Skip to content

Live Azure Validation #19

Live Azure Validation

Live Azure Validation #19

name: Live Azure Validation
on:
schedule:
# 5:35 pm every Sunday (UTC)
# to ensure the live validation runs weekly
- cron: "35 17 * * 0"
workflow_dispatch:
jobs:
test-generator:
concurrency: live-resources # only permit one run at a time
runs-on: [self-hosted, 1ES.Pool=aso-1es-pool]
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0 # required to access tags
submodules: "true"
- name: Force docker to SSD
run: sudo scripts/v2/linux-docker-use-ssd.sh --containerd true
- name: Build & run devcontainer image
# this always builds a new image from scratch rather than from the build-devcontainer-image workflow output
# so that we pick up the latest versions of everything
# NB: if you update this also update pre-release-tests.yaml, create-release-experimental.yml and create-release-official.yaml
id: devcontainer
run: |
docker build --tag devcontainer:latest .devcontainer
container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock --network=host devcontainer:latest)
docker start "$container_id"
echo "container_id=$container_id" >> $GITHUB_ENV
- name: Run CI tasks against live resources
run: docker exec --env HOSTROOT=$GITHUB_WORKSPACE -e AZURE_TENANT_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_SUBSCRIPTION_ID -e AZURE_CLIENT_SECRET_MULTITENANT -e AZURE_CLIENT_ID_MULTITENANT -e AZURE_CLIENT_ID_CERT_AUTH -e AZURE_CLIENT_SECRET_CERT_AUTH "${{env.container_id }}" task ci-live
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_CLIENT_SECRET_MULTITENANT: ${{ secrets.AZURE_CLIENT_SECRET_MULTITENANT }}
AZURE_CLIENT_ID_MULTITENANT: ${{ secrets.AZURE_CLIENT_ID_MULTITENANT }}
AZURE_CLIENT_ID_CERT_AUTH: ${{ secrets.AZURE_CLIENT_ID_CERT_AUTH }}
AZURE_CLIENT_SECRET_CERT_AUTH: ${{ secrets.AZURE_CLIENT_SECRET_CERT_AUTH }}
# We explicitly do not upload coverage for live tests as it messes with the diffs for PRs,
# since they will not exercize the authorization codepaths.
- name: Cleanup test resources
if: always()
run: docker exec -e AZURE_TENANT_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_SUBSCRIPTION_ID "${{ env.container_id }}" task cleanup-azure-resources
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}