|
3 | 3 | name: Test Github action to update NGINX for Azure configurations |
4 | 4 | on: |
5 | 5 | schedule: |
6 | | - - cron: '0 20 * * *' |
| 6 | + - cron: "0 20 * * *" |
7 | 7 |
|
8 | 8 | env: |
9 | 9 | NGINX_DEPLOYMENT_NAME: github-action-test-dep |
10 | 10 | NGINX_TRANSFORMED_CONFIG_DIR_PATH: /etc/nginx/ |
11 | 11 | NGINX_ROOT_CONFIG_FILE: nginx.conf |
12 | 12 | TEST_RESOURCE_GROUP_NAME: testenv-0da38993-workload |
| 13 | + NGINX_CERT_NAME: github-action-test-crt |
| 14 | + NGINX_VAULT_NAME: nlbtest-customer |
13 | 15 |
|
14 | 16 | permissions: |
15 | 17 | id-token: write |
16 | 18 | contents: read |
17 | 19 |
|
18 | 20 | jobs: |
19 | | - Update-NGINX-Configuration: |
| 21 | + Update-NGINX: |
20 | 22 | runs-on: ubuntu-latest |
21 | 23 | steps: |
22 | | - - name: 'Checkout repository' |
| 24 | + - name: "Checkout repository" |
23 | 25 | uses: actions/checkout@v2 |
24 | | - - name: 'AZ CLI Login' |
| 26 | + - name: "AZ CLI Login" |
25 | 27 | uses: azure/login@v1 |
26 | 28 | with: |
27 | | - client-id: ${{ secrets.AZURE_CLIENT_ID }} |
28 | | - tenant-id: ${{ secrets.AZURE_TENANT_ID }} |
29 | | - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
30 | | - - name: 'Update config - single file' |
| 29 | + client-id: ${{ secrets.AZURE_CLIENT_ID }} |
| 30 | + tenant-id: ${{ secrets.AZURE_TENANT_ID }} |
| 31 | + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
| 32 | + - name: "Sync NGINX certificate to NGINX for Azure - single cert" |
| 33 | + |
| 34 | + with: |
| 35 | + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
| 36 | + resource-group-name: $TEST_RESOURCE_GROUP_NAME |
| 37 | + nginx-deployment-name: $NGINX_DEPLOYMENT_NAME |
| 38 | + nginx-certificate-details: '[{"certificateName": "$NGINX_CERT_NAME", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_NUMBER/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_NUMBER/my-cert.key" } ]' |
| 39 | + |
| 40 | + - name: "Update config - single file" |
31 | 41 | shell: bash |
32 | 42 | run: | |
33 | 43 | sed -i 's/000000/'"$GITHUB_RUN_NUMBER"'/g' test/configs/single/nginx.conf |
34 | 44 | cat test/configs/single/nginx.conf |
35 | | - - name: 'Sync NGINX configuration to NGINX on Azure instance - single file' |
36 | | - uses: nginxinc/nginx-for-azure-deploy-action@v0 |
| 45 | + - name: "Sync NGINX configuration to NGINX for Azure - single file" |
| 46 | + uses: nginxinc/nginx-for-azure-deploy-action@v0.2.0 |
37 | 47 | with: |
38 | 48 | subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
39 | 49 | resource-group-name: $TEST_RESOURCE_GROUP_NAME |
40 | 50 | nginx-deployment-name: $NGINX_DEPLOYMENT_NAME |
41 | 51 | nginx-config-directory-path: test/configs/single/ |
42 | 52 | nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE |
43 | 53 | transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH |
44 | | - - name: 'Validate config update - single file' |
| 54 | + - name: "Validate config update - single file" |
45 | 55 | shell: bash |
46 | 56 | run: | |
47 | 57 | wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id" | test( "'"$GITHUB_RUN_NUMBER"'")' |
48 | | - - name: 'Update config - multi file' |
| 58 | + - name: "Update config - multi file" |
49 | 59 | shell: bash |
50 | 60 | run: | |
| 61 | + sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' test/configs/multi/nginx.conf |
| 62 | + cat test/configs/single/nginx.conf |
51 | 63 | sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' test/configs/multi/conf.d/proxy.conf |
52 | 64 | cat test/configs/multi/conf.d/proxy.conf |
53 | | - - name: 'Sync NGINX configuration to NGINX on Azure instance - multi file' |
54 | | - uses: nginxinc/nginx-for-azure-deploy-action@v0 |
| 65 | + - name: "Sync NGINX configuration to NGINX for Azure - multi file" |
| 66 | + uses: nginxinc/nginx-for-azure-deploy-action@v0.2.0 |
55 | 67 | with: |
56 | 68 | subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
57 | 69 | resource-group-name: $TEST_RESOURCE_GROUP_NAME |
58 | 70 | nginx-deployment-name: $NGINX_DEPLOYMENT_NAME |
59 | 71 | nginx-config-directory-path: test/configs/multi/ |
60 | 72 | nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE |
61 | 73 | transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH |
62 | | - - name: 'Validate config update' |
| 74 | + |
| 75 | + - name: "Validate config update" |
63 | 76 | shell: bash |
64 | 77 | run: | |
65 | 78 | wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id" | test( "'"$GITHUB_RUN_ID"'")' |
| 79 | + - name: "Create cert file" |
| 80 | + uses: azure/CLI@v1 |
| 81 | + with: |
| 82 | + inlineScript: | |
| 83 | + echo "-----BEGIN CERTIFICATE-----" > /tmp/$GITHUB_RUN_ID.tmp |
| 84 | + az keyvault certificate show --vault-name $NGINX_VAULT_NAME -n $NGINX_CERT_NAME | jq -r .cer | cat >> /tmp/$GITHUB_RUN_ID.tmp |
| 85 | + echo "-----END CERTIFICATE-----" >> /tmp/$GITHUB_RUN_ID.tmp |
| 86 | + - name: "Validate certificate update" |
| 87 | + shell: bash |
| 88 | + run: | |
| 89 | + wget -O - -o /dev/null https://${{ secrets.NGINX_DEPLOYMENT_IP }} --ca-certificate=/tmp/$GITHUB_RUN_ID.tmp | jq '.request.headers."Github-Run-Id" | test( "'"$GITHUB_RUN_ID"'")' |
0 commit comments