LCORE-861: Azure Entra ID Authentication #1593
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/e2e_test.yml | |
| name: E2E Tests | |
| on: [push, pull_request_target] | |
| jobs: | |
| e2e_tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| environment: [ "ci", "azure"] | |
| env: | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
| CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
| TENANT_ID: ${{ secrets.TENANT_ID }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # On PR_TARGET → the fork (or same repo) that opened the PR. | |
| # On push → falls back to the current repository. | |
| repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} | |
| # On PR_TARGET → the PR head *commit* (reproducible). | |
| # On push → the pushed commit that triggered the workflow. | |
| ref: ${{ github.event.pull_request.head.ref || github.sha }} | |
| # Don’t keep credentials when running untrusted PR code under PR_TARGET. | |
| persist-credentials: ${{ github.event_name != 'pull_request_target' }} | |
| - name: Verify actual git checkout result | |
| run: | | |
| echo "=== Git Status After Checkout ===" | |
| echo "Remote URLs:" | |
| git remote -v | |
| echo "" | |
| echo "Current branch: $(git branch --show-current 2>/dev/null || echo 'detached HEAD')" | |
| echo "Current commit: $(git rev-parse HEAD)" | |
| echo "Current commit message: $(git log -1 --oneline)" | |
| echo "" | |
| echo "=== Recent commits (should show setup-metrics commits) ===" | |
| git log --oneline -5 | |
| - uses: 1arp/create-a-file-action@0.4.5 | |
| env: | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| with: | |
| path: '.' | |
| isAbsolutePath: false | |
| file: 'lightspeed-stack.yaml' | |
| content: | | |
| name: Lightspeed Core Service (LCS) | |
| service: | |
| host: 0.0.0.0 | |
| port: 8080 | |
| auth_enabled: false | |
| workers: 1 | |
| color_log: true | |
| access_log: true | |
| llama_stack: | |
| # Uses a remote llama-stack service | |
| # The instance would have already been started with a llama-stack-run.yaml file | |
| use_as_library_client: false | |
| # Alternative for "as library use" | |
| # use_as_library_client: true | |
| # library_client_config_path: <path-to-llama-stack-run.yaml-file> | |
| url: http://llama-stack:8321 | |
| api_key: xyzzy | |
| user_data_collection: | |
| feedback_enabled: true | |
| feedback_storage: "/tmp/data/feedback" | |
| transcripts_enabled: true | |
| transcripts_storage: "/tmp/data/transcripts" | |
| authentication: | |
| module: "noop" | |
| - name: Get Azure API key (access token) | |
| if: matrix.environment == 'azure' | |
| id: azure_token | |
| env: | |
| CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
| CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
| TENANT_ID: ${{ secrets.TENANT_ID }} | |
| run: | | |
| echo "Requesting Azure API token..." | |
| RESPONSE=$(curl -s -X POST \ | |
| -H "Content-Type: application/x-www-form-urlencoded" \ | |
| -d "client_id=$CLIENT_ID&scope=https://cognitiveservices.azure.com/.default&client_secret=$CLIENT_SECRET&grant_type=client_credentials" \ | |
| "https://login.microsoftonline.com/$TENANT_ID/oauth2/v2.0/token") | |
| echo "Response received. Extracting access_token..." | |
| ACCESS_TOKEN=$(echo "$RESPONSE" | jq -r '.access_token') | |
| if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" == "null" ]; then | |
| echo "❌ Failed to obtain Azure access token. Response:" | |
| echo "$RESPONSE" | |
| exit 1 | |
| fi | |
| echo "✅ Successfully obtained Azure access token." | |
| echo "AZURE_API_KEY=$ACCESS_TOKEN" >> $GITHUB_ENV | |
| - name: Select and configure run.yaml | |
| env: | |
| CONFIG_ENVIRONMENT: ${{ matrix.environment || 'ci' }} | |
| run: | | |
| CONFIGS_DIR="tests/e2e/configs" | |
| ENVIRONMENT="$CONFIG_ENVIRONMENT" | |
| echo "Looking for configurations in $CONFIGS_DIR/" | |
| # List available configurations | |
| if [ -d "$CONFIGS_DIR" ]; then | |
| echo "Available configurations:" | |
| ls -la "$CONFIGS_DIR"/*.yaml 2>/dev/null || echo "No YAML files found in $CONFIGS_DIR/" | |
| else | |
| echo "Configs directory '$CONFIGS_DIR' not found!" | |
| exit 1 | |
| fi | |
| # Determine which config file to use | |
| CONFIG_FILE="$CONFIGS_DIR/run-$ENVIRONMENT.yaml" | |
| echo "Looking for: $CONFIG_FILE" | |
| if [ -f "$CONFIG_FILE" ]; then | |
| echo "Found config for environment: $ENVIRONMENT" | |
| cp "$CONFIG_FILE" run.yaml | |
| else | |
| echo "Configuration file not found: $CONFIG_FILE" | |
| echo "Available files in $CONFIGS_DIR:" | |
| ls -la "$CONFIGS_DIR/" | |
| exit 1 | |
| fi | |
| # Update paths for container environment (relative -> absolute) | |
| sed -i 's|db_path: \.llama/distributions|db_path: /app-root/.llama/distributions|g' run.yaml | |
| sed -i 's|db_path: tmp/|db_path: /app-root/.llama/distributions/|g' run.yaml | |
| # Set OpenAI API key for container | |
| sed -i "s|api_key: \${env\.OPENAI_API_KEY}|api_key: $OPENAI_API_KEY|g" run.yaml | |
| echo "Successfully configured for environment: $ENVIRONMENT" | |
| echo "Using configuration: $(basename "$CONFIG_FILE")" | |
| - name: Show final configuration | |
| run: | | |
| echo "=== Configuration Summary ===" | |
| echo "Source config: tests/e2e/configs/run-ci.yaml" | |
| echo "Final file: run.yaml" | |
| echo "Container mount: /app-root/run.yaml" | |
| echo "" | |
| echo "=== Final Configuration Preview ===" | |
| echo "Providers: $(grep -c "provider_id:" run.yaml)" | |
| echo "Models: $(grep -c "model_id:" run.yaml)" | |
| echo "" | |
| - name: Run service manually | |
| env: | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| run: | | |
| # Debug: Check if environment variable is available for docker-compose | |
| echo "OPENAI_API_KEY is set: $([ -n "$OPENAI_API_KEY" ] && echo 'YES' || echo 'NO')" | |
| echo "OPENAI_API_KEY length: ${#OPENAI_API_KEY}" | |
| docker compose version | |
| docker compose up -d | |
| # Check for errors and show logs if any services failed | |
| if docker compose ps | grep -E 'Exit|exited|stopped'; then | |
| echo "Some services failed to start - showing logs:" | |
| docker compose logs | |
| exit 1 | |
| else | |
| echo "All services started successfully" | |
| fi | |
| - name: Wait for services | |
| run: | | |
| echo "Waiting for services to be healthy..." | |
| sleep 20 # adjust depending on boot time | |
| - name: Quick connectivity test | |
| run: | | |
| echo "Testing basic connectivity before full test suite..." | |
| curl -f http://localhost:8080/v1/models || { | |
| echo "❌ Basic connectivity failed - showing logs before running full tests" | |
| docker compose logs --tail=30 | |
| exit 1 | |
| } | |
| - name: Run e2e tests | |
| env: | |
| TERM: xterm-256color | |
| FORCE_COLOR: 1 | |
| run: | | |
| echo "Installing test dependencies..." | |
| pip install uv | |
| uv sync | |
| echo "Running comprehensive e2e test suite..." | |
| make test-e2e | |
| - name: Show logs on failure | |
| if: failure() | |
| run: | | |
| echo "=== Test failure logs ===" | |
| echo "=== llama-stack logs ===" | |
| docker compose logs llama-stack | |
| echo "" | |
| echo "=== lightspeed-stack logs ===" | |
| docker compose logs lightspeed-stack |