testing

sk593 · sk593 · commit f3246d4307b5 · 2025-12-29T15:43:16.000-08:00
Signed-off-by: sk593 &lt;shruthikumar@microsoft.com&gt;
diff --git a/.github/scripts/configure-azure-provider.sh b/.github/scripts/configure-azure-provider.sh
@@ -62,7 +62,8 @@ fi
 
 printf "\033[34;1m=>\033[0m Configuring Azure provider for Radius tests\n"
 
-if ! az group exists --name "$AZURE_RESOURCE_GROUP" --subscription "$AZURE_SUBSCRIPTION_ID" >/dev/null 2>&1; then
+# az group exists returns "true" or "false" as text, not an exit code
+if [[ "$(az group exists --name "$AZURE_RESOURCE_GROUP" --subscription "$AZURE_SUBSCRIPTION_ID" 2>/dev/null)" != "true" ]]; then
     echo "Error: Azure resource group '$AZURE_RESOURCE_GROUP' not found. Create it before running configure-azure-provider." >&2
     exit 1
 fi
diff --git a/.github/workflows/validate-azure-recipes.yaml b/.github/workflows/validate-azure-recipes.yaml
@@ -18,11 +18,64 @@ permissions:
   contents: read
 
 jobs:
+  setup-azure:
+    runs-on: ubuntu-24.04
+    timeout-minutes: 10
+    name: Setup Azure Resource Group
+    environment: azure
+    permissions:
+      id-token: write
+      contents: read
+    outputs:
+      resource-group: ${{ steps.set-context.outputs.resource-group }}
+      location: ${{ steps.set-context.outputs.location }}
+    steps:
+      - name: Azure Login
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Set Azure Test Context
+        id: set-context
+        run: |
+          LOCATION="${AZURE_LOCATION:-${{ vars.AZURE_LOCATION }}}"
+          if [ -z "$LOCATION" ]; then
+            LOCATION="westus3"
+          fi
+          RG="rrttest-${{ github.run_id }}-${{ github.run_attempt }}"
+          echo "location=$LOCATION" >> "$GITHUB_OUTPUT"
+          echo "resource-group=$RG" >> "$GITHUB_OUTPUT"
+
+      - name: Create Azure Resource Group
+        env:
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        run: |
+          set -euo pipefail
+          RG="${{ steps.set-context.outputs.resource-group }}"
+          LOCATION="${{ steps.set-context.outputs.location }}"
+          current_time=$(date +%s)
+          az group create \
+            --only-show-errors \
+            --output none \
+            --location "$LOCATION" \
+            --name "$RG" \
+            --subscription "$AZURE_SUBSCRIPTION_ID" \
+            --tags creationTime=$current_time > /dev/null
+          # Wait for resource group to be fully available
+          while [[ "$(az group exists --name "$RG" --subscription "$AZURE_SUBSCRIPTION_ID")" != "true" ]]; do
+            echo "Waiting for resource group '$RG' to be available..."
+            sleep 5
+          done
+          echo "Resource group '$RG' is ready"
+
   validate-azure-recipes:
     runs-on: ubuntu-24.04
     timeout-minutes: 30
     name: Validate Azure ${{ matrix.recipe }} Recipes
     environment: azure
+    needs: setup-azure
     strategy:
       fail-fast: false
       matrix:
@@ -34,6 +87,8 @@ jobs:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_RESOURCE_GROUP: ${{ needs.setup-azure.outputs.resource-group }}
+      AZURE_LOCATION: ${{ needs.setup-azure.outputs.location }}
     steps:
       - name: Checkout
         uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
@@ -49,31 +104,11 @@ jobs:
 
       - name: Set Azure Test Context
         run: |
-          LOCATION="${AZURE_LOCATION:-${{ vars.AZURE_LOCATION }}}"
-          if [ -z "$LOCATION" ]; then
-            LOCATION="westus3"
-          fi
-          RG="rrttest-${{ github.run_id }}-${{ github.run_attempt }}"
-          echo "AZURE_LOCATION=$LOCATION" >> "$GITHUB_ENV"
-          echo "AZURE_RESOURCE_GROUP=$RG" >> "$GITHUB_ENV"
+          echo "AZURE_LOCATION=$AZURE_LOCATION" >> "$GITHUB_ENV"
+          echo "AZURE_RESOURCE_GROUP=$AZURE_RESOURCE_GROUP" >> "$GITHUB_ENV"
           echo "AZURE_WORKSPACE_NAME=default" >> "$GITHUB_ENV"
           echo "AZURE_ENVIRONMENT_NAME=default" >> "$GITHUB_ENV"
 
-      - name: Create Azure Resource Group
-        run: |
-          set -euo pipefail
-          current_time=$(date +%s)
-          az group create \
-            --only-show-errors \
-            --output none \
-            --location "$AZURE_LOCATION" \
-            --name "$AZURE_RESOURCE_GROUP" \
-            --subscription "$AZURE_SUBSCRIPTION_ID" \
-            --tags creationTime=$current_time > /dev/null
-          while ! az group exists --name "$AZURE_RESOURCE_GROUP" --subscription "$AZURE_SUBSCRIPTION_ID" &>/dev/null; do
-            sleep 2
-          done
-
       - name: Setup Node
         uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
@@ -132,10 +167,35 @@ jobs:
         if: always()
         uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
-          name: radius-pod-logs
+          name: radius-pod-logs-${{ matrix.recipe }}
           path: radius-pod-logs
           if-no-files-found: warn
 
+  cleanup-azure:
+    runs-on: ubuntu-24.04
+    timeout-minutes: 10
+    name: Cleanup Azure Resource Group
+    environment: azure
+    needs: [setup-azure, validate-azure-recipes]
+    if: always()
+    permissions:
+      id-token: write
+      contents: read
+    env:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_RESOURCE_GROUP: ${{ needs.setup-azure.outputs.resource-group }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          persist-credentials: false
+
+      - name: Azure Login
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
       - name: Cleanup Azure Resources
-        if: always()
         run: make cleanup-azure-resources
diff --git a/Compute/containers/test/app.bicep b/Compute/containers/test/app.bicep
@@ -1,17 +1,17 @@
 extension radius
 extension containers
 extension persistentVolumes
-extension secrets
-
-param environment string
+// extension secrets
 
 // Secure parameters with test defaults 
-#disable-next-line secure-parameter-default @secure()
-param username string = 'admin'
-#disable-next-line secure-parameter-default @secure()
-param password string = 'c2VjcmV0cGFzc3dvcmQ='
-#disable-next-line secure-parameter-default @secure()
-param apiKey string = 'abc123xyz'
+// #disable-next-line secure-parameter-default @secure()
+// param username string = 'admin'
+// #disable-next-line secure-parameter-default @secure()
+// param password string = 'c2VjcmV0cGFzc3dvcmQ='
+// #disable-next-line secure-parameter-default @secure()
+// param apiKey string = 'abc123xyz'
+
+param environment string
 
 resource app 'Applications.Core/applications@2023-10-01-preview' = {
   name: 'containers-testapp'
@@ -31,10 +31,10 @@ resource myContainer 'Radius.Compute/containers@2025-08-01-preview' = {
         source: myPersistentVolume.id
         disableDefaultEnvVars: false
       }
-      secrets: {
-        source: secret.id
-        disableDefaultEnvVars: false
-      }
+      // secrets: {
+      //   source: secret.id
+      //   disableDefaultEnvVars: false
+      // }
     }
     containers: {
       web: {
@@ -49,30 +49,30 @@ resource myContainer 'Radius.Compute/containers@2025-08-01-preview' = {
           }
         }
         env: {
-          CONNECTIONS_SECRET_USERNAME: {
-            valueFrom: {
-              secretKeyRef: {
-                secretName: secret.name
-                key: 'username'
-              }
-            }
-          }
-          CONNECTIONS_SECRET_APIKEY: {
-            valueFrom: {
-              secretKeyRef: {
-                secretName: secret.name
-                key: 'apikey'
-              }
-            }
-          }
-          CONNECTIONS_SECRET_PASSWORD: {
-            valueFrom: {
-              secretKeyRef: {
-                secretName: secret.name
-                key: 'password'
-              }
-            }
-          }
+          // CONNECTIONS_SECRET_USERNAME: {
+          //   valueFrom: {
+          //     secretKeyRef: {
+          //       secretName: secret.name
+          //       key: 'username'
+          //     }
+          //   }
+          // }
+          // CONNECTIONS_SECRET_APIKEY: {
+          //   valueFrom: {
+          //     secretKeyRef: {
+          //       secretName: secret.name
+          //       key: 'apikey'
+          //     }
+          //   }
+          // }
+          // CONNECTIONS_SECRET_PASSWORD: {
+          //   valueFrom: {
+          //     secretKeyRef: {
+          //       secretName: secret.name
+          //       key: 'password'
+          //     }
+          //   }
+          // }
         }
         volumeMounts: [
           {
@@ -83,10 +83,10 @@ resource myContainer 'Radius.Compute/containers@2025-08-01-preview' = {
             volumeName: 'cache'
             mountPath: '/tmp/cache'
           }
-          {
-            volumeName: 'secrets'
-            mountPath: '/etc/secrets'
-          }
+          // {
+          //   volumeName: 'secrets'
+          //   mountPath: '/etc/secrets'
+          // }
         ] 
         resources: {
           requests: {
@@ -151,9 +151,9 @@ resource myContainer 'Radius.Compute/containers@2025-08-01-preview' = {
           medium: 'memory'
         }
       }
-      secrets: {
-        secretName: secret.name
-      }
+      // secrets: {
+      //   secretName: secret.name
+      // }
     }
     extensions: {
       daprSidecar: {
@@ -185,22 +185,22 @@ resource myPersistentVolume 'Radius.Compute/persistentVolumes@2025-08-01-preview
   }
 }
 
-resource secret 'Radius.Security/secrets@2025-08-01-preview' = {
-  name: 'app-secrets-${uniqueString(deployment().name)}'
-  properties: {
-    environment: environment
-    application: app.id
-    data: {
-      username: {
-        value: username
-      }
-      password: {
-        value: password
-        encoding: 'base64'
-      }
-      apikey: {
-        value: apiKey
-      }
-    }
-  }
-}
+// resource secret 'Radius.Security/secrets@2025-08-01-preview' = {
+//   name: 'app-secrets-${uniqueString(deployment().name)}'
+//   properties: {
+//     environment: environment
+//     application: app.id
+//     data: {
+//       username: {
+//         value: username
+//       }
+//       password: {
+//         value: password
+//         encoding: 'base64'
+//       }
+//       apikey: {
+//         value: apiKey
+//       }
+//     }
+//   }
+// }
diff --git a/Compute/persistentVolumes/recipes/azure/terraform /main.tf b/Compute/persistentVolumes/recipes/azure/terraform /main.tf
@@ -0,0 +1,51 @@
+terraform {
+  required_version = ">= 1.5"
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.0"
+    }
+  }
+}
+locals {
+  namespace         = var.context.runtime.kubernetes.namespace
+  resource_name     = var.context.resource.name
+  application_name  = var.context.application != null ? var.context.application.name : ""
+  environment_id    = try(var.context.resource.properties.environment, "")
+  environment_parts = local.environment_id != "" ? split("/", local.environment_id) : []
+  environment_label = length(local.environment_parts) > 0 ? local.environment_parts[length(local.environment_parts) - 1] : ""
+}
+
+resource "kubernetes_persistent_volume_claim" "pvc" {
+  wait_until_bound = false
+
+  metadata {
+    name      = local.resource_name
+    namespace = local.namespace
+    labels = {
+      "radapp.io/resource"    = local.resource_name
+      "radapp.io/application" = local.application_name
+      "radapp.io/environment" = local.environment_label
+    }
+  }
+
+  spec {
+    storage_class_name = var.storage_class != "" ? var.storage_class : null
+
+    resources {
+      requests = {
+        storage = format("%dGi", var.context.resource.properties.sizeInGib)
+      }
+    }
+
+    access_modes = can(var.context.resource.properties.allowedAccessModes) ? [var.context.resource.properties.allowedAccessModes] : ["ReadWriteOnce"]
+  }
+}
+
+output "result" {
+  value = {
+    resources = [
+      "/planes/kubernetes/local/namespaces/${local.namespace}/providers/core/PersistentVolumeClaim/${local.resource_name}"
+    ]
+  }
+}
diff --git a/Compute/persistentVolumes/recipes/azure/terraform /var.tf b/Compute/persistentVolumes/recipes/azure/terraform /var.tf
@@ -0,0 +1,11 @@
+variable "context" {
+  description = "Information about what resource is calling this Recipe. Generated by Radius. For more information visit https://docs.radapp.dev/operations/custom-recipes/"
+  type        = any
+}
+
+variable "storage_class" {
+  description = "StorageClass name to set on the PersistentVolumeClaim"
+  type        = string
+  default     = ""
+}
+
