Restore Github Actions

.github/workflows/github-action-test-nginxaas-deploy.yml

@@ -9,7 +9,7 @@ env:
   NGINX_DEPLOYMENT_NAME: github-action-test-dep
   NGINX_TRANSFORMED_CONFIG_DIR_PATH: /etc/nginx/
   NGINX_ROOT_CONFIG_FILE: nginx.conf
-  TEST_RESOURCE_GROUP_NAME: testenv-0da38993-workload
+  TEST_RESOURCE_GROUP_NAME: github-action-test
   NGINX_CERT_NAME: github-action-test-crt
   NGINX_VAULT_NAME: nlbtest-customer
 
@@ -24,7 +24,7 @@ jobs:
       - name: "Checkout repository"
         uses: actions/checkout@v2
       - name: "AZ CLI Login"
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -33,7 +33,7 @@ jobs:
       - name: "Update config - single file"
         shell: bash
         run: |
-          sed -i 's/000000/'"$GITHUB_RUN_NUMBER"'/g' github-action/test/configs/single/nginx.conf
+          sed -i 's/000000/'"$GITHUB_RUN_ID"'/g' github-action/test/configs/single/nginx.conf
           cat github-action/test/configs/single/nginx.conf
       - name: "Sync NGINX configuration to NGINXaaS for Azure - single file"
         uses: nginxinc/[email protected]
@@ -47,7 +47,7 @@ jobs:
       - name: "Validate config update - single file"
         shell: bash
         run: |
-          wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id"  | test( "'"$GITHUB_RUN_NUMBER"'")'
+          curl -s -o /dev/null -D - http://${{ secrets.NGINX_DEPLOYMENT_IP }} | grep "Github-Run-Id: $GITHUB_RUN_ID"
       - name: "Update config - multi file"
         shell: bash
         run: |
@@ -70,12 +70,12 @@ jobs:
       - name: "Validate config update"
         shell: bash
         run: |
-          wget -O - -o /dev/null http://${{ secrets.NGINX_DEPLOYMENT_IP }} | jq '.request.headers."Github-Run-Id"  | test( "'"$GITHUB_RUN_ID"'")'
+          curl -s -o /dev/null -D - http://${{ secrets.NGINX_DEPLOYMENT_IP }} | grep "Github-Run-Id: $GITHUB_RUN_ID"
       - name: "Validate certificate update"
-        uses: azure/CLI@v1
+        uses: azure/cli@v2
         with:
           inlineScript: |
             echo "-----BEGIN CERTIFICATE-----" > /tmp/$GITHUB_RUN_ID.tmp
             az keyvault certificate show --vault-name $NGINX_VAULT_NAME  -n $NGINX_CERT_NAME | jq -r .cer | cat >> /tmp/$GITHUB_RUN_ID.tmp
             echo "-----END CERTIFICATE-----" >> /tmp/$GITHUB_RUN_ID.tmp
-            wget -O - -o /dev/null https://${{ secrets.NGINX_DEPLOYMENT_IP }} --ca-certificate=/tmp/$GITHUB_RUN_ID.tmp | jq '.request.headers."Github-Run-Id"  | test( "'"$GITHUB_RUN_ID"'")'
+            curl -s -o /dev/null -D - https://${{ secrets.NGINX_DEPLOYMENT_IP }} --cacert /tmp/$GITHUB_RUN_ID.tmp | grep "Github-Run-Id: $GITHUB_RUN_ID"

github-action/action.yml

@@ -23,22 +23,26 @@ inputs:
     default: "nginx.conf"
   transformed-nginx-config-directory-path:
     description: >
-      'The transformed absolute path of the NGINX configuration directory in NGINXaaS for Azure deployment, example: "/etc/nginx/". 
-      If the "include" directive in the NGINX configuration files uses absolute paths, the path transformation 
+      'The transformed absolute path of the NGINX configuration directory in NGINXaaS for Azure deployment, example: "/etc/nginx/".
+      If the "include" directive in the NGINX configuration files uses absolute paths, the path transformation
       can be used to overwrite the file paths when the action synchronizes the files to the NGINXaaS for Azure deployment.'
     required: false
     default: ""
   nginx-certificates:
     description: 'An array of JSON objects each with keys nginx_cert_name, keyvault_secret, certificate_virtual_path and key_virtual_path. Example: [{"certificateName": "server1", "keyvaultSecret": "https://...", "certificateVirtualPath": "/etc/ssl/certs/server1.crt", "keyVirtualPath": "/etc/ssl/certs/server1.key"  }, {"name": "server2", "keyvaultSecret": "https://...", "certificateVirtualPath": "/etc/ssl/certs/server2.crt", "keyVirtualPath": "/etc/ssl/certs/server2.key"  }] '
     required: false
+  debug:
+    description: "Enable/Disable debug output."
+    required: false
+    default: "false"
 runs:
   using: "composite"
   steps:
     - name: "Synchronize NGINX certificate(s) from the Git repository to an NGINXaaS for Azure deployment"
-      run: ${{github.action_path}}/src/deploy-certificate.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --nginx_resource_location=${{ inputs.nginx-deployment-location }}  --certificates=${{ toJSON(inputs.nginx-certificates) }}
+      run: ${{github.action_path}}/src/deploy-certificate.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --nginx_resource_location=${{ inputs.nginx-deployment-location }}  --certificates=${{ toJSON(inputs.nginx-certificates) }} --debug=${{ inputs.debug }}
       if: ${{ inputs.nginx-deployment-location != '' && inputs.nginx-certificates != '' }}
       shell: bash
     - name: "Synchronize NGINX configuration from the Git repository to an NGINXaaS for Azure deployment"
-      run: ${{github.action_path}}/src/deploy-config.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --config_dir_path=${{ inputs.nginx-config-directory-path }} --root_config_file=${{ inputs.nginx-root-config-file }} --transformed_config_dir_path=${{ inputs.transformed-nginx-config-directory-path }}
+      run: ${{github.action_path}}/src/deploy-config.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --config_dir_path=${{ inputs.nginx-config-directory-path }} --root_config_file=${{ inputs.nginx-root-config-file }} --transformed_config_dir_path=${{ inputs.transformed-nginx-config-directory-path }} --debug=${{ inputs.debug }}
       if: ${{ inputs.nginx-config-directory-path != '' }}
       shell: bash

github-action/src/deploy-certificate.sh

@@ -7,23 +7,27 @@ do
 case $i in
     --subscription_id=*)
     subscription_id="${i#*=}"
-    shift 
+    shift
     ;;
     --resource_group_name=*)
     resource_group_name="${i#*=}"
-    shift 
+    shift
     ;;
     --nginx_deployment_name=*)
     nginx_deployment_name="${i#*=}"
-    shift 
+    shift
     ;;
     --nginx_resource_location=*)
     nginx_resource_location="${i#*=}"
-    shift 
+    shift
     ;;
     --certificates=*)
     certificates="${i#*=}"
-    shift 
+    shift
+    ;;
+    --debug=*)
+    debug="${i#*=}"
+    shift
     ;;
     *)
     echo "Not matched option '${i#*=}' passed in."
@@ -35,27 +39,27 @@ done
 if [[ ! -v subscription_id ]];
 then
     echo "Please set 'subscription-id' ..."
-    exit 1 
+    exit 1
 fi
 if [[ ! -v resource_group_name ]];
 then
     echo "Please set 'resource-group-name' ..."
-    exit 1 
+    exit 1
 fi
 if [[ ! -v nginx_deployment_name ]];
 then
     echo "Please set 'nginx-deployment-name' ..."
-    exit 1 
+    exit 1
 fi
 if [[ ! -v nginx_resource_location ]];
 then
     echo "Please set 'nginx-resource-location' ..."
-    exit 1 
+    exit 1
 fi
 if [[ ! -v certificates ]];
 then
     echo "Please set 'nginx-certificates' ..."
-    exit 1 
+    exit 1
 fi
 
 arm_template_file="nginx-for-azure-certificate-template.json"
@@ -69,13 +73,13 @@ echo ""
 
 az account set -s "$subscription_id" --verbose
 
-count=$(echo $certificates | jq '. | length')
+count=$(echo "$certificates" | jq '. | length')
 for (( i=0; i<count; i++ ));
 do
-    nginx_cert_name=$(echo $certificates | jq -r '.['"$i"'].certificateName')
-    nginx_cert_file=$(echo $certificates | jq -r '.['"$i"'].certificateVirtualPath')
-    nginx_key_file=$(echo $certificates | jq -r '.['"$i"'].keyVirtualPath')
-    keyvault_secret=$(echo $certificates | jq -r '.['"$i"'].keyvaultSecret')
+    nginx_cert_name=$(echo "$certificates" | jq -r '.['"$i"'].certificateName')
+    nginx_cert_file=$(echo "$certificates" | jq -r '.['"$i"'].certificateVirtualPath')
+    nginx_key_file=$(echo "$certificates" | jq -r '.['"$i"'].keyVirtualPath')
+    keyvault_secret=$(echo "$certificates" | jq -r '.['"$i"'].keyvaultSecret')
 
     do_nginx_arm_deployment=1
     err_msg=" "
@@ -103,9 +107,9 @@ do
     uuid="$(cat /proc/sys/kernel/random/uuid)"
     template_file="template-$uuid.json"
     template_deployment_name="${nginx_deployment_name:0:20}-$uuid"
-    
+
     cp "$arm_template_file" "$template_file"
-    
+
     echo "Synchronizing NGINX certificate"
     echo "Subscription ID: $subscription_id"
     echo "Resource group name: $resource_group_name"
@@ -120,11 +124,32 @@ do
 
     if [ $do_nginx_arm_deployment -eq 1 ]
     then
+        az_cmd=(
+            "az"
+            "deployment"
+            "group"
+            "create"
+            "--name" "$template_deployment_name"
+            "--resource-group" "$resource_group_name"
+            "--template-file" "$template_file"
+            "--parameters"
+            "name=$nginx_cert_name"
+            "location=$nginx_resource_location"
+            "nginxDeploymentName=$nginx_deployment_name"
+            "certificateVirtualPath=$nginx_cert_file"
+            "keyVirtualPath=$nginx_key_file"
+            "keyVaultSecretID=$keyvault_secret"
+            "--verbose"
+        )
+        if [[ "$debug" == true ]]; then
+            az_cmd+=("--debug")
+        fi
+        echo "${az_cmd[@]}"
         set +e
-        az deployment group create --name "$template_deployment_name" --resource-group "$resource_group_name" --template-file "$template_file" --parameters name="$nginx_cert_name" location="$nginx_resource_location" nginxDeploymentName="$nginx_deployment_name" certificateVirtualPath="$nginx_cert_file" keyVirtualPath="$nginx_key_file" keyVaultSecretID="$keyvault_secret" --verbose
-        set -e  
-    else 
+        "${az_cmd[@]}"
+        set -e
+    else
         echo "Skipping JSON object $i cert deployment with error:$err_msg"
         echo ""
-    fi     
+    fi
 done

github-action/src/deploy-config.sh

@@ -8,27 +8,31 @@ do
 case $i in
     --subscription_id=*)
     subscription_id="${i#*=}"
-    shift 
+    shift
     ;;
     --resource_group_name=*)
     resource_group_name="${i#*=}"
-    shift 
+    shift
     ;;
     --nginx_deployment_name=*)
     nginx_deployment_name="${i#*=}"
-    shift 
+    shift
     ;;
     --config_dir_path=*)
     config_dir_path="${i#*=}"
-    shift 
+    shift
     ;;
     --root_config_file=*)
     root_config_file="${i#*=}"
-    shift 
+    shift
     ;;
     --transformed_config_dir_path=*)
     transformed_config_dir_path="${i#*=}"
-    shift 
+    shift
+    ;;
+    --debug=*)
+    debug="${i#*=}"
+    shift
     ;;
     *)
     echo "Not matched option '${i#*=}' passed in."
@@ -40,27 +44,27 @@ done
 if [[ ! -v subscription_id ]];
 then
     echo "Please set 'subscription-id' ..."
-    exit 1 
+    exit 1
 fi
 if [[ ! -v resource_group_name ]];
 then
     echo "Please set 'resource-group-name' ..."
-    exit 1 
+    exit 1
 fi
 if [[ ! -v nginx_deployment_name ]];
 then
     echo "Please set 'nginx-deployment-name' ..."
-    exit 1 
+    exit 1
 fi
 if [[ ! -v config_dir_path ]];
 then
     echo "Please set 'nginx-config-directory-path' ..."
-    exit 1 
+    exit 1
 fi
 if [[ ! -v root_config_file ]];
 then
     echo "Please set 'nginx-root-config-file' ..."
-    exit 1 
+    exit 1
 fi
 
 # Validation and preprocessing
@@ -78,7 +82,7 @@ fi
 if [[ -d "$config_dir_path" ]]
 then
     echo "The NGINX configuration directory '$config_dir_path' was found."
-else 
+else
     echo "The NGINX configuration directory '$config_dir_path' does not exist."
     exit 1
 fi
@@ -96,7 +100,7 @@ root_config_file_repo_path="$config_dir_path$root_config_file"
 if [[ -f "$root_config_file_repo_path" ]]
 then
     echo "The root NGINX configuration file '$root_config_file_repo_path' was found."
-else 
+else
     echo "The root NGINX configuration file '$root_config_file_repo_path' does not exist."
     exit 1
 fi
@@ -152,4 +156,25 @@ echo "ARM template deployment name: $template_deployment_name"
 echo ""
 
 az account set -s "$subscription_id" --verbose
-az deployment group create --name "$template_deployment_name" --resource-group "$resource_group_name" --template-file "$template_file" --parameters nginxDeploymentName="$nginx_deployment_name" rootFile="$transformed_root_config_file_path" tarball="$encoded_config_tarball" --verbose
+
+az_cmd=(
+    "az"
+    "deployment"
+    "group"
+    "create"
+    "--name" "$template_deployment_name"
+    "--resource-group" "$resource_group_name"
+    "--template-file" "$template_file"
+    "--parameters"
+    "nginxDeploymentName=$nginx_deployment_name"
+    "rootFile=$transformed_root_config_file_path"
+    "tarball=$encoded_config_tarball"
+    "--verbose"
+)
+
+if [[ "$debug" == true ]]; then
+    az_cmd+=("--debug")
+fi
+
+echo "${az_cmd[@]}"
+"${az_cmd[@]}"

github-action/test/configs/multi/nginx.conf

@@ -2,7 +2,7 @@ http {
     upstream app {
         zone app 64k;
         least_conn;
-        server 10.0.1.4:8000;
+        server 127.0.0.1:8000;
     }
 
     server {
@@ -19,7 +19,7 @@ http {
     server {
         listen 443 ssl default_server;
         server_name example.com;
-        
+
         ssl_certificate /etc/nginx/ssl/000000/my-cert.crt;
         ssl_certificate_key /etc/nginx/ssl/000000/my-cert.key;
 
@@ -29,4 +29,13 @@ http {
             health_check;
         }
     }
-}
+
+    server {
+        listen 8000;
+
+        location / {
+            add_header Github-Run-Id 000000;
+            return 200 "Hello World";
+        }
+    }
+}

github-action/test/configs/single/nginx.conf

@@ -2,7 +2,7 @@ http {
     upstream app {
         zone app 64k;
         least_conn;
-        server 10.0.1.4:8000;
+        server 127.0.0.1:8000;
     }
 
     server {
@@ -21,6 +21,14 @@ http {
             proxy_pass http://app;
             health_check;
         }
-
     }
-}
+
+    server {
+        listen 8000;
+
+        location / {
+            add_header Github-Run-Id 000000;
+            return 200 "Hello World";
+        }
+    }
+}