-
Notifications
You must be signed in to change notification settings - Fork 0
122 lines (105 loc) Β· 3.94 KB
/
gci.yaml
File metadata and controls
122 lines (105 loc) Β· 3.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: GCI
on:
pull_request:
workflow_dispatch:
env:
IS_GH_ACTION: "1"
IMDS_ROUTER_PORT: "8080"
IMDS_METADATA_ENDPOINT: "http://localhost:8080/metadata/instance?api-version=2025-04-07"
IDENTITY_ENDPOINT: "http://localhost:8080/metadata/identity/oauth2/token"
IDENTITY_HEADER: "local-dev-secret"
UAMI_CLIENT_ID: "00000000-0000-0000-0000-000000000000"
UAMI_SUBSCRIPTION: "00000000-0000-0000-0000-000000000000"
jobs:
gci-linux:
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0
- name: "π Start IMDS Relay Router"
env:
IMDS_RELAY_URL: ${{ secrets.IMDS_RELAY_URL }}
IMDS_RELAY_SENDER_KEY: ${{ secrets.IMDS_RELAY_SENDER_KEY }}
IMDS_SUBSCRIPTION_ID: ${{ env.UAMI_SUBSCRIPTION }}
run: |
set -euo pipefail
nohup python3 .github/scripts/imds_relay_router.py > /tmp/imds-router.log 2>&1 &
echo "IMDS_ROUTER_PID=$!" >> "$GITHUB_ENV"
for i in $(seq 1 10); do
curl -sf http://localhost:${IMDS_ROUTER_PORT}/healthz > /dev/null 2>&1 && break
[ "$i" -eq 10 ] && { cat /tmp/imds-router.log; exit 1; }
sleep 1
done
- name: "π Verify IMDS Relay Router"
run: |
set -euo pipefail
SUB=$(curl -sf -H "Metadata: true" "$IMDS_METADATA_ENDPOINT" | jq -r '.compute.subscriptionId')
[[ "$SUB" == "$UAMI_SUBSCRIPTION" ]] || { echo "subscriptionId mismatch: expected '$UAMI_SUBSCRIPTION', got '$SUB'"; exit 1; }
- name: "π Az Login with Fake UAMI"
run: |
set -euo pipefail
az login --identity --client-id "$UAMI_CLIENT_ID" > /dev/null 2>&1
- name: "βοΈ Bootstrap Dev Environment"
run: |
set -euo pipefail
chmod +x .scripts/bootstrap-dev-env.sh
.scripts/bootstrap-dev-env.sh
- name: "π Write .env from secrets"
env:
SCOPE_ADLA_ACCOUNT: ${{ secrets.SCOPE_ADLA_ACCOUNT }}
SCOPE_STORAGE_ACCOUNT: ${{ secrets.SCOPE_STORAGE_ACCOUNT }}
SCOPE_CONTAINER: ${{ secrets.SCOPE_CONTAINER }}
SCOPE_DELTA_BASE_PATH: ${{ secrets.SCOPE_DELTA_BASE_PATH }}
SCOPE_SS_TEST_ROOT: ${{ secrets.SCOPE_SS_TEST_ROOT }}
SCOPE_AU: ${{ secrets.SCOPE_AU }}
SCOPE_PRIORITY: ${{ secrets.SCOPE_PRIORITY }}
SCOPE_ADLS_GEN1_ACCOUNT: ${{ secrets.SCOPE_ADLS_GEN1_ACCOUNT }}
run: |
set -euo pipefail
{
echo "SCOPE_ADLA_ACCOUNT=${SCOPE_ADLA_ACCOUNT}"
echo "SCOPE_STORAGE_ACCOUNT=${SCOPE_STORAGE_ACCOUNT}"
echo "SCOPE_CONTAINER=${SCOPE_CONTAINER}"
echo "SCOPE_DELTA_BASE_PATH=${SCOPE_DELTA_BASE_PATH}"
echo "SCOPE_SS_TEST_ROOT=${SCOPE_SS_TEST_ROOT}"
echo "SCOPE_AU=${SCOPE_AU}"
echo "SCOPE_PRIORITY=${SCOPE_PRIORITY}"
echo "SCOPE_ADLS_GEN1_ACCOUNT=${SCOPE_ADLS_GEN1_ACCOUNT}"
} > .env
- name: "π¦ Install"
run: |
set -euo pipefail
.scripts/run.sh install
- name: "π¦ Build"
run: |
set -euo pipefail
.scripts/run.sh build
- name: "π§Ή Lint"
run: |
set -euo pipefail
.scripts/run.sh lint
- name: "π§ͺ Unit Test"
run: |
set -euo pipefail
.scripts/run.sh unit-test
- name: "π§ Debug"
run: |
set -euo pipefail
.scripts/run.sh debug
- name: "π§ͺ Integration Test"
run: |
set -euo pipefail
.scripts/run.sh integration-test
- name: "π¦ Upload failure logs"
if: failure()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: failure-logs
path: |
/tmp/imds-router.log
.logs/
retention-days: 7