Updates #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Envoy NGWAF Deployment Test | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - "envoy-ngwaf-github-action" | |
| # push: | |
| # branches: [ main ] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Set up kind | |
| uses: engineerd/[email protected] | |
| - name: Set up kubectl | |
| uses: azure/setup-kubectl@v4 | |
| - name: Create Kubernetes Secret | |
| run: | | |
| kubectl create secret generic sigsci.my-site-name-here \ | |
| --from-literal=accesskeyid=${{ secrets.NGWAF_STAGING_ACCESSKEYID }} \ | |
| --from-literal=secretaccesskey=${{ secrets.NGWAF_STAGING_SECRETACCESSKEY }} | |
| - name: Deploy Envoy resources from file | |
| run: kubectl apply -f on-prem-ngwaf-integrations/envoy-deployment.yaml | |
| - name: Wait for Envoy rollout | |
| run: kubectl rollout status deployment/envoy-waf-deployment --timeout=30s | |
| - name: Port-forward Envoy Service | |
| run: | | |
| nohup kubectl port-forward svc/envoy 10000:10000 & | |
| sleep 3 | |
| - name: Test Envoy with curl | |
| run: curl -v http://localhost:10000/anything/foo | |
| - name: Check health | |
| run: | | |
| kubectl get pods | |
| kubectl describe pods | |
| kubectl logs $(kubectl get pod -o jsonpath='{.items[0].metadata.name}') --all-containers=true | |
| - name: Test Envoy with curl | |
| run: | | |
| response=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:10000/anything/foo) | |
| if [ "$response" -ne 200 ]; then | |
| echo "Received HTTP status code $response" | |
| exit 1 | |
| fi | |