@@ -93,3 +93,105 @@ jobs:
9393name : Check cluster
9494 run : |
9595 az aks agent "Is my cluster healthy?" --resource-group ${{ steps.cluster-info.outputs.RESOURCE_GROUP }} --name ${{ steps.cluster-info.outputs.CLUSTER_NAME }} --namespace aks-mcp --no-interactive
96+ name : " Copilot - AKS Access"
97+
98+ on :
99+ workflow_dispatch :
100+ inputs :
101+ resource_group :
102+ description : ' Azure Resource Group'
103+ required : true
104+ default : ' rg-anyscale-demo'
105+ cluster_name :
106+ description : ' AKS Cluster Name'
107+ required : true
108+ default : ' aks-eastus2'
109+ issues :
110+ types : [labeled]
111+
112+ env :
113+ ARM_CLIENT_ID : ${{ secrets.ARM_CLIENT_ID }}
114+ ARM_SUBSCRIPTION_ID : ${{ secrets.ARM_SUBSCRIPTION_ID }}
115+ ARM_TENANT_ID : ${{ secrets.ARM_TENANT_ID }}
116+ ARM_USE_OIDC : true
117+
118+ permissions :
119+ id-token : write
120+ contents : read
121+ issues : write
122+
123+ jobs :
124+ copilot-setup-steps :
125+ runs-on : ubuntu-latest
126+ environment : copilot
127+ # Only run on label events if the label starts with 'cluster/'
128+ if : github.event_name == 'workflow_dispatch' || startsWith(github.event.label.name, 'cluster/')
129+
130+ # Job-level permissions override workflow-level, so you must include id-token here
131+ permissions :
132+ contents : write
133+ id-token : write # Required for Azure federated identity
134+
135+ steps :
136+ - name : Checkout code
137+ uses : actions/checkout@v5
138+
139+ - name : Parse cluster info from label or inputs
140+ id : cluster-info
141+ run : |
142+ if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
143+ # Use workflow inputs
144+ echo "RESOURCE_GROUP=${{ github.event.inputs.resource_group }}" >> $GITHUB_OUTPUT
145+ echo "CLUSTER_NAME=${{ github.event.inputs.cluster_name }}" >> $GITHUB_OUTPUT
146+ echo "Using workflow inputs: RG=${{ github.event.inputs.resource_group }}, Cluster=${{ github.event.inputs.cluster_name }}"
147+ else
148+ # Parse from label: cluster/<resource-group>/<cluster-name>
149+ LABEL="${{ github.event.label.name }}"
150+ echo "Parsing label: $LABEL"
151+
152+ # Extract resource group and cluster name from label
153+ # Expected format: cluster/<resource-group>/<cluster-name>
154+ RESOURCE_GROUP=$(echo "$LABEL" | cut -d'/' -f2)
155+ CLUSTER_NAME=$(echo "$LABEL" | cut -d'/' -f3)
156+
157+ if [ -z "$RESOURCE_GROUP" ] || [ -z "$CLUSTER_NAME" ]; then
158+ echo "ERROR: Invalid label format. Expected: cluster/<resource-group>/<cluster-name>"
159+ echo "Got: $LABEL"
160+ exit 1
161+ fi
162+
163+ echo "RESOURCE_GROUP=$RESOURCE_GROUP" >> $GITHUB_OUTPUT
164+ echo "CLUSTER_NAME=$CLUSTER_NAME" >> $GITHUB_OUTPUT
165+ echo "Parsed from label: RG=$RESOURCE_GROUP, Cluster=$CLUSTER_NAME"
166+ fi
167+
168+ name : Azure CLI Login
169+ uses : azure/login@v2
170+ with :
171+ client-id : ${{ secrets.ARM_CLIENT_ID }}
172+ tenant-id : ${{ secrets.ARM_TENANT_ID }}
173+ subscription-id : ${{ secrets.ARM_SUBSCRIPTION_ID }}
174+
175+ - name : Verify Azure Login
176+ run : |
177+ echo "Verifying Azure authentication..."
178+ az account show
179+
180+ name : Get AKS Credentials
181+ run : |
182+ echo "Fetching kubeconfig for cluster ${{ steps.cluster-info.outputs.CLUSTER_NAME }}..."
183+ az aks get-credentials \
184+ --resource-group ${{ steps.cluster-info.outputs.RESOURCE_GROUP }} \
185+ --name ${{ steps.cluster-info.outputs.CLUSTER_NAME }} \
186+ --overwrite-existing
187+ echo "Kubeconfig fetched successfully!"
188+ name : Run AKS agent health check (TTY-safe)
189+ uses : azure/CLI@v2
190+ with :
191+ inlineScript : |
192+ set -euo pipefail
193+
194+ # `script` provides a pseudo-TTY so the exec-in-pod path doesn't crash in CI
195+ script -q -e -c \
196+ 'az aks agent "Is my cluster healthy?"--resource-group ${{ steps.cluster-info.outputs.RESOURCE_GROUP }} --name ${{ steps.cluster-info.outputs.CLUSTER_NAME }} --namespace aks-mcp --no-interactive' \
197+ /dev/null
0 commit comments