PoC: Federated SPN credentials (#540) #575
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Actions workflow for merges to main | |
name: rolling-instance-actions | |
on: | |
workflow_dispatch: # allow for manual workflow triggering as needed | |
inputs: | |
runSlowCRUD: | |
description: 'run slow CRUD actions like copy-env, backup-env, restore-env, reset-env (default: yes)' | |
required: false | |
default: 'yes' | |
push: | |
branches: [ main ] | |
permissions: | |
id-token: write # OIDC token for Workload Identity Federation | |
jobs: | |
instance-actions: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest, windows-latest] | |
fail-fast: false | |
env: | |
RUNNER_DEBUG: 1 | |
WF_USERNAME: [email protected] | |
WF_APPID: ddb0fc45-d55c-4fd6-af4a-152359bb4ebd | |
WF_TENANT_ID: 3041a058-5110-495a-a575-b2a5571d9eac | |
WF_USER_ROLE: "Bot Author" | |
WF_USER_AAD_OBJECT_ID: "85fd1857-ddef-46f6-acf4-22a0d1df2cda" | |
WF_APP_USER_ID: "82e66a08-8bf9-42bf-883a-7e2d17c7cede" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
lfs: true | |
- name: Install PAC | |
uses: ./actions-install | |
id: actions-install | |
- name: Test create-source-environment action with appId-clientSecret | |
uses: ./create-environment | |
id: create-source-environment | |
env: | |
PP_SRC_ENV_NAME: ${{ format('ci-actions-src-{0}', runner.os) }} | |
with: | |
app-id: ${{ env.WF_APPID }} | |
client-secret: ${{ secrets.CLIENT_SECRET_PPDEVTOOLS }} | |
tenant-id: ${{ env.WF_TENANT_ID }} | |
name: ${{ env.PP_SRC_ENV_NAME }} | |
type: Sandbox | |
region: unitedstates | |
domain: ${{ env.PP_SRC_ENV_NAME }} | |
- name: Test create-target-environment action with username/password | |
uses: ./create-environment | |
id: create-target-environment | |
env: | |
PP_TRG_ENV_NAME: ${{ format('ci-actions-trg-{0}', runner.os) }} | |
with: | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
name: ${{ env.PP_TRG_ENV_NAME }} | |
type: Sandbox | |
region: unitedstates | |
domain: ${{ env.PP_TRG_ENV_NAME }} | |
- name: Test who-am-i action with appId-clientSecret | |
uses: ./who-am-i | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
app-id: ${{ env.WF_APPID }} | |
client-secret: ${{ secrets.CLIENT_SECRET_PPDEVTOOLS }} | |
tenant-id: ${{ env.WF_TENANT_ID }} | |
- name: Test who-am-i action with appId + Workload Identity Federation | |
uses: ./who-am-i | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
app-id: ${{ env.WF_APPID }} | |
tenant-id: ${{ env.WF_TENANT_ID }} | |
- name: Test who-am-i action with username/password | |
uses: ./who-am-i | |
with: | |
environment-url: ${{ steps.create-target-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
# - name: Install AppSource application | |
# uses: ./install-application | |
# with: | |
# environment: ${{ steps.create-source-environment.outputs.environment-url }} | |
# app-id: ${{ env.WF_APPID }} | |
# client-secret: ${{ secrets.CLIENT_SECRET_PPDEVTOOLS }} | |
# tenant-id: ${{ env.WF_TENANT_ID }} | |
# application-list: 'src/test/data/appsToInstall.json' | |
- name: Test assign-user action | |
if: startsWith(github.event.inputs.runSlowCRUD, 'no') | |
uses: ./assign-user | |
with: | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
environment: ${{ steps.create-source-environment.outputs.environment-url }} | |
user: ${{ env.WF_USER_AAD_OBJECT_ID}} | |
role: ${{ env.WF_USER_ROLE}} | |
- name: Test assign-user action as application user | |
if: startsWith(github.event.inputs.runSlowCRUD, 'no') | |
uses: ./assign-user | |
with: | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
environment: ${{ steps.create-source-environment.outputs.environment-url }} | |
user: ${{ env.WF_APP_USER_ID}} | |
role: ${{ env.WF_USER_ROLE}} | |
application-user: true | |
- name: Test assign-group action | |
if: startsWith(github.event.inputs.runSlowCRUD, 'no') | |
uses: ./assign-group | |
with: | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
environment: ${{ steps.create-source-environment.outputs.environment-url }} | |
group: 'fef01b9b-da30-4cb5-b6b9-ff34c5d2ca2e' | |
group-name: 'Test Group' | |
role: 'System Customizer' | |
team-type: 'AadSecurityGroup' | |
membership-type: 'Members' | |
- name: Test unpack-solution action | |
uses: ./unpack-solution | |
with: | |
solution-folder: 'out/CI/emptySolution/src' | |
solution-file: 'src/test/data/TrivialCanvasSolution.zip' | |
solution-type: 'Unmanaged' | |
overwrite-files: true | |
error-level: Error | |
locale-template: 'en-US' | |
localize: true | |
process-canvas-apps: true | |
- name: Test pack-solution action | |
uses: ./pack-solution | |
with: | |
solution-folder: 'src/test/data/emptySolution' | |
solution-file: 'out/CI/emptySolution.zip' | |
solution-type: 'Unmanaged' | |
error-level: Error | |
localize: true | |
- name: Check solution | |
uses: ./check-solution | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
path: 'src/test/data/empty*.zip' | |
- name: Test import-solution action with username/password | |
uses: ./import-solution | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
solution-file: 'src/test/data/emptySolution_0_1_0_0.zip' | |
force-overwrite: true | |
run-asynchronously: true | |
- name: Test export-solution action with username/password | |
uses: ./export-solution | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
solution-name: emptySolution | |
solution-output-file: 'solution1.zip' | |
working-directory: 'out/CI' | |
run-asynchronously: true | |
- name: Test unpack-solution action | |
uses: ./unpack-solution | |
with: | |
solution-file: 'out/CI/solution1.zip' | |
solution-folder: 'out/CI/solution one' | |
solution-type: 'Unmanaged' | |
overwrite-files: true | |
- name: Test clone-solution action with username/password | |
uses: ./clone-solution | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
solution-name: emptySolution | |
target-folder: 'out/CI/cloned' | |
- name: Test publish-solution action with username/password | |
uses: ./publish-solution | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
- name: Test delete-solution action with username/password | |
uses: ./delete-solution | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
solution-name: emptySolution | |
- name: Test deploy-package action with username-password | |
if: matrix.os == 'windows-latest' | |
uses: ./deploy-package | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
tenant-id: ${{ env.WF_TENANT_ID }} | |
package: 'src\test\data\pkgDeployTestData\CDSPackage.dll' | |
- name: Test copy-environment action with username/password | |
if: startsWith(github.event.inputs.runSlowCRUD, 'yes') | |
uses: ./copy-environment | |
with: | |
source-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
target-url: ${{ steps.create-target-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
- name: Test backup-environment action with appId-clientSecret | |
if: startsWith(github.event.inputs.runSlowCRUD, 'yes') | |
uses: ./backup-environment | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
backup-label: test-backup-label | |
app-id: ${{ env.WF_APPID }} | |
client-secret: ${{ secrets.CLIENT_SECRET_PPDEVTOOLS }} | |
tenant-id: ${{ env.WF_TENANT_ID }} | |
- name: Test reset-environment action with username/password | |
if: startsWith(github.event.inputs.runSlowCRUD, 'yes') | |
uses: ./reset-environment | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
- name: Test restore-environment action with username/password | |
if: startsWith(github.event.inputs.runSlowCRUD, 'yes') | |
uses: ./restore-environment | |
with: | |
source-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
target-url: ${{ steps.create-target-environment.outputs.environment-url }} | |
selected-backup: latest | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
- name: Test delete-source-environment action with appId-clientSecret | |
if: always() # Clean up created environments even on failed run | |
uses: ./delete-environment | |
with: | |
environment-url: ${{ steps.create-source-environment.outputs.environment-url }} | |
user-name: ${{ env.WF_USERNAME }} | |
password-secret: ${{ secrets.PASSWORD_PPDEVTOOLS }} | |
- name: Test delete-target-environment action with username/password | |
if: always() # Clean up created environments even on failed run | |
uses: ./delete-environment | |
with: | |
environment-url: ${{ steps.create-target-environment.outputs.environment-url }} | |
app-id: ${{ env.WF_APPID }} | |
client-secret: ${{ secrets.CLIENT_SECRET_PPDEVTOOLS }} | |
tenant-id: ${{ env.WF_TENANT_ID }} | |
- name: Upload pac CLI logs | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: pac-cli-log ${{ matrix.os }} | |
path: ./dist/pac*/tools/logs/pac-log.txt |