integration-test #13
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | # Copyright (c) IBM Corporation. | |
| # Copyright (c) Microsoft Corporation. | |
| name: integration-test | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| selectLoadBalancer: | |
| description: 'Select a load balancer' | |
| required: true | |
| default: 'ihs' | |
| type: choice | |
| options: | |
| - 'ihs' | |
| - 'appgw' | |
| - 'none' | |
| databaseType: | |
| description: 'Database connection' | |
| required: true | |
| default: 'db2' | |
| type: choice | |
| options: | |
| - db2 | |
| - oracle | |
| - sqlserver | |
| - sqlserver-passwordless | |
| - postgres | |
| - none | |
| deleteAzureResources: | |
| description: 'Delete Azure resources at the end' | |
| required: true | |
| type: boolean | |
| default: true | |
| ndImageResourceId: | |
| description: 'Private ND vm image resource id. Only requried for ND VM image cicd, ignore it otherwise.' | |
| required: false | |
| ihsImageResourceId: | |
| description: 'Private IHS vm image resource id. Only requried for IHS VM image cicd, ignore it otherwise.' | |
| required: false | |
| location: | |
| description: 'Location of the Azure resources' | |
| required: true | |
| type: string | |
| default: 'eastus2' | |
| configurations_for_it: | |
| description: "JSON string of environment variables used for IT" | |
| required: false | |
| default: '{}' | |
| # Allows you to run this workflow using GitHub APIs | |
| # PERSONAL_ACCESS_TOKEN=<GITHUB_PERSONAL_ACCESS_TOKEN> | |
| # REPO_NAME=WASdev/azure.websphere-traditional.cluster | |
| # Select a load balancer, enable database connection and delete Azure resources at the end. Specify the desired load balancer type (ihs, appgw, none) for parameter "selectLoadBalancer". Specify the desired database type (db2, oracle, sqlserver, postgres) for parameter "databaseType". | |
| # curl --verbose -XPOST -u "WASdev:${PERSONAL_ACCESS_TOKEN}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/${REPO_NAME}/actions/workflows/integration-test.yaml/dispatches --data '{"ref": "main", "inputs":{"selectLoadBalancer": "ihs", "databaseType": "db2"}}' | |
| # Select a load balancer, enable database connection and keep Azure resources at the end. Specify the desired load balancer type (ihs, appgw, none) for parameter "selectLoadBalancer". Specify the desired database type (db2, oracle, sqlserver, postgres) for parameter "databaseType". | |
| # curl --verbose -XPOST -u "WASdev:${PERSONAL_ACCESS_TOKEN}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/${REPO_NAME}/actions/workflows/integration-test.yaml/dispatches --data '{"ref": "main", "inputs":{"selectLoadBalancer": "ihs", "databaseType": "db2", "deleteAzureResources": "false"}}' | |
| # Select a load balancer, disable database connection and delete Azure resources at the end. Specify the desired load balancer type (ihs, appgw, none) for parameter "selectLoadBalancer". | |
| # curl --verbose -XPOST -u "WASdev:${PERSONAL_ACCESS_TOKEN}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/${REPO_NAME}/actions/workflows/integration-test.yaml/dispatches --data '{"ref": "main", "inputs":{"selectLoadBalancer": "ihs", "databaseType": "none"}}' | |
| # Select a load balancer, disable database connection and keep Azure resources at the end. Specify the desired load balancer type (ihs, appgw, none) for parameter "selectLoadBalancer". | |
| # curl --verbose -XPOST -u "WASdev:${PERSONAL_ACCESS_TOKEN}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/${REPO_NAME}/actions/workflows/integration-test.yaml/dispatches --data '{"ref": "main", "inputs":{"selectLoadBalancer": "ihs", "databaseType": "none", "deleteAzureResources": "false"}}' | |
| repository_dispatch: | |
| types: [integration-test] | |
| # sample request | |
| # PERSONAL_ACCESS_TOKEN=<GITHUB_PERSONAL_ACCESS_TOKEN> | |
| # REPO_NAME=WASdev/azure.websphere-traditional.cluster | |
| # Select a load balancer, enable database connection and delete Azure resources at the end. Specify the desired load balancer type (ihs, appgw, none) for parameter "selectLoadBalancer". Specify the desired database type (db2, oracle, sqlserver, postgres) for parameter "databaseType". | |
| # curl --verbose -X POST https://api.github.com/repos/${REPO_NAME}/dispatches -H "Accept: application/vnd.github.everest-preview+json" -H "Authorization: token ${PERSONAL_ACCESS_TOKEN}" --data '{"event_type": "integration-test", "client_payload": {"selectLoadBalancer": "ihs", "databaseType": "db2", "deleteAzureResources": true}}' | |
| # Select a load balancer, enable database connection and keep Azure resources at the end. Specify the desired load balancer type (ihs, appgw, none) for parameter "selectLoadBalancer". Specify the desired database type (db2, oracle, sqlserver, postgres) for parameter "databaseType". | |
| # curl --verbose -X POST https://api.github.com/repos/${REPO_NAME}/dispatches -H "Accept: application/vnd.github.everest-preview+json" -H "Authorization: token ${PERSONAL_ACCESS_TOKEN}" --data '{"event_type": "integration-test", "client_payload": {"selectLoadBalancer": "ihs", "databaseType": "db2", "deleteAzureResources": false}}' | |
| # Select a load balancer, disable database connection and delete Azure resources at the end. Specify the desired load balancer type (ihs, appgw, none) for parameter "selectLoadBalancer". | |
| # curl --verbose -X POST https://api.github.com/repos/${REPO_NAME}/dispatches -H "Accept: application/vnd.github.everest-preview+json" -H "Authorization: token ${PERSONAL_ACCESS_TOKEN}" --data '{"event_type": "integration-test", "client_payload": {"selectLoadBalancer": "ihs", "databaseType": "none", "deleteAzureResources": true}}' | |
| # Select a load balancer, disable database connection and keep Azure resources at the end. Specify the desired load balancer type (ihs, appgw, none) for parameter "selectLoadBalancer". | |
| # curl --verbose -X POST https://api.github.com/repos/${REPO_NAME}/dispatches -H "Accept: application/vnd.github.everest-preview+json" -H "Authorization: token ${PERSONAL_ACCESS_TOKEN}" --data '{"event_type": "integration-test", "client_payload": {"selectLoadBalancer": "ihs", "databaseType": "none", "deleteAzureResources": false}}' | |
| env: | |
| repoName: "azure.websphere-traditional.cluster" | |
| azureCredentials: ${{ secrets.AZURE_CREDENTIALS }} | |
| userName: ${{ secrets.USER_NAME }} | |
| msTeamsWebhook: ${{ secrets.MSTEAMS_WEBHOOK }} | |
| vmAdminId: ${{ secrets.VM_ADMIN_ID }} | |
| vmAdminPassword: ${{ secrets.VM_ADMIN_PASSWORD }} | |
| dbInstanceName: db${{ github.run_id }}${{ github.run_number }} | |
| dbPassword: ${{ secrets.DATABASE_PASSWORD }} | |
| uamiName: uami${{ github.run_id }}${{ github.run_number }} | |
| testResourceGroup: twasClusterTestRG-${{ github.repository_owner }}-${{ github.run_id }}-${{ github.run_number }} | |
| testDeploymentName: twasClusterTestDeployment-${{ github.run_id }}-${{ github.run_number }} | |
| location: ${{ github.event.inputs.location || 'eastus2' }} | |
| scriptLocation: https://raw.githubusercontent.com/${{ secrets.USER_NAME }}/azure.websphere-traditional.cluster/$GITHUB_REF_NAME/test/ | |
| curlParameters: "--connect-timeout 60 --max-time 180 --retry 10 --retry-delay 30 --retry-max-time 180" | |
| jobs: | |
| integration-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set dynamic env from configurations_for_it | |
| run: | | |
| echo '${{ inputs.configurations_for_it }}' > config.json | |
| # return error if the json is not valid | |
| if ! jq empty config.json; then | |
| echo "Invalid JSON in configurations_for_it" | |
| exit 1 | |
| fi | |
| # Set environment variables for top-level keys only (non-nested) | |
| for key in $(jq -r 'to_entries | map(select(.value | type != "object")) | map(.key) | .[]' config.json); do | |
| value=$(jq -r --arg k "$key" '.[$k]' config.json) | |
| # Only set valid environment variable names | |
| if [[ "$key" =~ ^[a-zA-Z_][a-zA-Z0-9_]*$ ]]; then | |
| echo "$key=$value" | |
| echo "$key=$value" >> $GITHUB_ENV | |
| fi | |
| done | |
| # Set nested objects as JSON strings for jq access | |
| if jq -e '.vnetForCluster' config.json > /dev/null 2>&1; then | |
| vnetForClusterJson=$(jq -c '.vnetForCluster' config.json) | |
| echo "vnetForCluster=${vnetForClusterJson}" >> $GITHUB_ENV | |
| fi | |
| - name: Get versions of external dependencies | |
| run: | | |
| curl -Lo external-deps-versions.properties https://raw.githubusercontent.com/Azure/azure-javaee-iaas/main/external-deps-versions.properties | |
| source external-deps-versions.properties | |
| echo "bicepVersion=${BICEP_VERSION}" >> $GITHUB_ENV | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '11' | |
| server-id: github # Value of the distributionManagement/repository/id field of the pom.xml | |
| server-username: MAVEN_USERNAME # env variable for username | |
| server-password: MAVEN_TOKEN # env variable for token | |
| - name: Set Maven env | |
| env: | |
| MAVEN_USERNAME: github | |
| MAVEN_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| shell: bash | |
| run: | | |
| echo "MAVEN_USERNAME=${MAVEN_USERNAME}" >> "$GITHUB_ENV" | |
| echo "MAVEN_TOKEN=${MAVEN_TOKEN}" >> "$GITHUB_ENV" | |
| - name: Set up bicep | |
| run: | | |
| curl -Lo bicep https://github.com/Azure/bicep/releases/download/${{ env.bicepVersion }}/bicep-linux-x64 | |
| chmod +x ./bicep | |
| sudo mv ./bicep /usr/local/bin/bicep | |
| bicep --version | |
| - name: Checkout arm-ttk | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: Azure/arm-ttk | |
| path: arm-ttk | |
| - name: Checkout ${{ env.repoName }} | |
| uses: actions/checkout@v3 | |
| with: | |
| path: ${{ env.repoName }} | |
| ref: ${{ github.event.inputs.ref }} | |
| - name: Checkout websphere-cafe | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: Azure-Samples/websphere-cafe | |
| path: websphere-cafe | |
| - uses: azure/login@v1 | |
| id: azure-login | |
| with: | |
| creds: ${{ env.azureCredentials }} | |
| - name: Create Azure resource group | |
| id: create-resource-group | |
| run: | | |
| echo "Creating Azure resource group: ${{ env.testResourceGroup }}" | |
| az group create --name ${{ env.testResourceGroup }} --location ${{ env.location }} | |
| - name: Provision Azure Vnet | |
| id: vnet-provision | |
| if: ${{ env.newOrExistingVnetForCluster == 'existing' }} | |
| run: | | |
| echo "Provisioning Azure Vnet with subnet" | |
| vnetName=$(echo '${{ env.vnetForCluster }}' | jq -r '.name') | |
| gatewaySubnetName=$(echo '${{ env.vnetForCluster }}' | jq -r '.subnets.gatewaySubnet.name') | |
| clusterSubnetName=$(echo '${{ env.vnetForCluster }}' | jq -r '.subnets.clusterSubnet.name') | |
| az network vnet create \ | |
| --resource-group ${{ env.testResourceGroup }} \ | |
| --location ${{ env.location }} \ | |
| --name "${vnetName}" \ | |
| --address-prefix 10.0.0.0/28 \ | |
| --subnet-name "${gatewaySubnetName}" \ | |
| --subnet-prefix 10.0.0.0/29 | |
| az network vnet subnet create \ | |
| --resource-group ${{ env.testResourceGroup }} \ | |
| --vnet-name "${vnetName}" \ | |
| --name "${clusterSubnetName}" \ | |
| --address-prefix 10.0.0.8/29 | |
| - name: Deploy an IBM DB2 server on Azure VM | |
| if: ${{ inputs.databaseType == 'db2' || github.event.client_payload.databaseType == 'db2' }} | |
| run: | | |
| az vm create \ | |
| --resource-group ${{ env.testResourceGroup }} --name ${{ env.dbInstanceName }} \ | |
| --image "Canonical:0001-com-ubuntu-server-jammy:22_04-lts:latest" \ | |
| --admin-username azureuser --generate-ssh-keys \ | |
| --nsg-rule NONE --enable-agent true \ | |
| --vnet-name ${{ env.dbInstanceName }}VNET --enable-auto-update false \ | |
| --tags SkipASMAzSecPack=true SkipNRMSCorp=true SkipNRMSDatabricks=true SkipNRMSDB=true SkipNRMSHigh=true SkipNRMSMedium=true SkipNRMSRDPSSH=true SkipNRMSSAW=true SkipNRMSMgmt=true | |
| az vm open-port -g ${{ env.testResourceGroup }} -n ${{ env.dbInstanceName }} --port 50000 --priority 100 | |
| az vm extension set --name CustomScript \ | |
| --extension-instance-name install-db2-in-docker \ | |
| --resource-group ${{ env.testResourceGroup }} --vm-name ${{ env.dbInstanceName }} \ | |
| --publisher Microsoft.Azure.Extensions --version 2.0 \ | |
| --settings "{\"fileUris\": [\"${{ env.scriptLocation }}install-db2.sh\"]}" \ | |
| --protected-settings "{\"commandToExecute\":\"bash install-db2.sh ${{ env.dbPassword }}\"}" | |
| - name: Deploy an Oracle database server on Azure VM | |
| if: ${{ inputs.databaseType == 'oracle' || github.event.client_payload.databaseType == 'oracle' }} | |
| run: | | |
| az vm create \ | |
| --resource-group ${{ env.testResourceGroup }} --name ${{ env.dbInstanceName }} \ | |
| --image Oracle:oracle-database-19-3:oracle-database-19-0904:latest --size Standard_DS2_v2 \ | |
| --admin-username azureuser --generate-ssh-keys \ | |
| --nsg-rule NONE --enable-agent true \ | |
| --vnet-name ${{ env.dbInstanceName }}VNET --enable-auto-update false \ | |
| --tags SkipASMAzSecPack=true SkipNRMSCorp=true SkipNRMSDatabricks=true SkipNRMSDB=true SkipNRMSHigh=true SkipNRMSMedium=true SkipNRMSRDPSSH=true SkipNRMSSAW=true SkipNRMSMgmt=true | |
| az vm disk attach --name oradata01 --new --resource-group ${{ env.testResourceGroup }} --vm-name ${{ env.dbInstanceName }} --size-gb 64 --sku StandardSSD_LRS | |
| az vm open-port -g ${{ env.testResourceGroup }} -n ${{ env.dbInstanceName }} --port 1521,5502 --priority 100 | |
| az vm extension set --name CustomScript \ | |
| --extension-instance-name install-oracle \ | |
| --resource-group ${{ env.testResourceGroup }} --vm-name ${{ env.dbInstanceName }} \ | |
| --publisher Microsoft.Azure.Extensions --version 2.0 \ | |
| --settings "{\"fileUris\": [\"${{ env.scriptLocation }}install-oracle-main.sh\", \"${{ env.scriptLocation }}install-oracle.sh\"]}" \ | |
| --protected-settings "{\"commandToExecute\":\"bash install-oracle-main.sh ${{ env.dbPassword }}\"}" | |
| - name: Deploy an instance of Azure SQL Database | |
| if: ${{ inputs.databaseType == 'sqlserver' || inputs.databaseType == 'sqlserver-passwordless' || github.event.client_payload.databaseType == 'sqlserver' || github.event.client_payload.databaseType == 'sqlserver-passwordless' }} | |
| run: | | |
| # Extract service principal details from the credentials | |
| SP_CLIENT_ID=$(echo '${{ env.azureCredentials }}' | jq -r '.clientId') | |
| # Create an Azure SQL server with system-assigned managed identity and assign the service principal logged into the Azure CLI as an Entra admin | |
| az sql server create \ | |
| --resource-group ${{ env.testResourceGroup }} --name ${{ env.dbInstanceName }} \ | |
| --admin-user testuser --admin-password ${{ env.dbPassword }} \ | |
| --assign-identity \ | |
| --external-admin-principal-type Application \ | |
| --external-admin-name $SP_CLIENT_ID \ | |
| --external-admin-sid $(az ad sp show --id $SP_CLIENT_ID --query id -o tsv) \ | |
| --location ${{ env.location }} | |
| host=$(az sql server show \ | |
| --resource-group ${{ env.testResourceGroup }} --name ${{ env.dbInstanceName }} \ | |
| --query "fullyQualifiedDomainName" -o tsv) | |
| echo "sqlserverHost=${host}" >> $GITHUB_ENV | |
| # Allow Azure services to access | |
| az sql server firewall-rule create \ | |
| --resource-group ${{ env.testResourceGroup }} --server ${{ env.dbInstanceName }} \ | |
| --name "AllowAllAzureIps" --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0 | |
| az sql db create --resource-group ${{ env.testResourceGroup }} --server ${{ env.dbInstanceName }} --name testdb | |
| if [[ "${{ inputs.databaseType }}" == "sqlserver-passwordless" || "${{ github.event.client_payload.databaseType }}" == "sqlserver-passwordless" ]]; then | |
| # Assign Directory Readers permission to the SQL Server's system-assigned managed identity | |
| # Get the SQL Server's system-assigned managed identity's principal ID | |
| SQL_SERVER_IDENTITY_PRINCIPAL_ID=$(az sql server show \ | |
| --resource-group ${{ env.testResourceGroup }} \ | |
| --name ${{ env.dbInstanceName }} \ | |
| --query "identity.principalId" -o tsv) | |
| # Add the SQL Server managed identity to the Directory Readers role | |
| # https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#all-roles | |
| DIRECTORY_READERS_ROLE_TEMPLATE_ID=88d8e3e3-8f55-4a1e-953a-9b9898b8876b | |
| az rest --method POST \ | |
| --uri "https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId=$DIRECTORY_READERS_ROLE_TEMPLATE_ID/members/\$ref" \ | |
| --headers "Content-Type=application/json" \ | |
| --body "{\"@odata.id\":\"https://graph.microsoft.com/v1.0/directoryObjects/$SQL_SERVER_IDENTITY_PRINCIPAL_ID\"}" | |
| # Create a user-assigned managed identity | |
| az identity create --name ${{ env.uamiName }} --resource-group ${{ env.testResourceGroup }} | |
| # Export the resource ID of the user-assigned managed identity as an environment variable | |
| uamiId=$(az identity show --name ${{ env.uamiName }} --resource-group ${{ env.testResourceGroup }} --query id -o tsv) | |
| echo "uamiId=${uamiId}" >> $GITHUB_ENV | |
| # Create a SQL user for the managed identity for Microsoft Entra authentication | |
| export SERVER_NAME=${host} | |
| export DATABASE_NAME=testdb | |
| export SQL_QUERY="CREATE USER \"${{ env.uamiName }}\" FROM EXTERNAL PROVIDER;GRANT CONTROL ON DATABASE::\"${DATABASE_NAME}\" TO \"${{ env.uamiName }}\";" | |
| mvn clean package --file websphere-cafe/util/azure-sql-query/pom.xml | |
| java -jar websphere-cafe/util/azure-sql-query/target/azure-sql-query-1.0-SNAPSHOT-jar-with-dependencies.jar | |
| fi | |
| - name: Deploy an instance of Azure Database for PostgreSQL Flexible Server | |
| if: ${{ inputs.databaseType == 'postgres' || github.event.client_payload.databaseType == 'postgres' }} | |
| run: | | |
| # Create a PostgreSQL Flexible Server that allows Azure services to access | |
| az postgres flexible-server create \ | |
| --resource-group ${{ env.testResourceGroup }} --name ${{ env.dbInstanceName }} --database-name testdb \ | |
| --admin-user testuser --admin-password ${{ env.dbPassword }} --public-access 0.0.0.0 \ | |
| --location ${{ env.location }} --sku-name Standard_B1ms --tier Burstable | |
| host=$(az postgres flexible-server show \ | |
| --resource-group ${{ env.testResourceGroup }} --name ${{ env.dbInstanceName }} \ | |
| --query "fullyQualifiedDomainName" -o tsv) | |
| echo "postgresqlHost=${host}" >> $GITHUB_ENV | |
| - name: Build ${{ env.repoName }} | |
| run: | | |
| enableDB=false | |
| databaseType=db2 | |
| dsConnectionURL=jdbc:db2://contoso.db2.database:50000/sample | |
| dbUser=contosoDbUser | |
| enablePswlessConnection=false | |
| if ${{ inputs.databaseType == 'db2' || github.event.client_payload.databaseType == 'db2' }}; then | |
| enableDB=true | |
| databaseType=db2 | |
| publicIp=$(az vm show -g ${{ env.testResourceGroup }} -n ${{ env.dbInstanceName }} -d --query publicIps -o tsv) | |
| dsConnectionURL=jdbc:db2://${publicIp}:50000/sample | |
| dbUser=db2inst1 | |
| elif ${{ inputs.databaseType == 'oracle' || github.event.client_payload.databaseType == 'oracle' }}; then | |
| enableDB=true | |
| databaseType=oracle | |
| publicIp=$(az vm show -g ${{ env.testResourceGroup }} -n ${{ env.dbInstanceName }} -d --query publicIps -o tsv) | |
| dsConnectionURL=jdbc:oracle:thin:@${publicIp}:1521/oratest1 | |
| dbUser=testuser | |
| elif ${{ inputs.databaseType == 'sqlserver' || github.event.client_payload.databaseType == 'sqlserver' }}; then | |
| enableDB=true | |
| databaseType=sqlserver | |
| dsConnectionURL="jdbc:sqlserver://${{ env.sqlserverHost }}:1433;database=testdb" | |
| dbUser=testuser@${{ env.dbInstanceName }} | |
| elif ${{ inputs.databaseType == 'sqlserver-passwordless' || github.event.client_payload.databaseType == 'sqlserver-passwordless' }}; then | |
| enableDB=true | |
| databaseType=sqlserver | |
| dsConnectionURL="jdbc:sqlserver://${{ env.sqlserverHost }}:1433;database=testdb" | |
| enablePswlessConnection=true | |
| elif ${{ inputs.databaseType == 'postgres' || github.event.client_payload.databaseType == 'postgres' }}; then | |
| enableDB=true | |
| databaseType=postgres | |
| dsConnectionURL="jdbc:postgresql://${{ env.postgresqlHost }}:5432/testdb" | |
| dbUser=testuser | |
| fi | |
| echo "enableDB=${enableDB}" >> $GITHUB_ENV | |
| selectLoadBalancer=none | |
| if ${{ inputs.selectLoadBalancer == 'ihs' || github.event.client_payload.selectLoadBalancer == 'ihs' }}; then | |
| selectLoadBalancer=ihs | |
| elif ${{ inputs.selectLoadBalancer == 'appgw' || github.event.client_payload.selectLoadBalancer == 'appgw' }}; then | |
| selectLoadBalancer=appgw | |
| fi | |
| echo "selectLoadBalancer=${selectLoadBalancer}" >> $GITHUB_ENV | |
| if ${{ env.entitled == 'true' }}; then | |
| echo "Deploy with existing WebSphere entitlement license" | |
| useTrial=false | |
| ibmUserId=${{ secrets.IBM_USER_ID }} | |
| ibmUserPwd=${{ secrets.IBM_USER_PWD }} | |
| else | |
| echo "Trial user, use evaluation license" | |
| useTrial=true | |
| ibmUserId="" | |
| ibmUserPwd="" | |
| fi | |
| cd ${{ env.repoName }} | |
| mvn -Dgit.repo=${{ env.userName }} -Dgit.tag=$GITHUB_REF_NAME \ | |
| -DuseTrial=${useTrial} \ | |
| -DibmUserId=${ibmUserId} \ | |
| -DibmUserPwd=${ibmUserPwd} \ | |
| -DnumberOfNodes=3 -DvmSize=Standard_D2_v3 -DdmgrVMPrefix=dmgr -DmanagedVMPrefix=managed -DdnsLabelPrefix=wasndcluster \ | |
| -DadminUsername=${{ env.vmAdminId }} -DadminPasswordOrKey=${{ env.vmAdminPassword }} \ | |
| -DauthenticationType=password -DwasUsername=${{ env.vmAdminId }} -DwasPassword=${{ env.vmAdminPassword }} \ | |
| -DselectLoadBalancer=${selectLoadBalancer} -DenableCookieBasedAffinity=true -DihsVmSize=Standard_D2_v3 -DihsVMPrefix=ihs -DihsDnsLabelPrefix=ihs \ | |
| -DihsUnixUsername=${{ env.vmAdminId }} -DihsUnixPasswordOrKey=${{ env.vmAdminPassword }} \ | |
| -DihsAuthenticationType=password -DihsAdminUsername=${{ env.vmAdminId }} -DihsAdminPassword=${{ env.vmAdminPassword }} \ | |
| -DenableDB=${enableDB} -DdatabaseType=${databaseType} -DjdbcDataSourceJNDIName=jdbc/WebSphereCafeDB -DdsConnectionURL=${dsConnectionURL} -DdbUser=${dbUser} -DdbPassword=${{ env.dbPassword }} \ | |
| -DenablePswlessConnectionParam=${enablePswlessConnection} \ | |
| -Dtest.args="-Test All" -Pbicep -Passembly -Ptemplate-validation-tests clean install | |
| - name: Deploy a twas-cluster on Azure VMs | |
| run: | | |
| cd ${{ env.repoName }}/target/cli | |
| chmod a+x deploy.azcli | |
| ndImageResourceId=${{ inputs.ndImageResourceId }} | |
| ihsImageResourceId=${{ inputs.ihsImageResourceId }} | |
| ./deploy.azcli -n ${{ env.testDeploymentName }} -g ${{ env.testResourceGroup }} -l ${{ env.location }} -u ${{ env.uamiId || 'NA' }} -d "${ndImageResourceId:-NA}" -i "${ihsImageResourceId:-NA}" | |
| - name: Verify the deployment | |
| run: | | |
| outputs=$(az deployment group show -n ${{ env.testDeploymentName }} -g ${{ env.testResourceGroup }} --query 'properties.outputs') | |
| adminSecuredConsole=$(echo $outputs | jq -r '.adminSecuredConsole.value') | |
| curl ${{ env.curlParameters }} $adminSecuredConsole -k | |
| if [[ $? -ne 0 ]]; then | |
| echo "Failed to access ${adminSecuredConsole}." | |
| exit 1 | |
| fi | |
| ihsConsole=$(echo $outputs | jq -r '.ihsConsole.value') | |
| if [[ $selectLoadBalancer == "ihs" ]]; then | |
| curl ${{ env.curlParameters }} $ihsConsole | |
| if [[ $? -ne 0 ]]; then | |
| echo "Failed to access ${ihsConsole}." | |
| exit 1 | |
| fi | |
| else | |
| if [[ $ihsConsole != "N/A" ]]; then | |
| echo "ihsConsole is ${ihsConsole}, but it should be N/A as IHS is not enabled." | |
| exit 1 | |
| fi | |
| fi | |
| appGatewayHttpURL=$(echo $outputs | jq -r '.appGatewayHttpURL.value') | |
| appGatewayHttpsURL=$(echo $outputs | jq -r '.appGatewayHttpsURL.value') | |
| if [[ $selectLoadBalancer == "appgw" ]]; then | |
| curl ${{ env.curlParameters }} $appGatewayHttpURL | |
| if [[ $? -ne 0 ]]; then | |
| echo "Failed to access ${appGatewayHttpURL}." | |
| exit 1 | |
| fi | |
| curl ${{ env.curlParameters }} $appGatewayHttpsURL -k | |
| if [[ $? -ne 0 ]]; then | |
| echo "Failed to access ${appGatewayHttpsURL}." | |
| exit 1 | |
| fi | |
| else | |
| if [[ $appGatewayHttpURL != "N/A" ]]; then | |
| echo "appGatewayHttpURL is ${appGatewayHttpURL}, but it should be N/A as application gateway is not enabled." | |
| exit 1 | |
| fi | |
| if [[ $appGatewayHttpsURL != "N/A" ]]; then | |
| echo "appGatewayHttpsURL is ${appGatewayHttpsURL}, but it should be N/A as application gateway is not enabled." | |
| exit 1 | |
| fi | |
| fi | |
| - name: Install and verify websphere-cafe | |
| run: | | |
| nsgName=$(az network nsg list -g ${testResourceGroup} --query "[?contains(name, '-nsg')].name" -o tsv) | |
| publicIp=$(az vm list -g ${testResourceGroup} -d --query "[?contains(name, 'dmgr')].publicIps" -o tsv) | |
| vmName=$(az vm list -g ${testResourceGroup} --query "[?contains(name, 'dmgr')].name" -o tsv) | |
| # Open port 22 in the nsg | |
| az network nsg rule create \ | |
| --name port-22 \ | |
| --nsg-name ${nsgName} \ | |
| --priority 100 \ | |
| --resource-group ${testResourceGroup} \ | |
| --access Allow \ | |
| --destination-address-prefixes "*" \ | |
| --destination-port-ranges 22 \ | |
| --direction Inbound \ | |
| --protocol Tcp \ | |
| --source-address-prefixes "*" | |
| sleep 1m | |
| # Build and package websphere-cafe | |
| if [ ${enableDB} != true ]; then | |
| sed -i "s/WebSphereCafeDB/built-in-derby-datasource/g" websphere-cafe/websphere-cafe-web/src/main/resources/META-INF/persistence.xml | |
| fi | |
| mvn clean install --file websphere-cafe/pom.xml | |
| if [ ${enableDB} != true ]; then | |
| sed -i "s/built-in-derby-datasource/WebSphereCafeDB/g" websphere-cafe/websphere-cafe-web/src/main/resources/META-INF/persistence.xml | |
| fi | |
| # Upload websphere-cafe.ear to the VM | |
| sudo apt-get install -y sshpass | |
| timeout 1m sh -c 'until nc -zv $0 $1; do echo "nc rc: $?"; sleep 5; done' ${publicIp} 22 | |
| sshpass -p ${vmAdminPassword} -v ssh -p 22 -o StrictHostKeyChecking=no -o TCPKeepAlive=yes -o ServerAliveCountMax=20 -o ServerAliveInterval=15 -o ConnectTimeout=100 -v -tt ${vmAdminId}@${publicIp} 'ls /tmp' | |
| sshpass -p ${vmAdminPassword} scp websphere-cafe/websphere-cafe-application/target/websphere-cafe.ear ${vmAdminId}@${publicIp}:/tmp | |
| # Close port 22 in the nsg | |
| az network nsg rule delete \ | |
| --name port-22 \ | |
| --nsg-name ${nsgName} \ | |
| --resource-group ${testResourceGroup} | |
| # Install and start websphere-cafe | |
| az vm extension set --name CustomScript \ | |
| --extension-instance-name deploy-websphere-cafe \ | |
| --resource-group ${testResourceGroup} --vm-name ${vmName} \ | |
| --publisher Microsoft.Azure.Extensions --version 2.0 \ | |
| --settings "{\"fileUris\": [\"${{ env.scriptLocation }}deploy-app.sh\", \"${{ env.scriptLocation }}deploy-app.py.template\"]}" \ | |
| --protected-settings "{\"commandToExecute\": \"bash deploy-app.sh /tmp/websphere-cafe.ear websphere-cafe ${selectLoadBalancer}\"}" | |
| # Verify if websphere-cafe is accessible | |
| websphereCafeUrl= | |
| outputs=$(az deployment group show -n ${{ env.testDeploymentName }} -g ${{ env.testResourceGroup }} --query 'properties.outputs') | |
| if [[ $selectLoadBalancer == "ihs" ]]; then | |
| websphereCafeUrl=$(echo $outputs | jq -r '.ihsConsole.value')websphere-cafe | |
| elif [[ $selectLoadBalancer == "appgw" ]]; then | |
| websphereCafeUrl=$(echo $outputs | jq -r '.appGatewayHttpURL.value')websphere-cafe | |
| fi | |
| if [ -n "$websphereCafeUrl" ]; then | |
| curl $websphereCafeUrl -k --fail | |
| fi | |
| - name: Generate artifact file name and path | |
| id: artifact_file | |
| run: | | |
| version=$(mvn -q -Dexec.executable=echo -Dexec.args='${version.${{ env.repoName }}}' --file ${{ env.repoName }}/pom.xml --non-recursive exec:exec) | |
| artifactName=${{ env.repoName }}-$version-arm-assembly | |
| unzip ${{ env.repoName }}/target/$artifactName.zip -d ${{ env.repoName }}/target/$artifactName | |
| echo "##[set-output name=artifactName;]${artifactName}" | |
| echo "##[set-output name=artifactPath;]${{ env.repoName }}/target/$artifactName" | |
| - name: Archive ${{ env.repoName }} template | |
| uses: actions/[email protected] | |
| if: success() | |
| with: | |
| name: ${{steps.artifact_file.outputs.artifactName}} | |
| path: ${{steps.artifact_file.outputs.artifactPath}} | |
| notification: | |
| needs: integration-test | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Output inputs from workflow_dispatch | |
| run: echo "${{ toJSON(github.event.inputs) }}" | |
| - name: Output client_payload from repository_dispatch | |
| run: echo "${{ toJSON(github.event.client_payload) }}" | |
| - name: Send notification | |
| if: ${{ env.msTeamsWebhook != 'NA' }} | |
| run: | | |
| workflowJobs=$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ env.userName }}/${{ env.repoName }}/actions/runs/${{ github.run_id }}/jobs) | |
| successIntegrationTestJob=$(echo $workflowJobs | jq 'select(.jobs != null) | .jobs | map(select(.name=="integration-test" and .conclusion=="success")) | length') | |
| echo "$successIntegrationTestJob" | |
| if [ -z $successIntegrationTestJob ];then | |
| echo "jobs not retrieved." | |
| elif (($successIntegrationTestJob == 0));then | |
| echo "Job integration-test failed, send notification to Teams" | |
| curl ${{ env.msTeamsWebhook }} \ | |
| -H 'Content-Type: application/json' \ | |
| --data-binary @- << EOF | |
| { | |
| "@context":"http://schema.org/extensions", | |
| "@type":"MessageCard", | |
| "text":"Workflow integration-test of repo ${{ env.repoName }} failed, please take a look at: https://github.com/${{ env.userName }}/${{ env.repoName }}/actions/runs/${{ github.run_id }}" | |
| } | |
| EOF | |
| else | |
| echo "Job integration-test succeeded." | |
| fi | |
| delete-resources: | |
| needs: notification | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - uses: azure/login@v1 | |
| id: azure-login | |
| with: | |
| creds: ${{ env.azureCredentials }} | |
| - name: Checkout ${{ env.repoName }} | |
| uses: actions/checkout@v3 | |
| with: | |
| path: ${{ env.repoName }} | |
| ref: ${{ github.event.inputs.ref }} | |
| - name: Delete all Azure resources | |
| id: delete-resources-in-group | |
| if: ${{ (github.event_name == 'workflow_dispatch' && inputs.deleteAzureResources) || (github.event_name == 'repository_dispatch' && github.event.client_payload.deleteAzureResources) }} | |
| run: | | |
| echo "delete resource group: " ${{ env.testResourceGroup }} | |
| az group delete -n ${{ env.testResourceGroup }} --yes --no-wait | |