaS for Azure - multi file" - uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1 - with: - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - resource-group-name: $TEST_RESOURCE_GROUP_NAME - nginx-deployment-name: $NGINX_DEPLOYMENT_NAME - nginx-deployment-location: "westcentralus" - nginx-config-directory-path: github-action/test/configs/multi/ - nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE - transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH - nginx-certificates: '[{"certificateName": "$NGINX_CERT_NAME", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.key" } ]' + - name: Download math result for job 1 + uses: actions/download-artifact@v4 + with: + name: nginx-state - - name: "Validate config update" - shell: bash - run: | - wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id" | test( "'"$GITHUB_RUN_ID"'")' - - name: "Validate certificate update" - uses: azure/CLI@v1 - with: - inlineScript: | - echo "-----BEGIN CERTIFICATE-----" > /tmp/$GITHUB_RUN_ID.tmp - az keyvault certificate show --vault-name $NGINX_VAULT_NAME -n $NGINX_CERT_NAME | jq -r .cer | cat >> /tmp/$GITHUB_RUN_ID.tmp - echo "-----END CERTIFICATE-----" >> /tmp/$GITHUB_RUN_ID.tmp - wget -O - -o /dev/null https://${{ secrets.NGINX_DEPLOYMENT_IP }} --ca-certificate=/tmp/$GITHUB_RUN_ID.tmp | jq '.request.headers."Github-Run-Id" | test( "'"$GITHUB_RUN_ID"'")' + - name: "Prep Config Files" + shell: bash + run: | + ./github-action/test/scripts/config_to_files.sh -f $PWD/nginx.config.json -o $NGINX_CONFIG_DIRECTORY + sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' $NGINX_CONFIG_DIRECTORY/github_action.conf + mv $NGINX_CONFIG_DIRECTORY/github_action.conf $NGINX_CONFIG_DIRECTORY/etc/nginx/conf.d/servers/github_action.conf + cat $NGINX_CONFIG_DIRECTORY/etc/nginx/conf.d/servers/github_action.conf + - name: "Sync NGINX configuration and certificate to NGINXaaS for Azure" + uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1 + with: + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + resource-group-name: $TEST_RESOURCE_GROUP_NAME + nginx-deployment-name: $NGINX_DEPLOYMENT_NAME + nginx-deployment-location: "westcentralus" + nginx-config-directory-path: $NGINX_CONFIG_DIRECTORY + nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE + transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH + nginx-certificates: '[{"certificateName": "$NGINX_CERT_NAME", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.key" } ]' + + - name: "Validate certificate and config update" + uses: azure/CLI@v1 + with: + inlineScript: | + export NGINX_DEPLOYMENT_IP=$(cat nginx.json | jq '.properties.ipAddress') + wget -O - -o /dev/null http://$NGINX_DEPLOYMENT_IP:8443/github-action | grep '$GITHUB_RUN_ID' + echo "-----BEGIN CERTIFICATE-----" > /tmp/$GITHUB_RUN_ID.tmp + az keyvault certificate show --vault-name $NGINX_VAULT_NAME -n $NGINX_CERT_NAME | jq -r .cer | cat >> /tmp/$GITHUB_RUN_ID.tmp + echo "-----END CERTIFICATE-----" >> /tmp/$GITHUB_RUN_ID.tmp + wget -O - -o /dev/null https://$NGINX_DEPLOYMENT_IP:8443/github-action --ca-certificate=/tmp/$GITHUB_RUN_ID.tmp | grep '$GITHUB_RUN_ID' diff --git a/github-action/test/configs/github_action.conf b/github-action/test/configs/github_action.conf new file mode 100644 index 0000000..9136207 --- /dev/null +++ b/github-action/test/configs/github_action.conf @@ -0,0 +1,13 @@ +server { + listen 8443 ssl; + server_name example.com; + status_zone status_page; + + # SSL/TLS certificate and key for the server + ssl_certificate {{ ssl_certificate_path}}; + ssl_certificate_key {{ ssl_certificate_key_path }}; + + location /github-action { + return 200, 'Github-Run-Id 000000'; + } +} diff --git a/github-action/test/configs/multi/conf.d/proxy.conf b/github-action/test/configs/multi/conf.d/proxy.conf deleted file mode 100644 index c4b8b59..0000000 --- a/github-action/test/configs/multi/conf.d/proxy.conf +++ /dev/null @@ -1,8 +0,0 @@ -proxy_set_header Host $host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Proxy-App app; -proxy_set_header Github-Run-Id 000000; -proxy_buffering on; -proxy_buffer_size 4k; -proxy_buffers 8 8k; -proxy_read_timeout 60s; \ No newline at end of file diff --git a/github-action/test/configs/multi/nginx.conf b/github-action/test/configs/multi/nginx.conf deleted file mode 100644 index 0366ce8..0000000 --- a/github-action/test/configs/multi/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ -http { - upstream app { - zone app 64k; - least_conn; - server 10.0.1.4:8000; - } - - server { - listen 80; - server_name *.example.com; - - location / { - include /etc/nginx/conf.d/proxy.conf; - proxy_pass http://app; - health_check; - } - } - - server { - listen 443 ssl default_server; - server_name example.com; - - ssl_certificate /etc/nginx/ssl/000000/my-cert.crt; - ssl_certificate_key /etc/nginx/ssl/000000/my-cert.key; - - location / { - include /etc/nginx/conf.d/proxy.conf; - proxy_pass http://app; - health_check; - } - } -} \ No newline at end of file diff --git a/github-action/test/configs/single/nginx.conf b/github-action/test/configs/single/nginx.conf deleted file mode 100644 index af7d309..0000000 --- a/github-action/test/configs/single/nginx.conf +++ /dev/null @@ -1,26 +0,0 @@ -http { - upstream app { - zone app 64k; - least_conn; - server 10.0.1.4:8000; - } - - server { - listen 80; - server_name *.example.com; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Proxy-App app; - proxy_set_header Github-Run-Id 000000; - proxy_buffering on; - proxy_buffer_size 4k; - proxy_buffers 8 8k; - proxy_read_timeout 60s; - proxy_pass http://app; - health_check; - } - - } -} \ No newline at end of file diff --git a/github-action/test/scripts/config_to_files.sh b/github-action/test/scripts/config_to_files.sh new file mode 100755 index 0000000..a960dfa --- /dev/null +++ b/github-action/test/scripts/config_to_files.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +# Function to print usage +print_usage() { + echo "Usage: $0 [-f ] [-o ]" + echo "Options:" + echo " -f Specify the JSON file to generate the config from (required)" + echo " -o Specify the base output filepath (optional)" + exit 1 +} + +# Parse command line options +json_file='' +output_filepath=$PWD + +while getopts ":o:f:" opt; do + case $opt in + f) json_file="$OPTARG";; + o) output_filepath="$OPTARG";; + \?) echo "Error: Invalid option -$OPTARG" >&2; print_usage;; + esac +done + +# Check if the JSON file exists +if [ ! -f "$json_file" ]; then + echo "Error: JSON file '$json_file' not found." + exit 1 +fi + +# Extract base64 encoded content and virtualPath +# Use mapfile to store the output of jq into arrays +while IFS= read -r content; do + content_list+=("$content") +done < <(jq -r '.properties.files[].content' "$json_file") + +while IFS= read -r virtual_path; do + virtual_path_list+=("$virtual_path") +done < <(jq -r '.properties.files[].virtualPath' "$json_file") + +# Decode and write content to files, keeping track of created files +created_files=() +for (( i=0; i<${#content_list[@]}; i++ )); do + content=$(echo "${content_list[$i]}" | base64 -d) + virtual_path="${virtual_path_list[$i]}" + echo "Extracting file $virtual_path to ${output_filepath}${virtual_path}" + + # Extract the directory path and create parent directories if they don't exist + parent_dir=$(dirname "${output_filepath}${virtual_path}") + mkdir -p "$parent_dir" + + # Write content to file + echo "$content" > "${output_filepath}${virtual_path}" + + # Add created file to the list + created_files+=("${output_filepath}${virtual_path}") +done + +echo "Extracted ${#created_files[@]} files"