Add Subscription ID and Tenant ID to build variables (#439) #98
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow creates the required Azure resources using Terraform for running the Packer Azure plugin acceptance tests for the ARM and DTL Builders | |
# TODO: Next steps for improvement -> We should use GHA concurrency groups to ensure that only one acceptance test job is run at a time this way if two commits are commited to main within a short period of time, tests won't fail. | |
# If we still run into unique name conflicts, we could also randomly generate the storage account name, group name, and prefix. | |
name: Acceptance Tests | |
on: | |
push: | |
branches: | |
- main | |
permissions: | |
contents: read | |
id-token: write | |
jobs: | |
secrets-check: | |
runs-on: ubuntu-latest | |
outputs: | |
available: ${{ steps.check-secrets.outputs.available }} | |
steps: | |
# we check for the ACTIONS_ID_TOKEN_REQUEST_URL variable as a proxy for other secrets | |
# it will be unset when running for a PR from a fork | |
- id: check-secrets | |
run: | | |
if [[ "${ACTIONS_ID_TOKEN_REQUEST_URL}" == "" ]]; then | |
echo "available=false" | tee ${GITHUB_OUTPUT} | |
else | |
echo "available=true" | tee ${GITHUB_OUTPUT} | |
fi | |
get-go-version: | |
runs-on: ubuntu-latest | |
outputs: | |
go-version: ${{ steps.get-go-version.outputs.go-version }} | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: 'Determine Go version' | |
id: get-go-version | |
run: | | |
echo "Found Go $(cat .go-version)" | |
echo "go-version=$(cat .go-version)" >> $GITHUB_OUTPUT | |
acceptance-tests: | |
runs-on: ubuntu-latest | |
needs: | |
- secrets-check | |
- get-go-version | |
if: needs.secrets-check.outputs.available == 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Set up Go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: ${{ needs.get-go-version.outputs.go-version }} | |
- name: Setup `terraform` | |
uses: hashicorp/setup-terraform@v2 | |
- name: Run `terraform init` to download Azure Provider | |
run: terraform init | |
working-directory: ./terraform | |
- name: Setup `packer` | |
uses: hashicorp/setup-packer@main | |
id: setup | |
- name: Build the plugin | |
run: make | |
- name: Login to Azure CLI | |
run: az login --output none --tenant="${{ secrets.ARM_TENANT_ID}}" --username="${{ secrets.ARM_CLIENT_ID}}" --password="${{ secrets.ARM_CLIENT_SECRET}}" --service-principal | |
- name: Create SSH Certificate and set envrionment variable for it # Used for Linux specialized ancestry test, so parent and child have to share the same login method | |
run: ssh-keygen -m PEM -t rsa -b 4096 -f example.pem -N '' && echo "ARM_SSH_PRIVATE_KEY_FILE=$(pwd)/example.pem" >> $GITHUB_ENV | |
- name: Set auth and resource name environemnt variables | |
run: | | |
echo "AZURE_CLI_AUTH=1" >> $GITHUB_ENV | |
echo "ARM_SUBSCRIPTION_ID=${{ secrets.ARM_SUBSCRIPTION_ID}}" >> $GITHUB_ENV | |
echo "ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID}}" >> $GITHUB_ENV | |
echo "ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET}}" >> $GITHUB_ENV | |
echo "ARM_RESOURCE_GROUP_NAME=packercigroup" >> $GITHUB_ENV | |
echo "ARM_STORAGE_ACCOUNT=packerciaccount" >> $GITHUB_ENV | |
echo "ARM_RESOURCE_PREFIX=packerci" >> $GITHUB_ENV | |
- name: Run `terraform apply` to create resources for acceptance tests | |
working-directory: ./terraform | |
run: ./run_terraform_apply_with_expected_env_vars.sh | |
- name: Run Acceptance Tests | |
run: make testacc | |
- name: Run `terraform destroy` after test | |
working-directory: ./terraform | |
if: ${{ always() }} # Regardless of failure or cancelation, run terraform destroy | |
run: ./run_terraform_destroy_with_expected_env_vars.sh | |
# Try and upload logs | |
- run: zip arm_failure_logs.zip builder/azure/arm/packer_*txt | |
if: ${{ failure() }} | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: ${{ failure() }} | |
with: | |
name: "arm_failure_logs.zip" | |
path: "arm_failure_logs.zip" | |
retention-days: 1 | |
- run: zip dtl_failure_logs.zip builder/azure/dtl/packer_*txt | |
if: ${{ failure() }} | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: ${{ failure() }} | |
with: | |
name: "dtl_failure_logs.zip" | |
path: "dtl_failure_logs.zip" | |
retention-days: 1 | |