From 33d3d5e2ed10b22c376f2fb8ffba069695a4e82c Mon Sep 17 00:00:00 2001 From: Shruthi Kumar Date: Wed, 21 Aug 2024 14:10:52 -0700 Subject: [PATCH] Update validate workflow to test against PR specific schema changes (#7814) # Description _Please explain the changes you've made._ ## Type of change - This pull request fixes a bug in Radius and has an approved issue (issue link required). - This pull request adds or changes features of Radius and has an approved issue (issue link required). - This pull request is a minor refactor, code cleanup, test improvement, or other maintenance task and doesn't change the functionality of Radius (issue link optional). Fixes: #issue_number --------- Signed-off-by: sk593 --- .github/workflows/validate-bicep.yaml | 20 +++++++++++++++++++ build/validate-bicep.sh | 15 ++++++++++++-- .../dapr-pubsub-broker.bicep | 1 + .../dapr-secret-store.bicep | 1 + .../test-bicep-recipes/dapr-state-store.bicep | 1 + .../mongodb-recipe-context.bicep | 2 ++ .../mongodb-recipe-kubernetes.bicep | 2 ++ .../test-bicep-recipes/rabbitmq-recipe.bicep | 1 + .../test-bicep-recipes/sqldb-recipe.bicep | 1 + 9 files changed, 42 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate-bicep.yaml b/.github/workflows/validate-bicep.yaml index 8fde59ea7d..7c976267b4 100644 --- a/.github/workflows/validate-bicep.yaml +++ b/.github/workflows/validate-bicep.yaml @@ -26,6 +26,14 @@ on: permissions: id-token: write # Required for requesting the JWT +env: + # Local Docker registry name + LOCAL_REGISTRY_NAME: "radius-registry" + # Local Docker registry server + LOCAL_REGISTRY_SERVER: "localhost" + # Local Docker registry port + LOCAL_REGISTRY_PORT: "5000" + concurrency: # Cancel the previously triggered build for only PR build. group: bicep-${{ github.event.pull_request.number || github.sha }} @@ -44,11 +52,23 @@ jobs: bicep --version - name: Check out repo uses: actions/checkout@v4 + - name: Create a secure local registry + id: create-local-registry + uses: ./.github/actions/create-local-registry + with: + secure: "true" + registry-name: ${{ env.LOCAL_REGISTRY_NAME }} + registry-server: ${{ env.LOCAL_REGISTRY_SERVER }} + registry-port: ${{ env.LOCAL_REGISTRY_PORT }} + - name: Publish bicep types + run: | + bicep publish-extension ./hack/bicep-types-radius/generated/index.json --target br:${{ env.LOCAL_REGISTRY_SERVER }}:${{ env.LOCAL_REGISTRY_PORT }}/radius:latest --force - name: Install jq run: sudo apt-get install -y jq - name: Modify bicepconfig.json run: | # Add credential preference to the bicepconfig.json file + jq '.extensions.radius = "br:${{ env.LOCAL_REGISTRY_SERVER }}:${{ env.LOCAL_REGISTRY_PORT }}/radius:latest"' bicepconfig.json > tmp.json && mv tmp.json bicepconfig.json jq '. + {"cloud": {"credentialPrecedence": ["Environment"]}}' bicepconfig.json > tmp.json && mv tmp.json bicepconfig.json - name: Print updated bicepconfig.json run: cat bicepconfig.json diff --git a/build/validate-bicep.sh b/build/validate-bicep.sh index 5d9865f83e..f0ea3cd921 100755 --- a/build/validate-bicep.sh +++ b/build/validate-bicep.sh @@ -5,7 +5,6 @@ then exit 1 fi -WARNING_MSG="WARNING: The following experimental Bicep features" FILES=$(find . -type f -name "*.bicep") # Get the first bicep file with Radius and AWS extensions from the list to restore extensions @@ -37,6 +36,7 @@ STDERR=$($BICEP_PATH build $FIRST_FILE_AWS --stdout 2>&1 1>/dev/null) echo "Restoring AWS extension with response: $STDERR..." FAILURES=() +WARNINGS=() for F in $FILES do echo "validating $F" @@ -59,7 +59,13 @@ do exec 3>&- fi - if [[ ! $EXITCODE -eq 0 || ($STDERR != $WARNING_MSG* && $STDERR == *"Error"*) ]] + if [[ $STDERR == *"Warning"* ]] + then + echo $STDERR + WARNINGS+=$F + fi + + if [[ ! $EXITCODE -eq 0 || $STDERR == *"Error"* ]] then echo $STDERR FAILURES+=$F @@ -71,4 +77,9 @@ do echo "Failed: $F" done +for F in $WARNINGS +do + echo "Warning: $F" +done + exit ${#FAILURES[@]} \ No newline at end of file diff --git a/test/testrecipes/test-bicep-recipes/dapr-pubsub-broker.bicep b/test/testrecipes/test-bicep-recipes/dapr-pubsub-broker.bicep index 075fbc87f3..b63cc5383e 100644 --- a/test/testrecipes/test-bicep-recipes/dapr-pubsub-broker.bicep +++ b/test/testrecipes/test-bicep-recipes/dapr-pubsub-broker.bicep @@ -14,6 +14,7 @@ module redis '../../../test/testrecipes/modules/redis-selfhost.bicep' = { } } +#disable-next-line BCP081 resource dapr 'dapr.io/Component@v1alpha1' = { metadata: { name: context.resource.name diff --git a/test/testrecipes/test-bicep-recipes/dapr-secret-store.bicep b/test/testrecipes/test-bicep-recipes/dapr-secret-store.bicep index d773959f4d..cfcd91535d 100644 --- a/test/testrecipes/test-bicep-recipes/dapr-secret-store.bicep +++ b/test/testrecipes/test-bicep-recipes/dapr-secret-store.bicep @@ -5,6 +5,7 @@ extension kubernetes with { param context object +#disable-next-line BCP081 resource dapr 'dapr.io/Component@v1alpha1' = { metadata: { name: context.resource.name diff --git a/test/testrecipes/test-bicep-recipes/dapr-state-store.bicep b/test/testrecipes/test-bicep-recipes/dapr-state-store.bicep index 8bfc70af02..0d2cbe9c42 100644 --- a/test/testrecipes/test-bicep-recipes/dapr-state-store.bicep +++ b/test/testrecipes/test-bicep-recipes/dapr-state-store.bicep @@ -14,6 +14,7 @@ module redis '../../../test/testrecipes/modules/redis-selfhost.bicep' = { } } +#disable-next-line BCP081 resource dapr 'dapr.io/Component@v1alpha1' = { metadata: { name: context.resource.name diff --git a/test/testrecipes/test-bicep-recipes/mongodb-recipe-context.bicep b/test/testrecipes/test-bicep-recipes/mongodb-recipe-context.bicep index 4929f412d8..84fd44363d 100644 --- a/test/testrecipes/test-bicep-recipes/mongodb-recipe-context.bicep +++ b/test/testrecipes/test-bicep-recipes/mongodb-recipe-context.bicep @@ -44,7 +44,9 @@ output result object = { username: account.name } secrets: { + #disable-next-line outputs-should-not-contain-secrets connectionString: account.listConnectionStrings().connectionStrings[0].connectionString + #disable-next-line outputs-should-not-contain-secrets password: account.listKeys().primaryMasterKey } } diff --git a/test/testrecipes/test-bicep-recipes/mongodb-recipe-kubernetes.bicep b/test/testrecipes/test-bicep-recipes/mongodb-recipe-kubernetes.bicep index 1658f7dcff..30a751ceef 100644 --- a/test/testrecipes/test-bicep-recipes/mongodb-recipe-kubernetes.bicep +++ b/test/testrecipes/test-bicep-recipes/mongodb-recipe-kubernetes.bicep @@ -102,8 +102,10 @@ output result object = { database: context.resource.name } secrets: { + #disable-next-line outputs-should-not-contain-secrets connectionString: 'mongodb://${username}:${password}@${svc.metadata.name}.${svc.metadata.namespace}.svc.cluster.local:27017' username: username + #disable-next-line outputs-should-not-contain-secrets password: password } } diff --git a/test/testrecipes/test-bicep-recipes/rabbitmq-recipe.bicep b/test/testrecipes/test-bicep-recipes/rabbitmq-recipe.bicep index 7b041b1dec..84a72dd4f0 100644 --- a/test/testrecipes/test-bicep-recipes/rabbitmq-recipe.bicep +++ b/test/testrecipes/test-bicep-recipes/rabbitmq-recipe.bicep @@ -90,6 +90,7 @@ output result object = { username: username } secrets: { + #disable-next-line outputs-should-not-contain-secrets password: password } } diff --git a/test/testrecipes/test-bicep-recipes/sqldb-recipe.bicep b/test/testrecipes/test-bicep-recipes/sqldb-recipe.bicep index 42e29ceeca..e3d89dd588 100644 --- a/test/testrecipes/test-bicep-recipes/sqldb-recipe.bicep +++ b/test/testrecipes/test-bicep-recipes/sqldb-recipe.bicep @@ -106,6 +106,7 @@ output result object = { username: username } secrets: { + #disable-next-line outputs-should-not-contain-secrets password: password } }