Merge pull request #37 from equinor/snyk-fix-96573f3bbe02425f4c8fdd20… #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Database | |
| on: | |
| push: | |
| branches: [main, release] | |
| permissions: | |
| actions: read | |
| checks: read | |
| contents: read | |
| deployments: read | |
| id-token: write | |
| issues: read | |
| discussions: read | |
| packages: read | |
| pages: read | |
| pull-requests: read | |
| repository-projects: read | |
| security-events: read | |
| statuses: read | |
| jobs: | |
| get-target-configs: | |
| name: Get target configs for branch | |
| outputs: | |
| target_configs: ${{ steps.get-target-configs.outputs.target_configs }} | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Get target configs | |
| id: get-target-configs | |
| run: | | |
| configs=$(ls $GITHUB_WORKSPACE/.github/workflows/config/${GITHUB_REF_NAME} | jq -Rsc '. / "\n" - [""]') | |
| echo "target_configs=${configs}" >> $GITHUB_OUTPUT | |
| deploy-sql-server: | |
| runs-on: ubuntu-20.04 | |
| needs: | |
| - get-target-configs | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| config: ${{ fromJson(needs.get-target-configs.outputs.target_configs) }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Persist environment from ${{ matrix.config }} across steps | |
| run: | | |
| $GITHUB_WORKSPACE/.github/workflows/scripts/persist-env.sh ${{ matrix.config }} | |
| - uses: azure/login@v1 | |
| with: | |
| client-id: ${{ env.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ env.AZURE_TENANT_ID }} | |
| subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} | |
| - name: Get DB password from KV | |
| run: | | |
| db_admin_pw=$(az keyvault secret show --id https://${KEY_VAULT_NAME}.vault.azure.net/secrets/${DB_ADMIN_SECRET_NAME} --query value --output tsv) | |
| echo "::add-mask::$db_admin_pw" | |
| echo "DB_ADMIN_PASSWORD=$db_admin_pw" >> $GITHUB_ENV | |
| - name: Generate random firewall rule name | |
| run: | | |
| fw_rule_name="github-runner-$(uuidgen)" | |
| echo "FIREWALL_RULE_NAME=$fw_rule_name" >> $GITHUB_ENV | |
| - name: Install SqlServer PS module | |
| shell: pwsh | |
| run: | | |
| Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted | |
| Install-Module -Name SqlServer | |
| - name: Whitelist Runner IP in firewalls | |
| shell: pwsh | |
| run: | | |
| ./.github/workflows/scripts/whitelist-ip.ps1 -FirewallRuleName "${env:FIREWALL_RULE_NAME}" | |
| - name: Creating DB schema and tables | |
| shell: pwsh | |
| run: | | |
| ./.github/workflows/scripts/create-db.ps1 | |
| - name: Blacklist Runner IP in firewalls | |
| shell: pwsh | |
| if: ${{ always() }} | |
| run: | | |
| ./.github/workflows/scripts/blacklist-ip.ps1 -FirewallRuleName "${env:FIREWALL_RULE_NAME}" |