ci: add workflow to create pipeline to test #8

Workflow file for this run

.github/workflows/ci-pull-request.yml at cbbca23

	name: Check extension

	on:
	pull_request:
	branches:
	- main
	workflow_dispatch:

	permissions:
	contents: write
	id-token: write

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Setup Node.js
	uses: actions/setup-node@v2
	with:
	node-version: '14'

	- name: Install tfx-cli and typescript
	run: \|
	npm install -g tfx-cli
	npm install -g typescript

	- name: Login to Azure DevOps
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_APPLICATION_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Get Azure DevOps access token
	id: devops_token
	run: \|
	TOKEN="$(az account get-access-token --resource "${{ secrets.AZURE_MARKETPLACE_ACCESS_SCOPE }}" --query accessToken -o tsv)"
	echo "::add-mask::$TOKEN"
	echo "azure_devops_access_token=$TOKEN" >> "$GITHUB_OUTPUT"

	- name: Build release
	run: \|
	make build

	- name: Increment version
	id: bump
	run: \|
	chmod +x ./bump_version.sh
	NEW_VERSION="$(./bump_version.sh)"
	if [[ -z "$NEW_VERSION" ]]; then
	echo "Version bump script returned empty version" >&2
	exit 1
	fi
	echo "new_version=$NEW_VERSION" >> "$GITHUB_OUTPUT"


	ado-pr-ephemeral:
	runs-on: ubuntu-latest
	env:
	YAML_PATH: .azure-pipelines.yml
	PR_NUMBER: ${{ github.event.pull_request.number }}
	PR_BRANCH: ${{ github.head_ref }}
	PR_SHA: ${{ github.event.pull_request.head.sha }}
	PIPELINE_NAME: pr-${{ github.event.pull_request.number }}-${{ github.run_id }}

	steps:
	- uses: actions/checkout@v4

	- name: Azure login (OIDC)
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_APPLICATION_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Install jq & curl
	run: sudo apt-get update -y && sudo apt-get install -y jq curl

	- name: Get Azure DevOps AAD token
	id: token
	run: \|
	ADO_TOKEN=$(az account get-access-token --resource https://app.vssps.visualstudio.com/ --query accessToken -o tsv)
	if [ -z "$ADO_TOKEN" ]; then echo "No token for Azure DevOps"; exit 1; fi
	echo "::add-mask::$ADO_TOKEN"
	echo "ADO_TOKEN=$ADO_TOKEN" >> $GITHUB_ENV

	- name: Autodetect Azure DevOps organization (if not provided)
	id: org
	env:
	ADO_TOKEN: ${{ env.ADO_TOKEN }}
	run: \|
	if [ -n "${AZDO_ORG}" ]; then
	echo "Using AZDO_ORG=${AZDO_ORG} (provided)"; exit 0
	fi
	ACCOUNTS=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
	"https://app.vssps.visualstudio.com/_apis/accounts?api-version=7.1")
	COUNT=$(echo "$ACCOUNTS" \| jq '.count')
	if [ "$COUNT" -eq 0 ]; then
	echo "This user does not belong to any Azure DevOps org."; exit 1
	fi
	if [ "$COUNT" -gt 1 ]; then
	echo "Multiple orgs detected. Export AZDO_ORG with one of those and retry:"; \
	echo "$ACCOUNTS" \| jq -r '.value[] \| "\(.accountName) (\(.accountId))"'; exit 1
	fi
	AZDO_ORG_AUTO=$(echo "$ACCOUNTS" \| jq -r '.value[0].accountName')
	echo "AZDO_ORG=$AZDO_ORG_AUTO" >> $GITHUB_ENV
	echo "Detected AZDO_ORG=${AZDO_ORG_AUTO}"

	- name: Autodetect Azure DevOps project (if not provided)
	id: proj
	env:
	ADO_TOKEN: ${{ env.ADO_TOKEN }}
	run: \|
	ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
	PROJS=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
	"https://dev.azure.com/${ORG}/_apis/projects?api-version=7.1")
	COUNT=$(echo "$PROJS" \| jq '.count')
	if [ "$COUNT" -eq 0 ]; then
	echo "No projects detected in org ${ORG}."; exit 1
	fi
	if [ -n "${AZDO_PROJECT}" ]; then
	echo "Using AZDO_PROJECT=${AZDO_PROJECT} (provided)"
	else
	if [ "$COUNT" -gt 1 ]; then
	echo "Multiple projects detected. Export AZDO_PROJECT with one of those and try again:"; \
	echo "$PROJS" \| jq -r '.value[] \| .name'; exit 1
	fi
	AZDO_PROJECT_AUTO=$(echo "$PROJS" \| jq -r '.value[0].name')
	echo "AZDO_PROJECT=$AZDO_PROJECT_AUTO" >> $GITHUB_ENV
	echo "Detected AZDO_PROJECT=${AZDO_PROJECT_AUTO}"
	fi

	- name: Find a GitHub Service Connection
	id: sc
	env:
	ADO_TOKEN: ${{ env.ADO_TOKEN }}
	run: \|
	ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
	PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
	LIST=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
	"https://dev.azure.com/${ORG}/${PROJ}/_apis/serviceendpoint/endpoints?api-version=7.1")
	echo "$LIST" \| jq -r '.value[] \| {id,type:.type,name:.name}'
	SC_ID=$(echo "$LIST" \| jq -r '.value[] \| select((.type\|ascii_downcase\|contains("github"))) \| .id' \| head -n1)
	if [ -z "$SC_ID" ] \|\| [ "$SC_ID" = "null" ]; then
	echo "No Github Service Connection detected in ${PROJ}. Create one (GitHub/GitHub App) and retry."; exit 1
	fi
	echo "sc_id=${SC_ID}" >> "$GITHUB_OUTPUT"

	- name: Create ephemeral pipeline
	id: create
	env:
	ADO_TOKEN: ${{ env.ADO_TOKEN }}
	run: \|
	ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
	PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
	SC_ID="${{ steps.sc.outputs.sc_id }}"
	BODY=$(jq -n \
	--arg name "${PIPELINE_NAME}" \
	--arg folder "pr-validation" \
	--arg path "${YAML_PATH}" \
	--arg repo "${GITHUB_REPOSITORY}" \
	--arg scid "${SC_ID}" \
	'{
	name:$name, folder:$folder,
	configuration:{
	type:"yaml", path:$path,
	repository:{ type:"github", name:$repo, connection:{id:$scid} }
	}
	}')
	RESP=$(curl -sS -X POST -H "Authorization: Bearer ${ADO_TOKEN}" -H "Content-Type: application/json" \
	-d "${BODY}" "https://dev.azure.com/${ORG}/${PROJ}/_apis/pipelines?api-version=7.1")
	echo "$RESP" \| jq .
	PIPELINE_ID=$(echo "$RESP" \| jq -r '.id')
	if [ -z "$PIPELINE_ID" ] \|\| [ "$PIPELINE_ID" = "null" ]; then echo "Create failed"; exit 1; fi
	echo "PIPELINE_ID=$PIPELINE_ID" >> $GITHUB_ENV

	- name: Run pipeline for exact PR commit
	id: run
	env:
	ADO_TOKEN: ${{ env.ADO_TOKEN }}
	run: \|
	ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
	PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
	PIPELINE_ID="${PIPELINE_ID}"
	BODY=$(jq -n --arg ref "refs/heads/${PR_BRANCH}" --arg ver "${PR_SHA}" \
	'{resources:{repositories:{self:{refName:$ref, version:$ver}}}}')
	RUN=$(curl -sS -X POST -H "Authorization: Bearer ${ADO_TOKEN}" -H "Content-Type: application/json" \
	-d "${BODY}" "https://dev.azure.com/${ORG}/${PROJ}/_apis/pipelines/${PIPELINE_ID}/runs?api-version=7.1")
	echo "$RUN" \| jq .
	RUN_ID=$(echo "$RUN" \| jq -r '.id')
	if [ -z "$RUN_ID" ] \|\| [ "$RUN_ID" = "null" ]; then echo "Queue failed"; exit 1; fi
	echo "RUN_ID=$RUN_ID" >> $GITHUB_ENV

	- name: Wait for completion
	env:
	ADO_TOKEN: ${{ env.ADO_TOKEN }}
	run: \|
	ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
	PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
	echo "Polling run ${RUN_ID}..."
	while true; do
	R=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
	"https://dev.azure.com/${ORG}/${PROJ}/_apis/pipelines/${PIPELINE_ID}/runs/${RUN_ID}?api-version=7.1")
	STATE=$(echo "$R" \| jq -r '.state')
	RESULT=$(echo "$R" \| jq -r '.result')
	echo "state=$STATE result=$RESULT"
	if [ "$STATE" = "completed" ]; then
	[ "$RESULT" = "succeeded" ] && exit 0 \|\| exit 1
	fi
	sleep 10
	done

	- name: Delete ephemeral pipeline (cleanup)
	if: ${{ !cancelled() }}
	env:
	ADO_TOKEN: ${{ env.ADO_TOKEN }}
	run: \|
	ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
	PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
	# Resuelve build definition por nombre y bórrala
	DEF=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
	"https://dev.azure.com/${ORG}/${PROJ}/_apis/build/definitions?name=${PIPELINE_NAME}&api-version=7.1")
	DEF_ID=$(echo "$DEF" \| jq -r '.value[0].id')
	if [ -n "$DEF_ID" ] && [ "$DEF_ID" != "null" ]; then
	curl -sS -X DELETE -H "Authorization: Bearer ${ADO_TOKEN}" \
	"https://dev.azure.com/${ORG}/${PROJ}/_apis/build/definitions/${DEF_ID}?api-version=7.1" \
	-o /dev/null -w "Deleted definition ${DEF_ID} (HTTP %{http_code})\n"
	else
	echo "No build definition found for ${PIPELINE_NAME}; nothing to delete."
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci: add workflow to create pipeline to test #8

Workflow file

ci: add workflow to create pipeline to test #8

Uh oh!

Jobs

Run details

Workflow file for this run