diff --git a/github-action/README.md b/github-action/README.md index 6076693..1437526 100644 --- a/github-action/README.md +++ b/github-action/README.md @@ -34,7 +34,7 @@ jobs: creds: ${{ secrets.AZURE_CREDENTIALS }} - name: 'Sync the NGINX configuration from the GitHub repository to the NGINXaaS for Azure deployment' - uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.0 + uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.1 with: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} @@ -77,7 +77,7 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: 'Sync the NGINX configuration from the GitHub repository to the NGINXaaS for Azure deployment' - uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.0 + uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.1 with: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} @@ -106,7 +106,7 @@ To use this action to sync the configuration files from this example, the direct ```yaml - name: 'Sync the NGINX configuration from the GitHub repository to the NGINXaaS for Azure deployment' - uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.0 + uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.1 with: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} @@ -139,7 +139,7 @@ The action supports an optional input `transformed-nginx-config-directory-path` ```yaml - name: 'Sync the NGINX configuration from the Git repository to the NGINXaaS for Azure deployment' - uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.0 + uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.1 with: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} @@ -172,7 +172,7 @@ See the example below ```yaml - name: "Sync NGINX certificates to NGINXaaS for Azure" - uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.0 + uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.1 with: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} @@ -186,7 +186,7 @@ See the example below ```yaml - name: "Sync NGINX configuration- multi file and certificate to NGINXaaS for Azure" - uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.0 + uses: nginxinc/nginx-for-azure-deploy-action/github-action@v0.4.1 with: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resource-group-name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} diff --git a/github-action/action.yml b/github-action/action.yml index 3d2aa6c..1f4e4d1 100644 --- a/github-action/action.yml +++ b/github-action/action.yml @@ -10,10 +10,6 @@ inputs: nginx-deployment-name: description: "The name of the NGINXaaS for Azure deployment." required: true - nginx-deployment-location: - description: "The location where the NGINX deployment is located. Example westcentralus" - required: false - deprecationMessage: "This field is not in use and will be removed in a future release. Consider dropping it from your Github Action configuration." nginx-config-directory-path: description: 'The NGINX configuration directory path relative to the root of the Git repository, example: "config/".' required: false @@ -40,8 +36,8 @@ runs: using: "composite" steps: - name: "Synchronize NGINX certificate(s) from the Git repository to an NGINXaaS for Azure deployment" - run: ${{github.action_path}}/src/deploy-certificate.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --nginx_resource_location=${{ inputs.nginx-deployment-location }} --certificates=${{ toJSON(inputs.nginx-certificates) }} --debug=${{ inputs.debug }} - if: ${{ inputs.nginx-deployment-location != '' && inputs.nginx-certificates != '' }} + run: ${{github.action_path}}/src/deploy-certificate.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --certificates=${{ toJSON(inputs.nginx-certificates) }} --debug=${{ inputs.debug }} + if: ${{ inputs.nginx-certificates != '' }} shell: bash - name: "Synchronize NGINX configuration from the Git repository to an NGINXaaS for Azure deployment" run: ${{github.action_path}}/src/deploy-config.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --config_dir_path=${{ inputs.nginx-config-directory-path }} --root_config_file=${{ inputs.nginx-root-config-file }} --transformed_config_dir_path=${{ inputs.transformed-nginx-config-directory-path }} --debug=${{ inputs.debug }} diff --git a/github-action/src/deploy-certificate.sh b/github-action/src/deploy-certificate.sh index adbfcda..98725ef 100755 --- a/github-action/src/deploy-certificate.sh +++ b/github-action/src/deploy-certificate.sh @@ -17,10 +17,6 @@ case $i in nginx_deployment_name="${i#*=}" shift ;; - --nginx_resource_location=*) - nginx_resource_location="${i#*=}" - shift - ;; --certificates=*) certificates="${i#*=}" shift @@ -51,26 +47,12 @@ then echo "Please set 'nginx-deployment-name' ..." exit 1 fi -if [[ ! -v nginx_resource_location ]]; -then - echo "Please set 'nginx-resource-location' ..." - exit 1 -fi if [[ ! -v certificates ]]; then echo "Please set 'nginx-certificates' ..." exit 1 fi -arm_template_file="nginx-for-azure-certificate-template.json" - -#get the ARM template file -wget -O "$arm_template_file" https://raw.githubusercontent.com/nginxinc/nginx-for-azure-deploy-action/a69d33feaa1a8a012ec44c138ca78c6ec4db9f29/src/nginx-for-azure-certificate-template.json -echo "Downloaded the ARM template for synchronizing NGINX certificate." - -cat "$arm_template_file" -echo "" - az account set -s "$subscription_id" --verbose count=$(echo "$certificates" | jq '. | length') @@ -104,41 +86,33 @@ do do_nginx_arm_deployment=0 fi - uuid="$(cat /proc/sys/kernel/random/uuid)" - template_file="template-$uuid.json" - template_deployment_name="${nginx_deployment_name:0:20}-$uuid" - - cp "$arm_template_file" "$template_file" - echo "Synchronizing NGINX certificate" echo "Subscription ID: $subscription_id" echo "Resource group name: $resource_group_name" echo "NGINXaaS for Azure deployment name: $nginx_deployment_name" - echo "NGINXaaS for Azure Location: $nginx_resource_location" - echo "ARM template deployment name: $template_deployment_name" echo "" echo "NGINXaaS for Azure cert name: $nginx_cert_name" echo "NGINXaaS for Azure cert file location: $nginx_cert_file" echo "NGINXaaS for Azure key file location: $nginx_key_file" echo "" + echo "Installing the az nginx extension if not already installed." + az extension add --name nginx --allow-preview true + if [ $do_nginx_arm_deployment -eq 1 ] then az_cmd=( "az" + "nginx" "deployment" - "group" + "certificate" "create" - "--name" "$template_deployment_name" "--resource-group" "$resource_group_name" - "--template-file" "$template_file" - "--parameters" - "name=$nginx_cert_name" - "location=$nginx_resource_location" - "nginxDeploymentName=$nginx_deployment_name" - "certificateVirtualPath=$nginx_cert_file" - "keyVirtualPath=$nginx_key_file" - "keyVaultSecretID=$keyvault_secret" + "--certificate-name" "$nginx_cert_name" + "--deployment-name" "$nginx_deployment_name" + "--certificate-path" "$nginx_cert_file" + "--key-path" "$nginx_key_file" + "--key-vault-secret-id" "$keyvault_secret" "--verbose" ) if [[ "$debug" == true ]]; then diff --git a/github-action/src/deploy-config.sh b/github-action/src/deploy-config.sh index 5d1a6e0..8291cee 100755 --- a/github-action/src/deploy-config.sh +++ b/github-action/src/deploy-config.sh @@ -132,7 +132,7 @@ echo "Successfully created the tarball from the NGINX configuration directory." echo "Listing the NGINX configuration file paths in the tarball." tar -tf "$config_tarball" -encoded_config_tarball=$(base64 "$config_tarball") +encoded_config_tarball=$(base64 "$config_tarball" -w 0) if [[ "$debug" == true ]]; then echo "The base64 encoded NGINX configuration tarball" @@ -142,36 +142,28 @@ echo "" # Synchronize the NGINX configuration tarball to the NGINXaaS for Azure deployment. -uuid="$(cat /proc/sys/kernel/random/uuid)" -template_file="template-$uuid.json" -template_deployment_name="${nginx_deployment_name:0:20}-$uuid" - -wget -O "$template_file" https://raw.githubusercontent.com/nginxinc/nginx-for-azure-deploy-action/487d1394d6115d4f42ece6200cbd20859595557d/src/nginx-for-azure-configuration-template.json -echo "Downloaded the ARM template for synchronizing NGINX configuration." -cat "$template_file" -echo "" - echo "Synchronizing NGINX configuration" echo "Subscription ID: $subscription_id" echo "Resource group name: $resource_group_name" echo "NGINXaaS for Azure deployment name: $nginx_deployment_name" -echo "ARM template deployment name: $template_deployment_name" echo "" az account set -s "$subscription_id" --verbose +echo "Installing the az nginx extension if not already installed." +az extension add --name nginx --allow-preview true + az_cmd=( "az" + "nginx" "deployment" - "group" - "create" - "--name" "$template_deployment_name" + "configuration" + "update" + "--name" "default" + "--deployment-name" "$nginx_deployment_name" "--resource-group" "$resource_group_name" - "--template-file" "$template_file" - "--parameters" - "nginxDeploymentName=$nginx_deployment_name" - "rootFile=$transformed_root_config_file_path" - "tarball=$encoded_config_tarball" + "--root-file" "$transformed_root_config_file_path" + "--package" "data=$encoded_config_tarball" "--verbose" ) diff --git a/github-action/src/nginx-for-azure-certificate-template.json b/github-action/src/nginx-for-azure-certificate-template.json deleted file mode 100644 index de21263..0000000 --- a/github-action/src/nginx-for-azure-certificate-template.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the cert resource" - } - }, - "location": { - "type": "string", - "metadata": { - "description": "The location for all resources" - } - }, - "nginxDeploymentName": { - "type": "string", - "metadata": { - "description": "The name of your NGINX deployment resource" - } - }, - "certificateVirtualPath": { - "type": "string", - "metadata": { - "description": "The file path of the certificate file" - } - }, - "keyVirtualPath": { - "type": "string", - "metadata": { - "description": "The file path of the certificate key file" - } - }, - "keyVaultSecretID": { - "type": "string", - "metadata": { - "description": "The secret ID of the key vault holding the certificate" - } - } - }, - "resources": [ - { - "type": "NGINX.NGINXPLUS/nginxDeployments/certificates", - "apiVersion": "2024-11-01-preview", - "name": "[concat(parameters('nginxDeploymentName'), concat('/', parameters('name')))]", - "location": "[parameters('location')]", - "properties": { - "certificateVirtualPath": "[parameters('certificateVirtualPath')]", - "keyVirtualPath": "[parameters('keyVirtualPath')]", - "keyVaultSecretId": "[parameters('keyVaultSecretID')]" - } - } - ] -} diff --git a/github-action/src/nginx-for-azure-configuration-template.json b/github-action/src/nginx-for-azure-configuration-template.json deleted file mode 100644 index 9d1064c..0000000 --- a/github-action/src/nginx-for-azure-configuration-template.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "nginxDeploymentName": { - "type": "string", - "metadata": { - "description": "The name of the NGINXaaS for Azure deployment to synchronize the configuration." - } - }, - "rootFile": { - "type": "string", - "defaultValue": "nginx.conf", - "metadata": { - "description": "The file path of the root NGINX configuration file." - } - }, - "tarball": { - "type": "string", - "metadata": { - "description": "The based64 encoded NGINX configuration tarball." - } - } - }, - "variables": {}, - "resources": [ - { - "type": "NGINX.NGINXPLUS/nginxDeployments/configurations", - "apiVersion": "2024-11-01-preview", - "name": "[concat(parameters('nginxDeploymentName'), '/default')]", - "properties": { - "rootFile": "[parameters('rootFile')]", - "package": { - "data": "[parameters('tarball')]" - } - } - } - ] -}