Skip to content

Commit 4cf9040

Browse files
happyhdhappyhd
committed
add longevity
1 parent 50e00c5 commit 4cf9040

File tree

1 file changed

+139
-0
lines changed

1 file changed

+139
-0
lines changed

.github/workflows/github-action-test-longevity-nginxaas-deploy.yml

Lines changed: 139 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,139 @@
1+
# File: .github/workflows/testNginxForAzureDeploy.yml
2+
3+
name: Test update longevity NginxaaS deployment with configuration and certificate
4+
on:
5+
workflow_dispatch
6+
7+
env:
8+
NGINX_DEPLOYMENT_NAME: n4a-long-eastus2-basic-ngx
9+
NGINX_TRANSFORMED_CONFIG_DIR_PATH: /etc/nginx/
10+
NGINX_ROOT_CONFIG_FILE: nginx.conf
11+
TEST_RESOURCE_GROUP_NAME: n4a-long-eastus2-workload
12+
NGINX_CERT_NAME: n4a-long-eastus2-basic-crt
13+
NGINX_VAULT_NAME: nlbtest-customer
14+
NGINX_LOCATION_VIRTUAL_FILE: /etc/nginx/conf.d/locations/root.conf
15+
NGINX_HTTPS_CERTIFICATE_VIRTUAL_FILE: /etc/nginx/conf.d/servers/https.conf
16+
17+
permissions:
18+
id-token: write
19+
contents: read
20+
21+
jobs:
22+
Update-NGINX:
23+
runs-on: ubuntu-latest
24+
steps:
25+
- name: "Checkout repository"
26+
uses: actions/checkout@v4
27+
- name: "AZ CLI Login"
28+
run: |
29+
az login --service-principal \
30+
--username "${{ secrets.AZURE_CLIENT_ID }}" \
31+
--password "${{ secrets.AZURE_CLIENT_SECRET }}" \
32+
--tenant "${{ secrets.AZURE_TENANT_ID }}"
33+
az extension add --name nginx --allow-preview true
34+
- name: "Create cerificate with existing keyvalue certificate on the longevity deployment"
35+
uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.0
36+
with:
37+
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
38+
resource-group-name: $TEST_RESOURCE_GROUP_NAME
39+
nginx-deployment-name: $NGINX_DEPLOYMENT_NAME
40+
nginx-deployment-location: "eastus2"
41+
nginx-certificates: '[{"certificateName": "$GITHUB_RUN_ID-crt", "keyvaultSecret": "https://$NGINX_VAULT_NAME.vault.azure.net/secrets/$NGINX_CERT_NAME", "certificateVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.crt", "keyVirtualPath": "/etc/nginx/ssl/$GITHUB_RUN_ID/my-cert.key" } ]'
42+
- name: "Pull NGINX config from the longevity deployment"
43+
run: |
44+
az nginx deployment configuration show --name default \
45+
--deployment-name $NGINX_DEPLOYMENT_NAME \
46+
--resource-group $TEST_RESOURCE_GROUP_NAME \
47+
| jq '.properties.files' > nginx_files.json
48+
- name: "Modify /etc/nginx/conf.d/root.conf with replacing Github-Run-Id value"
49+
uses: azure/cli@v2
50+
with:
51+
inlineScript: |
52+
cat nginx_files.json | jq ".[] | select(.virtualPath == \"$NGINX_LOCATION_VIRTUAL_FILE\") | .content" | tr -d '"' > old-location-encode-content.txt
53+
base64 -d -i old-location-encode-content.txt > old-decode-location.txt
54+
sed -E "s|Github-Run-Id [0-9]+|Github-Run-Id $GITHUB_RUN_ID|g" old-decode-location.txt > new-decode-location.txt
55+
base64 -i new-decode-location.txt > new-encode-location.txt
56+
jq --arg new_val "$(cat new-encode-location.txt)" 'map(if .virtualPath == "'"$NGINX_LOCATION_VIRTUAL_FILE"'" then .content = ($new_val | tostring) else . end)' nginx_files.json > location_changed.json
57+
- name: "Modify /etc/nginx/conf.d/servers/https.conf with adding Github-Run-Id for certificate path"
58+
uses: azure/cli@v2
59+
with:
60+
inlineScript: |
61+
cat nginx_files.json | jq ".[] | select(.virtualPath == \"$NGINX_HTTPS_CERTIFICATE_VIRTUAL_FILE\") | .content" | tr -d '"' > old-https-encode-content.txt
62+
base64 -d -i old-https-encode-content.txt > old-https-decode.txt
63+
sed -E "s|ssl/my-cert|ssl/$GITHUB_RUN_ID/my-cert|g; s|ssl/[0-9]+/my-cert|ssl/$GITHUB_RUN_ID/my-cert|g" old-https-decode.txt > new-https-decode.txt
64+
base64 -i new-https-decode.txt > new-encode-https.txt
65+
jq --arg new_val "$(cat new-encode-https.txt)" 'map(if .virtualPath == "'"$NGINX_HTTPS_CERTIFICATE_VIRTUAL_FILE"'" then .content = ($new_val | tostring) else . end)' location_changed.json > new_nginx_files.json
66+
- name: "Update NGINX configuration with Github action"
67+
run: |
68+
set -e
69+
az nginx deployment configuration update --name default \
70+
--deployment-name $NGINX_DEPLOYMENT_NAME \
71+
--resource-group $TEST_RESOURCE_GROUP_NAME \
72+
--root-file /etc/nginx/nginx.conf \
73+
--files "$(cat new_nginx_files.json)"
74+
az nginx deployment configuration wait \
75+
--name default \
76+
--deployment-name $NGINX_DEPLOYMENT_NAME \
77+
--resource-group $TEST_RESOURCE_GROUP_NAME \
78+
--updated
79+
- name: "Validate config update"
80+
shell: bash
81+
run: |
82+
set -e
83+
curl -s -o /dev/null -D - http://${{ secrets.NGINX_DEPLOYMENT_FQDN }} | grep "Github-Run-Id: $GITHUB_RUN_ID"
84+
- name: "Validate certificate update"
85+
uses: azure/cli@v2
86+
with:
87+
inlineScript: |
88+
echo "-----BEGIN CERTIFICATE-----" > /tmp/$GITHUB_RUN_ID.tmp
89+
az keyvault certificate show --vault-name $NGINX_VAULT_NAME -n $NGINX_CERT_NAME | jq -r .cer | cat >> /tmp/$GITHUB_RUN_ID.tmp
90+
echo "-----END CERTIFICATE-----" >> /tmp/$GITHUB_RUN_ID.tmp
91+
curl -s -o /dev/null -D - https://${{ secrets.NGINX_DEPLOYMENT_FQDN }} --cacert /tmp/$GITHUB_RUN_ID.tmp | grep "Github-Run-Id: $GITHUB_RUN_ID"
92+
- name: "Pull NGINX config from the longevity deployment"
93+
run: |
94+
az nginx deployment configuration show --name default \
95+
--deployment-name $NGINX_DEPLOYMENT_NAME \
96+
--resource-group $TEST_RESOURCE_GROUP_NAME \
97+
| jq '.properties.files' > nginx_files.json
98+
- name: "Revert back the certificate file path change in NGINX config"
99+
uses: azure/cli@v2
100+
with:
101+
inlineScript: |
102+
cat nginx_files.json | jq ".[] | select(.virtualPath == \"$NGINX_HTTPS_CERTIFICATE_VIRTUAL_FILE\") | .content" | tr -d '"' > old-https-encode-content.txt
103+
base64 -d -i old-https-encode-content.txt > old-https-decode.txt
104+
sed -E "s|ssl/$GITHUB_RUN_ID/my-cert|ssl/my-cert|g" old-https-decode.txt > new-https-decode.txt
105+
base64 -i new-https-decode.txt > new-encode-https.txt
106+
jq --arg new_val "$(cat new-encode-https.txt)" 'map(if .virtualPath == "'"$NGINX_HTTPS_CERTIFICATE_VIRTUAL_FILE"'" then .content = ($new_val | tostring) else . end)' nginx_files.json > new_nginx_files.json
107+
- name: "Update NGINX configuration with Github action"
108+
run: |
109+
set -e
110+
az nginx deployment configuration update --name default \
111+
--deployment-name $NGINX_DEPLOYMENT_NAME \
112+
--resource-group $TEST_RESOURCE_GROUP_NAME \
113+
--root-file /etc/nginx/nginx.conf \
114+
--files "$(cat new_nginx_files.json)"
115+
az nginx deployment configuration wait \
116+
--name default \
117+
--deployment-name $NGINX_DEPLOYMENT_NAME \
118+
--resource-group $TEST_RESOURCE_GROUP_NAME \
119+
--updated
120+
- name: "Validate certificate update"
121+
uses: azure/cli@v2
122+
with:
123+
inlineScript: |
124+
echo "-----BEGIN CERTIFICATE-----" > /tmp/$GITHUB_RUN_ID.tmp
125+
az keyvault certificate show --vault-name $NGINX_VAULT_NAME -n $NGINX_CERT_NAME | jq -r .cer | cat >> /tmp/$GITHUB_RUN_ID.tmp
126+
echo "-----END CERTIFICATE-----" >> /tmp/$GITHUB_RUN_ID.tmp
127+
curl -s -o /dev/null -D - https://${{ secrets.NGINX_DEPLOYMENT_FQDN }} --cacert /tmp/$GITHUB_RUN_ID.tmp | grep "Github-Run-Id: $GITHUB_RUN_ID"
128+
- name: "Remove certificate from the longevity deployment"
129+
run: |
130+
az nginx deployment certificate delete \
131+
--deployment-name $NGINX_DEPLOYMENT_NAME \
132+
--resource-group $TEST_RESOURCE_GROUP_NAME \
133+
--certificate-name "$GITHUB_RUN_ID-crt" \
134+
--yes
135+
az nginx deployment certificate wait \
136+
--deployment-name $NGINX_DEPLOYMENT_NAME \
137+
--resource-group $TEST_RESOURCE_GROUP_NAME \
138+
--certificate-name "$GITHUB_RUN_ID-crt" \
139+
--deleted

0 commit comments

Comments
 (0)