From 9f35a8b08135ae0e8e3a9509902762697495bd4d Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 10:38:37 +0800 Subject: [PATCH 01/12] prepare to use oidc as authentication method --- .github/workflows/e2e.yaml | 13 +++++++------ .github/workflows/weekly-e2e.yaml | 13 +++++++------ quickstart/101-aci-linuxcontainer-public-ip/main.tf | 1 + 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 3f80f6431..6c2f0bfee 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -11,7 +11,7 @@ permissions: jobs: e2e-check: - runs-on: [self-hosted, 1ES.Pool=terraform-azurerm-doc] + runs-on: ubuntu-latest environment: name: acctests steps: @@ -31,12 +31,13 @@ jobs: ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} run: | echo "change files" $ALL_CHANGED_FILES - az login --identity --username $MSI_ID > /dev/null - export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id') - export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId') - ARM_CLIENT_ID=$(az identity list | jq -r --arg MSI_ID "$MSI_ID" '.[] | select(.principalId == $MSI_ID) | .clientId') + export ARM_OIDC_REQUEST_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN + export ARM_OIDC_REQUEST_URL=$ACTIONS_ID_TOKEN_REQUEST_URL + export ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }} + export ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} + export ARM_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }} export CHANGED_FOLDERS="${{ steps.changed-files.outputs.all_changed_files }}" - docker run --rm -v $(pwd):/src -w /src/test --network=host -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_USE_MSI=true -e CHANGED_FOLDERS mcr.microsoft.com/azterraform:latest sh -c "pkenv install 1.10.2 && go mod tidy && go test -timeout=360m -v ./e2e" + docker run --rm -v $(pwd):/src -w /src/test --network=host -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true -e CHANGED_FOLDERS mcr.microsoft.com/azterraform:latest sh -c "pkenv install 1.10.2 && go mod tidy && go test -timeout=360m -v ./e2e" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3 with: name: TestRecord-${{ github.event.number }} diff --git a/.github/workflows/weekly-e2e.yaml b/.github/workflows/weekly-e2e.yaml index ba0f2aa95..34d109640 100644 --- a/.github/workflows/weekly-e2e.yaml +++ b/.github/workflows/weekly-e2e.yaml @@ -9,7 +9,7 @@ permissions: jobs: full-e2e-check: - runs-on: [self-hosted, 1ES.Pool=terraform-azurerm-doc] + runs-on: ubuntu-latest timeout-minutes: 1440 environment: name: crontests @@ -21,11 +21,12 @@ jobs: timeout-minutes: 1440 run: | git config --global --add safe.directory '*' - az login --identity --username $MSI_ID > /dev/null - export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id') - export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId') - ARM_CLIENT_ID=$(az identity list | jq -r --arg MSI_ID "$MSI_ID" '.[] | select(.principalId == $MSI_ID) | .clientId') - docker run --rm -v $(pwd):/src -w /src/test -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_CLIENT_ID -e ARM_TENANT_ID -e ARM_USE_MSI=true -e CHANGED_FOLDERS mcr.microsoft.com/azterraform sh -c "go mod tidy && go test -timeout=1440m -parallel 10 -v ./e2e" + export ARM_OIDC_REQUEST_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN + export ARM_OIDC_REQUEST_URL=$ACTIONS_ID_TOKEN_REQUEST_URL + export ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }} + export ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} + export ARM_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }} + docker run --rm -v $(pwd):/src -w /src/test -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_CLIENT_ID -e ARM_TENANT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true -e CHANGED_FOLDERS mcr.microsoft.com/azterraform sh -c "go mod tidy && go test -timeout=1440m -parallel 10 -v ./e2e" - name: Update run: | docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform sh scripts/update-test-record.sh diff --git a/quickstart/101-aci-linuxcontainer-public-ip/main.tf b/quickstart/101-aci-linuxcontainer-public-ip/main.tf index 0bfb3efdb..3143531ac 100644 --- a/quickstart/101-aci-linuxcontainer-public-ip/main.tf +++ b/quickstart/101-aci-linuxcontainer-public-ip/main.tf @@ -2,6 +2,7 @@ resource "random_pet" "rg_name" { prefix = var.resource_group_name_prefix } + resource "azurerm_resource_group" "rg" { name = random_pet.rg_name.id location = var.resource_group_location From ab1e7a1d35fe32b942099e643764a700969d8047 Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 10:46:54 +0800 Subject: [PATCH 02/12] debug --- .github/workflows/e2e.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 6c2f0bfee..bd90683db 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -26,6 +26,12 @@ jobs: files: "quickstart/*" files_ignore: "**/TestRecord.md" dir_names_max_depth: 2 + - name: Setup upterm session + uses: lhotari/action-upterm@v1 + env: + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - name: test pr env: ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} From 260add31f90b297befe2c19a25c52e207b3df9bd Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 10:54:36 +0800 Subject: [PATCH 03/12] debug --- .github/workflows/e2e.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index bd90683db..955161301 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -26,8 +26,8 @@ jobs: files: "quickstart/*" files_ignore: "**/TestRecord.md" dir_names_max_depth: 2 - - name: Setup upterm session - uses: lhotari/action-upterm@v1 + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 env: AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} From b31825d578bfb2e7a391b84897b386bdc82ad951 Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 11:23:11 +0800 Subject: [PATCH 04/12] use pull_request_target --- .github/workflows/e2e.yaml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 955161301..ebb5a1c7b 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -1,6 +1,6 @@ name: E2E Test Check on: - pull_request: + pull_request_target: types: ['opened', 'synchronize'] paths: - '.github/**' @@ -26,22 +26,16 @@ jobs: files: "quickstart/*" files_ignore: "**/TestRecord.md" dir_names_max_depth: 2 - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - env: - AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - name: test pr env: + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} run: | echo "change files" $ALL_CHANGED_FILES export ARM_OIDC_REQUEST_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN export ARM_OIDC_REQUEST_URL=$ACTIONS_ID_TOKEN_REQUEST_URL - export ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }} - export ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} - export ARM_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }} export CHANGED_FOLDERS="${{ steps.changed-files.outputs.all_changed_files }}" docker run --rm -v $(pwd):/src -w /src/test --network=host -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true -e CHANGED_FOLDERS mcr.microsoft.com/azterraform:latest sh -c "pkenv install 1.10.2 && go mod tidy && go test -timeout=360m -v ./e2e" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3 From 18fbe314fd293c595a1cee0d50a102d466e096c0 Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 11:40:13 +0800 Subject: [PATCH 05/12] try to trigger ci --- quickstart/101-aci-linuxcontainer-public-ip/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/quickstart/101-aci-linuxcontainer-public-ip/main.tf b/quickstart/101-aci-linuxcontainer-public-ip/main.tf index 3143531ac..c6cb35396 100644 --- a/quickstart/101-aci-linuxcontainer-public-ip/main.tf +++ b/quickstart/101-aci-linuxcontainer-public-ip/main.tf @@ -8,6 +8,7 @@ resource "azurerm_resource_group" "rg" { location = var.resource_group_location } + resource "random_string" "container_name" { length = 25 lower = true From 0e766ccbc61c49e5e33ad446434d3a7ea0d65eb1 Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 11:47:06 +0800 Subject: [PATCH 06/12] try to trigger ci --- .github/workflows/e2e.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index ebb5a1c7b..2ff00ce24 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -1,7 +1,7 @@ name: E2E Test Check on: pull_request_target: - types: ['opened', 'synchronize'] + types: ['opened', 'reopened', 'synchronize'] paths: - '.github/**' - '.github/workflows/**' From 0ca0ef21f7e3a1e2c34971939f08f7a119c17f4d Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 11:56:27 +0800 Subject: [PATCH 07/12] use pull_request event and environment variables --- .github/workflows/e2e.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 2ff00ce24..1ff40f2e4 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -1,7 +1,7 @@ name: E2E Test Check on: - pull_request_target: - types: ['opened', 'reopened', 'synchronize'] + pull_request: + types: ['opened', 'synchronize'] paths: - '.github/**' - '.github/workflows/**' @@ -28,9 +28,9 @@ jobs: dir_names_max_depth: 2 - name: test pr env: - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} run: | echo "change files" $ALL_CHANGED_FILES From 41eb56ff6016b4b42f185e89592067b8802790c4 Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 12:32:09 +0800 Subject: [PATCH 08/12] use pull_request event and environment variables --- .github/workflows/e2e.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 1ff40f2e4..5f38b2967 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -28,15 +28,14 @@ jobs: dir_names_max_depth: 2 - name: test pr env: - ARM_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} - ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} run: | echo "change files" $ALL_CHANGED_FILES export ARM_OIDC_REQUEST_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN export ARM_OIDC_REQUEST_URL=$ACTIONS_ID_TOKEN_REQUEST_URL - export CHANGED_FOLDERS="${{ steps.changed-files.outputs.all_changed_files }}" + export ARM_SUBSCRIPTION_ID = ${{ vars.AZURE_SUBSCRIPTION_ID }} + export ARM_TENANT_ID = ${{ vars.AZURE_TENANT_ID }} + export ARM_CLIENT_ID = ${{ vars.AZURE_CLIENT_ID }} docker run --rm -v $(pwd):/src -w /src/test --network=host -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true -e CHANGED_FOLDERS mcr.microsoft.com/azterraform:latest sh -c "pkenv install 1.10.2 && go mod tidy && go test -timeout=360m -v ./e2e" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3 with: From d10b7830b0d6bcda16aae11d54de7680f8b818c7 Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 12:34:19 +0800 Subject: [PATCH 09/12] use pull_request event and environment variables --- .github/workflows/e2e.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 5f38b2967..8ea3c548c 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -33,9 +33,9 @@ jobs: echo "change files" $ALL_CHANGED_FILES export ARM_OIDC_REQUEST_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN export ARM_OIDC_REQUEST_URL=$ACTIONS_ID_TOKEN_REQUEST_URL - export ARM_SUBSCRIPTION_ID = ${{ vars.AZURE_SUBSCRIPTION_ID }} - export ARM_TENANT_ID = ${{ vars.AZURE_TENANT_ID }} - export ARM_CLIENT_ID = ${{ vars.AZURE_CLIENT_ID }} + export ARM_SUBSCRIPTION_ID=${{ vars.AZURE_SUBSCRIPTION_ID }} + export ARM_TENANT_ID=${{ vars.AZURE_TENANT_ID }} + export ARM_CLIENT_ID=${{ vars.AZURE_CLIENT_ID }} docker run --rm -v $(pwd):/src -w /src/test --network=host -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true -e CHANGED_FOLDERS mcr.microsoft.com/azterraform:latest sh -c "pkenv install 1.10.2 && go mod tidy && go test -timeout=360m -v ./e2e" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3 with: From 66d416ec246cb4f7d1a8ae1a7738481823e22316 Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 12:57:20 +0800 Subject: [PATCH 10/12] use pull_request event and environment variables --- .github/workflows/e2e.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 8ea3c548c..8bbab3adf 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -33,9 +33,9 @@ jobs: echo "change files" $ALL_CHANGED_FILES export ARM_OIDC_REQUEST_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN export ARM_OIDC_REQUEST_URL=$ACTIONS_ID_TOKEN_REQUEST_URL - export ARM_SUBSCRIPTION_ID=${{ vars.AZURE_SUBSCRIPTION_ID }} - export ARM_TENANT_ID=${{ vars.AZURE_TENANT_ID }} - export ARM_CLIENT_ID=${{ vars.AZURE_CLIENT_ID }} + export ARM_SUBSCRIPTION_ID=${{ env.AZURE_SUBSCRIPTION_ID }} + export ARM_TENANT_ID=${{ env.AZURE_TENANT_ID }} + export ARM_CLIENT_ID=${{ env.AZURE_CLIENT_ID }} docker run --rm -v $(pwd):/src -w /src/test --network=host -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true -e CHANGED_FOLDERS mcr.microsoft.com/azterraform:latest sh -c "pkenv install 1.10.2 && go mod tidy && go test -timeout=360m -v ./e2e" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3 with: From 3246c9a02a3429578b40c19d634be12712325ff7 Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 13:12:16 +0800 Subject: [PATCH 11/12] use pull_request event and environment variables --- .github/workflows/e2e.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 8bbab3adf..084bb9d34 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -14,6 +14,10 @@ jobs: runs-on: ubuntu-latest environment: name: acctests + env: + ARM_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + ARM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} steps: - name: checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 #v3.6.0 @@ -33,9 +37,6 @@ jobs: echo "change files" $ALL_CHANGED_FILES export ARM_OIDC_REQUEST_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN export ARM_OIDC_REQUEST_URL=$ACTIONS_ID_TOKEN_REQUEST_URL - export ARM_SUBSCRIPTION_ID=${{ env.AZURE_SUBSCRIPTION_ID }} - export ARM_TENANT_ID=${{ env.AZURE_TENANT_ID }} - export ARM_CLIENT_ID=${{ env.AZURE_CLIENT_ID }} docker run --rm -v $(pwd):/src -w /src/test --network=host -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true -e CHANGED_FOLDERS mcr.microsoft.com/azterraform:latest sh -c "pkenv install 1.10.2 && go mod tidy && go test -timeout=360m -v ./e2e" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3 with: From 28fc93fde018508b1c8aebfb6ea01cb1e2b0cb26 Mon Sep 17 00:00:00 2001 From: zjhe Date: Thu, 12 Sep 2024 14:08:10 +0800 Subject: [PATCH 12/12] test --- quickstart/101-aci-linuxcontainer-public-ip/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/quickstart/101-aci-linuxcontainer-public-ip/main.tf b/quickstart/101-aci-linuxcontainer-public-ip/main.tf index c6cb35396..a28939935 100644 --- a/quickstart/101-aci-linuxcontainer-public-ip/main.tf +++ b/quickstart/101-aci-linuxcontainer-public-ip/main.tf @@ -3,6 +3,7 @@ resource "random_pet" "rg_name" { } + resource "azurerm_resource_group" "rg" { name = random_pet.rg_name.id location = var.resource_group_location