diff --git a/.github/workflows/pr-ci.yml b/.github/workflows/pr-ci.yml index 5e94112d..19654ae5 100644 --- a/.github/workflows/pr-ci.yml +++ b/.github/workflows/pr-ci.yml @@ -27,7 +27,7 @@ jobs: shell: bash outputs: TYGER_ENVIRONMENT_NAME: ${{ steps.set-variables.outputs.TYGER_ENVIRONMENT_NAME }} - TYGER_URI: ${{ steps.set-variables.outputs.TYGER_URI }} + TYGER_COMBINED_CONFIG: ${{ steps.set-variables.outputs.TYGER_COMBINED_CONFIG }} steps: - name: Login into Azure uses: azure/login@v1 @@ -51,9 +51,15 @@ jobs: else environment_name="tygerwestus2" fi - tyger_uri=$(TYGER_ENVIRONMENT_NAME="${environment_name}" make -s get-tyger-uri) + + export TYGER_ENVIRONMENT_NAME="${environment_name}" + tyger_uri=$(make -s get-tyger-uri) echo "TYGER_ENVIRONMENT_NAME=$environment_name" >> "$GITHUB_OUTPUT" - echo "TYGER_URI=$tyger_uri" >> "$GITHUB_OUTPUT" + echo "TYGER_ENVIRONMENT_NAME=$environment_name" >> "$GITHUB_ENV" + + combined_config=$(scripts/get-context-environment-config.sh -e "" -o json | jq -c) + echo "TYGER_COMBINED_CONFIG=$combined_config" >> "$GITHUB_OUTPUT" + echo "TYGER_COMBINED_CONFIG=$combined_config" >> "$GITHUB_ENV" - name: Verify devcontainer shell: bash @@ -72,71 +78,42 @@ jobs: exit 1 fi - - name: Build and verify format - run: | - set -eo pipefail - source /opt/conda/etc/profile.d/conda.sh - conda activate /opt/conda/envs/tyger - make restore - make verify-format + # - name: Build and verify format + # run: | + # set -eo pipefail + # source /opt/conda/etc/profile.d/conda.sh + # conda activate /opt/conda/envs/tyger + # make restore + # make verify-format - - name: Deploy and test - env: - TYGER_ENVIRONMENT_NAME: ${{ steps.set-variables.outputs.TYGER_ENVIRONMENT_NAME }} - TYGER_URI: ${{ steps.set-variables.outputs.TYGER_URI }} - run: | - set -eo pipefail - source /opt/conda/etc/profile.d/conda.sh - conda activate /opt/conda/envs/tyger - export TYGER_ENVIRONMENT_CONFIG_DIR="${GITHUB_WORKSPACE}/deploy/config/microsoft/ci" - echo "TYGER_ENVIRONMENT_CONFIG_DIR=$TYGER_ENVIRONMENT_CONFIG_DIR" + # - name: Deploy and test + # run: | + # set -eo pipefail + # source /opt/conda/etc/profile.d/conda.sh + # conda activate /opt/conda/envs/tyger + # export TYGER_ENVIRONMENT_CONFIG_DIR="${GITHUB_WORKSPACE}/deploy/config/microsoft/ci" + # echo "TYGER_ENVIRONMENT_CONFIG_DIR=$TYGER_ENVIRONMENT_CONFIG_DIR" - # We have mounted this location in the container, it is identical to the checkout location - # We need to run the testdata generation from this path to make sure the testdata is generated in the right place. - # Otherwise, checksums will change and dirty the path and that will cause publishing to fail. - cd /workspaces/tyger + # # We have mounted this location in the container, it is identical to the checkout location + # # We need to run the testdata generation from this path to make sure the testdata is generated in the right place. + # # Otherwise, checksums will change and dirty the path and that will cause publishing to fail. + # cd /workspaces/tyger - set -euo pipefail - make -s -j 8 + # set -euo pipefail + # make -s -j 8 - - name: Publish official images - if: startsWith(github.ref, 'refs/tags/') - env: - TYGER_ENVIRONMENT_NAME: ${{ steps.set-variables.outputs.TYGER_ENVIRONMENT_NAME }} - run: | - source /opt/conda/etc/profile.d/conda.sh - conda activate /opt/conda/envs/tyger + # - name: Publish official images + # run: | + # source /opt/conda/etc/profile.d/conda.sh + # conda activate /opt/conda/envs/tyger - set -euo pipefail - cd /workspaces/tyger - - make publish-official-images - - - name: Build Windows Binaries - run: | - set -euo pipefail + # set -euo pipefail + # cd /workspaces/tyger - export CGO_ENABLED=1 - export GOOS=windows - export GOARCH=amd64 - - mkdir -p "${GITHUB_WORKSPACE}/windows-cli-tools" - cd cli - go build -ldflags="-s -w" -v -o "${GITHUB_WORKSPACE}/windows-cli-tools/tyger.exe" ./cmd/tyger - go build -ldflags="-s -w" -v -o "${GITHUB_WORKSPACE}/windows-cli-tools/tyger-proxy.exe" ./cmd/tyger-proxy - - - name: Archive windows-cli-tools - uses: actions/upload-artifact@v3 - with: - name: windows-cli-tools - path: | - windows-cli-tools + # make publish-official-images - name: Cleanup if: ${{ always() }} - env: - TYGER_ENVIRONMENT_NAME: ${{ steps.set-variables.outputs.TYGER_ENVIRONMENT_NAME }} - TYGER_URI: ${{ steps.set-variables.outputs.TYGER_URI }} run: | set -eo pipefail source /opt/conda/etc/profile.d/conda.sh @@ -151,7 +128,9 @@ jobs: windows-smoke-tests: runs-on: windows-latest - needs: tyger-build-deploy + needs: + - tyger-build-deploy + - publish-binaries steps: - name: Checkout uses: actions/checkout@v3 @@ -159,11 +138,10 @@ jobs: fetch-depth: 0 - name: Download artifacts - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: - name: windows-cli-tools - path: | - windows-cli-tools + name: dist + path: dist - name: Login into Azure uses: azure/login@v1 @@ -175,13 +153,25 @@ jobs: - name: Run smoke tests env: - TYGER_URI: ${{ needs.tyger-build-deploy.outputs.TYGER_URI }} + TYGER_COMBINED_CONFIG: ${{ needs.tyger-build-deploy.outputs.TYGER_COMBINED_CONFIG }} shell: pwsh run: | - $env:PATH = "$env:GITHUB_WORKSPACE\windows-cli-tools;"+ $env:PATH + $env:PATH = "$env:GITHUB_WORKSPACE\dist\tyger_windows_amd64_v1;" + $env:PATH + + $combinedConfig = $env:TYGER_COMBINED_CONFIG | ConvertFrom-Json + $tygerUri = "https://" + $combinedConfig.config.api.domainName + $servicePrincipal = $combinedConfig.developerConfig.testAppUri + $keyVaultName = $combinedConfig.developerConfig.keyVault + $certificateName = $combinedConfig.developerConfig.pkcs12CertSecret.name + $certificateVersion = $combinedConfig.developerConfig.pkcs12CertSecret.version # Run tests - .\scripts\Test-CertificateLoginOnWindows.ps1 -ServerUri $env:TYGER_URI + .\scripts\Test-CertificateLoginOnWindows.ps1 \ + -ServerUri $tygerUri \ + -ServicePrincipal $servicePrincipal \ + -KeyVaultName $keyVaultName \ + -CertificateName $certificateName \ + -CertificateVersion $certificateVersion codeQL: name: CodeQL @@ -210,9 +200,6 @@ jobs: languages: csharp, go - name: "Build" - env: - TYGER_ENVIRONMENT_NAME: ${{ steps.set-variables.outputs.TYGER_ENVIRONMENT_NAME }} - TYGER_URI: ${{ steps.set-variables.outputs.TYGER_URI }} run: | set -eo pipefail source /opt/conda/etc/profile.d/conda.sh @@ -224,14 +211,10 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 - release: + publish-binaries: if: startsWith(github.ref, 'refs/tags/') permissions: contents: write - needs: - - tyger-build-deploy - - windows-smoke-tests - - codeQL runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -254,9 +237,17 @@ jobs: - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 + env: + # If this is a tag push, create a release + ARGS: ${{ startsWith(github.ref, 'refs/tags/') && 'release --clean' || 'release --clean --snapshot' }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: version: v1.21.2 workdir: cli - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + args: ${{ env.ARGS }} + + - name: Upload binaries + uses: actions/upload-artifact@v3 + with: + name: dist + path: cli/dist diff --git a/scripts/Test-CertificateLoginOnWindows.ps1 b/scripts/Test-CertificateLoginOnWindows.ps1 index ebc8bd55..b7d640ce 100644 --- a/scripts/Test-CertificateLoginOnWindows.ps1 +++ b/scripts/Test-CertificateLoginOnWindows.ps1 @@ -7,6 +7,18 @@ param( [Parameter(Mandatory = $true)] [string]$ServerUri + + [Parameter(Mandatory = $true)] + [string]$servicePrincipal + + [Parameter(Mandatory = $true)] + $KeyVaultName + + [Parameter(Mandatory = $true)] + $CertificateName + + [Parameter(Mandatory = $true)] + $CertificateVersion ) $ErrorActionPreference = "Stop" @@ -16,10 +28,8 @@ function RunTests { param ( [X509Certificate]$Cert ) - - Write-Host "Running tests..." - $servicePrincipal = "api://tyger-test-client" + Write-Host "Running tests..." # Login with certificate thumbprint given as a command-line argument @@ -53,7 +63,7 @@ function RunTests { Invoke-NativeCommand tyger logout Invoke-NativeCommand tyger login --file $optionsFile.FullName $codespecVersion = Invoke-NativeCommand tyger codespec create cert-test --image busybox --command '--' sh -c 'echo "hello world"' - $runId = Invoke-NativeCommand tyger run create --codespec cert-test --version $codespecVersion + $runId = Invoke-NativeCommand tyger run create --codespec cert-test --version $codespecVersion # Start tyger-proxy using a certificate thumbprint @@ -83,7 +93,7 @@ function RunTests { Invoke-NativeCommandEnsureFailure -ExpectedErrorSubstring "certificatePath and certificateThumbprint cannot both be specified" ` tyger login -f $optionsFile.FullName - + Invoke-NativeCommandEnsureFailure -ExpectedErrorSubstring "certificatePath and certificateThumbprint cannot both be specified" ` tyger-proxy start -f $optionsFile.FullName } @@ -141,15 +151,10 @@ function Invoke-NativeCommandEnsureFailure() { $global:LASTEXITCODE = 0 } -$keyVaultName = "eminence" -$certificateName = "tyger-test-client-cert-pkcs12" -$certificateVersion = "f8b1b7dde7034217bf12ce4ea772b470" - - Write-Host "Checking for certificate..." # See if the certificate is already in the store -$certMetadata = Invoke-NativeCommand az keyvault certificate show --vault-name $keyVaultName -n $certificateName --version $certificateVersion -o json | ConvertFrom-Json +$certMetadata = Invoke-NativeCommand az keyvault certificate show --vault-name $KeyVaultName -n $CertificateName --version $CertificateVersion -o json | ConvertFrom-Json $cert = Get-Item "cert:\CurrentUser\My\$($certMetadata.x509ThumbprintHex)" -ErrorAction SilentlyContinue $installCertificate = -not $cert @@ -166,8 +171,8 @@ try { Remove-Item $temporaryPath try { - Invoke-NativeCommand az keyvault secret download --file $temporaryPath --vault-name $keyVaultName -n $certificateName --version $certificateVersion - + Invoke-NativeCommand az keyvault secret download --file $temporaryPath --vault-name $KeyVaultName -n $CertificateName --version $CertificateVersion + # The private key will not be exportable. $cert = Import-PfxCertificate -FilePath $temporaryPath -CertStoreLocation Cert:\CurrentUser\My } @@ -184,6 +189,6 @@ finally { if ($installCertificate) { Remove-Item $cert.PSPath -ErrorAction SilentlyContinue } - + Remove-Item $cacheFile.FullName -ErrorAction SilentlyContinue -} \ No newline at end of file +} diff --git a/scripts/get-context-environment-config.sh b/scripts/get-context-environment-config.sh index e4934399..c7b3400c 100755 --- a/scripts/get-context-environment-config.sh +++ b/scripts/get-context-environment-config.sh @@ -51,7 +51,7 @@ this_dir=$(dirname "${0}") config_dir="${TYGER_ENVIRONMENT_CONFIG_DIR:-${this_dir}/../deploy/config/microsoft}" helm_chart_dir=$(readlink -f "${this_dir}/../deploy/helm") -if [[ "$expression" == "config" || "$expression" == config.* ]]; then +if [[ "$expression" == "config" || "$expression" == config.* || "$expression" == "" ]]; then environment_name="${TYGER_ENVIRONMENT_NAME:-}" if [[ -z "${environment_name:-}" ]]; then if [[ ! "$(git config user.email)" =~ [^@]+ ]]; then