ci: Unbounded Services in Kubernetes

.github/workflows/all_solutions.yml

@@ -5,6 +5,8 @@ on:
     branches:
       - main
       - "feature/**"
+    paths-ignore:
+      - "tests/Agent/IntegrationTests/UnboundedServices/**"
 
   release:
     types: [published]

.github/workflows/check_modified_files.yml

@@ -38,5 +38,6 @@ jobs:
               filters: |
                 non-workflow-files-changed:
                   - '!.github/**'
+                  - '!tests/Agent/IntegrationTests/UnboundedServices/**'
               list-files: 'csv'
 

.github/workflows/deploy-k8s-unboundedservices.yml

@@ -4,12 +4,156 @@ name: Deploy UnboundedServices to AKS
 
 on:
   workflow_dispatch:
+    inputs:
+      images_to_build:
+        description: "Images to build and push (optional; valid values: couchbase elastic elastic7 mongodb32 mongodb60 mssql mysql oracle postgres rabbitmq redis)"
+        required: false
+        type: string
+        default: ""
+      deploy_to_aks:
+        description: "Deploy to AKS"
+        required: false
+        type: boolean
+        default: false
+      restart_services:
+        description: "Restart services"
+        required: false
+        type: boolean
+        default: false
+
+permissions:
+  id-token: write # Required for Azure login
+  contents: read
 
 jobs:
-  placeholder:
-    name: Placeholder Job
+  build-and-deploy:
     runs-on: ubuntu-latest
+    environment: integration-test # required for azure login; federated credentials reference this environment
+    env:
+      ACR_NAME: ${{ secrets.AZURE_UNBOUNDED_SERVICES_REGISTRY_NAME }}
+      RESOURCE_GROUP: ${{ secrets.AZURE_INTEGRATION_TEST_SERVICES_RESOURCE_GROUP }}
+      PUBLIC_IP_NAME: ${{ secrets.AZURE_K8S_PUBLIC_IP_NAME }}
+      CLUSTER_NAME: ${{ secrets.AZURE_K8S_CLUSTER_NAME }}
     steps:
-      - name: Do nothing
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          disable-sudo: true
+          egress-policy: audit
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Azure Login
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        with:
+          client-id: ${{ secrets.AZURE_UNBOUNDED_SERVICES_MANAGED_IDENTITY_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_UNBOUNDED_SERVICES_MANAGED_IDENTITY_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      - name: Azure Container Registry Login
+        uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c # v2.0.0
+        with:
+          login-server: ${{ secrets.AZURE_UNBOUNDED_SERVICES_REGISTRY_LOGIN_SERVER }}
+          username: ${{ secrets.AZURE_UNBOUNDED_SERVICES_REGISTRY_USERNAME }}
+          password: ${{ secrets.AZURE_UNBOUNDED_SERVICES_REGISTRY_PASSWORD }}
+      - name: Build and Push Docker Images to ACR
+        if: ${{ inputs.images_to_build != '' }}
+        shell: bash
+        run: |
+          chmod +x ./tests/Agent/IntegrationTests/UnboundedServices/build_and_push_acr.sh
+          cd ./tests/Agent/IntegrationTests/UnboundedServices
+
+          # Validate input
+          SERVICES="${{ inputs.images_to_build }}"
+          # Trim leading/trailing whitespace
+          SERVICES=$(echo "$SERVICES" | xargs)
+
+          # Validate each service name
+          VALID_SERVICES=("couchbase" "elastic" "elastic7" "mongodb32" "mongodb60" "mssql" "mysql" "oracle" "postgres" "rabbitmq" "redis")
+          INVALID_SERVICES=()
+
+          for service in $SERVICES; do
+            VALID=false
+            for valid_service in "${VALID_SERVICES[@]}"; do
+              if [ "$service" = "$valid_service" ]; then
+                VALID=true
+                break
+              fi
+            done
+
+            if [ "$VALID" = "false" ]; then
+              INVALID_SERVICES+=("$service")
+            fi
+          done
+
+          # If any invalid services, show error and exit
+          if [ ${#INVALID_SERVICES[@]} -gt 0 ]; then
+            echo "Error: Invalid service names found: ${INVALID_SERVICES[*]}"
+            echo "Valid service names are: ${VALID_SERVICES[*]}"
+            exit 1
+          fi
+
+          echo "Building selected services: $SERVICES"
+          ./build_and_push_acr.sh $ACR_NAME $RESOURCE_GROUP $SERVICES
+      - name: Create Kubernetes Secrets Manifest
+        if: ${{ inputs.deploy_to_aks == true }}
+        env:
+          TEST_SECRETS: ${{ secrets.TEST_SECRETS }}
+        run: |
+          chmod +x ./tests/Agent/IntegrationTests/UnboundedServices/create_k8s_secrets.sh
+          cd ./tests/Agent/IntegrationTests/UnboundedServices
+          ./create_k8s_secrets.sh
+      - name: Set AKS Context
+        if: ${{ inputs.deploy_to_aks == true || inputs.restart_services == true }}
+        uses: azure/aks-set-context@v3
+        with:
+          resource-group: ${{ env.RESOURCE_GROUP }}
+          cluster-name: ${{ env.CLUSTER_NAME }}
+      - name: Get the public IP address from Azure and set it as an environment variable
+        if: ${{ inputs.deploy_to_aks == true }}
+        run: |
+          PUBLIC_IP=$(az network public-ip show --resource-group $RESOURCE_GROUP --name $PUBLIC_IP_NAME --query ipAddress -o tsv)
+          echo "PUBLIC_IP=$PUBLIC_IP" >> $GITHUB_ENV
+      - name: Deploy to AKS
+        if: ${{ inputs.deploy_to_aks == true }}
+        run: |
+          chmod +x ./tests/Agent/IntegrationTests/UnboundedServices/deploy_to_aks.sh
+          cd ./tests/Agent/IntegrationTests/UnboundedServices
+          ./deploy_to_aks.sh
+
+      - name: Restart all services
+        if: ${{ inputs.restart_services == true }}
         run: |
-          echo "This is a placeholder workflow that doesn't actually do anything."
+          echo "Restarting all deployments to pull latest images..."
+
+          # Get list of deployments in the unbounded-services namespace
+          DEPLOYMENTS=$(kubectl get deployments -n unbounded-services -o name)
+
+          for deployment in $DEPLOYMENTS; do
+            # Extract deployment name without the "deployment.apps/" prefix
+            DEPLOY_NAME=$(echo $deployment | sed 's/deployment.apps\///')
+
+            echo "Force restarting $deployment"
+
+            # Get current pod(s) for this deployment
+            PODS=$(kubectl get pods -n unbounded-services -l app=$DEPLOY_NAME -o name)
+
+            # Force delete the pods
+            for pod in $PODS; do
+              echo "Force deleting $pod"
+              kubectl delete $pod -n unbounded-services --force --grace-period=0
+            done
+
+            # Restart the deployment
+            echo "Restarting $deployment"
+            kubectl rollout restart $deployment -n unbounded-services
+
+            # Wait briefly to allow new pods to start creating
+            sleep 5
+          done
+
+          # Wait for all rollouts to complete
+          for deployment in $DEPLOYMENTS; do
+            echo "Waiting for rollout of $deployment to complete..."
+            kubectl rollout status $deployment -n unbounded-services --timeout=300s || true
+          done
+
+          echo "All services have been restarted and are running with the latest images."

tests/Agent/IntegrationTests/Shared/OracleConfiguration.cs

@@ -4,15 +4,17 @@
 
 using System;
 using System.Data.Common;
+using System.Text.RegularExpressions;
 
 namespace NewRelic.Agent.IntegrationTests.Shared
 {
-    public class OracleConfiguration
+    public static class OracleConfiguration
     {
         private static string _oracleConnectionString;
         private static string _oracleDataSource;
         private static string _oracleServer;
         private static string _oraclePort;
+        private static bool _parsedHostPort = false;
 
         // example: "Data Source=1.2.3.4:4444/XE;User Id=SYSTEM;Password=oraclePassword;"
         public static string OracleConnectionString
@@ -61,19 +63,7 @@ public static string OracleServer
         {
             get
             {
-                if (_oracleServer == null)
-                {
-                    try
-                    {
-                        var uri = new UriBuilder(OracleDataSource);
-                        _oracleServer = uri.Host;
-                    }
-                    catch (Exception ex)
-                    {
-                        throw new Exception("OracleServer configuration is invalid.", ex);
-                    }
-                }
-
+                EnsureHostPortParsed();
                 return _oracleServer;
             }
         }
@@ -82,20 +72,43 @@ public static string OraclePort
         {
             get
             {
-                if (_oraclePort == null)
+                EnsureHostPortParsed();
+                return _oraclePort;
+            }
+        }
+
+        // Ensures host and port are parsed and cached only once
+        private static void EnsureHostPortParsed()
+        {
+            if (!_parsedHostPort)
+            {
+                try
                 {
-                    try
-                    {
-                        var uri = new UriBuilder(OracleDataSource);
-                        _oraclePort = uri.Port.ToString();
-                    }
-                    catch (Exception ex)
-                    {
-                        throw new Exception("OraclePort configuration is invalid.", ex);
-                    }
+                    ParseHostAndPort(OracleDataSource, out _oracleServer, out _oraclePort);
+                    _parsedHostPort = true;
+                }
+                catch (Exception ex)
+                {
+                    throw new Exception("OracleServer or OraclePort configuration is invalid.", ex);
                 }
+            }
+        }
 
-                return _oraclePort;
+        // Parses host and port from a data source string like host:port/service
+        private static void ParseHostAndPort(string dataSource, out string host, out string port)
+        {
+            // Regex matches host (hostname or IPv4), port, and ignores service name
+            var match = Regex.Match(dataSource, @"^(?<host>[^:/\[]+(?:\.[^:/\[]+)*)[:](?<port>\d+)");
+            if (match.Success)
+            {
+                host = match.Groups["host"].Value;
+                port = match.Groups["port"].Value;
+            }
+            else
+            {
+                host = string.Empty;
+                port = string.Empty;
+                throw new FormatException($"Could not parse host and port from data source: {dataSource}");
             }
         }
     }

tests/Agent/IntegrationTests/Shared/StackExchangeRedisConfiguration.cs

@@ -3,6 +3,7 @@
 
 
 using System;
+using System.Text.RegularExpressions;
 
 namespace NewRelic.Agent.IntegrationTests.Shared
 {
@@ -12,6 +13,7 @@ public class StackExchangeRedisConfiguration
         private static string _stackExchangeRedisServer;
         private static string _stackExchangeRedisPort;
         private static string _stackExchangeRedisPassword;
+        private static bool _parsedHostPort = false;
 
         // example: "1.2.3.4:4444"
         public static string StackExchangeRedisConnectionString
@@ -39,19 +41,7 @@ public static string StackExchangeRedisServer
         {
             get
             {
-                if (_stackExchangeRedisServer == null)
-                {
-                    try
-                    {
-                        var uri = new UriBuilder(StackExchangeRedisConnectionString);
-                        _stackExchangeRedisServer = uri.Host;
-                    }
-                    catch (Exception ex)
-                    {
-                        throw new Exception("StackExchangeRedisServer configuration is invalid.", ex);
-                    }
-                }
-
+                EnsureHostPortParsed();
                 return _stackExchangeRedisServer;
             }
         }
@@ -60,20 +50,42 @@ public static string StackExchangeRedisPort
         {
             get
             {
-                if (_stackExchangeRedisPort == null)
+                EnsureHostPortParsed();
+                return _stackExchangeRedisPort;
+            }
+        }
+
+        // Ensures host and port are parsed and cached only once
+        private static void EnsureHostPortParsed()
+        {
+            if (!_parsedHostPort)
+            {
+                try
                 {
-                    try
-                    {
-                        var uri = new UriBuilder(StackExchangeRedisConnectionString);
-                        _stackExchangeRedisPort = uri.Port.ToString();
-                    }
-                    catch (Exception ex)
-                    {
-                        throw new Exception("StackExchangeRedisPort configuration is invalid.", ex);
-                    }
+                    ParseHostAndPort(StackExchangeRedisConnectionString, out _stackExchangeRedisServer, out _stackExchangeRedisPort);
+                    _parsedHostPort = true;
+                }
+                catch (Exception ex)
+                {
+                    throw new Exception("StackExchangeRedisServer or StackExchangeRedisPort configuration is invalid.", ex);
                 }
+            }
+        }
 
-                return _stackExchangeRedisPort;
+        // Parses host and port from a connection string like host:port
+        private static void ParseHostAndPort(string connectionString, out string host, out string port)
+        {
+            var match = Regex.Match(connectionString, @"^(?<host>[^:/\[]+(?:\.[^:/\[]+)*)[:](?<port>\d+)");
+            if (match.Success)
+            {
+                host = match.Groups["host"].Value;
+                port = match.Groups["port"].Value;
+            }
+            else
+            {
+                host = string.Empty;
+                port = string.Empty;
+                throw new FormatException($"Could not parse host and port from connection string: {connectionString}");
             }
         }
         public static string StackExchangeRedisPassword

tests/Agent/IntegrationTests/SharedApplications/Common/MultiFunctionApplicationHelpers/MultiFunctionApplicationHelpers.csproj

@@ -59,13 +59,14 @@
     <PackageReference Include="EnterpriseLibrary.Data" Version="6.0.1304" Condition="'$(TargetFramework)' == 'net462'" />
 
     <!-- MySql.Data framework references -->
-    <PackageReference Include="MySql.Data" Version="6.10.7" Condition="'$(TargetFramework)' == 'net462'" />
-    <PackageReference Include="MySql.Data" Version="8.0.15" Condition="'$(TargetFramework)' == 'net471'" />
-    <PackageReference Include="MySql.Data" Version="8.0.30" Condition="'$(TargetFramework)' == 'net48'" />
+    <!-- Oldest we can test with the "modern" MySql database we're running is 8.0.28 due to a character encoding bug -->
+    <PackageReference Include="MySql.Data" Version="8.0.28" Condition="'$(TargetFramework)' == 'net462'" />
+    <PackageReference Include="MySql.Data" Version="8.0.33" Condition="'$(TargetFramework)' == 'net471'" />
+    <PackageReference Include="MySql.Data" Version="8.4.0" Condition="'$(TargetFramework)' == 'net48'" />
     <!-- MySql.Data v8.0.33 is a breaking change for the agent and requires agent version 10.11.1 or greater -->
 
     <!-- MySql.Data .NET/Core references -->
-    <PackageReference Include="MySql.Data" Version="6.10.7" Condition="'$(TargetFramework)' == 'net8.0'" />
+    <PackageReference Include="MySql.Data" Version="8.0.28" Condition="'$(TargetFramework)' == 'net8.0'" />
 
     <!-- mongocsharpdriver Legacy MongoDB driver references -->
     <PackageReference Include="mongocsharpdriver" Version="1.10.0" Condition="'$(TargetFramework)' == 'net462'" />