Skip to content

Add VPN Gateway NAT Rules module (#1923) #66

Add VPN Gateway NAT Rules module (#1923)

Add VPN Gateway NAT Rules module (#1923) #66

#
# Copyright (c) Microsoft Corporation
# Licensed under the MIT License.
#
name: standalone-networking
on:
push:
paths:
- 'network*'
- 'modules/networking/**'
- 'examples/networking/**'
- '.github/workflows/*networking.*'
env:
TF_CLI_ARGS: "-no-color"
TF_CLI_ARGS_destroy: "-auto-approve -refresh=false"
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
TF_REGISTRY_DISCOVERY_RETRY: 5
TF_REGISTRY_CLIENT_TIMEOUT: 15
ROVER_RUNNER: true
jobs:
load_scenarios:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.load_scenarios.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: load_scenarios
run: |
cases=$(cat ./.github/workflows/standalone-networking.json | jq -c .)
echo "matrix=${cases}" >> $GITHUB_OUTPUT
testcases:
name: test
runs-on: ubuntu-latest
needs: load_scenarios
strategy:
fail-fast: false
matrix: ${{fromJSON(needs.load_scenarios.outputs.matrix)}}
container:
image: aztfmod/rover:1.5.7-2310.0211
options: --user 0
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Create environment variables
run: |
cd ${GITHUB_WORKSPACE}/examples/${{ matrix.config_files }}
FILE_NAME=$(echo ${{ matrix.config_files }} | sed 's./..g' | xargs)
echo STATE_FILE=${TF_DATA_DIR}/tfstates/${FILE_NAME}.tfstate >> $GITHUB_ENV
echo PLAN_FILE=${TF_DATA_DIR}/tfstates/${FILE_NAME}.plan >> $GITHUB_ENV
echo CURRENT_FOLDER=${GITHUB_WORKSPACE}/examples/${{ matrix.config_files }} >> $GITHUB_ENV
echo PARAMETER_FILES=$(find ${GITHUB_WORKSPACE}/examples/${{ matrix.config_files }} | grep .tfvars | sed 's/.*/-var-file=&/' | xargs) >> $GITHUB_ENV
- name: Login azure
run: |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
- name: Terraform Init example
id: tf_init
run: |
terraform -chdir=${GITHUB_WORKSPACE}/examples \
init -upgrade=true | grep -P '^- (?=Downloading|Using|Finding|Installing)|^[^-]'
- name: Terraform Plan example
id: tf_plan
run: |
terraform -chdir=${GITHUB_WORKSPACE}/examples \
plan \
${{ env.PARAMETER_FILES }} \
-var tags='{testing_job_id='"${{ github.run_id }}"'}' \
-var var_folder_path=${{ env.CURRENT_FOLDER }} \
-refresh=true \
-input=false \
-state=${{ env.STATE_FILE }} \
-out=${{ env.PLAN_FILE }}
- name: Terraform Apply example
id: tf_apply
if: steps.tf_plan.outcome == 'success'
run: |
terraform -chdir=${GITHUB_WORKSPACE}/examples \
apply \
-parallelism=30 \
-state=${{ env.STATE_FILE }} \
${{ env.PLAN_FILE }}
- name: Terraform Destroy planning example
id: tf_destroy_plan
if: steps.tf_plan.outcome == 'success'
run: |
terraform -chdir=${GITHUB_WORKSPACE}/examples \
plan \
${{ env.PARAMETER_FILES }} \
-var tags='{testing_job_id='"${{ github.run_id }}"'}' \
-var var_folder_path=${{ env.CURRENT_FOLDER }} \
-refresh=true \
-input=false \
-destroy \
-state=${{ env.STATE_FILE }} \
-out=${{ env.PLAN_FILE }}-destroy
- name: Terraform Destroy apply example
id: tf_destroy_apply
if: steps.tf_destroy_plan.outcome == 'success'
run: |
terraform -chdir=${GITHUB_WORKSPACE}/examples \
apply \
-refresh=false \
-parallelism=30 \
-auto-approve \
-state=${{ env.STATE_FILE }} \
${{ env.PLAN_FILE }}-destroy
purge:
name: purge
runs-on: ubuntu-latest
if: ${{ failure() || cancelled() }}
needs: [testcases]
container:
image: aztfmod/rover:1.5.7-2310.0211
options: --user 0
steps:
- name: Login azure
run: |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
- name: Complete purge
run: |
for i in `az monitor diagnostic-settings subscription list -o tsv --query "value[?contains(name, '${{ github.run_id }}' )].name"`; do echo "purging subscription diagnostic-settings: $i" && $(az monitor diagnostic-settings subscription delete --name $i --yes); done
for i in `az monitor log-profiles list -o tsv --query '[].name'`; do az monitor log-profiles delete --name $i; done
for i in `az ad group list --query "[?contains(displayName, '${{ github.run_id }}')].id" -o tsv`; do echo "purging Azure AD group: $i" && $(az ad group delete --verbose --group $i || true); done
for i in `az ad app list --query "[?contains(displayName, '${{ github.run_id }}')].appId" -o tsv`; do echo "purging Azure AD app: $i" && $(az ad app delete --verbose --id $i || true); done
for i in `az keyvault list-deleted --query "[?tags.testing_job_id=='${{ github.run_id }}'].name" -o tsv`; do az keyvault purge --name $i; done
for i in `az group list --query "[?tags.testing_job_id=='${{ github.run_id }}'].name" -o tsv`; do echo "purging resource group: $i" && $(az group delete -n $i -y --no-wait || true); done
for i in `az role assignment list --query "[?contains(roleDefinitionName, '${{ github.run_id }}')].roleDefinitionName" -o tsv`; do echo "purging role assignment: $i" && $(az role assignment delete --role $i || true); done
for i in `az role definition list --query "[?contains(roleName, '${{ github.run_id }}')].roleName" -o tsv`; do echo "purging custom role definition: $i" && $(az role definition delete --name $i || true); done