fix: tests on github
This commit is contained in:
parent
d82fc0d955
commit
bc8b0288ca
3 changed files with 81 additions and 25 deletions
74
.github/scripts/load_config_key_from_azure.py
vendored
Normal file
74
.github/scripts/load_config_key_from_azure.py
vendored
Normal file
|
|
@ -0,0 +1,74 @@
|
|||
#!/usr/bin/env python3
|
||||
# Copyright (c) 2026 Patrick Motsch
|
||||
"""Load CONFIG_KEY from Azure App Service for CI pytest (Kudu API + publish profile)."""
|
||||
from __future__ import annotations
|
||||
|
||||
import base64
|
||||
import json
|
||||
import os
|
||||
import sys
|
||||
import urllib.request
|
||||
import xml.etree.ElementTree as ET
|
||||
|
||||
|
||||
def main() -> None:
|
||||
profile_xml = os.environ.get("AZURE_PUBLISH_PROFILE")
|
||||
setting_name = os.environ.get("SETTING_NAME", "CONFIG_KEY")
|
||||
if not profile_xml:
|
||||
print("::error::AZURE_PUBLISH_PROFILE is not set", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
root = ET.fromstring(profile_xml)
|
||||
pub = None
|
||||
for element in root.findall(".//publishProfile"):
|
||||
url = (element.get("publishUrl") or "").lower()
|
||||
if "scm" in url:
|
||||
pub = element
|
||||
break
|
||||
if pub is None:
|
||||
pub = root.find(".//publishProfile")
|
||||
if pub is None:
|
||||
print("::error::No publishProfile in publish profile XML", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
host = (pub.get("publishUrl") or "").split(":")[0]
|
||||
user = pub.get("userName")
|
||||
pwd = pub.get("userPWD")
|
||||
if not (host and user and pwd):
|
||||
print("::error::Could not parse SCM credentials from publish profile", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
api = f"https://{host}/api/settings"
|
||||
req = urllib.request.Request(api)
|
||||
cred = base64.b64encode(f"{user}:{pwd}".encode()).decode()
|
||||
req.add_header("Authorization", f"Basic {cred}")
|
||||
try:
|
||||
with urllib.request.urlopen(req, timeout=60) as resp:
|
||||
settings = json.load(resp)
|
||||
except Exception as exc:
|
||||
print(f"::error::Kudu settings request failed: {exc}", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
if not isinstance(settings, dict) or setting_name not in settings:
|
||||
preview = sorted(settings.keys())[:25] if isinstance(settings, dict) else []
|
||||
print(
|
||||
f"::error::{setting_name} not in Azure App Service application settings "
|
||||
f"(sample keys: {preview})",
|
||||
file=sys.stderr,
|
||||
)
|
||||
sys.exit(1)
|
||||
|
||||
value = settings[setting_name]
|
||||
if not value or not str(value).strip():
|
||||
print(f"::error::{setting_name} is empty in Azure App Service", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
github_env = os.environ.get("GITHUB_ENV")
|
||||
if github_env:
|
||||
with open(github_env, "a", encoding="utf-8") as handle:
|
||||
handle.write(f"{setting_name}<<EOF\n{value}\nEOF\n")
|
||||
print(f"Loaded {setting_name} from Azure App Service ({len(value)} characters)")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
13
.github/workflows/int_gateway-int.yml
vendored
13
.github/workflows/int_gateway-int.yml
vendored
|
|
@ -42,19 +42,12 @@ jobs:
|
|||
pip install -r requirements.txt --no-cache-dir
|
||||
fi
|
||||
|
||||
- name: Verify CONFIG_KEY for pytest
|
||||
- name: Load CONFIG_KEY from Azure App Service
|
||||
env:
|
||||
CONFIG_KEY: ${{ secrets.CONFIG_KEY }}
|
||||
run: |
|
||||
if [ -z "${CONFIG_KEY}" ]; then
|
||||
echo "::error::CONFIG_KEY is empty in GitHub Environment 'Production'. Add the int master key as CONFIG_KEY there (must decrypt INT_ENC:* in env-gateway-int.env)."
|
||||
exit 1
|
||||
fi
|
||||
echo "CONFIG_KEY is set (${#CONFIG_KEY} characters)."
|
||||
AZURE_PUBLISH_PROFILE: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_GATEWAY_INT }}
|
||||
run: python .github/scripts/load_config_key_from_azure.py
|
||||
|
||||
- name: Run tests
|
||||
env:
|
||||
CONFIG_KEY: ${{ secrets.CONFIG_KEY }}
|
||||
run: python -m pytest tests/ --ignore=tests/demo
|
||||
|
||||
build:
|
||||
|
|
|
|||
19
.github/workflows/main_gateway-prod.yml
vendored
19
.github/workflows/main_gateway-prod.yml
vendored
|
|
@ -18,11 +18,7 @@ concurrency:
|
|||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
# Same GitHub Environment as deploy — CONFIG_KEY lives here (not on the build job).
|
||||
environment:
|
||||
name: 'Production'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
environment: Production
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
|
||||
|
|
@ -46,19 +42,12 @@ jobs:
|
|||
pip install -r requirements.txt --no-cache-dir
|
||||
fi
|
||||
|
||||
- name: Verify CONFIG_KEY for pytest
|
||||
- name: Load CONFIG_KEY from Azure App Service
|
||||
env:
|
||||
CONFIG_KEY: ${{ secrets.CONFIG_KEY }}
|
||||
run: |
|
||||
if [ -z "${CONFIG_KEY}" ]; then
|
||||
echo "::error::CONFIG_KEY is empty in GitHub Environment 'Production'. Azure App Service settings are not visible to this job — add CONFIG_KEY under Settings → Environments → Production → Environment secrets (same value as in Azure portal)."
|
||||
exit 1
|
||||
fi
|
||||
echo "CONFIG_KEY is set (${#CONFIG_KEY} characters)."
|
||||
AZURE_PUBLISH_PROFILE: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_GATEWAY_PROD }}
|
||||
run: python .github/scripts/load_config_key_from_azure.py
|
||||
|
||||
- name: Run tests
|
||||
env:
|
||||
CONFIG_KEY: ${{ secrets.CONFIG_KEY }}
|
||||
run: python -m pytest tests/ --ignore=tests/demo
|
||||
|
||||
build:
|
||||
|
|
|
|||
Loading…
Reference in a new issue