Skip to content

Migrate database

Migrate database #21

name: Migrate database
on:
workflow_dispatch:
inputs:
environment_name:
type: string
description: Select the environment name to run the actions on
required: true
default: all
environment_type:
type: choice
description: Select environment type
options:
- staging
- production
- staging and production
default: staging
# this ensures that only one CI pipeline with the same key
# can run at once in order to prevent undefined states
concurrency: database-migrate-mutex
permissions:
id-token: write
contents: read
jobs:
load-config:
uses: ./.github/workflows/load-config.yaml
check-secrets:
name: Check that sufficient secrets are specified for environment name
runs-on: ubuntu-20.04
needs: load-config
strategy:
matrix:
environment_name: ${{ fromJson(needs.load-config.outputs.environment_names) }}
environment: ${{ matrix.environment_name }}
steps:
- id: check-secrets-for-environment
name: Check if necessary secrets are installed.
run: |-
echo Checking if secrets are defined in the repository.
if [ -z "${{ secrets.AWS_ACCOUNT_ID }}" ]
then
echo AWS Account ID is not defined.
ERROR=true
fi
if [ -z "${{ secrets.AWS_REGION }}" ]
then
echo AWS Region is not defined.
ERROR=true
fi
if [ ! -z "$ERROR" ]
then
echo
echo This workflow requires some secrets to complete.
echo Please make they are created by adding/rotating them manually.
exit 1
fi
migrate-database:
name: Migrate database
runs-on: ubuntu-20.04
needs: [check-secrets, load-config]
strategy:
max-parallel: 1
matrix:
environment: ${{ fromJson(needs.load-config.outputs.deployment_matrix) }}
environment: ${{ matrix.environment.name }}
steps:
- id: checkout
name: Check out source code
uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 14
cache: 'npm'
cache-dependency-path: migrations/sql-migrations/package-lock.json
- id: setup-aws
name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ci-iac-role
aws-region: ${{ secrets.AWS_REGION }}
- id: setup-tunnel
name: Setup tunnel to connect to RDS
run: ./workflow-utils/rds-tunnel.sh ${{ matrix.environment.type }} default ${{ secrets.AWS_REGION }} ${{ secrets.RDS_TUNNEL_PORT }} READER
- id: install
name: Install dependencies
working-directory: ./migrations/sql-migrations
run: |-
echo "Running CI with "
echo "Node version: $(node --version)"
echo "NPM version: $(npm --version)"
git config --global url."https://".insteadOf ssh://
npm ci
npm install -g knex
- id: run-migration
name: Run database migration
working-directory: ./migrations/sql-migrations
run: NODE_ENV=${{ matrix.environment.type }} SANDBOX_ID=default AWS_ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID }} AWS_REGION=${{ secrets.AWS_REGION }} ./node_modules/.bin/knex migrate:latest
report-if-failed:
name: Report if workflow failed
runs-on: ubuntu-20.04
needs: [load-config, check-secrets, migrate-database]
if: failure() && github.ref == 'refs/heads/master'
steps:
- id: send-to-slack
name: Send failure notification to Slack on failure
env:
SLACK_BOT_TOKEN: ${{ secrets.WORKFLOW_STATUS_BOT_TOKEN }}
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: workflow-failures
status: FAILED
color: danger