Updated github-action testing to be more dynamic and work with new long-lived deployment

Author: agazeley

.github/workflows/github-action-test-nginxaas-deploy.yml

@@ -6,10 +6,11 @@ on:
     - cron: "0 20 * * *"
 
 env:
-  NGINX_DEPLOYMENT_NAME: github-action-test-dep
-  NGINX_TRANSFORMED_CONFIG_DIR_PATH: /etc/nginx/
-  NGINX_ROOT_CONFIG_FILE: nginx.conf
-  TEST_RESOURCE_GROUP_NAME: testenv-0da38993-workload
+  NGINX_CONFIG_DIRECTORY: github-action/test/configs
+  NGINX_DEPLOYMENT_NAME: n4a-long-westcent-nginxaas
+  NGINX_TRANSFORMED_CONFIG_DIR_PATH: /
+  NGINX_ROOT_CONFIG_FILE: /etc/nginx/nginx.conf
+  TEST_RESOURCE_GROUP_NAME: n4a-long-westcent-workload
   NGINX_CERT_NAME: github-action-test-crt
   NGINX_VAULT_NAME: nlbtest-customer
 
@@ -18,64 +19,73 @@ permissions:
   contents: read
 
 jobs:
+  Fetch-NGINX-State:
+    runs-on: ubuntu-latest
+    steps:    
+    - name: "AZ CLI Login"
+      uses: azure/login@v1
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+    
+    - name: "Fetch deployment state"
+      uses: azure/CLI@v1
+      with:
+        azcliversion: 2.40.0
+        inlineScript: |
+          az extension add --source https://azcliprod.blob.core.windows.net/cli-extensions/nginx-0.1.1-py2.py3-none-any.whl -y
+          az nginx deployment show -g $TEST_RESOURCE_GROUP_NAME -n $NGINX_DEPLOYMENT_NAME --output json > nginx.json
+          az nginx deployment configuration show -g $TEST_RESOURCE_GROUP_NAME --deployment-name $NGINX_DEPLOYMENT_NAME -n default --output json > nginx.config.json
+        name: nginx-state
+        path: |
+          nginx.json
+          nginx.config.json
+
   Update-NGINX:
     runs-on: ubuntu-latest
     steps:
-      - name: "Checkout repository"
-        uses: actions/checkout@v2
-      - name: "AZ CLI Login"
-        uses: azure/login@v1
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+    - name: "Checkout repository"
+      uses: actions/checkout@v2
+    
+    - name: "AZ CLI Login"
+      uses: azure/login@v1
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
-      - name: "Update config - single file"
-        shell: bash
-        run: |
-          sed -i 's/000000/'"$GITHUB_RUN_NUMBER"'/g' github-action/test/configs/single/nginx.conf
-          cat github-action/test/configs/single/nginx.conf
-      - name: "Sync NGINX configuration to NGINXaaS for Azure - single file"
-        uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1
-        with:
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          resource-group-name: $TEST_RESOURCE_GROUP_NAME
-          nginx-deployment-name: $NGINX_DEPLOYMENT_NAME
-          nginx-config-directory-path: github-action/test/configs/single/
-          nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE
-          transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH
-      - name: "Validate config update - single file"
-        shell: bash
-        run: |
-          wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id"  | test( "'"$GITHUB_RUN_NUMBER"'")'
-      - name: "Update config - multi file"
-        shell: bash
-        run: |
-          sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' github-action/test/configs/multi/nginx.conf
-          cat github-action/test/configs/multi/nginx.conf
-          sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' github-action/test/configs/multi/conf.d/proxy.conf
-          cat github-action/test/configs/multi/conf.d/proxy.conf
-      - name: "Sync NGINX configuration and certificate to NGINXaaS for Azure - multi file"
-        uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1
-        with:
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          resource-group-name: $TEST_RESOURCE_GROUP_NAME
-          nginx-deployment-name: $NGINX_DEPLOYMENT_NAME
-          nginx-deployment-location: "westcentralus"
-          nginx-config-directory-path: github-action/test/configs/multi/
-          nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE
-          transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH
-          nginx-certificates: '[{"certificateName": "$NGINX_CERT_NAME", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.key"  } ]'
+    - name: Download math result for job 1
+      uses: actions/download-artifact@v4
+      with:
+        name: nginx-state
 
-      - name: "Validate config update"
-        shell: bash
-        run: |
-          wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id"  | test( "'"$GITHUB_RUN_ID"'")'
-      - name: "Validate certificate update"
-        uses: azure/CLI@v1
-        with:
-          inlineScript: |
-            echo "-----BEGIN CERTIFICATE-----" > /tmp/$GITHUB_RUN_ID.tmp
-            az keyvault certificate show --vault-name $NGINX_VAULT_NAME  -n $NGINX_CERT_NAME | jq -r .cer | cat >> /tmp/$GITHUB_RUN_ID.tmp
-            echo "-----END CERTIFICATE-----" >> /tmp/$GITHUB_RUN_ID.tmp
-            wget -O - -o /dev/null https://${{ secrets.NGINX_DEPLOYMENT_IP }} --ca-certificate=/tmp/$GITHUB_RUN_ID.tmp | jq '.request.headers."Github-Run-Id"  | test( "'"$GITHUB_RUN_ID"'")'
+    - name: "Prep Config Files"
+      shell: bash
+      run: |
+        ./github-action/test/scripts/config_to_files.sh -f $PWD/nginx.config.json -o $NGINX_CONFIG_DIRECTORY
+        sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' $NGINX_CONFIG_DIRECTORY/github_action.conf
+        mv $NGINX_CONFIG_DIRECTORY/github_action.conf $NGINX_CONFIG_DIRECTORY/etc/nginx/conf.d/servers/github_action.conf
+        cat $NGINX_CONFIG_DIRECTORY/etc/nginx/conf.d/servers/github_action.conf
+    - name: "Sync NGINX configuration and certificate to NGINXaaS for Azure"
+      uses: nginxinc/nginx-for-azure-deploy-action@v0.3.1
+      with:
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        resource-group-name: $TEST_RESOURCE_GROUP_NAME
+        nginx-deployment-name: $NGINX_DEPLOYMENT_NAME
+        nginx-deployment-location: "westcentralus"
+        nginx-config-directory-path: $NGINX_CONFIG_DIRECTORY
+        nginx-root-config-file: $NGINX_ROOT_CONFIG_FILE
+        transformed-nginx-config-directory-path: $NGINX_TRANSFORMED_CONFIG_DIR_PATH
+        nginx-certificates: '[{"certificateName": "$NGINX_CERT_NAME", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.key"  } ]'
+        
+    - name: "Validate certificate and config update"
+      uses: azure/CLI@v1
+      with:
+        inlineScript: |
+          export NGINX_DEPLOYMENT_IP=$(cat nginx.json | jq '.properties.ipAddress')
+          wget -O - -o /dev/null http://${{ NGINX_DEPLOYMENT_IP }}/github-action | grep '$GITHUB_RUN_ID'
+          echo "-----BEGIN CERTIFICATE-----" > /tmp/$GITHUB_RUN_ID.tmp
+          az keyvault certificate show --vault-name $NGINX_VAULT_NAME  -n $NGINX_CERT_NAME | jq -r .cer | cat >> /tmp/$GITHUB_RUN_ID.tmp
+          echo "-----END CERTIFICATE-----" >> /tmp/$GITHUB_RUN_ID.tmp
+          wget -O - -o /dev/null https://${{ NGINX_DEPLOYMENT_IP }}:8443/github-action --ca-certificate=/tmp/$GITHUB_RUN_ID.tmp | grep '$GITHUB_RUN_ID'

github-action/test/configs/github_action.conf

@@ -0,0 +1,13 @@
+server {
+    listen 8443 ssl;
+    server_name example.com;
+    status_zone status_page;
+
+    # SSL/TLS certificate and key for the server
+    ssl_certificate {{ ssl_certificate_path}};
+    ssl_certificate_key {{ ssl_certificate_key_path }};
+
+    location /github-action {
+        return 200, 'Github-Run-Id 000000';
+    }
+}

github-action/test/configs/multi/conf.d/proxy.conf

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# Function to print usage
+print_usage() {
+    echo "Usage: $0 [-f <json_file>] [-o <output_filepath>]"
+    echo "Options:"
+    echo "  -f <json_file>  Specify the JSON file to generate the config from (required)"
+    echo "  -o <output_filepath>  Specify the base output filepath (optional)"
+    exit 1
+}
+
+# Parse command line options
+json_file=''
+output_filepath=$PWD
+
+while getopts ":o:f:" opt; do
+    case $opt in
+        f)  json_file="$OPTARG";;
+        o)  output_filepath="$OPTARG";;
+        \?) echo "Error: Invalid option -$OPTARG" >&2; print_usage;;
+    esac
+done
+
+# Check if the JSON file exists
+if [ ! -f "$json_file" ]; then
+    echo "Error: JSON file '$json_file' not found."
+    exit 1
+fi
+
+# Extract base64 encoded content and virtualPath
+# Use mapfile to store the output of jq into arrays
+while IFS= read -r content; do
+    content_list+=("$content")
+done < <(jq -r '.properties.files[].content' "$json_file")
+
+while IFS= read -r virtual_path; do
+    virtual_path_list+=("$virtual_path")
+done < <(jq -r '.properties.files[].virtualPath' "$json_file")
+
+# Decode and write content to files, keeping track of created files
+created_files=()
+for (( i=0; i<${#content_list[@]}; i++ )); do
+    content=$(echo "${content_list[$i]}" | base64 -d)
+    virtual_path="${virtual_path_list[$i]}"
+    echo "Extracting file $virtual_path to ${output_filepath}${virtual_path}"
+    
+    # Extract the directory path and create parent directories if they don't exist
+    parent_dir=$(dirname "${output_filepath}${virtual_path}")
+    mkdir -p "$parent_dir"
+    
+    # Write content to file
+    echo "$content" > "${output_filepath}${virtual_path}"
+    
+    # Add created file to the list
+    created_files+=("${output_filepath}${virtual_path}")
+done
+
+echo "Extracted ${#created_files[@]} files"