@peterhauge/apiops-cli 0.1.3-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +21 -0
- package/README.md +135 -0
- package/dist/cli/extract-command.d.ts +12 -0
- package/dist/cli/extract-command.d.ts.map +1 -0
- package/dist/cli/extract-command.js +157 -0
- package/dist/cli/extract-command.js.map +1 -0
- package/dist/cli/index.d.ts +7 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +74 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/cli/init-command.d.ts +11 -0
- package/dist/cli/init-command.d.ts.map +1 -0
- package/dist/cli/init-command.js +87 -0
- package/dist/cli/init-command.js.map +1 -0
- package/dist/cli/publish-command.d.ts +12 -0
- package/dist/cli/publish-command.d.ts.map +1 -0
- package/dist/cli/publish-command.js +159 -0
- package/dist/cli/publish-command.js.map +1 -0
- package/dist/clients/apim-client.d.ts +110 -0
- package/dist/clients/apim-client.d.ts.map +1 -0
- package/dist/clients/apim-client.js +586 -0
- package/dist/clients/apim-client.js.map +1 -0
- package/dist/clients/artifact-store.d.ts +23 -0
- package/dist/clients/artifact-store.d.ts.map +1 -0
- package/dist/clients/artifact-store.js +188 -0
- package/dist/clients/artifact-store.js.map +1 -0
- package/dist/clients/iapim-client.d.ts +52 -0
- package/dist/clients/iapim-client.d.ts.map +1 -0
- package/dist/clients/iapim-client.js +6 -0
- package/dist/clients/iapim-client.js.map +1 -0
- package/dist/clients/iartifact-store.d.ts +50 -0
- package/dist/clients/iartifact-store.d.ts.map +1 -0
- package/dist/clients/iartifact-store.js +6 -0
- package/dist/clients/iartifact-store.js.map +1 -0
- package/dist/lib/auto-generated.d.ts +27 -0
- package/dist/lib/auto-generated.d.ts.map +1 -0
- package/dist/lib/auto-generated.js +34 -0
- package/dist/lib/auto-generated.js.map +1 -0
- package/dist/lib/cloud-config.d.ts +29 -0
- package/dist/lib/cloud-config.d.ts.map +1 -0
- package/dist/lib/cloud-config.js +60 -0
- package/dist/lib/cloud-config.js.map +1 -0
- package/dist/lib/config-loader.d.ts +21 -0
- package/dist/lib/config-loader.d.ts.map +1 -0
- package/dist/lib/config-loader.js +131 -0
- package/dist/lib/config-loader.js.map +1 -0
- package/dist/lib/dependency-graph.d.ts +43 -0
- package/dist/lib/dependency-graph.d.ts.map +1 -0
- package/dist/lib/dependency-graph.js +163 -0
- package/dist/lib/dependency-graph.js.map +1 -0
- package/dist/lib/exit-codes.d.ts +27 -0
- package/dist/lib/exit-codes.d.ts.map +1 -0
- package/dist/lib/exit-codes.js +33 -0
- package/dist/lib/exit-codes.js.map +1 -0
- package/dist/lib/logger.d.ts +39 -0
- package/dist/lib/logger.d.ts.map +1 -0
- package/dist/lib/logger.js +128 -0
- package/dist/lib/logger.js.map +1 -0
- package/dist/lib/parallel-runner.d.ts +38 -0
- package/dist/lib/parallel-runner.d.ts.map +1 -0
- package/dist/lib/parallel-runner.js +70 -0
- package/dist/lib/parallel-runner.js.map +1 -0
- package/dist/lib/resource-path.d.ts +205 -0
- package/dist/lib/resource-path.d.ts.map +1 -0
- package/dist/lib/resource-path.js +401 -0
- package/dist/lib/resource-path.js.map +1 -0
- package/dist/lib/resource-uri.d.ts +40 -0
- package/dist/lib/resource-uri.d.ts.map +1 -0
- package/dist/lib/resource-uri.js +86 -0
- package/dist/lib/resource-uri.js.map +1 -0
- package/dist/lib/user-agent.d.ts +2 -0
- package/dist/lib/user-agent.d.ts.map +1 -0
- package/dist/lib/user-agent.js +5 -0
- package/dist/lib/user-agent.js.map +1 -0
- package/dist/models/config.d.ts +83 -0
- package/dist/models/config.d.ts.map +1 -0
- package/dist/models/config.js +6 -0
- package/dist/models/config.js.map +1 -0
- package/dist/models/resource-types.d.ts +66 -0
- package/dist/models/resource-types.d.ts.map +1 -0
- package/dist/models/resource-types.js +243 -0
- package/dist/models/resource-types.js.map +1 -0
- package/dist/models/types.d.ts +47 -0
- package/dist/models/types.d.ts.map +1 -0
- package/dist/models/types.js +6 -0
- package/dist/models/types.js.map +1 -0
- package/dist/services/api-extractor.d.ts +36 -0
- package/dist/services/api-extractor.d.ts.map +1 -0
- package/dist/services/api-extractor.js +319 -0
- package/dist/services/api-extractor.js.map +1 -0
- package/dist/services/api-publisher.d.ts +18 -0
- package/dist/services/api-publisher.d.ts.map +1 -0
- package/dist/services/api-publisher.js +290 -0
- package/dist/services/api-publisher.js.map +1 -0
- package/dist/services/delete-unmatched-service.d.ts +17 -0
- package/dist/services/delete-unmatched-service.d.ts.map +1 -0
- package/dist/services/delete-unmatched-service.js +143 -0
- package/dist/services/delete-unmatched-service.js.map +1 -0
- package/dist/services/dry-run-reporter.d.ts +30 -0
- package/dist/services/dry-run-reporter.d.ts.map +1 -0
- package/dist/services/dry-run-reporter.js +111 -0
- package/dist/services/dry-run-reporter.js.map +1 -0
- package/dist/services/extract-service.d.ts +47 -0
- package/dist/services/extract-service.d.ts.map +1 -0
- package/dist/services/extract-service.js +374 -0
- package/dist/services/extract-service.js.map +1 -0
- package/dist/services/filter-service.d.ts +29 -0
- package/dist/services/filter-service.d.ts.map +1 -0
- package/dist/services/filter-service.js +143 -0
- package/dist/services/filter-service.js.map +1 -0
- package/dist/services/git-diff-service.d.ts +23 -0
- package/dist/services/git-diff-service.d.ts.map +1 -0
- package/dist/services/git-diff-service.js +135 -0
- package/dist/services/git-diff-service.js.map +1 -0
- package/dist/services/identity-guide-service.d.ts +11 -0
- package/dist/services/identity-guide-service.d.ts.map +1 -0
- package/dist/services/identity-guide-service.js +227 -0
- package/dist/services/identity-guide-service.js.map +1 -0
- package/dist/services/init-service.d.ts +16 -0
- package/dist/services/init-service.d.ts.map +1 -0
- package/dist/services/init-service.js +304 -0
- package/dist/services/init-service.js.map +1 -0
- package/dist/services/keyvault-checker.d.ts +58 -0
- package/dist/services/keyvault-checker.d.ts.map +1 -0
- package/dist/services/keyvault-checker.js +390 -0
- package/dist/services/keyvault-checker.js.map +1 -0
- package/dist/services/override-merger.d.ts +20 -0
- package/dist/services/override-merger.d.ts.map +1 -0
- package/dist/services/override-merger.js +102 -0
- package/dist/services/override-merger.js.map +1 -0
- package/dist/services/product-extractor.d.ts +26 -0
- package/dist/services/product-extractor.d.ts.map +1 -0
- package/dist/services/product-extractor.js +141 -0
- package/dist/services/product-extractor.js.map +1 -0
- package/dist/services/product-publisher.d.ts +15 -0
- package/dist/services/product-publisher.d.ts.map +1 -0
- package/dist/services/product-publisher.js +113 -0
- package/dist/services/product-publisher.js.map +1 -0
- package/dist/services/prompt-service.d.ts +13 -0
- package/dist/services/prompt-service.d.ts.map +1 -0
- package/dist/services/prompt-service.js +69 -0
- package/dist/services/prompt-service.js.map +1 -0
- package/dist/services/publish-service.d.ts +31 -0
- package/dist/services/publish-service.d.ts.map +1 -0
- package/dist/services/publish-service.js +445 -0
- package/dist/services/publish-service.js.map +1 -0
- package/dist/services/resource-extractor.d.ts +52 -0
- package/dist/services/resource-extractor.d.ts.map +1 -0
- package/dist/services/resource-extractor.js +168 -0
- package/dist/services/resource-extractor.js.map +1 -0
- package/dist/services/resource-publisher.d.ts +23 -0
- package/dist/services/resource-publisher.d.ts.map +1 -0
- package/dist/services/resource-publisher.js +349 -0
- package/dist/services/resource-publisher.js.map +1 -0
- package/dist/services/secret-redactor.d.ts +20 -0
- package/dist/services/secret-redactor.d.ts.map +1 -0
- package/dist/services/secret-redactor.js +45 -0
- package/dist/services/secret-redactor.js.map +1 -0
- package/dist/services/transitive-resolver.d.ts +45 -0
- package/dist/services/transitive-resolver.d.ts.map +1 -0
- package/dist/services/transitive-resolver.js +177 -0
- package/dist/services/transitive-resolver.js.map +1 -0
- package/dist/services/workspace-extractor.d.ts +34 -0
- package/dist/services/workspace-extractor.d.ts.map +1 -0
- package/dist/services/workspace-extractor.js +120 -0
- package/dist/services/workspace-extractor.js.map +1 -0
- package/dist/templates/azure-devops/extract-pipeline.d.ts +9 -0
- package/dist/templates/azure-devops/extract-pipeline.d.ts.map +1 -0
- package/dist/templates/azure-devops/extract-pipeline.js +95 -0
- package/dist/templates/azure-devops/extract-pipeline.js.map +1 -0
- package/dist/templates/azure-devops/publish-pipeline.d.ts +10 -0
- package/dist/templates/azure-devops/publish-pipeline.d.ts.map +1 -0
- package/dist/templates/azure-devops/publish-pipeline.js +100 -0
- package/dist/templates/azure-devops/publish-pipeline.js.map +1 -0
- package/dist/templates/configs/filter-config.d.ts +6 -0
- package/dist/templates/configs/filter-config.d.ts.map +1 -0
- package/dist/templates/configs/filter-config.js +51 -0
- package/dist/templates/configs/filter-config.js.map +1 -0
- package/dist/templates/configs/override-config.d.ts +6 -0
- package/dist/templates/configs/override-config.d.ts.map +1 -0
- package/dist/templates/configs/override-config.js +45 -0
- package/dist/templates/configs/override-config.js.map +1 -0
- package/dist/templates/configs/package-json.d.ts +10 -0
- package/dist/templates/configs/package-json.d.ts.map +1 -0
- package/dist/templates/configs/package-json.js +19 -0
- package/dist/templates/configs/package-json.js.map +1 -0
- package/dist/templates/copilot/identity-setup-prompt.d.ts +13 -0
- package/dist/templates/copilot/identity-setup-prompt.d.ts.map +1 -0
- package/dist/templates/copilot/identity-setup-prompt.js +279 -0
- package/dist/templates/copilot/identity-setup-prompt.js.map +1 -0
- package/dist/templates/github-actions/extract-workflow.d.ts +9 -0
- package/dist/templates/github-actions/extract-workflow.d.ts.map +1 -0
- package/dist/templates/github-actions/extract-workflow.js +126 -0
- package/dist/templates/github-actions/extract-workflow.js.map +1 -0
- package/dist/templates/github-actions/publish-workflow.d.ts +10 -0
- package/dist/templates/github-actions/publish-workflow.d.ts.map +1 -0
- package/dist/templates/github-actions/publish-workflow.js +105 -0
- package/dist/templates/github-actions/publish-workflow.js.map +1 -0
- package/package.json +65 -0
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* T047: Sample filter configuration template
|
|
3
|
+
* Generates a sample configuration.extract.yaml file
|
|
4
|
+
*/
|
|
5
|
+
export function generateFilterConfig() {
|
|
6
|
+
return `# APIM Extract Filter Configuration
|
|
7
|
+
# Customize this file to control which resources are extracted
|
|
8
|
+
|
|
9
|
+
# Extract only specific APIs by name
|
|
10
|
+
# apiNames:
|
|
11
|
+
# - echo-api
|
|
12
|
+
# - petstore-api
|
|
13
|
+
|
|
14
|
+
# Extract only specific products
|
|
15
|
+
# productNames:
|
|
16
|
+
# - starter
|
|
17
|
+
# - unlimited
|
|
18
|
+
|
|
19
|
+
# Extract only specific backends
|
|
20
|
+
# backendNames:
|
|
21
|
+
# - backend-api
|
|
22
|
+
# - legacy-backend
|
|
23
|
+
|
|
24
|
+
# Extract only specific named values
|
|
25
|
+
# namedValueNames:
|
|
26
|
+
# - api-key
|
|
27
|
+
# - connection-string
|
|
28
|
+
|
|
29
|
+
# Extract only specific loggers
|
|
30
|
+
# loggerNames:
|
|
31
|
+
# - appinsights-logger
|
|
32
|
+
|
|
33
|
+
# Extract only specific diagnostics
|
|
34
|
+
# diagnosticNames:
|
|
35
|
+
# - applicationinsights
|
|
36
|
+
|
|
37
|
+
# Extract only specific tags
|
|
38
|
+
# tagNames:
|
|
39
|
+
# - production
|
|
40
|
+
# - external
|
|
41
|
+
|
|
42
|
+
# Extract only specific policy fragments
|
|
43
|
+
# policyFragmentNames:
|
|
44
|
+
# - rate-limit-fragment
|
|
45
|
+
# - cors-fragment
|
|
46
|
+
|
|
47
|
+
# Uncomment to extract ALL resources (default behavior if no filters specified)
|
|
48
|
+
# Leave all sections commented to extract everything
|
|
49
|
+
`;
|
|
50
|
+
}
|
|
51
|
+
//# sourceMappingURL=filter-config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filter-config.js","sourceRoot":"","sources":["../../../src/templates/configs/filter-config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,UAAU,oBAAoB;IAClC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CR,CAAC;AACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"override-config.d.ts","sourceRoot":"","sources":["../../../src/templates/configs/override-config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAuClE"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* T047: Sample override configuration template per environment
|
|
3
|
+
* Generates environment-specific configuration.{env}.yaml files
|
|
4
|
+
*/
|
|
5
|
+
export function generateOverrideConfig(environment) {
|
|
6
|
+
return `# APIM Override Configuration for ${environment} environment
|
|
7
|
+
# Customize resource properties for this specific environment
|
|
8
|
+
|
|
9
|
+
# Override named values (e.g., API keys, connection strings)
|
|
10
|
+
# namedValues:
|
|
11
|
+
# api-key:
|
|
12
|
+
# value: "${environment}-api-key-value"
|
|
13
|
+
# connection-string:
|
|
14
|
+
# value: "Server=${environment}-db.example.com;Database=mydb"
|
|
15
|
+
# secret-from-keyvault:
|
|
16
|
+
# keyVault:
|
|
17
|
+
# secretIdentifier: "https://${environment}-kv.vault.azure.net/secrets/my-secret"
|
|
18
|
+
# identityClientId: "00000000-0000-0000-0000-000000000000"
|
|
19
|
+
|
|
20
|
+
# Override backend URLs per environment
|
|
21
|
+
# backends:
|
|
22
|
+
# backend-api:
|
|
23
|
+
# url: "https://${environment}-api.example.com"
|
|
24
|
+
# legacy-backend:
|
|
25
|
+
# url: "https://${environment}-legacy.example.com"
|
|
26
|
+
|
|
27
|
+
# Override API service URLs
|
|
28
|
+
# apis:
|
|
29
|
+
# echo-api:
|
|
30
|
+
# serviceUrl: "https://${environment}-echo.example.com"
|
|
31
|
+
# petstore-api:
|
|
32
|
+
# serviceUrl: "https://${environment}-petstore.example.com"
|
|
33
|
+
|
|
34
|
+
# Override diagnostic logger references
|
|
35
|
+
# diagnostics:
|
|
36
|
+
# applicationinsights:
|
|
37
|
+
# loggerId: "appinsights-logger-${environment}"
|
|
38
|
+
|
|
39
|
+
# Override logger credentials or resource IDs
|
|
40
|
+
# loggers:
|
|
41
|
+
# appinsights-logger:
|
|
42
|
+
# resourceId: "/subscriptions/xxxxx/resourceGroups/${environment}-rg/providers/microsoft.insights/components/${environment}-appinsights"
|
|
43
|
+
`;
|
|
44
|
+
}
|
|
45
|
+
//# sourceMappingURL=override-config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"override-config.js","sourceRoot":"","sources":["../../../src/templates/configs/override-config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,UAAU,sBAAsB,CAAC,WAAmB;IACxD,OAAO,qCAAqC,WAAW;;;;;;gBAMzC,WAAW;;uBAEJ,WAAW;;;qCAGG,WAAW;;;;;;sBAM1B,WAAW;;sBAEX,WAAW;;;;;6BAKJ,WAAW;;6BAEX,WAAW;;;;;sCAKF,WAAW;;;;;yDAKQ,WAAW,+CAA+C,WAAW;CAC7H,CAAC;AACF,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Generates a package.json for the target repo that references
|
|
3
|
+
* the apiops CLI tarball via a local file dependency.
|
|
4
|
+
*/
|
|
5
|
+
export interface PackageJsonConfig {
|
|
6
|
+
/** Relative path from the target repo root to the copied tarball (e.g. '.apiops/apiops-0.1.0.tgz') */
|
|
7
|
+
tarballRelPath: string;
|
|
8
|
+
}
|
|
9
|
+
export declare function generatePackageJson(config: PackageJsonConfig): string;
|
|
10
|
+
//# sourceMappingURL=package-json.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"package-json.d.ts","sourceRoot":"","sources":["../../../src/templates/configs/package-json.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,iBAAiB;IAChC,sGAAsG;IACtG,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,iBAAiB,GAAG,MAAM,CAerE"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Generates a package.json for the target repo that references
|
|
3
|
+
* the apiops CLI tarball via a local file dependency.
|
|
4
|
+
*/
|
|
5
|
+
export function generatePackageJson(config) {
|
|
6
|
+
// Use forward slashes in the file: dependency regardless of OS
|
|
7
|
+
const posixPath = config.tarballRelPath.replace(/\\/g, '/');
|
|
8
|
+
const pkg = {
|
|
9
|
+
name: 'apim-ops-repo',
|
|
10
|
+
version: '1.0.0',
|
|
11
|
+
private: true,
|
|
12
|
+
description: 'Azure API Management configuration-as-code repository',
|
|
13
|
+
dependencies: {
|
|
14
|
+
apiops: `file:${posixPath}`,
|
|
15
|
+
},
|
|
16
|
+
};
|
|
17
|
+
return JSON.stringify(pkg, null, 2) + '\n';
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=package-json.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"package-json.js","sourceRoot":"","sources":["../../../src/templates/configs/package-json.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAOH,MAAM,UAAU,mBAAmB,CAAC,MAAyB;IAC3D,+DAA+D;IAC/D,MAAM,SAAS,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAE5D,MAAM,GAAG,GAAG;QACV,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,OAAO;QAChB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE;YACZ,MAAM,EAAE,QAAQ,SAAS,EAAE;SAC5B;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;AAC7C,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GitHub Copilot prompt template for automating identity setup.
|
|
3
|
+
* Generates a .prompt.md file that guides Copilot through:
|
|
4
|
+
* 1. Gathering Azure & GitHub info from the user
|
|
5
|
+
* 2. Creating Azure AD app registration + federated credentials
|
|
6
|
+
* 3. Assigning RBAC roles
|
|
7
|
+
* 4. Setting GitHub repository secrets
|
|
8
|
+
*/
|
|
9
|
+
export interface IdentitySetupPromptConfig {
|
|
10
|
+
environments: string[];
|
|
11
|
+
}
|
|
12
|
+
export declare function generateIdentitySetupPrompt(config: IdentitySetupPromptConfig): string;
|
|
13
|
+
//# sourceMappingURL=identity-setup-prompt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-setup-prompt.d.ts","sourceRoot":"","sources":["../../../src/templates/copilot/identity-setup-prompt.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,yBAAyB;IACxC,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,yBAAyB,GAAG,MAAM,CAgSrF"}
|
|
@@ -0,0 +1,279 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GitHub Copilot prompt template for automating identity setup.
|
|
3
|
+
* Generates a .prompt.md file that guides Copilot through:
|
|
4
|
+
* 1. Gathering Azure & GitHub info from the user
|
|
5
|
+
* 2. Creating Azure AD app registration + federated credentials
|
|
6
|
+
* 3. Assigning RBAC roles
|
|
7
|
+
* 4. Setting GitHub repository secrets
|
|
8
|
+
*/
|
|
9
|
+
export function generateIdentitySetupPrompt(config) {
|
|
10
|
+
const envSecrets = config.environments.map((env) => `- \`AZURE_SUBSCRIPTION_ID\` — Azure subscription ID for **${env}** environment
|
|
11
|
+
- \`APIM_RESOURCE_GROUP_${env.toUpperCase()}\` — Resource group containing the **${env}** APIM instance
|
|
12
|
+
- \`APIM_SERVICE_NAME_${env.toUpperCase()}\` — APIM service name for **${env}**`).join('\n');
|
|
13
|
+
const envFedCreds = config.environments.map((env) => `### ${env} environment
|
|
14
|
+
|
|
15
|
+
**On macOS/Linux (Bash):**
|
|
16
|
+
\`\`\`bash
|
|
17
|
+
az ad app federated-credential create \\
|
|
18
|
+
--id "$APP_ID" \\
|
|
19
|
+
--parameters '{
|
|
20
|
+
"name": "github-env-${env}",
|
|
21
|
+
"issuer": "https://token.actions.githubusercontent.com",
|
|
22
|
+
"subject": "repo:'"\${GITHUB_ORG}"'/'"\${GITHUB_REPO}"':environment:${env}",
|
|
23
|
+
"audiences": ["api://AzureADTokenExchange"]
|
|
24
|
+
}'
|
|
25
|
+
\`\`\`
|
|
26
|
+
|
|
27
|
+
**On Windows (PowerShell):**
|
|
28
|
+
\`\`\`powershell
|
|
29
|
+
az ad app federated-credential create \`
|
|
30
|
+
--id $APP_ID \`
|
|
31
|
+
--parameters '{\\"name\\":\\"github-env-${env}\\",\\"issuer\\":\\"https://token.actions.githubusercontent.com\\",\\"subject\\":\\"repo:'\${GITHUB_ORG}'/'\${GITHUB_REPO}':environment:${env}\\",\\"audiences\\":[\\"api://AzureADTokenExchange\\"]}'
|
|
32
|
+
\`\`\``).join('\n\n');
|
|
33
|
+
const ghSecretEnvCmds = config.environments.map((env) => `# ${env} environment secrets
|
|
34
|
+
gh secret set AZURE_SUBSCRIPTION_ID --body "\${AZURE_SUBSCRIPTION_ID_${env.toUpperCase()}}" --env ${env}
|
|
35
|
+
gh secret set APIM_RESOURCE_GROUP_${env.toUpperCase()} --body "\${APIM_RG_${env.toUpperCase()}}" --env ${env}
|
|
36
|
+
gh secret set APIM_SERVICE_NAME_${env.toUpperCase()} --body "\${APIM_NAME_${env.toUpperCase()}}" --env ${env}`).join('\n\n');
|
|
37
|
+
return `# Setup GitHub Actions Identity for APIOps
|
|
38
|
+
|
|
39
|
+
> **How to use:** Open this file in VS Code with GitHub Copilot and ask
|
|
40
|
+
> Copilot to help you run through the steps. Copilot will prompt you for
|
|
41
|
+
> the required values and generate the exact CLI commands for your environment.
|
|
42
|
+
|
|
43
|
+
## Goal
|
|
44
|
+
|
|
45
|
+
Configure Azure AD federated credentials and GitHub repository secrets so the
|
|
46
|
+
APIOps extract and publish workflows can authenticate to Azure using OIDC
|
|
47
|
+
(no stored client secrets needed).
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
|
|
51
|
+
## Step 0 — Tool Authentication Check
|
|
52
|
+
|
|
53
|
+
**Copilot: Before proceeding, verify that all required tools are installed and authenticated.**
|
|
54
|
+
|
|
55
|
+
Run these checks and present results in a table:
|
|
56
|
+
|
|
57
|
+
### Check Azure CLI
|
|
58
|
+
\`\`\`bash
|
|
59
|
+
az version
|
|
60
|
+
az account show --query "{Subscription:name, Account:user.name, TenantId:tenantId}" -o json
|
|
61
|
+
\`\`\`
|
|
62
|
+
|
|
63
|
+
### Check GitHub CLI
|
|
64
|
+
\`\`\`bash
|
|
65
|
+
gh auth status
|
|
66
|
+
\`\`\`
|
|
67
|
+
|
|
68
|
+
### Present Status Table
|
|
69
|
+
|
|
70
|
+
Present the results to the user in this format:
|
|
71
|
+
|
|
72
|
+
\`\`\`
|
|
73
|
+
🔐 Tool Authentication Status:
|
|
74
|
+
|
|
75
|
+
| Tool | Status | Account/User | Subscription/Org | Tenant/Details |
|
|
76
|
+
|------|--------|--------------|------------------|----------------|
|
|
77
|
+
| Azure CLI | ✅ Logged in | user@example.com | my-subscription | abc-123-... |
|
|
78
|
+
| GitHub CLI | ✅ Logged in | username | github.com | — |
|
|
79
|
+
\`\`\`
|
|
80
|
+
|
|
81
|
+
**Status indicators:**
|
|
82
|
+
- ✅ Logged in — tool is authenticated and ready
|
|
83
|
+
- ❌ Not logged in — tool needs authentication
|
|
84
|
+
- ⚠️ Not installed — tool is missing entirely
|
|
85
|
+
|
|
86
|
+
### Fix Missing Authentication
|
|
87
|
+
|
|
88
|
+
**If Azure CLI is not logged in:**
|
|
89
|
+
> "Azure CLI is required for this setup. Run \`az login\` to authenticate, then I'll continue."
|
|
90
|
+
|
|
91
|
+
**If GitHub CLI is not logged in:**
|
|
92
|
+
> "GitHub CLI is required for configuring repository secrets. Run \`gh auth login\` to authenticate."
|
|
93
|
+
|
|
94
|
+
**If any required tool is not installed:**
|
|
95
|
+
- Azure CLI: Install from https://aka.ms/installazurecli
|
|
96
|
+
- GitHub CLI: Install from https://cli.github.com
|
|
97
|
+
|
|
98
|
+
Once both tools are authenticated, ask the user to confirm:
|
|
99
|
+
> "Does this authentication look correct? (yes / need to switch accounts)"
|
|
100
|
+
|
|
101
|
+
If the user needs to switch accounts, help them with:
|
|
102
|
+
- Azure CLI: \`az account set --subscription <id>\` or \`az login --tenant <tenant-id>\`
|
|
103
|
+
- GitHub CLI: \`gh auth logout\` then \`gh auth login\`
|
|
104
|
+
|
|
105
|
+
Once confirmed, proceed to Step 1.
|
|
106
|
+
|
|
107
|
+
---
|
|
108
|
+
|
|
109
|
+
## Step 1 — Gather Information
|
|
110
|
+
|
|
111
|
+
Copilot, please ask the user for the following values before proceeding. Store
|
|
112
|
+
each answer for use in later steps.
|
|
113
|
+
|
|
114
|
+
| Variable | Description | Example |
|
|
115
|
+
|----------|-------------|---------|
|
|
116
|
+
${config.environments.map((env) => `| \`AZURE_SUBSCRIPTION_ID_${env.toUpperCase()}\` | Azure subscription ID for **${env}** environment | \`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\` |`).join('\n')}
|
|
117
|
+
| \`AZURE_TENANT_ID\` | Azure AD tenant ID (same for all environments) | \`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\` |
|
|
118
|
+
| \`GITHUB_ORG\` | GitHub organization or user that owns the repo | \`my-org\` |
|
|
119
|
+
| \`GITHUB_REPO\` | GitHub repository name | \`apim-artifacts\` |
|
|
120
|
+
| \`APP_NAME\` | Display name for the Azure AD application | \`apiops-github-sp\` |
|
|
121
|
+
${config.environments.map((env) => `| \`APIM_RG_${env.toUpperCase()}\` | Resource group for **${env}** APIM instance | \`rg-apim-${env}\` |
|
|
122
|
+
| \`APIM_NAME_${env.toUpperCase()}\` | APIM service name for **${env}** | \`apim-${env}\` |`).join('\n')}
|
|
123
|
+
|
|
124
|
+
---
|
|
125
|
+
|
|
126
|
+
## Step 2 — Create Azure AD Application & Service Principal
|
|
127
|
+
|
|
128
|
+
> ⚠️ **Error Handling:** If any command fails, stop immediately and show the user the full error output verbatim. Do NOT retry silently. Common issues include insufficient permissions (requires Application Administrator or Global Administrator role in Azure AD).
|
|
129
|
+
|
|
130
|
+
**On macOS/Linux (Bash):**
|
|
131
|
+
\`\`\`bash
|
|
132
|
+
# Create the Azure AD application
|
|
133
|
+
APP_ID=$(az ad app create \\
|
|
134
|
+
--display-name "\${APP_NAME}" \\
|
|
135
|
+
--query appId -o tsv)
|
|
136
|
+
|
|
137
|
+
# Create the service principal for the application
|
|
138
|
+
az ad sp create --id "$APP_ID"
|
|
139
|
+
|
|
140
|
+
echo "Application (client) ID: $APP_ID"
|
|
141
|
+
echo "Tenant ID: $(az account show --query tenantId -o tsv)"
|
|
142
|
+
\`\`\`
|
|
143
|
+
|
|
144
|
+
**On Windows (PowerShell):**
|
|
145
|
+
\`\`\`powershell
|
|
146
|
+
# Create the Azure AD application
|
|
147
|
+
$APP_ID = az ad app create \`
|
|
148
|
+
--display-name "\${APP_NAME}" \`
|
|
149
|
+
--query appId -o tsv
|
|
150
|
+
|
|
151
|
+
# Create the service principal for the application
|
|
152
|
+
az ad sp create --id $APP_ID
|
|
153
|
+
|
|
154
|
+
Write-Host "Application (client) ID: $APP_ID"
|
|
155
|
+
Write-Host "Tenant ID: $(az account show --query tenantId -o tsv)"
|
|
156
|
+
\`\`\`
|
|
157
|
+
|
|
158
|
+
---
|
|
159
|
+
|
|
160
|
+
## Step 3 — Assign RBAC Roles
|
|
161
|
+
|
|
162
|
+
Grant the service principal the required permissions:
|
|
163
|
+
1. **Reader** role on each resource group (to read resource groups and resources)
|
|
164
|
+
2. **API Management Service Contributor** on each APIM instance (to manage APIM resources)
|
|
165
|
+
|
|
166
|
+
> **Note:** Each environment can be in a different Azure subscription. The service principal will be granted access to all environments.
|
|
167
|
+
|
|
168
|
+
### Grant Reader role on each resource group
|
|
169
|
+
|
|
170
|
+
${config.environments.map((env) => `\`\`\`bash
|
|
171
|
+
# Reader role for ${env} resource group
|
|
172
|
+
az role assignment create \\
|
|
173
|
+
--assignee "$APP_ID" \\
|
|
174
|
+
--role "Reader" \\
|
|
175
|
+
--scope "/subscriptions/\${AZURE_SUBSCRIPTION_ID_${env.toUpperCase()}}/resourceGroups/\${APIM_RG_${env.toUpperCase()}}"
|
|
176
|
+
\`\`\``).join('\n\n')}
|
|
177
|
+
|
|
178
|
+
### Grant API Management Service Contributor on each APIM instance
|
|
179
|
+
|
|
180
|
+
${config.environments.map((env) => `\`\`\`bash
|
|
181
|
+
# Assign role for ${env} environment
|
|
182
|
+
az role assignment create \\
|
|
183
|
+
--assignee "$APP_ID" \\
|
|
184
|
+
--role "API Management Service Contributor" \\
|
|
185
|
+
--scope "/subscriptions/\${AZURE_SUBSCRIPTION_ID_${env.toUpperCase()}}/resourceGroups/\${APIM_RG_${env.toUpperCase()}}/providers/Microsoft.ApiManagement/service/\${APIM_NAME_${env.toUpperCase()}}"
|
|
186
|
+
\`\`\``).join('\n\n')}
|
|
187
|
+
|
|
188
|
+
---
|
|
189
|
+
|
|
190
|
+
## Step 4 — Create Federated Credentials for GitHub OIDC
|
|
191
|
+
|
|
192
|
+
> ⚠️ **Platform Note:** The JSON parameters for federated credentials require different escaping on Windows PowerShell vs macOS/Linux Bash. Use the appropriate command block for your platform.
|
|
193
|
+
|
|
194
|
+
### Main branch (for push-triggered publish workflow)
|
|
195
|
+
|
|
196
|
+
**On macOS/Linux (Bash):**
|
|
197
|
+
\`\`\`bash
|
|
198
|
+
az ad app federated-credential create \\
|
|
199
|
+
--id "$APP_ID" \\
|
|
200
|
+
--parameters '{
|
|
201
|
+
"name": "github-main-branch",
|
|
202
|
+
"issuer": "https://token.actions.githubusercontent.com",
|
|
203
|
+
"subject": "repo:'"\${GITHUB_ORG}"'/'"\${GITHUB_REPO}"':ref:refs/heads/main",
|
|
204
|
+
"audiences": ["api://AzureADTokenExchange"]
|
|
205
|
+
}'
|
|
206
|
+
\`\`\`
|
|
207
|
+
|
|
208
|
+
**On Windows (PowerShell):**
|
|
209
|
+
\`\`\`powershell
|
|
210
|
+
az ad app federated-credential create \`
|
|
211
|
+
--id $APP_ID \`
|
|
212
|
+
--parameters '{\\"name\\":\\"github-main-branch\\",\\"issuer\\":\\"https://token.actions.githubusercontent.com\\",\\"subject\\":\\"repo:'\${GITHUB_ORG}'/'\${GITHUB_REPO}':ref:refs/heads/main\\",\\"audiences\\":[\\"api://AzureADTokenExchange\\"]}'
|
|
213
|
+
\`\`\`
|
|
214
|
+
|
|
215
|
+
${envFedCreds}
|
|
216
|
+
|
|
217
|
+
---
|
|
218
|
+
|
|
219
|
+
## Step 5 — Create GitHub Environments
|
|
220
|
+
|
|
221
|
+
\`\`\`bash
|
|
222
|
+
${config.environments.map((env) => `# Create the ${env} environment (requires GitHub CLI)
|
|
223
|
+
gh api --method PUT "repos/\${GITHUB_ORG}/\${GITHUB_REPO}/environments/${env}"`).join('\n\n')}
|
|
224
|
+
\`\`\`
|
|
225
|
+
|
|
226
|
+
---
|
|
227
|
+
|
|
228
|
+
## Step 6 — Set GitHub Repository Secrets
|
|
229
|
+
|
|
230
|
+
> ⚠️ **Platform Note:** GitHub CLI secret commands work identically on all platforms, but variable syntax differs between Bash and PowerShell.
|
|
231
|
+
|
|
232
|
+
**On macOS/Linux (Bash):**
|
|
233
|
+
\`\`\`bash
|
|
234
|
+
# Repository-level secrets (shared across all workflows)
|
|
235
|
+
gh secret set AZURE_CLIENT_ID --body "$APP_ID"
|
|
236
|
+
gh secret set AZURE_TENANT_ID --body "\${AZURE_TENANT_ID}"
|
|
237
|
+
|
|
238
|
+
${ghSecretEnvCmds}
|
|
239
|
+
\`\`\`
|
|
240
|
+
|
|
241
|
+
**On Windows (PowerShell):**
|
|
242
|
+
\`\`\`powershell
|
|
243
|
+
# Repository-level secrets (shared across all workflows)
|
|
244
|
+
gh secret set AZURE_CLIENT_ID --body $APP_ID
|
|
245
|
+
gh secret set AZURE_TENANT_ID --body "\${AZURE_TENANT_ID}"
|
|
246
|
+
|
|
247
|
+
${ghSecretEnvCmds}
|
|
248
|
+
\`\`\`
|
|
249
|
+
|
|
250
|
+
---
|
|
251
|
+
|
|
252
|
+
## Step 7 — Verify
|
|
253
|
+
|
|
254
|
+
> ⚠️ **Important:** If any verification step fails, show the user the full error output and help troubleshoot before proceeding. Common issues include RBAC permissions not yet propagated (can take 5-10 minutes) or missing secrets.
|
|
255
|
+
|
|
256
|
+
1. Go to **Actions** → **Run APIM Extractor** → **Run workflow**
|
|
257
|
+
2. Fill in the resource group and service name for your dev environment
|
|
258
|
+
3. Confirm the workflow completes and a pull request is created
|
|
259
|
+
|
|
260
|
+
If the workflow fails with authentication errors:
|
|
261
|
+
- Check that all secrets are set correctly in GitHub: Settings → Secrets and variables → Actions
|
|
262
|
+
- Verify RBAC role assignments have propagated (wait 5-10 minutes and retry)
|
|
263
|
+
- Confirm the federated credentials were created: \`az ad app federated-credential list --id $APP_ID\`
|
|
264
|
+
|
|
265
|
+
---
|
|
266
|
+
|
|
267
|
+
## Secrets Reference
|
|
268
|
+
|
|
269
|
+
The generated workflows expect these secrets:
|
|
270
|
+
|
|
271
|
+
### Repository Secrets
|
|
272
|
+
- \`AZURE_CLIENT_ID\` — App registration client ID (shared across all environments)
|
|
273
|
+
- \`AZURE_TENANT_ID\` — Azure AD tenant ID (shared across all environments)
|
|
274
|
+
|
|
275
|
+
### Per-Environment Secrets
|
|
276
|
+
${envSecrets}
|
|
277
|
+
`;
|
|
278
|
+
}
|
|
279
|
+
//# sourceMappingURL=identity-setup-prompt.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-setup-prompt.js","sourceRoot":"","sources":["../../../src/templates/copilot/identity-setup-prompt.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,MAAM,UAAU,2BAA2B,CAAC,MAAiC;IAC3E,MAAM,UAAU,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACjD,6DAA6D,GAAG;0BAC1C,GAAG,CAAC,WAAW,EAAE,wCAAwC,GAAG;wBAC9D,GAAG,CAAC,WAAW,EAAE,gCAAgC,GAAG,IAAI,CAC7E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAClD,OAAO,GAAG;;;;;;;0BAOY,GAAG;;0EAE6C,GAAG;;;;;;;;;4CASjC,GAAG,2IAA2I,GAAG;OACtL,CACJ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAEf,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACtD,KAAK,GAAG;uEAC2D,GAAG,CAAC,WAAW,EAAE,YAAY,GAAG;oCACnE,GAAG,CAAC,WAAW,EAAE,uBAAuB,GAAG,CAAC,WAAW,EAAE,YAAY,GAAG;kCAC1E,GAAG,CAAC,WAAW,EAAE,yBAAyB,GAAG,CAAC,WAAW,EAAE,YAAY,GAAG,EAAE,CAC3G,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAEf,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+EP,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAC9B,6BAA6B,GAAG,CAAC,WAAW,EAAE,oCAAoC,GAAG,6DAA6D,CACnJ,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;EAKZ,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAC9B,eAAe,GAAG,CAAC,WAAW,EAAE,6BAA6B,GAAG,gCAAgC,GAAG;gBACvF,GAAG,CAAC,WAAW,EAAE,gCAAgC,GAAG,eAAe,GAAG,MAAM,CACzF,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgDZ,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAC9B;oBACgB,GAAG;;;;qDAI8B,GAAG,CAAC,WAAW,EAAE,+BAA+B,GAAG,CAAC,WAAW,EAAE;OAC/G,CACJ,CAAC,IAAI,CAAC,MAAM,CAAC;;;;EAId,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAC9B;oBACgB,GAAG;;;;qDAI8B,GAAG,CAAC,WAAW,EAAE,+BAA+B,GAAG,CAAC,WAAW,EAAE,4DAA4D,GAAG,CAAC,WAAW,EAAE;OAC5L,CACJ,CAAC,IAAI,CAAC,MAAM,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6Bd,WAAW;;;;;;;EAOX,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAC9B,gBAAgB,GAAG;yEACkD,GAAG,GAAG,CAC5E,CAAC,IAAI,CAAC,MAAM,CAAC;;;;;;;;;;;;;;;EAed,eAAe;;;;;;;;;EASf,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6Bf,UAAU;CACX,CAAC;AACF,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* T043: GitHub Actions extract workflow template
|
|
3
|
+
* Generates extract workflow with manual trigger, configuration choice, and auto-PR creation
|
|
4
|
+
*/
|
|
5
|
+
export interface ExtractWorkflowConfig {
|
|
6
|
+
artifactDir: string;
|
|
7
|
+
}
|
|
8
|
+
export declare function generateExtractWorkflow(config: ExtractWorkflowConfig): string;
|
|
9
|
+
//# sourceMappingURL=extract-workflow.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"extract-workflow.d.ts","sourceRoot":"","sources":["../../../src/templates/github-actions/extract-workflow.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,qBAAqB,GAAG,MAAM,CAwH7E"}
|
|
@@ -0,0 +1,126 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* T043: GitHub Actions extract workflow template
|
|
3
|
+
* Generates extract workflow with manual trigger, configuration choice, and auto-PR creation
|
|
4
|
+
*/
|
|
5
|
+
export function generateExtractWorkflow(config) {
|
|
6
|
+
return `name: Run APIM Extractor
|
|
7
|
+
|
|
8
|
+
on:
|
|
9
|
+
workflow_dispatch:
|
|
10
|
+
inputs:
|
|
11
|
+
ENVIRONMENT:
|
|
12
|
+
description: 'Choose which environment to extract from'
|
|
13
|
+
required: true
|
|
14
|
+
type: choice
|
|
15
|
+
default: dev
|
|
16
|
+
options:
|
|
17
|
+
- dev
|
|
18
|
+
- prod
|
|
19
|
+
CONFIGURATION_YAML_PATH:
|
|
20
|
+
description: 'Choose whether to extract all APIs or use the extraction configuration file'
|
|
21
|
+
required: true
|
|
22
|
+
type: choice
|
|
23
|
+
options:
|
|
24
|
+
- Extract All APIs
|
|
25
|
+
- configuration.extract.yaml
|
|
26
|
+
|
|
27
|
+
permissions:
|
|
28
|
+
id-token: write
|
|
29
|
+
contents: write
|
|
30
|
+
pull-requests: write
|
|
31
|
+
|
|
32
|
+
jobs:
|
|
33
|
+
extract:
|
|
34
|
+
runs-on: ubuntu-latest
|
|
35
|
+
environment: \${{ github.event.inputs.ENVIRONMENT }}
|
|
36
|
+
env:
|
|
37
|
+
APIM_RESOURCE_GROUP: \${{ (github.event.inputs.ENVIRONMENT == 'dev' && secrets.APIM_RESOURCE_GROUP_DEV) || (github.event.inputs.ENVIRONMENT == 'prod' && secrets.APIM_RESOURCE_GROUP_PROD) }}
|
|
38
|
+
APIM_SERVICE_NAME: \${{ (github.event.inputs.ENVIRONMENT == 'dev' && secrets.APIM_SERVICE_NAME_DEV) || (github.event.inputs.ENVIRONMENT == 'prod' && secrets.APIM_SERVICE_NAME_PROD) }}
|
|
39
|
+
steps:
|
|
40
|
+
- name: Validate required secrets
|
|
41
|
+
run: |
|
|
42
|
+
if [ -z "\${{ env.APIM_RESOURCE_GROUP }}" ]; then
|
|
43
|
+
echo "::error::APIM_RESOURCE_GROUP secret is not set for environment '\${{ github.event.inputs.ENVIRONMENT }}'"
|
|
44
|
+
echo "Please configure APIM_RESOURCE_GROUP_\${{ github.event.inputs.ENVIRONMENT == 'dev' && 'DEV' || 'PROD' }} secret in the \${{ github.event.inputs.ENVIRONMENT }} environment"
|
|
45
|
+
exit 1
|
|
46
|
+
fi
|
|
47
|
+
if [ -z "\${{ env.APIM_SERVICE_NAME }}" ]; then
|
|
48
|
+
echo "::error::APIM_SERVICE_NAME secret is not set for environment '\${{ github.event.inputs.ENVIRONMENT }}'"
|
|
49
|
+
echo "Please configure APIM_SERVICE_NAME_\${{ github.event.inputs.ENVIRONMENT == 'dev' && 'DEV' || 'PROD' }} secret in the \${{ github.event.inputs.ENVIRONMENT }} environment"
|
|
50
|
+
exit 1
|
|
51
|
+
fi
|
|
52
|
+
echo "✓ All required secrets are configured"
|
|
53
|
+
echo " Environment: \${{ github.event.inputs.ENVIRONMENT }}"
|
|
54
|
+
echo " Resource Group: \${{ env.APIM_RESOURCE_GROUP }}"
|
|
55
|
+
echo " Service Name: \${{ env.APIM_SERVICE_NAME }}"
|
|
56
|
+
|
|
57
|
+
- name: Checkout repository
|
|
58
|
+
uses: actions/checkout@v4
|
|
59
|
+
|
|
60
|
+
- name: Setup Node.js
|
|
61
|
+
uses: actions/setup-node@v4
|
|
62
|
+
with:
|
|
63
|
+
node-version: '22'
|
|
64
|
+
|
|
65
|
+
- name: Install dependencies
|
|
66
|
+
run: npm install
|
|
67
|
+
|
|
68
|
+
- name: Azure Login (Federated Credential)
|
|
69
|
+
uses: azure/login@v2
|
|
70
|
+
with:
|
|
71
|
+
client-id: \${{ secrets.AZURE_CLIENT_ID }}
|
|
72
|
+
tenant-id: \${{ secrets.AZURE_TENANT_ID }}
|
|
73
|
+
subscription-id: \${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
74
|
+
|
|
75
|
+
- name: Run APIM Extract (All APIs)
|
|
76
|
+
if: \${{ github.event.inputs.CONFIGURATION_YAML_PATH == 'Extract All APIs' }}
|
|
77
|
+
run: |
|
|
78
|
+
npx apiops extract \\
|
|
79
|
+
--subscription-id \${{ secrets.AZURE_SUBSCRIPTION_ID }} \\
|
|
80
|
+
--resource-group \${{ env.APIM_RESOURCE_GROUP }} \\
|
|
81
|
+
--service-name \${{ env.APIM_SERVICE_NAME }} \\
|
|
82
|
+
--output ${config.artifactDir}
|
|
83
|
+
|
|
84
|
+
- name: Run APIM Extract (With Configuration)
|
|
85
|
+
if: \${{ github.event.inputs.CONFIGURATION_YAML_PATH != 'Extract All APIs' }}
|
|
86
|
+
run: |
|
|
87
|
+
npx apiops extract \\
|
|
88
|
+
--subscription-id \${{ secrets.AZURE_SUBSCRIPTION_ID }} \\
|
|
89
|
+
--resource-group \${{ env.APIM_RESOURCE_GROUP }} \\
|
|
90
|
+
--service-name \${{ env.APIM_SERVICE_NAME }} \\
|
|
91
|
+
--output ${config.artifactDir} \\
|
|
92
|
+
--filter configuration.extract.yaml
|
|
93
|
+
|
|
94
|
+
- name: Upload artifacts
|
|
95
|
+
uses: actions/upload-artifact@v4
|
|
96
|
+
with:
|
|
97
|
+
name: apim-artifacts
|
|
98
|
+
path: ${config.artifactDir}
|
|
99
|
+
retention-days: 30
|
|
100
|
+
|
|
101
|
+
create-pull-request:
|
|
102
|
+
needs: extract
|
|
103
|
+
runs-on: ubuntu-latest
|
|
104
|
+
steps:
|
|
105
|
+
- name: Checkout repository
|
|
106
|
+
uses: actions/checkout@v4
|
|
107
|
+
|
|
108
|
+
- name: Download artifacts
|
|
109
|
+
uses: actions/download-artifact@v4
|
|
110
|
+
with:
|
|
111
|
+
name: apim-artifacts
|
|
112
|
+
path: ${config.artifactDir}
|
|
113
|
+
|
|
114
|
+
- name: Create pull request
|
|
115
|
+
uses: peter-evans/create-pull-request@v6
|
|
116
|
+
with:
|
|
117
|
+
token: \${{ secrets.GITHUB_TOKEN }}
|
|
118
|
+
commit-message: "chore: update APIM artifacts from extract"
|
|
119
|
+
title: "APIM Extract - Update artifacts"
|
|
120
|
+
body: >
|
|
121
|
+
This PR is auto-generated by the APIM extract workflow.
|
|
122
|
+
labels: extract, automated pr
|
|
123
|
+
branch: apim-extract-\${{ github.run_id }}
|
|
124
|
+
`;
|
|
125
|
+
}
|
|
126
|
+
//# sourceMappingURL=extract-workflow.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"extract-workflow.js","sourceRoot":"","sources":["../../../src/templates/github-actions/extract-workflow.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,UAAU,uBAAuB,CAAC,MAA6B;IACnE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;uBA4Ec,MAAM,CAAC,WAAW;;;;;;;;;uBASlB,MAAM,CAAC,WAAW;;;;;;;kBAOvB,MAAM,CAAC,WAAW;;;;;;;;;;;;;;kBAclB,MAAM,CAAC,WAAW;;;;;;;;;;;;CAYnC,CAAC;AACF,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* T044: GitHub Actions publish workflow template
|
|
3
|
+
* Push-to-main trigger with commit ID choice, environment selection, and multi-env stages
|
|
4
|
+
*/
|
|
5
|
+
export interface PublishWorkflowConfig {
|
|
6
|
+
artifactDir: string;
|
|
7
|
+
environments: string[];
|
|
8
|
+
}
|
|
9
|
+
export declare function generatePublishWorkflow(config: PublishWorkflowConfig): string;
|
|
10
|
+
//# sourceMappingURL=publish-workflow.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"publish-workflow.d.ts","sourceRoot":"","sources":["../../../src/templates/github-actions/publish-workflow.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,qBAAqB,GAAG,MAAM,CAsG7E"}
|