Merge pull request #1 from nginxinc/bangbingsyb/git-action-poc

POC for single NGINX configuration file sync action

Author: bangbingsyb

README.md

@@ -0,0 +1,81 @@
+# NGINX for Azure Deployment Action
+
+This action syncs NGINX configuration files in the repository to an NGINX deployment in Azure. It enables continuous deployment scenarios where the configuration of the NGINX deployment is automatically updated when changes are made through GitHub workflows.
+
+## Usage example
+
+The following example updates the configuration of a NGINX deployment in Azure each time a change is made to the configuration file in config folder in the `main` branch.
+
+### Sample workflow that authenticates with Azure using Azure Service Principal with a secret
+
+```yaml
+# File: .github/workflows/nginxForAzureDeploy.yml
+
+name: Sync configuration to NGINX for Azure 
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - config/**
+
+jobs:
+  Deploy-NGINX-Configuration:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Checkout repository'
+      uses: actions/checkout@v2
+
+    - name: 'Run Azure Login using Azure Service Principal with a secret'
+      uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: 'Sync NGINX configuration to NGINX on Azure instance'
+      uses: nginxinc/nginx-for-azure-deploy-action@v1
+      with:
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+        nginx-deployment-name: ${{ secrets.NGINX_DEPLOYMENT_NAME }}
+        nginx-config-file-path: ${{ secrets.NGINX_CONFIG_FILE }}
+```
+
+### Sample workflow that authenticates with Azure using OIDC
+
+```yaml
+# File: .github/workflows/nginxForAzureDeploy.yml
+
+name: Sync configuration to NGINX for Azure 
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - config/**
+
+permissions:
+      id-token: write
+      contents: read
+
+jobs:
+  Deploy-NGINX-Configuration:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Checkout repository'
+      uses: actions/checkout@v2
+
+    - name: 'Run Azure Login using OIDC'
+      uses: azure/login@v1
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+    - name: 'Sync NGINX configuration to NGINX on Azure instance'
+      uses: nginxinc/nginx-for-azure-deploy-action@v1
+      with:
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+        nginx-deployment-name: ${{ secrets.NGINX_DEPLOYMENT_NAME }}
+        nginx-config-file-path: ${{ secrets.NGINX_CONFIG_FILE }}
+```

action.yml

@@ -0,0 +1,22 @@
+name: 'NGINX configuration sync'
+description: 'The action synchronizes NGINX configuration from a Git repository to an NGINX deployment on Azure.'
+inputs:
+  subscription-id:
+    description: 'The Azure subscription ID of the NGINX deployment'
+    required: true
+  resource-group-name:
+    description: 'The resource group of the NGINX deployment'
+    required: true
+  nginx-deployment-name:
+    description: 'The name of the NGINX deployment'
+    required: true
+  nginx-config-relative-file-path:
+    description: 'The relative file path of the NGINX configuration file in the Git repository'
+    required: true
+    default: './config/nginx.conf'
+runs:
+  using: "composite"
+  steps:
+    - name: 'Deploy configuration to the NGINX deployment in Azure'
+      run: ${{github.action_path}}/src/deploy-config.sh ${{ inputs.subscription-id }} ${{ inputs.resource-group-name }} ${{ inputs.nginx-deployment-name }} ${{ inputs.nginx-config-relative-file-path }}
+      shell: bash

src/deploy-config.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+subscriptionId=$1
+resourceGroupName=$2
+nginxDeploymentName=$3
+nginxConfigurationFile=$4
+
+# Read and encode the NGINX configuration file content.
+if [ -f "$nginxConfigurationFile" ]
+then
+    echo "The NGINX configuration file was found."
+else 
+    echo "The NGINX configuration file $nginxConfigurationFile does not exist."
+    exit 2
+fi
+
+encodedConfigContent=$(base64 $nginxConfigurationFile)
+echo "Base64 encoded NGINX configuration content"
+echo "$encodedConfigContent"
+echo ""
+
+# Deploy the configuration to the NGINX instance on Azure using an ARM template.
+uuid="$(cat /proc/sys/kernel/random/uuid)"
+templateFile="template-$uuid.json"
+templateDeploymentName="${nginxDeploymentName:0:20}-$uuid"
+
+wget -O "$templateFile" https://raw.githubusercontent.com/nginxinc/nginx-for-azure-deploy-action/main/src/nginx-for-azure-configuration-template.json
+echo "Downloaded the ARM template for deploying NGINX configuration"
+cat "$templateFile"
+echo ""
+
+echo "Deploying NGINX configuration"
+echo "Subscription: $subscriptionId"
+echo "Resource group: $resourceGroupName"
+echo "NGINX deployment name: $nginxDeploymentName"
+echo "Template deployment name: $templateDeploymentName"
+echo ""
+
+az account set -s "$subscriptionId" --verbose
+az deployment group create --name "$templateDeploymentName" --resource-group "$resourceGroupName" --template-file "$templateFile" --parameters nginxDeploymentName="$nginxDeploymentName" rootConfigContent="$encodedConfigContent" --verbose

src/nginx-for-azure-configuration-template.json

@@ -0,0 +1,42 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+    "parameters": {
+        "nginxDeploymentName": {
+            "type": "string",
+            "metadata": {
+                "description": "The name of the NGINX deployment resource to deploy the configuration."
+            }
+        },
+        "rootConfigFilePath": {
+            "type": "string",
+            "defaultValue": "nginx.conf",
+            "metadata": {
+                "description": "The file path of the root NGINX configuration file"
+            }
+        },
+        "rootConfigContent": {
+            "type": "string",
+            "metadata": {
+                "description": "The based64 encoded content of the root NGINX configuration file"
+            }
+        }
+    },
+    "variables": {},
+    "resources": [
+        {
+            "type": "NGINX.NGINXPLUS/nginxDeployments/configurations",
+            "apiVersion": "2021-05-01-preview",
+            "name": "[concat(parameters('nginxDeploymentName'), '/default')]",
+            "properties": {
+                "rootFile": "[parameters('rootConfigFilePath')]",
+                "files": [
+                    {
+                        "content": "[parameters('rootConfigContent')]",
+                        "virtualPath": "[parameters('rootConfigFilePath')]"
+                    }
+                ]
+            }
+        }
+    ]
+}