Azure · lonegunmanb · Dec 16, 2024 · Dec 31, 2024 · Dec 31, 2024 · Dec 31, 2024
diff --git a/.github/workflows/test-examples-template.yml b/.github/workflows/test-examples-template.yml
@@ -18,11 +18,62 @@ jobs:
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
+  checksetup:
+    runs-on: ubuntu-latest
+    needs: getexamples
+    outputs:
+      setup_exists: ${{ steps.check-setup.outputs.setup_exists }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+      - name: Check if setup.sh exists
+        id: check-setup
+        run: |
+          if [ -f examples/setup.sh ]; then
+            echo "setup_exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "setup_exists=false" >> $GITHUB_OUTPUT
+          fi
+        shell: bash
+
+  globalsetup:
+    if: needs.checksetup.outputs.setup_exists == 'true' && github.event.repository.name != 'terraform-azurerm-avm-template' && github.event.pull_request.head.repo.fork == false
+    runs-on: ubuntu-latest
+    environment: test
+    needs: checksetup
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+      - name: Run global setup script
+        env:
+          TF_IN_AUTOMATION: 1
+          TF_VAR_enable_telemetry: false
+          SECRETS_CONTEXT: ${{ toJson(secrets) }}
+          VARS_CONTEXT: ${{ toJson(vars) }}
+          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+          ARM_TENANT_ID_OVERRIDE: ${{ secrets.ARM_TENANT_ID_OVERRIDE }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+          ARM_SUBSCRIPTION_ID_OVERRIDE: ${{ secrets.ARM_SUBSCRIPTION_ID_OVERRIDE }}
+          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+          ARM_CLIENT_ID_OVERRIDE: ${{ secrets.ARM_CLIENT_ID_OVERRIDE }}
+          ARM_USE_OIDC: true
+        run: |
+          set -e
+
+          export REMOTE_SCRIPT="https://raw.githubusercontent.com/Azure/tfmod-scaffold/main/avm_scripts"
+          curl -H 'Cache-Control: no-cache, no-store' -sSL "$REMOTE_SCRIPT/prepare-credential.sh" -o prepare-credential.sh
+          source ./prepare-credential.sh
+
+          if [ -f examples/setup.sh ]; then
+            chmod +x examples/setup.sh
+            docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src/examples --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true --env-file <(env | grep TF_VAR_ | grep -v ' "TF_VAR_') mcr.microsoft.com/azterraform:latest ./setup.sh
+          fi
+        shell: bash
+
+
   testexamples:
-    if: github.event.repository.name != 'terraform-azurerm-avm-template' && github.event.pull_request.head.repo.fork == false
+    if: always() && !failure() && !cancelled() && github.event.repository.name != 'terraform-azurerm-avm-template' && github.event.pull_request.head.repo.fork == false
     name: ${{ matrix.example }}
     runs-on: ubuntu-latest
-    needs: getexamples
+    needs: [getexamples, checksetup, globalsetup]
     environment: test
     env:
       TF_IN_AUTOMATION: 1
@@ -37,63 +88,83 @@ jobs:
       - name: Test example
         shell: bash
         env:
+          TF_IN_AUTOMATION: 1
+          TF_VAR_enable_telemetry: false
           SECRETS_CONTEXT: ${{ toJson(secrets) }}
           VARS_CONTEXT: ${{ toJson(vars) }}
+          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+          ARM_TENANT_ID_OVERRIDE: ${{ secrets.ARM_TENANT_ID_OVERRIDE }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+          ARM_SUBSCRIPTION_ID_OVERRIDE: ${{ secrets.ARM_SUBSCRIPTION_ID_OVERRIDE }}
+          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+          ARM_CLIENT_ID_OVERRIDE: ${{ secrets.ARM_CLIENT_ID_OVERRIDE }}
+          ARM_USE_OIDC: true
         run: |
           set -e
 
-          declare -A secrets
-          eval "$(echo $SECRETS_CONTEXT | jq -r 'to_entries[] | @sh "secrets[\(.key|tostring)]=\(.value|tostring)"')"
-
-          declare -A variables
-          eval "$(echo $VARS_CONTEXT | jq -r 'to_entries[] | @sh "variables[\(.key|tostring)]=\(.value|tostring)"')"
-
-          for key in "${!secrets[@]}"; do
-            if [[ $key = \TF_VAR_* ]]; then
-              lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]')
-              finalKey=${lowerKey/tf_var_/TF_VAR_}
-              export "$finalKey"="${secrets[$key]}"
-            fi
-          done
-
-          for key in "${!variables[@]}"; do
-            if [[ $key = \TF_VAR_* ]]; then
-              lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]')
-              finalKey=${lowerKey/tf_var_/TF_VAR_}
-              export "$finalKey"="${variables[$key]}"
-            fi
-          done
+          export REMOTE_SCRIPT="https://raw.githubusercontent.com/Azure/tfmod-scaffold/main/avm_scripts"
+          curl -H 'Cache-Control: no-cache, no-store' -sSL "$REMOTE_SCRIPT/prepare-credential.sh" -o prepare-credential.sh
+          source ./prepare-credential.sh
+
+          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true --env-file <(env | grep TF_VAR_ | grep -v ' "TF_VAR_') mcr.microsoft.com/azterraform:latest make test-example
 
-          echo -e "Custom environment variables:\n$(env | grep TF_VAR_ | grep -v ' "TF_VAR_')"
-
-          # Set up the Azure Provider Environment Variables
-          tenantId=${{ secrets.ARM_TENANT_ID_OVERRIDE }}
-          if [ -z "$tenantId" ]; then
-            tenantId=${{ secrets.ARM_TENANT_ID }}
+  checkteardown:
+    runs-on: ubuntu-latest
+    if: always() && github.event.repository.name != 'terraform-azurerm-avm-template' && github.event.pull_request.head.repo.fork == false
+    needs: testexamples
+    outputs:
+      teardown_exists: ${{ steps.check-teardown.outputs.teardown_exists }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+      - name: Check if teardown.sh exists
+        id: check-teardown
+        run: |
+          if [ -f examples/teardown.sh ]; then
+            echo "teardown_exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "teardown_exists=false" >> $GITHUB_OUTPUT
           fi
-          echo "tenantId: $tenantId"
+        shell: bash
 
-          subscriptionId=${{ secrets.ARM_SUBSCRIPTION_ID_OVERRIDE }}
-          if [ -z "$subscriptionId" ]; then
-            subscriptionId=${{ secrets.ARM_SUBSCRIPTION_ID }}
-          fi
+  globalteardown:
+    if: always() && needs.checkteardown.outputs.teardown_exists == 'true' && github.event.repository.name != 'terraform-azurerm-avm-template' && github.event.pull_request.head.repo.fork == false
+    runs-on: ubuntu-latest
+    environment: test
+    needs: checkteardown
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+      - name: Run teardown script
+        env:
+          TF_IN_AUTOMATION: 1
+          TF_VAR_enable_telemetry: false
+          SECRETS_CONTEXT: ${{ toJson(secrets) }}
+          VARS_CONTEXT: ${{ toJson(vars) }}
+          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+          ARM_TENANT_ID_OVERRIDE: ${{ secrets.ARM_TENANT_ID_OVERRIDE }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+          ARM_SUBSCRIPTION_ID_OVERRIDE: ${{ secrets.ARM_SUBSCRIPTION_ID_OVERRIDE }}
+          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+          ARM_CLIENT_ID_OVERRIDE: ${{ secrets.ARM_CLIENT_ID_OVERRIDE }}
+          ARM_USE_OIDC: true
+        run: |
+          set -e
 
-          clientId=${{ secrets.ARM_CLIENT_ID_OVERRIDE }}
-          if [ -z "$clientId" ]; then
-            clientId=${{ secrets.ARM_CLIENT_ID }}
+          export REMOTE_SCRIPT="https://raw.githubusercontent.com/Azure/tfmod-scaffold/main/avm_scripts"
+          curl -H 'Cache-Control: no-cache, no-store' -sSL "$REMOTE_SCRIPT/prepare-credential.sh" -o prepare-credential.sh
+          source ./prepare-credential.sh
+
+          if [ -f examples/teardown.sh ]; then
+            chmod +x examples/teardown.sh
+            docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src/examples --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true --env-file <(env | grep TF_VAR_ | grep -v ' "TF_VAR_') mcr.microsoft.com/azterraform:latest ./teardown.sh
           fi
+        id: global-teardown
+        shell: bash
 
-          export ARM_TENANT_ID=$tenantId
-          export ARM_SUBSCRIPTION_ID=$subscriptionId        
-          export ARM_CLIENT_ID=$clientId
-          export ARM_OIDC_REQUEST_TOKEN=$ACTIONS_ID_TOKEN_REQUEST_TOKEN
-          export ARM_OIDC_REQUEST_URL=$ACTIONS_ID_TOKEN_REQUEST_URL
-          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_OIDC_REQUEST_TOKEN -e ARM_OIDC_REQUEST_URL -e ARM_USE_OIDC=true --env-file <(env | grep TF_VAR_ | grep -v ' "TF_VAR_') mcr.microsoft.com/azterraform:latest make test-example
 
   # This job is only run when all the previous jobs are successful.
   # We can use it for PR validation to ensure all examples have completed.
   testexamplescomplete:
-    if: github.event.repository.name != 'terraform-azurerm-avm-template' && github.event.pull_request.head.repo.fork == false
+    if: always() && !failure() && !cancelled() && github.event.repository.name != 'terraform-azurerm-avm-template' && github.event.pull_request.head.repo.fork == false
     runs-on: ubuntu-latest
     needs: testexamples
     steps: