Merge remote-tracking branch 'origin/main' into keyvault-pandora-sdk

Author: wuxu92

.github/labeler-issue-triage.yml

@@ -357,4 +357,4 @@ service/vmware:
   - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(vmware_cluster\W+|vmware_express_route_authorization\W+|vmware_netapp_volume_attachment\W+|vmware_private_cloud\W+|voice_services_communications_gateway\W+|voice_services_communications_gateway_test_line\W+)((.|\n)*)###'
 
 service/workloads:
-  - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(chaos_studio_|container_connected_registry\W+|container_registry_cache_rule\W+|container_registry_credential_set\W+|container_registry_task\W+|container_registry_task_schedule_run_now\W+|container_registry_token_password\W+|kubernetes_cluster_extension\W+|kubernetes_cluster_trusted_access_role_binding\W+|kubernetes_fleet_manager\W+|kubernetes_fleet_member\W+|kubernetes_fleet_update_run\W+|kubernetes_fleet_update_strategy\W+|kubernetes_flux_configuration\W+|kubernetes_node_pool_snapshot\W+|workloads_sap_)((.|\n)*)###'
+  - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(chaos_studio_|container_connected_registry\W+|container_registry_cache_rule\W+|container_registry_credential_set\W+|container_registry_task\W+|container_registry_task_schedule_run_now\W+|container_registry_token_password\W+|kubernetes_cluster_deployment_safeguard\W+|kubernetes_cluster_extension\W+|kubernetes_cluster_trusted_access_role_binding\W+|kubernetes_fleet_manager\W+|kubernetes_fleet_member\W+|kubernetes_fleet_update_run\W+|kubernetes_fleet_update_strategy\W+|kubernetes_flux_configuration\W+|kubernetes_node_pool_snapshot\W+|workloads_sap_)((.|\n)*)###'

.github/workflows/run-team-city-tests-on-comment.yaml

@@ -0,0 +1,143 @@
+---
+name: Run TeamCity Tests on Comment
+
+on:
+  issue_comment:
+    types: [created]
+
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
+jobs:
+  check-team-membership:
+    runs-on: ubuntu-latest
+    # Only run on pull request comments that starts with /test
+    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/test')
+    outputs:
+      is-team-member: ${{ steps.check-membership.outputs.is-member }}
+    env:
+      AUTHORIZED_TEAM: terraform-azure
+    steps:
+      - name: Check team membership
+        id: check-membership
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.GH_MEMEBERSHIP_CHECK_TOKEN }}
+          script: |
+            const teamSlug = "${{ env.AUTHORIZED_TEAM }}";
+            const org = context.repo.owner;
+            const username = context.actor;
+
+            try {
+              const response = await github.rest.teams.getMembershipForUserInOrg({
+                org: org,
+                team_slug: teamSlug,
+                username: username,
+              });
+
+              const isMember = response.data.state === 'active';
+              core.setOutput('is-member', isMember);
+
+              if (isMember) {
+                core.info(`User ${username} is a member of team ${teamSlug}`);
+              } else {
+                core.warning(`User ${username} is not an active member of team ${teamSlug}`);
+              }
+
+              return isMember;
+            } catch (error) {
+              if (error.status === 404) {
+                core.warning(`User ${username} is not a member of team ${teamSlug}`);
+                core.setOutput('is-member', false);
+                return false;
+              }
+              throw error;
+            }
+
+  run-tests:
+    runs-on: ubuntu-latest
+    needs: check-team-membership
+    if: needs.check-team-membership.outputs.is-team-member == 'true'
+    env:
+      TCTEST_SERVER: ${{ secrets.TCTEST_SERVER }}
+      TCTEST_FILEREGEX: 'internal/services/[a-z]*/[_a-zA-Z]*(resource|data_source)'
+      TCTEST_SKIP_QUEUE: 'true'
+      TCTEST_TOKEN_TC: ${{ secrets.TCTEST_TOKEN_TC }}
+      TCTEST_BUILDTYPEID: TF_AzureRM_AZURERM_SERVICE_PUBLIC
+      TCTEST_REPO: terraform-providers/terraform-provider-azurerm
+    steps:
+      - name: Setup Go
+        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.2.0
+        with:
+          go-version: '1.25'
+
+      - name: Get tctest version
+        id: tctest-version
+        run: |
+          LATEST_RELEASE=$(curl -s https://api.github.com/repos/katbyte/tctest/releases/latest | grep "tag_name" | cut -d '"' -f 4)
+          echo "version=${LATEST_RELEASE}" >> $GITHUB_OUTPUT
+          echo "Latest tctest release: $LATEST_RELEASE"
+
+      - name: Cache tctest binary
+        id: cache-tctest
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: ~/go/bin/tctest
+          key: tctest-${{ runner.os }}-${{ steps.tctest-version.outputs.version }}
+
+      - name: Install tctest
+        if: steps.cache-tctest.outputs.cache-hit != 'true'
+        run: |
+          go install github.com/katbyte/tctest@latest
+
+      - name: Run tctest
+        run: |
+          PR_NUMBER=${{ github.event.issue.number }}
+          COMMENT_BODY="${{ github.event.comment.body }}"
+          echo "Running tctest for PR #${PR_NUMBER}"
+          tctest pr ${PR_NUMBER} --properties "POST_GITHUB_COMMENT=true"
+
+      - name: Comment on success
+        if: success()
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            await github.rest.reactions.createForIssueComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: context.payload.comment.id,
+              content: 'rocket'
+            });
+
+      - name: Comment on failure
+        if: failure()
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: '❌ Failed to trigger TeamCity tests. Please check the workflow logs for details.'
+            });
+
+  unauthorized-comment:
+    runs-on: ubuntu-latest
+    needs: check-team-membership
+    if: needs.check-team-membership.outputs.is-team-member == 'false'
+    steps:
+      - name: Comment unauthorized
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: '⚠️ You are not authorized to run tests. Only members of the designated team can trigger test runs.'
+            });

.release/provider-schema.json

@@ -13,7 +13,10 @@ class ClientConfiguration(var clientId: String,
                           val principalIdAltTenant : String,
                           val vcsRootId : String,
                           val enableTestTriggersGlobally : Boolean,
-                          val emailAddressAccTests : String,)
+                          val emailAddressAccTests : String,
+                          val gitHubRepo : String,
+                          val gitPat : String,
+                          )
 
 class LocationConfiguration(var primary : String, var secondary : String, var tertiary : String, var rotate : Boolean)
 
@@ -43,4 +46,8 @@ fun ParametrizedWithType.ConfigureAzureSpecificTestParameters(environment: Strin
     hiddenVariable("env.ARM_TEST_LOCATION_ALT2", locationsForEnv.tertiary, "The Tertiary region which should be used for testing")
     hiddenVariable("env.ARM_FIVEPOINTZERO_BETA", "false", "Opt into the 5.0 beta")
     hiddenVariable("env.ARM_TEST_ACC_EMAIL_ADDRESS", config.emailAddressAccTests, "email address for the Acceptance Tests User")
+    hiddenPasswordVariable("env.GIT_PAT", config.gitPat, "Personal Access Token for GitHub")
+    hiddenVariable("env.GITHUB_REPO", config.gitHubRepo, "GitHub Repository")
+    hiddenVariable("env.POST_GITHUB_COMMENT",  "false", "Whether to post a comment on the PR with the results of the tests")
+    hiddenVariable("env.POST_GITHUB_COMMENT_DETAILED",  "false", "Whether to post a detailed comment on the PR with the results of the tests")
 }

.teamcity/components/build_azure.kt

@@ -1,4 +1,6 @@
 import jetbrains.buildServer.configs.kotlin.*
+import java.io.File
+import jetbrains.buildServer.configs.kotlin.buildFeatures.BuildCacheFeature
 import jetbrains.buildServer.configs.kotlin.buildFeatures.GolangFeature
 import jetbrains.buildServer.configs.kotlin.buildSteps.ScriptBuildStep
 import jetbrains.buildServer.configs.kotlin.triggers.schedule
@@ -20,6 +22,14 @@ fun BuildFeatures.Golang() {
     }
 }
 
+// Requires the creation of build_config_cache for the project:
+fun BuildFeatures.BuildCacheFeature() {
+        feature(BuildCacheFeature {
+            name = "terraform-provider-azurerm-build-cache"
+            publish = false
+        })
+}
+
 fun BuildSteps.ConfigureGoEnv() {
     step(ScriptBuildStep {
         name = "Configure Go Version"
@@ -58,14 +68,18 @@ fun BuildSteps.RunAcceptanceTests(packageName: String) {
     } else {
         step(ScriptBuildStep {
             name = "Compile Test Binary"
-            scriptContent = "go test -c -o test-binary"
+            scriptContent = """
+                            mkdir -p %env.GOMODCACHE%
+                            mkdir -p %env.GOCACHE%
+                            go test -c -o test-binary
+                            """.trimIndent()
             workingDir = "%SERVICE_PATH%"
         })
 
         step(ScriptBuildStep {
             // ./test-binary -test.list=TestAccAzureRMResourceGroup_ | teamcity-go-test -test ./test-binary -timeout 1s
             name = "Run via jen20/teamcity-go-test"
-            scriptContent = "./test-binary -test.list=\"%TEST_PREFIX%\" | teamcity-go-test -test ./test-binary -parallelism \"%PARALLELISM%\" -timeout \"%TIMEOUT%h\""
+            scriptContent = "./test-binary -test.list=\"%TEST_PREFIX%\" | teamcity-go-test -test ./test-binary -parallelism \"%PARALLELISM%\" -timeout \"%TIMEOUT%h\" | tee results.txt"
             workingDir = "%SERVICE_PATH%"
         })
     }
@@ -87,15 +101,25 @@ fun BuildSteps.RunAcceptanceTestsForPullRequest(packageName: String) {
 
         step(ScriptBuildStep {
             name = "Run Tests"
-            scriptContent = "GOFLAGS=\"-mod=vendor\" ./teamcity-go-test-json_linux_amd64 -scope \"$servicePath\" -prefix \"%TEST_PREFIX%\" -count=1 -parallelism=%PARALLELISM% -timeout %TIMEOUT%"
+            scriptContent = "GOFLAGS=\"-mod=vendor\" ./teamcity-go-test-json_linux_amd64 -scope \"$servicePath\" -prefix \"%TEST_PREFIX%\" -count=1 -parallelism=%PARALLELISM% -timeout %TIMEOUT% | tee results.txt"
         })
     }
 }
 
+fun BuildSteps.PostTestResultsToGitHubPullRequest() {
+    step(ScriptBuildStep {
+        name = "Post Test Results to GitHub Pull Request"
+        scriptContent = File("scripts/post_github_comment.sh").readText()
+        workingDir = "%SERVICE_PATH%"
+    })
+}
+
 fun ParametrizedWithType.TerraformAcceptanceTestParameters(parallelism : Int, prefix : String, timeout: Int) {
     text("PARALLELISM", "%d".format(parallelism))
     text("TEST_PREFIX", prefix)
     text("TIMEOUT", "%d".format(timeout))
+    text("POST_GITHUB_COMMENT", "false")
+    text("POST_GITHUB_COMMENT_DETAILED", "false")
 }
 
 fun ParametrizedWithType.ReadOnlySettings() {
@@ -119,6 +143,11 @@ fun ParametrizedWithType.WorkingDirectory(packageName: String) {
     text("SERVICE_PATH", servicePath(packageName), "", "The path at which to run - automatically updated", ParameterDisplay.HIDDEN)
 }
 
+fun ParametrizedWithType.GoCache() {
+    text("env.GOMODCACHE", "%teamcity.agent.work.dir%/go-cache/mod", "The location of the Go Module Cache")
+    text("env.GOCACHE", "%teamcity.agent.work.dir%/go-cache/build", "The location of the Go Cache")
+}
+
 fun ParametrizedWithType.hiddenVariable(name: String, value: String, description: String) {
     text(name, value, "", description, ParameterDisplay.HIDDEN)
 }

.teamcity/components/build_components.kt

@@ -0,0 +1,75 @@
+import jetbrains.buildServer.configs.kotlin.AbsoluteId
+import jetbrains.buildServer.configs.kotlin.BuildType
+import jetbrains.buildServer.configs.kotlin.buildFeatures.BuildCacheFeature
+import jetbrains.buildServer.configs.kotlin.buildSteps.ScriptBuildStep
+
+class buildCacheConfiguration(environment: String, vcsRootId: String) {
+    val environment = environment
+    val vcsRootId = vcsRootId
+
+    fun buildConfiguration(providerName: String): BuildType {
+        return BuildType {
+            id(uniqueID(providerName))
+
+            name = "Cache Build Dependencies"
+
+            vcs {
+                root(rootId = AbsoluteId(vcsRootId))
+                cleanCheckout = true
+            }
+
+            steps {
+                ConfigureGoEnv()
+                step(ScriptBuildStep {
+                    name = "Compile Test Binary"
+                    scriptContent = """
+                        mkdir -p %env.GOCACHE%
+                        mkdir -p %env.GOMODCACHE%
+                        go test -c -o test-binary
+                    """.trimIndent()
+                })
+            }
+
+            triggers {
+                RunNightly(
+                    nightlyTestsEnabled = true,
+                    startHour = 23,
+                    daysOfWeek = "*",
+                    daysOfMonth = "*"
+                )
+            }
+
+            failureConditions {
+                errorMessage = true
+                executionTimeoutMin = 60
+            }
+
+            features {
+                feature(BuildCacheFeature {
+                    name = "terraform-provider-azurerm-build-cache"
+                    publish = true
+                    use = false
+                    rules = """
+                        %env.GOCACHE%
+                        %env.GOMODCACHE%
+                    """.trimIndent()
+                })
+            }
+
+            cleanup {
+                baseRule {
+                    artifacts(days = 7, artifactPatterns = "+:**/*")
+                }
+            }
+
+            params {
+                GoCache()
+                ReadOnlySettings()
+            }
+        }
+    }
+
+    fun uniqueID(provider: String): String {
+        return "%s_CACHE_%s".format(provider.uppercase(), environment.uppercase())
+    }
+}

.teamcity/components/build_config_cache.kt

@@ -24,6 +24,7 @@ class pullRequest(displayName: String, environment: String, vcsRootId : String)
                 ConfigureGoEnv()
                 DownloadTerraformBinary()
                 RunAcceptanceTestsForPullRequest(packageName)
+                PostTestResultsToGitHubPullRequest()
             }
 
             failureConditions {
@@ -32,6 +33,7 @@ class pullRequest(displayName: String, environment: String, vcsRootId : String)
 
             features {
                 Golang()
+                BuildCacheFeature()
             }
 
             params {
@@ -40,6 +42,7 @@ class pullRequest(displayName: String, environment: String, vcsRootId : String)
                 TerraformShouldPanicForSchemaErrors()
                 TerraformCoreBinaryTesting()
                 ReadOnlySettings()
+                GoCache()
 
                 text("SERVICES", "portal")
             }

.teamcity/components/build_config_pull_request.kt

@@ -22,6 +22,7 @@ class serviceDetails(name: String, displayName: String, environment: String, vcs
                 ConfigureGoEnv()
                 DownloadTerraformBinary()
                 RunAcceptanceTests(packageName)
+                PostTestResultsToGitHubPullRequest()
             }
 
             failureConditions {
@@ -31,6 +32,7 @@ class serviceDetails(name: String, displayName: String, environment: String, vcs
 
             features {
                 Golang()
+                BuildCacheFeature()
             }
 
             params {
@@ -40,6 +42,7 @@ class serviceDetails(name: String, displayName: String, environment: String, vcs
                 TerraformShouldPanicForSchemaErrors()
                 ReadOnlySettings()
                 WorkingDirectory(packageName)
+                GoCache()
             }
 
             triggers {