Certificate deployment in github action

[george-ngugi]

Modifications made are to incorporate certificate deployment using the already existent github action. Consequently, one can do config and/or cert deployment for their Nginx on Azure.
The assumption is that certs are already in Azure key vault. The user provides a list of certs as a JSON array.
More details on the design discussion are as per issue 391
The deploy-config script is also modified to use named arguments instead of positional arguments.

[ornj]

Forgive me if this was answered on your doc, without access to Teams I cannot check.

I think it would be better to combine things into a single script. Users of Github actions I assume wouldn't be impacted by this, but users of Azure DevOps who we are instructing to use the script manually certainly will. Something like,

deploy.sh --subscription-id 6A87EB1F-F879-457F-94A2-6878AA6F2633 /
  --resource-group ExampleGroup /
  --name ExampleNGINXDeployment /
  --config-dir path/to/config /
  --certificate '{"name": "cert1", "keyvaultSecret": "...", ...}' /
  --certificate '{"name": "cert1", "keyvaultSecret": "...", ...}' /  # provide the option once per cert

Or if this is hard to use in automation, a single --certificates option that accepts a JSON array of certificate objects.

When using the script to update we could add a --skip-config and --skip-certificates flags to communicate the user does not intend to modify these settings, although I think automation use cases would just call the script the same way and leave it to us to handle no-ops.

[george-ngugi]

Forgive me if this was answered on your doc, without access to Teams I cannot check.

I think it would be better to combine things into a single script. Users of Github actions I assume wouldn't be impacted by this, but users of Azure DevOps who we are instructing to use the script manually certainly will. Something like,

deploy.sh --subscription-id 6A87EB1F-F879-457F-94A2-6878AA6F2633 /
  --resource-group ExampleGroup /
  --name ExampleNGINXDeployment /
  --config-dir path/to/config /
  --certificate '{"name": "cert1", "keyvaultSecret": "...", ...}' /
  --certificate '{"name": "cert1", "keyvaultSecret": "...", ...}' /  # provide the option once per cert

Or if this is hard to use in automation, a single --certificates option that accepts a JSON array of certificate objects.

When using the script to update we could add a --skip-config and --skip-certificates flags to communicate the user does not intend to modify these settings, although I think automation use cases would just call the script the same way and leave it to us to handle no-ops.

I added such a script for this(deploy.sh), though it is not being referenced by the action. Work is also underway for the action on Azure pipelines (targeted for GA) so it can be used in the short term.

[ornj]

Can we merge the scripts together into a single deploy.sh? The majority of each script seems to be duplicate handling of options/arguments.

[ornj]

Approved with one last small nit. Can you please fix the files that are missing newline characters at the end? Look the change files for a symbol looking something like ⛔ at the end or \ No newline at end of file in the output of git diff. It's really minor but there are cases where it is helpful and is a little less noisy overall.

[george-ngugi]

Approved with one last small nit. Can you please fix the files that are missing newline characters at the end? Look the change files for a symbol looking something like ⛔ at the end or \ No newline at end of file in the output of git diff. It's really minor but there are cases where it is helpful and is a little less noisy overall.

Fixed. Thanks for bringing up these as well as some of the best practices highlighted earlier. It's some of those things one overlooks but are really important 😄