acceptance-tests.yaml

# This workflow creates the required Azure resources using Terraform for running the Packer Azure plugin acceptance tests for the ARM and DTL Builders
# TODO: Next steps for improvement -> We should use GHA concurrency groups to ensure that only one acceptance test job is run at a time this way if two commits are commited to main within a short period of time, tests won't fail.
# If we still run into unique name conflicts, we could also randomly generate the storage account name, group name, and prefix.
name: Acceptance Tests
on:
  push:
    branches:
    - main

permissions:
  contents: read
  id-token: write

jobs:
  secrets-check:
    runs-on: ubuntu-latest
    outputs:
      available: ${{ steps.check-secrets.outputs.available }}
    steps:
      # we check for the ACTIONS_ID_TOKEN_REQUEST_URL variable as a proxy for other secrets
      # it will be unset when running for a PR from a fork
      - id: check-secrets
        run: |
          if [[ "${ACTIONS_ID_TOKEN_REQUEST_URL}" == "" ]]; then
            echo "available=false" | tee ${GITHUB_OUTPUT}
          else
            echo "available=true" | tee ${GITHUB_OUTPUT}
          fi

  get-go-version:
    runs-on: ubuntu-latest
    outputs:
      go-version: ${{ steps.get-go-version.outputs.go-version }}
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: 'Determine Go version'
        id: get-go-version
        run: |
          echo "Found Go $(cat .go-version)"
          echo "go-version=$(cat .go-version)" >> $GITHUB_OUTPUT


  acceptance-tests:
    runs-on: ubuntu-latest
    needs: 
      - secrets-check
      - get-go-version 
    if: needs.secrets-check.outputs.available == 'true'
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     
      - name: Set up Go
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
        with:
          go-version: ${{ needs.get-go-version.outputs.go-version }} 

      - name: Setup `terraform`
        uses: hashicorp/setup-terraform@v2

      - name: Run `terraform init` to download Azure Provider
        run: terraform init
        working-directory: ./terraform
     
      - name: Setup `packer`
        uses: hashicorp/setup-packer@main
        id: setup

      - name: Build the plugin
        run:  make
      
      - name: Login to Azure CLI
        run: az login --output none --tenant="${{ secrets.ARM_TENANT_ID}}" --username="${{ secrets.ARM_CLIENT_ID}}" --password="${{ secrets.ARM_CLIENT_SECRET}}" --service-principal
        
      - name: Create SSH Certificate and set envrionment variable for it # Used for Linux specialized ancestry test, so parent and child have to share the same login method
        run: ssh-keygen -m PEM -t rsa -b 4096 -f example.pem -N '' && echo "ARM_SSH_PRIVATE_KEY_FILE=$(pwd)/example.pem" >> $GITHUB_ENV

      - name: Set auth and resource name environemnt variables
        run: |
          echo "AZURE_CLI_AUTH=1" >> $GITHUB_ENV
          echo "ARM_SUBSCRIPTION_ID=${{ secrets.ARM_SUBSCRIPTION_ID}}" >> $GITHUB_ENV
          echo "ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID}}" >> $GITHUB_ENV
          echo "ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET}}" >> $GITHUB_ENV
          BASE_RG="packercigroup"
          BASE_STORAGE="packerciaccount"
          BASE_PREFIX="packerci"
          SUFFIX=$(printf "%s" "${GITHUB_RUN_ID}" | tail -c 6)
          STORAGE_BASE=$(echo "${BASE_STORAGE}" | tr '[:upper:]' '[:lower:]' | tr -d '-')
          MAX_STORAGE_LEN=$((24 - ${#SUFFIX}))
          STORAGE_BASE=${STORAGE_BASE:0:${MAX_STORAGE_LEN}}

          echo "ARM_RESOURCE_GROUP_NAME_BASE=${BASE_RG}" >> $GITHUB_ENV
          echo "ARM_STORAGE_ACCOUNT_BASE=${BASE_STORAGE}" >> $GITHUB_ENV
          echo "ARM_RESOURCE_PREFIX_BASE=${BASE_PREFIX}" >> $GITHUB_ENV
          echo "ARM_RESOURCE_SUFFIX=${SUFFIX}" >> $GITHUB_ENV

          echo "ARM_RESOURCE_GROUP_NAME=${BASE_RG}-${SUFFIX}" >> $GITHUB_ENV
          echo "ARM_STORAGE_ACCOUNT=${STORAGE_BASE}${SUFFIX}" >> $GITHUB_ENV
          echo "ARM_RESOURCE_PREFIX=${BASE_PREFIX}_${SUFFIX}" >> $GITHUB_ENV
          echo "ARM_STORAGE_CONTAINER_NAME=packeracc" >> $GITHUB_ENV
          echo "ARM_TEMP_RESOURCE_GROUP_NAME=${BASE_PREFIX}-${SUFFIX}-acceptance-test-managed-cli" >> $GITHUB_ENV
          echo "ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }}" >> $GITHUB_ENV

          KV_BASE=$(echo "${BASE_PREFIX}" | tr '[:upper:]' '[:lower:]' | tr -d '-' | tr -d '_')
          KV_BASE_MAX=$((24 - ${#SUFFIX} - 2))
          KV_BASE=${KV_BASE:0:${KV_BASE_MAX}}
          echo "ARM_KEY_VAULT_NAME=${KV_BASE}kv${SUFFIX}" >> $GITHUB_ENV

          OBJECT_ID=$(az ad sp show --id "${{ secrets.ARM_CLIENT_ID }}" | jq -r '.id')
          echo "AZURE_OBJECT_ID=${OBJECT_ID}" >> $GITHUB_ENV

      - name: Run `terraform apply` to create resources for acceptance tests
        working-directory: ./terraform
        run: ./run_terraform_apply_with_expected_env_vars.sh

      - name: Run Acceptance Tests
        run:  make testacc

      - name: Run `terraform destroy` after test
        working-directory: ./terraform
        if: ${{ always() }} # Regardless of failure or cancelation, run terraform destroy
        run: ./run_terraform_destroy_with_expected_env_vars.sh
     
      # Try and upload logs
      - run: zip arm_failure_logs.zip builder/azure/arm/packer_*txt
        if: ${{ failure() }}
      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        if: ${{ failure() }}
        with:
          name: "arm_failure_logs.zip"
          path: "arm_failure_logs.zip"
          retention-days: 1

      - run: zip dtl_failure_logs.zip builder/azure/dtl/packer_*txt
        if: ${{ failure() }}
      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        if: ${{ failure() }}
        with:
          name: "dtl_failure_logs.zip"
          path: "dtl_failure_logs.zip"
          retention-days: 1