ci: add workflow to create pipeline to test

tembleking · tembleking · commit 622aeed715db · 2025-08-14T10:59:25.000+02:00
diff --git a/.github/workflows/ci-pull-request.yml b/.github/workflows/ci-pull-request.yml
@@ -4,6 +4,7 @@ on:
   pull_request:
     branches:
       - main
+  workflow_dispatch:
 
 permissions:
   contents: write
@@ -54,3 +55,182 @@ jobs:
           exit 1
         fi
         echo "new_version=$NEW_VERSION" >> "$GITHUB_OUTPUT"
+
+
+  ado-pr-ephemeral:
+    runs-on: ubuntu-latest
+    env:
+      YAML_PATH: .azure-pipelines.yml
+      PR_NUMBER: ${{ github.event.pull_request.number }}
+      PR_BRANCH: ${{ github.head_ref }}
+      PR_SHA:    ${{ github.event.pull_request.head.sha }}
+      PIPELINE_NAME: pr-${{ github.event.pull_request.number }}-${{ github.run_id }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Azure login (OIDC)
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_APPLICATION_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Install jq & curl
+        run: sudo apt-get update -y && sudo apt-get install -y jq curl
+
+      - name: Get Azure DevOps AAD token
+        id: token
+        run: |
+          ADO_TOKEN=$(az account get-access-token --resource https://app.vssps.visualstudio.com/ --query accessToken -o tsv)
+          if [ -z "$ADO_TOKEN" ]; then echo "No token for Azure DevOps"; exit 1; fi
+          echo "::add-mask::$ADO_TOKEN"
+          echo "ADO_TOKEN=$ADO_TOKEN" >> $GITHUB_ENV
+
+      - name: Autodetect Azure DevOps organization (if not provided)
+        id: org
+        env:
+          ADO_TOKEN: ${{ env.ADO_TOKEN }}
+        run: |
+          if [ -n "${AZDO_ORG}" ]; then
+            echo "Using AZDO_ORG=${AZDO_ORG} (provided)"; exit 0
+          fi
+          ACCOUNTS=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
+            "https://app.vssps.visualstudio.com/_apis/accounts?api-version=7.1")
+          echo "$ACCOUNTS"
+          COUNT=$(echo "$ACCOUNTS" | jq '.count')
+          if [ "$COUNT" -eq 0 ]; then
+            echo "This user does not belong to any Azure DevOps org."; exit 1
+          fi
+          if [ "$COUNT" -gt 1 ]; then
+            echo "Multiple orgs detected. Export AZDO_ORG with one of those and retry:"; \
+            echo "$ACCOUNTS" | jq -r '.value[] | "\(.accountName)  (\(.accountId))"'; exit 1
+          fi
+          AZDO_ORG_AUTO=$(echo "$ACCOUNTS" | jq -r '.value[0].accountName')
+          echo "AZDO_ORG=$AZDO_ORG_AUTO" >> $GITHUB_ENV
+          echo "Detected AZDO_ORG=${AZDO_ORG_AUTO}"
+
+      - name: Autodetect Azure DevOps project (if not provided)
+        id: proj
+        env:
+          ADO_TOKEN: ${{ env.ADO_TOKEN }}
+        run: |
+          ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
+          PROJS=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
+            "https://dev.azure.com/${ORG}/_apis/projects?api-version=7.1")
+          echo "$PROJS"
+          COUNT=$(echo "$PROJS" | jq '.count')
+          if [ "$COUNT" -eq 0 ]; then
+            echo "No projects detected in org ${ORG}."; exit 1
+          fi
+          if [ -n "${AZDO_PROJECT}" ]; then
+            echo "Using AZDO_PROJECT=${AZDO_PROJECT} (provided)"
+          else
+            if [ "$COUNT" -gt 1 ]; then
+              echo "Multiple projects detected. Export AZDO_PROJECT with one of those and try again:"; \
+              echo "$PROJS" | jq -r '.value[] | .name'; exit 1
+            fi
+            AZDO_PROJECT_AUTO=$(echo "$PROJS" | jq -r '.value[0].name')
+            echo "AZDO_PROJECT=$AZDO_PROJECT_AUTO" >> $GITHUB_ENV
+            echo "Detected AZDO_PROJECT=${AZDO_PROJECT_AUTO}"
+          fi
+
+      - name: Find a GitHub Service Connection
+        id: sc
+        env:
+          ADO_TOKEN: ${{ env.ADO_TOKEN }}
+        run: |
+          ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
+          PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
+          LIST=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
+            "https://dev.azure.com/${ORG}/${PROJ}/_apis/serviceendpoint/endpoints?api-version=7.1")
+          echo "$LIST"
+          echo "$LIST" | jq -r '.value[] | {id,type:.type,name:.name}'
+          SC_ID=$(echo "$LIST" | jq -r '.value[] | select((.type|ascii_downcase|contains("github"))) | .id' | head -n1)
+          if [ -z "$SC_ID" ] || [ "$SC_ID" = "null" ]; then
+            echo "No Github Service Connection detected in ${PROJ}. Create one (GitHub/GitHub App) and retry."; exit 1
+          fi
+          echo "sc_id=${SC_ID}" >> "$GITHUB_OUTPUT"
+
+      - name: Create ephemeral pipeline
+        id: create
+        env:
+          ADO_TOKEN: ${{ env.ADO_TOKEN }}
+        run: |
+          ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
+          PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
+          SC_ID="${{ steps.sc.outputs.sc_id }}"
+          BODY=$(jq -n \
+            --arg name   "${PIPELINE_NAME}" \
+            --arg folder "pr-validation" \
+            --arg path   "${YAML_PATH}" \
+            --arg repo   "${GITHUB_REPOSITORY}" \
+            --arg scid   "${SC_ID}" \
+            '{
+              name:$name, folder:$folder,
+              configuration:{
+                type:"yaml", path:$path,
+                repository:{ type:"github", name:$repo, connection:{id:$scid} }
+              }
+            }')
+          RESP=$(curl -sS -X POST -H "Authorization: Bearer ${ADO_TOKEN}" -H "Content-Type: application/json" \
+            -d "${BODY}" "https://dev.azure.com/${ORG}/${PROJ}/_apis/pipelines?api-version=7.1")
+          echo "$RESP" | jq .
+          PIPELINE_ID=$(echo "$RESP" | jq -r '.id')
+          if [ -z "$PIPELINE_ID" ] || [ "$PIPELINE_ID" = "null" ]; then echo "Create failed"; exit 1; fi
+          echo "PIPELINE_ID=$PIPELINE_ID" >> $GITHUB_ENV
+
+      - name: Run pipeline for exact PR commit
+        id: run
+        env:
+          ADO_TOKEN: ${{ env.ADO_TOKEN }}
+        run: |
+          ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
+          PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
+          PIPELINE_ID="${PIPELINE_ID}"
+          BODY=$(jq -n --arg ref "refs/heads/${PR_BRANCH}" --arg ver "${PR_SHA}" \
+            '{resources:{repositories:{self:{refName:$ref, version:$ver}}}}')
+          RUN=$(curl -sS -X POST -H "Authorization: Bearer ${ADO_TOKEN}" -H "Content-Type: application/json" \
+            -d "${BODY}" "https://dev.azure.com/${ORG}/${PROJ}/_apis/pipelines/${PIPELINE_ID}/runs?api-version=7.1")
+          echo "$RUN" | jq .
+          RUN_ID=$(echo "$RUN" | jq -r '.id')
+          if [ -z "$RUN_ID" ] || [ "$RUN_ID" = "null" ]; then echo "Queue failed"; exit 1; fi
+          echo "RUN_ID=$RUN_ID" >> $GITHUB_ENV
+
+      - name: Wait for completion
+        env:
+          ADO_TOKEN: ${{ env.ADO_TOKEN }}
+        run: |
+          ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
+          PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
+          echo "Polling run ${RUN_ID}..."
+          while true; do
+            R=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
+              "https://dev.azure.com/${ORG}/${PROJ}/_apis/pipelines/${PIPELINE_ID}/runs/${RUN_ID}?api-version=7.1")
+            STATE=$(echo "$R" | jq -r '.state')
+            RESULT=$(echo "$R" | jq -r '.result')
+            echo "state=$STATE result=$RESULT"
+            if [ "$STATE" = "completed" ]; then
+              [ "$RESULT" = "succeeded" ] && exit 0 || exit 1
+            fi
+            sleep 10
+          done
+
+      - name: Delete ephemeral pipeline (cleanup)
+        if: ${{ !cancelled() }}
+        env:
+          ADO_TOKEN: ${{ env.ADO_TOKEN }}
+        run: |
+          ORG="${AZDO_ORG:-${{ env.AZDO_ORG }}}"
+          PROJ="${AZDO_PROJECT:-${{ env.AZDO_PROJECT }}}"
+          # Resuelve build definition por nombre y bórrala
+          DEF=$(curl -sS -H "Authorization: Bearer ${ADO_TOKEN}" \
+            "https://dev.azure.com/${ORG}/${PROJ}/_apis/build/definitions?name=${PIPELINE_NAME}&api-version=7.1")
+          DEF_ID=$(echo "$DEF" | jq -r '.value[0].id')
+          if [ -n "$DEF_ID" ] && [ "$DEF_ID" != "null" ]; then
+            curl -sS -X DELETE -H "Authorization: Bearer ${ADO_TOKEN}" \
+              "https://dev.azure.com/${ORG}/${PROJ}/_apis/build/definitions/${DEF_ID}?api-version=7.1" \
+              -o /dev/null -w "Deleted definition ${DEF_ID} (HTTP %{http_code})\n"
+          else
+            echo "No build definition found for ${PIPELINE_NAME}; nothing to delete."
+          fi
