mirror of
https://github.com/azure/login.git
synced 2026-03-12 18:07:08 -04:00
165d6877fd
* Consistently use azure/powershell@v1 * Consistently use actions/checkout@v4 * Consistently use actions/setup-node@v4 * Consistently use actions/github-script@v7 * Consistently use actions/stale@v8 * Specify codql language as javascript See https://api.github.com/repos/github/codeql-action/issues/comments/762138640 * Name ci.yml * CodeQL does not need a special code
359 lines
10 KiB
YAML
359 lines
10 KiB
YAML
name: Azure Login Action Positive Test
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
|
|
jobs:
|
|
|
|
BasicTest:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, windows-latest, self_linux, self_windows]
|
|
runs-on: ${{ matrix.os }}
|
|
environment: Automation test
|
|
|
|
steps:
|
|
- name: 'Checking out repo code'
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set Node.js 16.x for GitHub Action
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 16.x
|
|
|
|
- name: 'Validate build'
|
|
run: |
|
|
npm install
|
|
npm run build
|
|
|
|
- name: 'Run L0 tests'
|
|
run: |
|
|
npm run test
|
|
|
|
- name: Login with creds
|
|
uses: ./
|
|
with:
|
|
creds: ${{secrets.SP1}}
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
az group show --name GitHubAction_CI_RG --output none
|
|
az vm list --output none
|
|
|
|
- name: Run Azure PowerShell
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
|
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
- name: Login with individual parameters
|
|
uses: ./
|
|
with:
|
|
client-id: ${{ secrets.SP1_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.SP1_TENANT_ID }}
|
|
subscription-id: ${{ secrets.SP1_SUBSCRIPTION_ID }}
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli again
|
|
run: |
|
|
az account show --output none
|
|
|
|
- name: Run Azure PowerShell again
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
- name: Login with explicit auth-type
|
|
uses: ./
|
|
with:
|
|
creds: ${{secrets.SP1}}
|
|
auth-type: SERVICE_PRINCIPAL
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
az group show --name GitHubAction_CI_RG --output none
|
|
az vm list --output none
|
|
|
|
- name: Run Azure PowerShell
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
|
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
ParameterTest:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, windows-latest]
|
|
runs-on: ${{ matrix.os }}
|
|
environment: Automation test
|
|
|
|
steps:
|
|
- name: 'Checking out repo code'
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set Node.js 16.x for GitHub Action
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 16.x
|
|
|
|
- name: 'Validate build'
|
|
run: |
|
|
npm install
|
|
npm run build
|
|
|
|
- name: Login with creds, disable ps session
|
|
uses: ./
|
|
with:
|
|
creds: ${{secrets.SP1}}
|
|
enable-AzPSSession: false
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
az group show --name GitHubAction_CI_RG --output none
|
|
az vm list --output none
|
|
|
|
- name: Login with creds, wrong boolean value
|
|
uses: ./
|
|
with:
|
|
creds: ${{secrets.SP1}}
|
|
enable-AzPSSession: notboolean
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
az group show --name GitHubAction_CI_RG --output none
|
|
az vm list --output none
|
|
|
|
- name: Login with creds, allow no subscription
|
|
uses: ./
|
|
with:
|
|
creds: ${{secrets.SP1}}
|
|
allow-no-subscriptions: true
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
az group show --name GitHubAction_CI_RG --output none
|
|
az vm list --output none
|
|
|
|
- name: Run Azure PowerShell
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
|
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
- name: Login with individual parameters, allow no subscription
|
|
uses: ./
|
|
with:
|
|
client-id: ${{ secrets.SP1_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.SP1_TENANT_ID}}
|
|
subscription-id: ${{ secrets.SP1_SUBSCRIPTION_ID }}
|
|
allow-no-subscriptions: true
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli again
|
|
run: |
|
|
az account show --output none
|
|
|
|
- name: Run Azure PowerShell again
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
- name: Login with individual parameters, no subscription, allow no subscription
|
|
uses: ./
|
|
with:
|
|
client-id: ${{ secrets.OIDC_SP2_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.OIDC_SP2_TENANT_ID }}
|
|
allow-no-subscriptions: true
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
|
|
- name: Run Azure PowerShell
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
- name: Login with creds, no subscription, allow no subscription
|
|
uses: ./
|
|
with:
|
|
creds: '{"clientId":"${{ secrets.OIDC_SP2_CLIENT_ID }}","clientSecret":"${{ secrets.SP2_CLIENT_SECRET }}","tenantId":"${{ secrets.OIDC_SP2_TENANT_ID }}"}'
|
|
allow-no-subscriptions: true
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
|
|
- name: Run Azure PowerShell
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
VMTest:
|
|
strategy:
|
|
matrix:
|
|
os: [self_linux, self_windows]
|
|
runs-on: ${{ matrix.os }}
|
|
environment: Automation test
|
|
|
|
steps:
|
|
- name: 'Checking out repo code'
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set Node.js 16.x for GitHub Action
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 16.x
|
|
|
|
- name: 'Validate build'
|
|
run: |
|
|
npm install
|
|
npm run build
|
|
|
|
- name: Login with system-assigned managed identity, no subscription-id
|
|
uses: ./
|
|
with:
|
|
auth-type: IDENTITY
|
|
allow-no-subscriptions: true
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
|
|
- name: Run Azure PowerShell
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
- name: Login with system-assigned managed identity, with subscription id
|
|
uses: ./
|
|
with:
|
|
auth-type: IDENTITY
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID }}
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
az group show --name GitHubAction_CI_RG --output none
|
|
az vm list --output none
|
|
|
|
- name: Run Azure PowerShell
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
|
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
- name: Login with tenant-level user-assigned managed identity with allow-no-subscriptions
|
|
uses: ./
|
|
with:
|
|
client-id: ${{ secrets.UMI2_CLIENT_ID }}
|
|
allow-no-subscriptions: true
|
|
auth-type: IDENTITY
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
|
|
- name: Run Azure PowerShell
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|
|
- name: Login with user-assigned managed identity, subscription-id
|
|
uses: ./
|
|
with:
|
|
client-id: ${{ secrets.UMI1_CLIENT_ID }}
|
|
subscription-id: ${{ secrets.UMI1_SUBSCRIPTION_ID }}
|
|
auth-type: IDENTITY
|
|
enable-AzPSSession: true
|
|
|
|
- name: Run Azure Cli
|
|
run: |
|
|
az account show --output none
|
|
az group show --name GitHubAction_CI_RG --output none
|
|
az vm list --output none
|
|
|
|
- name: Run Azure PowerShell
|
|
uses: azure/powershell@v1
|
|
with:
|
|
azPSVersion: "latest"
|
|
inlineScript: |
|
|
$checkResult = (Get-AzContext).Environment.Name -eq 'AzureCloud'
|
|
$checkResult = $checkResult -and ((Get-AzResourceGroup -Name GitHubAction_CI_RG).ResourceGroupName -eq 'GitHubAction_CI_RG')
|
|
$checkResult = $checkResult -and ((Get-AzVM).Count -gt 0)
|
|
if(-not $checkResult){
|
|
throw "Not all checks passed!"
|
|
}
|
|
|