ci: Align Azure AD auth tests (#251) #18

Workflow file for this run

.github/workflows/ci-main.yml at ee9a8e7

	name: Helm Chart CI (Main)
	on:
	push:
	branches:
	- main
	workflow_dispatch:

	permissions:
	id-token: write
	contents: read

	env:
	AZURE_TENANT_ID: 72f988bf-86f1-41af-91ab-2d7cd011db47
	AZURE_SUBSCRIPTION_ID: a200340d-6b82-494d-9dbf-687ba6e33f9e
	AZURE_CI_CLIENT_ID: 359b42a2-78a3-49e7-9be3-6ddfd1a27329

	jobs:
	deploy-gateway-token:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	enableHighAvailability: [false, true]
	kubernetesVersion: [v1.27, v1.26, v1.25, v1.24]
	include:
	# Images are defined on every Kind release
	# See https://github.com/kubernetes-sigs/kind/releases for an overview of the images
	- kubernetesVersion: v1.27
	kindImage: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
	- kubernetesVersion: v1.26
	kindImage: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
	- kubernetesVersion: v1.25
	kindImage: kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8
	- kubernetesVersion: v1.24
	kindImage: kindest/node:v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab
	name: Deploy to Kubernetes ${{ matrix.kubernetesVersion }} (${{ (matrix.enableHighAvailability == true && 'With HA') \|\| 'Without HA' }})
	steps:
	- name: Check out code
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: Authenticate to Azure
	uses: azure/login@v1
	with:
	tenant-id: ${{ env.AZURE_TENANT_ID }}
	subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
	client-id: ${{ env.AZURE_CI_CLIENT_ID }}

	- name: Get gateway secrets from Azure Key Vault
	id: fetched-secrets
	uses: azure/CLI@v1
	with:
	azcliversion: 2.30.0
	inlineScript: \|
	az account show
	GATEWAY_CONFIG_URL=$(az keyvault secret show --name "Gateway-Configuration-Url" --vault-name "${{ vars.AZURE_KEY_VAULT_NAME }}" --query "value")
	GATEWAY_TOKEN=$(az keyvault secret show --name "Gateway-Token" --vault-name "${{ vars.AZURE_KEY_VAULT_NAME }}" --query "value")
	echo "::set-output name=configurationUrl::$GATEWAY_CONFIG_URL"
	echo "::add-mask::$GATEWAY_TOKEN"
	echo "::set-output name=gatewayToken::$GATEWAY_TOKEN"

	- name: Helm install
	uses: Azure/setup-helm@v1

	- name: Create k8s ${{ matrix.kubernetesVersion }} Kind Cluster
	uses: helm/kind-action@v1.2.0
	with:
	version: v0.13.0
	node_image: ${{ matrix.kindImage }}
	config: ./testing/kind-cluster.yml

	- name: Show Kubernetes version
	run: \|
	kubectl version

	- name: Show Kubernetes nodes
	run: \|
	kubectl get nodes -o wide

	- name: Describe Control-Plane Node
	run: \|
	kubectl describe nodes/chart-testing-control-plane

	- name: Describe Worker Node
	run: \|
	kubectl describe nodes/chart-testing-worker

	- name: Show Kubernetes nodes
	run: \|
	kubectl get nodes -o wide

	- name: Show Helm version
	run: \|
	helm version

	- name: Create Kubernetes namespace
	run: kubectl create ns apim-gateway

	- name: Template Helm chart
	run: helm install azure-api-management-gateway ./helm-charts/azure-api-management-gateway --namespace apim-gateway --set gateway.configuration.uri=${{ steps.fetched-secrets.outputs.configurationUrl }} --set gateway.auth.key=${{ steps.fetched-secrets.outputs.gatewayToken }} --set highAvailability.enabled=${{ matrix.enableHighAvailability }} --set gateway.deployment.strategy.type=Recreate --values ./testing/test-config.yml --dry-run

	- name: Install Helm chart
	run: helm install azure-api-management-gateway ./helm-charts/azure-api-management-gateway --namespace apim-gateway --set gateway.configuration.uri=${{ steps.fetched-secrets.outputs.configurationUrl }} --set gateway.auth.key=${{ steps.fetched-secrets.outputs.gatewayToken }} --set highAvailability.enabled=${{ matrix.enableHighAvailability }} --set gateway.deployment.strategy.type=Recreate --values ./testing/test-config.yml --wait --timeout 10m0s

	- name: Show Kubernetes resources
	run: kubectl get all --namespace apim-gateway
	if: always()

	- name: Show Logs for Self-Hosted Gateway
	run: kubectl logs -l app.kubernetes.io/name=azure-api-management-gateway --namespace apim-gateway
	if: always()

	deploy-azure-ad:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	enableHighAvailability: [false, true]
	kubernetesVersion: [v1.26, v1.25, v1.24, v1.23, v1.22, v1.21, v1.20]
	include:
	# Images are defined on every Kind release
	# See https://github.com/kubernetes-sigs/kind/releases for an overview of the images
	- kubernetesVersion: v1.27
	kindImage: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
	- kubernetesVersion: v1.26
	kindImage: kindest/node:v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
	- kubernetesVersion: v1.25
	kindImage: kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8
	- kubernetesVersion: v1.24
	kindImage: kindest/node:v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab
	name: Deploy to Kubernetes ${{ matrix.kubernetesVersion }} (${{ (matrix.enableHighAvailability == true && 'With HA') \|\| 'Without HA' }})
	steps:
	- name: Check out code
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: Authenticate to Azure
	uses: azure/login@v1
	with:
	tenant-id: ${{ env.AZURE_TENANT_ID }}
	subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
	client-id: ${{ env.AZURE_CI_CLIENT_ID }}

	- name: Get gateway secrets from Azure Key Vault
	id: fetched-secrets
	uses: azure/CLI@v1
	with:
	azcliversion: 2.30.0
	inlineScript: \|
	az account show
	GATEWAY_CONFIG_URL=$(az keyvault secret show --name "Gateway-Configuration-Url" --vault-name "${{ vars.AZURE_KEY_VAULT_NAME }}" --query "value")
	AD_APP_SECRET=$(az keyvault secret show --name "Azure-Ad-App-Secret" --vault-name "${{ vars.AZURE_KEY_VAULT_NAME }}" --query "value")
	echo "::set-output name=configurationUrl::$GATEWAY_CONFIG_URL"
	echo "::add-mask::$AD_APP_SECRET"
	echo "::set-output name=adAppSecret::$AD_APP_SECRET"

	- name: Helm install
	uses: Azure/setup-helm@v1

	- name: Create k8s ${{ matrix.kubernetesVersion }} Kind Cluster
	uses: helm/kind-action@v1.2.0
	with:
	version: v0.13.0
	node_image: ${{ matrix.kindImage }}
	config: ./testing/kind-cluster.yml

	- name: Show Kubernetes version
	run: \|
	kubectl version

	- name: Show Kubernetes nodes
	run: \|
	kubectl get nodes -o wide

	- name: Describe Control-Plane Node
	run: \|
	kubectl describe nodes/chart-testing-control-plane

	- name: Describe Worker Node
	run: \|
	kubectl describe nodes/chart-testing-worker

	- name: Show Kubernetes nodes
	run: \|
	kubectl get nodes -o wide

	- name: Show Helm version
	run: \|
	helm version

	- name: Create Kubernetes namespace
	run: kubectl create ns apim-gateway

	- name: Template Helm chart
	run: helm install azure-api-management-gateway ./helm-charts/azure-api-management-gateway --namespace apim-gateway --set gateway.configuration.uri=${{ steps.fetched-secrets.outputs.configurationUrl }} --set gateway.auth.type=AzureAdApp --set gateway.name=${{ vars.GATEWAY_NAME }} --set gateway.auth.azureAd.tenant.id=${{ env.AZURE_TENANT_ID }} --set gateway.auth.azureAd.app.id=${{ env.AZURE_CI_CLIENT_ID }} --set gateway.auth.azureAd.app.secret=${{ steps.fetched-secrets.outputs.adAppSecret }} --set highAvailability.enabled=${{ matrix.enableHighAvailability }} --set gateway.deployment.strategy.type=Recreate --values ./testing/test-config.yml --dry-run

	- name: Install Helm chart
	run: helm install azure-api-management-gateway ./helm-charts/azure-api-management-gateway --namespace apim-gateway --set gateway.configuration.uri=${{ steps.fetched-secrets.outputs.configurationUrl }} --set gateway.auth.type=AzureAdApp --set gateway.name=${{ vars.GATEWAY_NAME }} --set gateway.auth.azureAd.tenant.id=${{ env.AZURE_TENANT_ID }} --set gateway.auth.azureAd.app.id=${{ env.AZURE_CI_CLIENT_ID }} --set gateway.auth.azureAd.app.secret=${{ steps.fetched-secrets.outputs.adAppSecret }} --set highAvailability.enabled=${{ matrix.enableHighAvailability }} --set gateway.deployment.strategy.type=Recreate --values ./testing/test-config.yml --wait --timeout 10m0s

	- name: Show Kubernetes resources
	run: kubectl get all --namespace apim-gateway
	if: always()

	- name: Show Logs for Self-Hosted Gateway
	run: kubectl logs -l app.kubernetes.io/name=azure-api-management-gateway --namespace apim-gateway
	if: always()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: Align Azure AD auth tests (#251) #18

Workflow file

ci: Align Azure AD auth tests (#251) #18

Jobs

Run details

Workflow file for this run