Skip to content

Update action to first update certs then configurations. Plus test fixes. #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 19, 2022
Merged

Update action to first update certs then configurations. Plus test fixes. #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c2deb73
Switched order of operations of the action to publish certificates fi…
agazeley Sep 19, 2022
1b3ddcf
Combined multifile and certificate update into one step
agazeley Sep 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 3 additions & 8 deletions .github/workflows/testNginxForAzureDeploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,6 @@ jobs:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: "Sync NGINX certificate to NGINX for Azure - single cert"
uses: nginxinc/[email protected]
with:
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resource-group-name: $TEST_RESOURCE_GROUP_NAME
nginx-deployment-name: $NGINX_DEPLOYMENT_NAME
nginx-certificate-details: '[{"certificateName": "$NGINX_CERT_NAME", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_NUMBER/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_NUMBER/my-cert.key" } ]'

- name: "Update config - single file"
shell: bash
Expand All @@ -62,15 +55,17 @@ jobs:
cat test/configs/single/nginx.conf
sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' test/configs/multi/conf.d/proxy.conf
cat test/configs/multi/conf.d/proxy.conf
- name: "Sync NGINX configuration to NGINX for Azure - multi file"
- name: "Sync NGINX configuration and certificate to NGINX for Azure - multi file"
uses: nginxinc/[email protected]
with:
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resource-group-name: $TEST_RESOURCE_GROUP_NAME
nginx-deployment-name: $NGINX_DEPLOYMENT_NAME
nginx-resource-location: "westcentralus"
nginx-config-directory-path: test/configs/multi/
nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE
transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH
nginx-certificate-details: '[{"certificateName": "$NGINX_CERT_NAME", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_NUMBER/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_NUMBER/my-cert.key" } ]'

- name: "Validate config update"
shell: bash
Expand Down
34 changes: 17 additions & 17 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,44 +1,44 @@
name: 'NGINX For Azure Deployment Sync'
description: 'The action synchronizes NGINX configuration from a Git repository and/or certificates already on Azure keyvault to an NGINX for Azure deployment'
name: "NGINX For Azure Deployment Sync"
description: "The action synchronizes NGINX configuration from a Git repository and/or certificates already on Azure keyvault to an NGINX for Azure deployment"
inputs:
subscription-id:
description: 'The Azure subscription ID of the NGINX for Azure deployment.'
description: "The Azure subscription ID of the NGINX for Azure deployment."
required: true
resource-group-name:
description: 'The resource group of the NGINX for Azure deployment.'
description: "The resource group of the NGINX for Azure deployment."
required: true
nginx-deployment-name:
description: 'The name of the NGINX for Azure deployment.'
description: "The name of the NGINX for Azure deployment."
required: true
nginx-deployment-location:
description: 'The location where the NGINX deployment is located. Example westcentralus'
description: "The location where the NGINX deployment is located. Example westcentralus"
required: false
nginx-config-directory-path:
description: 'The NGINX configuration directory path relative to the root of the Git repository, example: "config/".'
required: false
nginx-root-config-file:
description: >
'The root NGINX configuration file path relative to the NGINX configuration directory in the Git repository, example: "nginx.conf".'
'The root NGINX configuration file path relative to the NGINX configuration directory in the Git repository, example: "nginx.conf".'
required: false
default: 'nginx.conf'
default: "nginx.conf"
transformed-nginx-config-directory-path:
description: >
'The transformed absolute path of the NGINX configuration directory in NGINX for Azure deployment, example: "/etc/nginx/".
If the "include" directive in the NGINX configuration files uses absolute paths, the path transformation
can be used to overwrite the file paths when the action synchronizes the files to the NGINX for Azure deployment.'
'The transformed absolute path of the NGINX configuration directory in NGINX for Azure deployment, example: "/etc/nginx/".
If the "include" directive in the NGINX configuration files uses absolute paths, the path transformation
can be used to overwrite the file paths when the action synchronizes the files to the NGINX for Azure deployment.'
required: false
default: ''
default: ""
nginx-certificate-details:
description: 'An array of JSON objects each with keys nginx_cert_name, keyvault_secret, certificate_virtual_path and key_virtual_path. Example: [{"certificateName": "server1", "keyvaultSecret": "https://...", "certificateVirtualPath": "/etc/ssl/certs/server1.crt", "keyVirtualPath": "/etc/ssl/certs/server1.key" }, {"name": "server2", "keyvaultSecret": "https://...", "certificateVirtualPath": "/etc/ssl/certs/server2.crt", "keyVirtualPath": "/etc/ssl/certs/server2.key" }] '
required: false
runs:
using: "composite"
steps:
- name: 'Synchronize NGINX configuration from the Git repository to an NGINX for Azure deployment'
- name: "Synchronize NGINX certificate(s) from the Git repository to an NGINX for Azure deployment"
run: ${{github.action_path}}/src/deploy-certificate.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --nginx_resource_location=${{ inputs.nginx-deployment-location }} --certificates=${{ toJSON(inputs.nginx-certificate-details) }}
if: ${{ inputs.nginx-deployment-location != '' && inputs.nginx-certificate-details != '' }}
shell: bash
- name: "Synchronize NGINX configuration from the Git repository to an NGINX for Azure deployment"
run: ${{github.action_path}}/src/deploy-config.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --config_dir_path=${{ inputs.nginx-config-directory-path }} --root_config_file=${{ inputs.nginx-root-config-file }} --transformed_config_dir_path=${{ inputs.transformed-nginx-config-directory-path }}
if: ${{ inputs.nginx-config-directory-path != '' }}
shell: bash
- name: 'Synchronize NGINX certificate(s) from the Git repository to an NGINX for Azure deployment'
run: ${{github.action_path}}/src/deploy-certificate.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --nginx_resource_location=${{ inputs.nginx-deployment-location }} --certificates=${{ toJSON(inputs.nginx-certificate-details) }}
if: ${{ inputs.nginx-deployment-location != '' && inputs.nginx-certificate-details != '' }}
shell: bash