pinecone-io · benny-n · Feb 18, 2026 · Feb 17, 2026 · Feb 17, 2026 · Feb 17, 2026
diff --git a/.github/workflows/azure.yaml b/.github/workflows/azure.yaml
@@ -0,0 +1,209 @@
+name: E2E Azure
+
+on:
+  workflow_call: {}
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  up:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    environment: azure-e2e
+    env:
+      ARM_USE_OIDC: "true"
+      ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set stack name
+        run: |
+          if [ -n "$PR_NUMBER" ]; then
+            echo "STACK_NAME=ci-azure-pr${PR_NUMBER}-${GITHUB_SHA::7}" >> "$GITHUB_ENV"
+          else
+            echo "STACK_NAME=ci-azure-${GITHUB_SHA::7}" >> "$GITHUB_ENV"
+          fi
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+
+      - name: Azure login (OIDC)
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - uses: astral-sh/setup-uv@v5
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Pulumi CLI
+        uses: pulumi/actions@v6
+
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v4
+
+      - name: Run wizard (headless)
+        id: wizard
+        env:
+          PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          PINECONE_REGION: eastus2
+          PINECONE_AZS: "1,3"
+          PINECONE_VPC_CIDR: "10.0.0.0/16"
+          PINECONE_DELETION_PROTECTION: "false"
+          PINECONE_PUBLIC_ACCESS: "false"
+          PINECONE_PROJECT_NAME: "pinecone-byoc"
+        run: |
+          uv run --with rich --with pyyaml python setup/wizard.py \
+            --cloud azure \
+            --headless \
+            --stack-name "$STACK_NAME" \
+            --skip-install \
+            --output-dir ./e2e-project
+
+      - name: Patch __main__.py with CI overrides
+        working-directory: ./e2e-project
+        run: |
+          python3 << 'PATCH'
+          path = "__main__.py"
+          content = open(path).read()
+          content = content.replace(
+              "        tags=config.get_object(\"tags\"),",
+              """        tags=config.get_object("tags"),
+                  global_env=config.require("global-env"),
+                  api_url=config.require("api-url"),
+                  auth0_domain=config.require("auth0-domain"),""",
+          )
+          open(path, "w").write(content)
+          PATCH
+
+      - name: Replace PyPI dep with local source
+        working-directory: ./e2e-project
+        run: |
+          sed -i 's|"pulumi-pinecone-byoc\[azure\]"|"pulumi-pinecone-byoc[azure] @ file://'"$GITHUB_WORKSPACE"'"|' pyproject.toml
+          grep -q 'file://' pyproject.toml || { echo "ERROR: local source substitution failed"; exit 1; }
+
+      - name: Install dependencies
+        working-directory: ./e2e-project
+        run: uv sync
+
+      - name: Setup Pulumi stack
+        working-directory: ./e2e-project
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+        run: |
+          pulumi stack select --create "$STACK_NAME"
+
+      - name: Set Pulumi config
+        working-directory: ./e2e-project
+        env:
+          PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+        run: |
+          pulumi config set --secret pinecone-api-key "$PINECONE_API_KEY" --stack "$STACK_NAME"
+          pulumi config set global-env ci --stack "$STACK_NAME"
+          pulumi config set api-url "https://api-staging.pinecone.io" --stack "$STACK_NAME"
+          pulumi config set auth0-domain "https://internal-beta-pinecone-io.us.auth0.com" --stack "$STACK_NAME"
+
+      - name: Pulumi up
+        working-directory: ./e2e-project
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+        run: pulumi up --yes --stack "$STACK_NAME"
+
+  down:
+    needs: up
+    if: always() && needs.up.result != 'skipped'
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    environment: azure-e2e
+    env:
+      ARM_USE_OIDC: "true"
+      ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set stack name
+        run: |
+          if [ -n "$PR_NUMBER" ]; then
+            echo "STACK_NAME=ci-azure-pr${PR_NUMBER}-${GITHUB_SHA::7}" >> "$GITHUB_ENV"
+          else
+            echo "STACK_NAME=ci-azure-${GITHUB_SHA::7}" >> "$GITHUB_ENV"
+          fi
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+
+      - name: Azure login (OIDC)
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - uses: astral-sh/setup-uv@v5
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Pulumi CLI
+        uses: pulumi/actions@v6
+
+      - name: Run wizard (headless)
+        env:
+          PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          PINECONE_REGION: eastus2
+          PINECONE_AZS: "1,3"
+          PINECONE_VPC_CIDR: "10.0.0.0/16"
+          PINECONE_DELETION_PROTECTION: "false"
+          PINECONE_PUBLIC_ACCESS: "false"
+          PINECONE_PROJECT_NAME: "pinecone-byoc"
+        run: |
+          uv run --with rich --with pyyaml python setup/wizard.py \
+            --cloud azure \
+            --headless \
+            --stack-name "$STACK_NAME" \
+            --skip-install \
+            --output-dir ./e2e-project
+
+      - name: Replace PyPI dep with local source
+        working-directory: ./e2e-project
+        run: |
+          sed -i 's|"pulumi-pinecone-byoc\[azure\]"|"pulumi-pinecone-byoc[azure] @ file://'"$GITHUB_WORKSPACE"'"|' pyproject.toml
+          grep -q 'file://' pyproject.toml || { echo "ERROR: local source substitution failed"; exit 1; }
+
+      - name: Install dependencies
+        working-directory: ./e2e-project
+        run: uv sync
+
+      - name: Cancel stale locks
+        working-directory: ./e2e-project
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+        run: pulumi cancel --yes --stack "$STACK_NAME" 2>/dev/null || true
+
+      - name: Pulumi destroy
+        working-directory: ./e2e-project
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+        run: pulumi destroy --yes --stack "$STACK_NAME"
+
+      - name: Pulumi stack rm
+        working-directory: ./e2e-project
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+        run: pulumi stack rm "$STACK_NAME" --yes --force
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -19,6 +19,7 @@ jobs:
     outputs:
       aws: ${{ steps.filter.outputs.aws }}
       gcp: ${{ steps.filter.outputs.gcp }}
+      azure: ${{ steps.filter.outputs.azure }}
     steps:
       - uses: actions/checkout@v4
       - uses: dorny/paths-filter@v3
@@ -31,16 +32,18 @@ jobs:
               - 'config/aws.py'
               - 'config/base.py'
               - 'config/__init__.py'
-              - 'setup/wizard.py'
-              - 'setup/aws_wizard.py'
             gcp:
               - 'pulumi_pinecone_byoc/gcp/**'
               - 'pulumi_pinecone_byoc/common/**'
               - 'config/gcp.py'
               - 'config/base.py'
               - 'config/__init__.py'
-              - 'setup/wizard.py'
-              - 'setup/gcp_wizard.py'
+            azure:
+              - 'pulumi_pinecone_byoc/azure/**'
+              - 'pulumi_pinecone_byoc/common/**'
+              - 'config/azure.py'
+              - 'config/base.py'
+              - 'config/__init__.py'
 
   aws:
     needs: changes
@@ -54,19 +57,26 @@ jobs:
     uses: ./.github/workflows/gcp.yaml
     secrets: inherit
 
+  azure:
+    needs: changes
+    if: needs.changes.outputs.azure == 'true' || github.event_name == 'workflow_dispatch'
+    uses: ./.github/workflows/azure.yaml
+    secrets: inherit
+
   result:
     if: always()
-    needs: [changes, aws, gcp]
+    needs: [changes, aws, gcp, azure]
     runs-on: ubuntu-latest
     steps:
       - run: |
           echo "AWS: ${{ needs.aws.result }}"
           echo "GCP: ${{ needs.gcp.result }}"
-          if [ "${{ needs.aws.result }}" = "failure" ] || [ "${{ needs.gcp.result }}" = "failure" ]; then
+          echo "Azure: ${{ needs.azure.result }}"
+          if [ "${{ needs.aws.result }}" = "failure" ] || [ "${{ needs.gcp.result }}" = "failure" ] || [ "${{ needs.azure.result }}" = "failure" ]; then
             echo "E2E failed"
             exit 1
           fi
-          if [ "${{ needs.aws.result }}" = "cancelled" ] || [ "${{ needs.gcp.result }}" = "cancelled" ]; then
+          if [ "${{ needs.aws.result }}" = "cancelled" ] || [ "${{ needs.gcp.result }}" = "cancelled" ] || [ "${{ needs.azure.result }}" = "cancelled" ]; then
             echo "E2E cancelled"
             exit 1
           fi