Migrate database #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Migrate database | |
on: | |
workflow_dispatch: | |
inputs: | |
environment_name: | |
type: string | |
description: Select the environment name to run the actions on | |
required: true | |
default: all | |
environment_type: | |
type: choice | |
description: Select environment type | |
options: | |
- staging | |
- production | |
- staging and production | |
default: staging | |
# this ensures that only one CI pipeline with the same key | |
# can run at once in order to prevent undefined states | |
concurrency: database-migrate-mutex | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
load-config: | |
uses: ./.github/workflows/load-config.yaml | |
check-secrets: | |
name: Check that sufficient secrets are specified for environment name | |
runs-on: ubuntu-20.04 | |
needs: load-config | |
strategy: | |
matrix: | |
environment_name: ${{ fromJson(needs.load-config.outputs.environment_names) }} | |
environment: ${{ matrix.environment_name }} | |
steps: | |
- id: check-secrets-for-environment | |
name: Check if necessary secrets are installed. | |
run: |- | |
echo Checking if secrets are defined in the repository. | |
if [ -z "${{ secrets.AWS_ACCOUNT_ID }}" ] | |
then | |
echo AWS Account ID is not defined. | |
ERROR=true | |
fi | |
if [ -z "${{ secrets.AWS_REGION }}" ] | |
then | |
echo AWS Region is not defined. | |
ERROR=true | |
fi | |
if [ ! -z "$ERROR" ] | |
then | |
echo | |
echo This workflow requires some secrets to complete. | |
echo Please make they are created by adding/rotating them manually. | |
exit 1 | |
fi | |
migrate-database: | |
name: Migrate database | |
runs-on: ubuntu-20.04 | |
needs: [check-secrets, load-config] | |
strategy: | |
max-parallel: 1 | |
matrix: | |
environment: ${{ fromJson(needs.load-config.outputs.deployment_matrix) }} | |
environment: ${{ matrix.environment.name }} | |
steps: | |
- id: checkout | |
name: Check out source code | |
uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 14 | |
cache: 'npm' | |
cache-dependency-path: migrations/sql-migrations/package-lock.json | |
- id: setup-aws | |
name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ci-iac-role | |
aws-region: ${{ secrets.AWS_REGION }} | |
- id: setup-tunnel | |
name: Setup tunnel to connect to RDS | |
run: ./workflow-utils/rds-tunnel.sh ${{ matrix.environment.type }} default ${{ secrets.AWS_REGION }} ${{ secrets.RDS_TUNNEL_PORT }} READER | |
- id: install | |
name: Install dependencies | |
working-directory: ./migrations/sql-migrations | |
run: |- | |
echo "Running CI with " | |
echo "Node version: $(node --version)" | |
echo "NPM version: $(npm --version)" | |
git config --global url."https://".insteadOf ssh:// | |
npm ci | |
npm install -g knex | |
- id: run-migration | |
name: Run database migration | |
working-directory: ./migrations/sql-migrations | |
run: NODE_ENV=${{ matrix.environment.type }} SANDBOX_ID=default AWS_ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID }} AWS_REGION=${{ secrets.AWS_REGION }} ./node_modules/.bin/knex migrate:latest | |
report-if-failed: | |
name: Report if workflow failed | |
runs-on: ubuntu-20.04 | |
needs: [load-config, check-secrets, migrate-database] | |
if: failure() && github.ref == 'refs/heads/master' | |
steps: | |
- id: send-to-slack | |
name: Send failure notification to Slack on failure | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.WORKFLOW_STATUS_BOT_TOKEN }} | |
uses: voxmedia/github-action-slack-notify-build@v1 | |
with: | |
channel: workflow-failures | |
status: FAILED | |
color: danger |