Live Azure Validation #672
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Live Azure Validation | |
| on: | |
| schedule: | |
| # 5:35 pm every Sunday (UTC) | |
| # to ensure the live validation runs weekly | |
| - cron: "35 17 * * 0" | |
| workflow_dispatch: | |
| jobs: | |
| test-generator: | |
| concurrency: live-resources # only permit one run at a time | |
| runs-on: [self-hosted, 1ES.Pool=aso-1es-pool] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # required to access tags | |
| submodules: "true" | |
| - name: Build & run devcontainer image | |
| # this always builds a new image from scratch rather than from the build-devcontainer-image workflow output | |
| # so that we pick up the latest versions of everything | |
| # NB: if you update this also update create-release.yml | |
| id: devcontainer | |
| run: | | |
| docker build --tag devcontainer:latest .devcontainer | |
| container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock --network=host devcontainer:latest) | |
| docker start "$container_id" | |
| echo "container_id=$container_id" >> $GITHUB_ENV | |
| - name: Run CI tasks against live resources | |
| run: docker exec --env HOSTROOT=$GITHUB_WORKSPACE -e AZURE_TENANT_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_SUBSCRIPTION_ID -e AZURE_CLIENT_SECRET_MULTITENANT -e AZURE_CLIENT_ID_MULTITENANT -e AZURE_CLIENT_ID_CERT_AUTH -e AZURE_CLIENT_SECRET_CERT_AUTH "${{env.container_id }}" task ci-live | |
| env: | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_CLIENT_SECRET_MULTITENANT: ${{ secrets.AZURE_CLIENT_SECRET_MULTITENANT }} | |
| AZURE_CLIENT_ID_MULTITENANT: ${{ secrets.AZURE_CLIENT_ID_MULTITENANT }} | |
| AZURE_CLIENT_ID_CERT_AUTH: ${{ secrets.AZURE_CLIENT_ID_CERT_AUTH }} | |
| AZURE_CLIENT_SECRET_CERT_AUTH: ${{ secrets.AZURE_CLIENT_SECRET_CERT_AUTH }} | |
| # We explicitly do not upload coverage for live tests as it messes with the diffs for PRs, | |
| # since they will not exercize the authorization codepaths. | |
| - name: Cleanup test resources | |
| if: always() | |
| run: docker exec -e AZURE_TENANT_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_SUBSCRIPTION_ID "${{ env.container_id }}" task cleanup-azure-resources | |
| env: | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |