Add VPN Gateway NAT Rules module (#1923) #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Copyright (c) Microsoft Corporation | |
# Licensed under the MIT License. | |
# | |
name: standalone-networking | |
on: | |
push: | |
paths: | |
- 'network*' | |
- 'modules/networking/**' | |
- 'examples/networking/**' | |
- '.github/workflows/*networking.*' | |
env: | |
TF_CLI_ARGS: "-no-color" | |
TF_CLI_ARGS_destroy: "-auto-approve -refresh=false" | |
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
TF_REGISTRY_DISCOVERY_RETRY: 5 | |
TF_REGISTRY_CLIENT_TIMEOUT: 15 | |
ROVER_RUNNER: true | |
jobs: | |
load_scenarios: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.load_scenarios.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: load_scenarios | |
run: | | |
cases=$(cat ./.github/workflows/standalone-networking.json | jq -c .) | |
echo "matrix=${cases}" >> $GITHUB_OUTPUT | |
testcases: | |
name: test | |
runs-on: ubuntu-latest | |
needs: load_scenarios | |
strategy: | |
fail-fast: false | |
matrix: ${{fromJSON(needs.load_scenarios.outputs.matrix)}} | |
container: | |
image: aztfmod/rover:1.5.7-2310.0211 | |
options: --user 0 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Create environment variables | |
run: | | |
cd ${GITHUB_WORKSPACE}/examples/${{ matrix.config_files }} | |
FILE_NAME=$(echo ${{ matrix.config_files }} | sed 's./..g' | xargs) | |
echo STATE_FILE=${TF_DATA_DIR}/tfstates/${FILE_NAME}.tfstate >> $GITHUB_ENV | |
echo PLAN_FILE=${TF_DATA_DIR}/tfstates/${FILE_NAME}.plan >> $GITHUB_ENV | |
echo CURRENT_FOLDER=${GITHUB_WORKSPACE}/examples/${{ matrix.config_files }} >> $GITHUB_ENV | |
echo PARAMETER_FILES=$(find ${GITHUB_WORKSPACE}/examples/${{ matrix.config_files }} | grep .tfvars | sed 's/.*/-var-file=&/' | xargs) >> $GITHUB_ENV | |
- name: Login azure | |
run: | | |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' | |
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} | |
- name: Terraform Init example | |
id: tf_init | |
run: | | |
terraform -chdir=${GITHUB_WORKSPACE}/examples \ | |
init -upgrade=true | grep -P '^- (?=Downloading|Using|Finding|Installing)|^[^-]' | |
- name: Terraform Plan example | |
id: tf_plan | |
run: | | |
terraform -chdir=${GITHUB_WORKSPACE}/examples \ | |
plan \ | |
${{ env.PARAMETER_FILES }} \ | |
-var tags='{testing_job_id='"${{ github.run_id }}"'}' \ | |
-var var_folder_path=${{ env.CURRENT_FOLDER }} \ | |
-refresh=true \ | |
-input=false \ | |
-state=${{ env.STATE_FILE }} \ | |
-out=${{ env.PLAN_FILE }} | |
- name: Terraform Apply example | |
id: tf_apply | |
if: steps.tf_plan.outcome == 'success' | |
run: | | |
terraform -chdir=${GITHUB_WORKSPACE}/examples \ | |
apply \ | |
-parallelism=30 \ | |
-state=${{ env.STATE_FILE }} \ | |
${{ env.PLAN_FILE }} | |
- name: Terraform Destroy planning example | |
id: tf_destroy_plan | |
if: steps.tf_plan.outcome == 'success' | |
run: | | |
terraform -chdir=${GITHUB_WORKSPACE}/examples \ | |
plan \ | |
${{ env.PARAMETER_FILES }} \ | |
-var tags='{testing_job_id='"${{ github.run_id }}"'}' \ | |
-var var_folder_path=${{ env.CURRENT_FOLDER }} \ | |
-refresh=true \ | |
-input=false \ | |
-destroy \ | |
-state=${{ env.STATE_FILE }} \ | |
-out=${{ env.PLAN_FILE }}-destroy | |
- name: Terraform Destroy apply example | |
id: tf_destroy_apply | |
if: steps.tf_destroy_plan.outcome == 'success' | |
run: | | |
terraform -chdir=${GITHUB_WORKSPACE}/examples \ | |
apply \ | |
-refresh=false \ | |
-parallelism=30 \ | |
-auto-approve \ | |
-state=${{ env.STATE_FILE }} \ | |
${{ env.PLAN_FILE }}-destroy | |
purge: | |
name: purge | |
runs-on: ubuntu-latest | |
if: ${{ failure() || cancelled() }} | |
needs: [testcases] | |
container: | |
image: aztfmod/rover:1.5.7-2310.0211 | |
options: --user 0 | |
steps: | |
- name: Login azure | |
run: | | |
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' | |
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} | |
- name: Complete purge | |
run: | | |
for i in `az monitor diagnostic-settings subscription list -o tsv --query "value[?contains(name, '${{ github.run_id }}' )].name"`; do echo "purging subscription diagnostic-settings: $i" && $(az monitor diagnostic-settings subscription delete --name $i --yes); done | |
for i in `az monitor log-profiles list -o tsv --query '[].name'`; do az monitor log-profiles delete --name $i; done | |
for i in `az ad group list --query "[?contains(displayName, '${{ github.run_id }}')].id" -o tsv`; do echo "purging Azure AD group: $i" && $(az ad group delete --verbose --group $i || true); done | |
for i in `az ad app list --query "[?contains(displayName, '${{ github.run_id }}')].appId" -o tsv`; do echo "purging Azure AD app: $i" && $(az ad app delete --verbose --id $i || true); done | |
for i in `az keyvault list-deleted --query "[?tags.testing_job_id=='${{ github.run_id }}'].name" -o tsv`; do az keyvault purge --name $i; done | |
for i in `az group list --query "[?tags.testing_job_id=='${{ github.run_id }}'].name" -o tsv`; do echo "purging resource group: $i" && $(az group delete -n $i -y --no-wait || true); done | |
for i in `az role assignment list --query "[?contains(roleDefinitionName, '${{ github.run_id }}')].roleDefinitionName" -o tsv`; do echo "purging role assignment: $i" && $(az role assignment delete --role $i || true); done | |
for i in `az role definition list --query "[?contains(roleName, '${{ github.run_id }}')].roleName" -o tsv`; do echo "purging custom role definition: $i" && $(az role definition delete --name $i || true); done |