Add verification workflow for Repo Radius#12170
Conversation
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
Signed-off-by: sk593 <[email protected]>
bc99ce1 to
209f96d
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #12170 +/- ##
==========================================
- Coverage 52.89% 52.88% -0.01%
==========================================
Files 753 753
Lines 48550 48550
==========================================
- Hits 25681 25677 -4
- Misses 20450 20454 +4
Partials 2419 2419 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Brings in the radius-environment skill from the github-extension canvas-app branch and aligns it with the radius-verify-credentials.yml workflow template added in this PR. Key updates vs the canvas-app source: - Discovery step descriptions match the actual workflow steps (aws eks list-clusters, aws ec2 describe-vpcs/subnets, az group list, az aks list, az account list-locations) - Required vars vs written-back vars are clearly separated - Related files section points to .github/extension/ (the template home in this repo) instead of the canvas extension source paths Co-authored-by: Copilot <[email protected]>
There was a problem hiding this comment.
Pull request overview
This PR introduces the “Repo Radius” credential verification workflow template (to be copied into and run from target user repositories) plus supporting documentation and an agent skill to drive the environment-setup flow.
Changes:
- Add a
workflow_dispatchverification workflow template that authenticates to Azure/AWS via OIDC and uploads discovery data as an artifact. - Add
.github/extension/README.mddocumenting the workflow’s trigger, permissions, required variables, and cloud-side OIDC prerequisites. - Add a new
radius-environmentskill describing the environment setup + verification/discovery flow.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
.github/skills/radius-environment/SKILL.md |
Adds an environment setup/verification skill (needs a backing contributor doc link per repo conventions). |
.github/extension/README.md |
Documents how the workflow template is consumed (copied into target repos and dispatched). |
.github/extension/radius-verify-credentials.yml |
Adds the verification + discovery workflow template (needs action SHA pinning, provider config validation, and less-silent discovery failures). |
Co-authored-by: Copilot Autofix powered by AI <[email protected]> Signed-off-by: Shruthi Kumar <[email protected]>
Co-authored-by: Copilot Autofix powered by AI <[email protected]> Signed-off-by: Shruthi Kumar <[email protected]>
Co-authored-by: Copilot Autofix powered by AI <[email protected]> Signed-off-by: Shruthi Kumar <[email protected]>
Co-authored-by: sk593 <[email protected]>
Co-authored-by: Copilot Autofix powered by AI <[email protected]> Signed-off-by: Shruthi Kumar <[email protected]>
Co-authored-by: Copilot Autofix powered by AI <[email protected]> Signed-off-by: Shruthi Kumar <[email protected]>
Co-authored-by: Copilot Autofix powered by AI <[email protected]> Signed-off-by: Shruthi Kumar <[email protected]>
Radius functional test overviewClick here to see the test run details
Test Status⌛ Building Radius and pushing container images for functional tests... |
Description
Lands the Repo Radius verify credential-verification GitHub Actions workflow in this repository, plus a README.md documenting it.
The workflow contract is owned by Radius and consumed by the multi-cluster v1 work (#12106), so it needs a canonical, reviewed home here that any frontend (the Copilot app, the CLI, etc.) can drive.
This PR adds the verify workflow only. The companion deploy workflow and the RADIUS_TARGET_KUBECONFIG / KUBE_CONFIG_PATH integration contract will follow in a later PR.
What's added:
radius-verify-credentials.yml — a workflow_dispatch workflow that, per provider:
Authenticates to Azure/AWS via GitHub OIDC (no long-lived cloud secrets stored).
Verifies access (az account show / aws sts get-caller-identity, with the AWS account ID masked in logs).
Discovers resources (resource groups, AKS/EKS clusters, VPCs, subnets, locations) and uploads them as the radius-discovery artifact for the caller to read back.
Branches by provider so the same file serves Azure-only and AWS-only environments; steps are skipped when a provider's variables are empty.
README.md — documents the workflow's purpose, trigger, inputs, permissions, required GitHub Environment variables, and the cloud-side OIDC trust prerequisites.
Type of change
Fixes: #issue_number
Contributor checklist
Please verify that the PR meets the following requirements, where applicable:
eng/design-notes/in this repository, if new APIs are being introduced.