From a499329223cb36e169c35e488672b8a5215d717a Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Mon, 5 Feb 2024 18:22:51 +0100 Subject: [PATCH 01/61] handle errors in tests --- .github/workflows/pr.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 119b2e4..0fafaee 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -3,6 +3,11 @@ on: pull_request: branches: - main + +permissions: + id-token: write + contents: read + jobs: build: name: Build @@ -44,3 +49,20 @@ jobs: run: go mod download - name: Run Tests run: go test -cover `go list ./... | grep -v 'pkg/client'` + + test-sql-workflow: + name: Unit Test + runs-on: ubuntu-latest + environment: + steps: + - uses: actions/checkout@v4 + - uses: azure/login@v1 + with: + client-id: 9e11916f-356b-4fb1-94ae-f06cc8e473b8 + tenant-id: ${{ env.AZURE_TENANT_ID }} + subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} + + - uses: azure/sql-action@v2.2.1 + with: + connection-string: Server=sql-radix-vulnerability-scan-dev.database.windows.net;Initial Catalog=radix-vulnerability-scan;Authentication=Active Directory Default; Encrypt=True;TrustServerCertificate=False;Connection Timeout=30; + path: ./azure-infrastructure/sql-scripts/*.sql From 2e42a74a4a025e877e131f75c2949fbdad6d9fde Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Mon, 5 Feb 2024 18:24:47 +0100 Subject: [PATCH 02/61] add ids --- .github/workflows/pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 0fafaee..e606988 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -59,8 +59,8 @@ jobs: - uses: azure/login@v1 with: client-id: 9e11916f-356b-4fb1-94ae-f06cc8e473b8 - tenant-id: ${{ env.AZURE_TENANT_ID }} - subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} + tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0 + subscription-id: 16ede44b-1f74-40a5-b428-46cca9a5741b - uses: azure/sql-action@v2.2.1 with: From 03a689f66fcb3fddf8c15d7a9713ee72170f192f Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Mon, 5 Feb 2024 18:25:06 +0100 Subject: [PATCH 03/61] add ids --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index e606988..da9816e 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -51,7 +51,7 @@ jobs: run: go test -cover `go list ./... | grep -v 'pkg/client'` test-sql-workflow: - name: Unit Test + name: Test SQL runs-on: ubuntu-latest environment: steps: From de18661408b54b493cae82705aa1a09097c3ffc9 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 08:57:30 +0100 Subject: [PATCH 04/61] test no subs --- .github/workflows/pr.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index da9816e..61fb058 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -55,12 +55,16 @@ jobs: runs-on: ubuntu-latest environment: steps: + - uses: actions/checkout@v4 + - uses: azure/login@v1 with: - client-id: 9e11916f-356b-4fb1-94ae-f06cc8e473b8 - tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0 - subscription-id: 16ede44b-1f74-40a5-b428-46cca9a5741b + client-id: "9e11916f-356b-4fb1-94ae-f06cc8e473b8" + tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + # subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" + allow-no-subscriptions: true + - uses: azure/sql-action@v2.2.1 with: From 37e7f123b6e82b3be84613aa7961e53d3d6a85da Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 09:34:19 +0100 Subject: [PATCH 05/61] test multiline connection string --- .github/workflows/pr.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 61fb058..173c775 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -68,5 +68,10 @@ jobs: - uses: azure/sql-action@v2.2.1 with: - connection-string: Server=sql-radix-vulnerability-scan-dev.database.windows.net;Initial Catalog=radix-vulnerability-scan;Authentication=Active Directory Default; Encrypt=True;TrustServerCertificate=False;Connection Timeout=30; - path: ./azure-infrastructure/sql-scripts/*.sql + connection-string: > + Server=sql-radix-vulnerability-scan-dev.database.windows.net; + Initial Catalog=radix-vulnerability-scan; + Authentication=Active Directory Default; + Encrypt=True;TrustServerCertificate=False; + Connection Timeout=30; + path: './azure-infrastructure/sql-scripts/predeploy.sql' From 0c8ab8a8b0ac3adbffc64743dfada8d587bee312 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 09:39:13 +0100 Subject: [PATCH 06/61] test multiline connection string --- .github/workflows/pr.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 173c775..e341435 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -68,10 +68,13 @@ jobs: - uses: azure/sql-action@v2.2.1 with: - connection-string: > + connection-string: >- Server=sql-radix-vulnerability-scan-dev.database.windows.net; Initial Catalog=radix-vulnerability-scan; Authentication=Active Directory Default; - Encrypt=True;TrustServerCertificate=False; + Encrypt=True; + TrustServerCertificate=False; Connection Timeout=30; - path: './azure-infrastructure/sql-scripts/predeploy.sql' + path: | + ./azure-infrastructure/sql-scripts/predeploy.sql + ./azure-infrastructure/sql-scripts/roles.sql From 4e3a8a113d89bb5a12f9c03dbd99158237dd2f6c Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 09:52:49 +0100 Subject: [PATCH 07/61] test env variable --- .github/workflows/pr.yml | 42 ++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index e341435..5025760 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -53,7 +53,14 @@ jobs: test-sql-workflow: name: Test SQL runs-on: ubuntu-latest - environment: + env: + connection: >- + Server=sql-radix-vulnerability-scan-dev.database.windows.net; + Initial Catalog=radix-vulnerability-scan; + Authentication=Active Directory Default; + Encrypt=True; + TrustServerCertificate=False; + Connection Timeout=30; steps: - uses: actions/checkout@v4 @@ -65,16 +72,27 @@ jobs: # subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" allow-no-subscriptions: true - - uses: azure/sql-action@v2.2.1 with: - connection-string: >- - Server=sql-radix-vulnerability-scan-dev.database.windows.net; - Initial Catalog=radix-vulnerability-scan; - Authentication=Active Directory Default; - Encrypt=True; - TrustServerCertificate=False; - Connection Timeout=30; - path: | - ./azure-infrastructure/sql-scripts/predeploy.sql - ./azure-infrastructure/sql-scripts/roles.sql + connection-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/predeploy.sql' +# - uses: azure/sql-action@v2.2.1 +# with: +# connetion-string: ${{env.connection}} +# path: ./azure-infrastructure/sql-scripts/roles.sql +# - uses: azure/sql-action@v2.2.1 +# with: +# connetion-string: ${{env.connection}} +# path: ./azure-infrastructure/sql-scripts/types.sql +# - uses: azure/sql-action@v2.2.1 +# with: +# connetion-string: ${{env.connection}} +# path: ./azure-infrastructure/sql-scripts/tables.sql +# - uses: azure/sql-action@v2.2.1 +# with: +# connetion-string: ${{env.connection}} +# path: ./azure-infrastructure/sql-scripts/views.sql +# - uses: azure/sql-action@v2.2.1 +# with: +# connetion-string: ${{env.connection}} +# path: ./azure-infrastructure/sql-scripts/procedures.sql From 39a91eb7aaa4faf364fedb6cbf09693c4919b9ce Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 10:22:11 +0100 Subject: [PATCH 08/61] test sql cmd --- .github/workflows/pr.yml | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 5025760..ddb6d0c 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -65,17 +65,28 @@ jobs: - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 + with: + go-version: '1.21' + - name: Install sqlcmd + run: go install github.com/microsoft/go-sqlcmd/cmd/modern@latest && alias sqlcmd=modern + - uses: azure/login@v1 with: client-id: "9e11916f-356b-4fb1-94ae-f06cc8e473b8" tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" - # subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" allow-no-subscriptions: true - - uses: azure/sql-action@v2.2.1 - with: - connection-string: ${{env.connection}} - path: './azure-infrastructure/sql-scripts/predeploy.sql' + - run: >- + sqlcmd + -S sql-radix-vulnerability-scan-dev.database.windows.net + --authentication-method ActiveDirectoryDefault + query "SELECT @@version" + +# - uses: azure/sql-action@v2.2.1 +# with: +# connection-string: ${{env.connection}} +# path: './azure-infrastructure/sql-scripts/predeploy.sql' # - uses: azure/sql-action@v2.2.1 # with: # connetion-string: ${{env.connection}} From e543fa423e5ab37f25ee80303ce3d9c6e21edcc5 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 10:25:26 +0100 Subject: [PATCH 09/61] test sql cmd --- .github/workflows/pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index ddb6d0c..328f4ba 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -70,6 +70,7 @@ jobs: go-version: '1.21' - name: Install sqlcmd run: go install github.com/microsoft/go-sqlcmd/cmd/modern@latest && alias sqlcmd=modern + - run: sqlcmd --help && sqlcmd --version - uses: azure/login@v1 with: From c6b30f7e6ad640433447bb13fcb94f224658d52a Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 10:26:52 +0100 Subject: [PATCH 10/61] test sql cmd --- .github/workflows/pr.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 328f4ba..4b18b96 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -70,7 +70,8 @@ jobs: go-version: '1.21' - name: Install sqlcmd run: go install github.com/microsoft/go-sqlcmd/cmd/modern@latest && alias sqlcmd=modern - - run: sqlcmd --help && sqlcmd --version + - run: modern --help && modern --version + - run: sqlcmd -? - uses: azure/login@v1 with: @@ -79,7 +80,7 @@ jobs: allow-no-subscriptions: true - run: >- - sqlcmd + modern -S sql-radix-vulnerability-scan-dev.database.windows.net --authentication-method ActiveDirectoryDefault query "SELECT @@version" From d613ee3b8f993704973ab8f99d869919111dd843 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 10:44:53 +0100 Subject: [PATCH 11/61] test sql cmd --- .github/workflows/pr.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 4b18b96..ca668c1 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -61,6 +61,7 @@ jobs: Encrypt=True; TrustServerCertificate=False; Connection Timeout=30; + SQLCMDSERVER: sql-radix-vulnerability-scan-dev.database.windows.net steps: - uses: actions/checkout@v4 @@ -68,10 +69,8 @@ jobs: - uses: actions/setup-go@v4 with: go-version: '1.21' - - name: Install sqlcmd - run: go install github.com/microsoft/go-sqlcmd/cmd/modern@latest && alias sqlcmd=modern - - run: modern --help && modern --version - - run: sqlcmd -? + - name: Install sqlcmd # (binary is named `modern`) + run: go install github.com/microsoft/go-sqlcmd/cmd/modern@latest - uses: azure/login@v1 with: @@ -83,7 +82,7 @@ jobs: modern -S sql-radix-vulnerability-scan-dev.database.windows.net --authentication-method ActiveDirectoryDefault - query "SELECT @@version" + -Q "SELECT @@version" # - uses: azure/sql-action@v2.2.1 # with: From e8e7cc735c14d4f62da50a37249c01ecb760a9da Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 10:47:56 +0100 Subject: [PATCH 12/61] test odbc sqlcmd --- .github/workflows/pr.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index ca668c1..30b3729 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -84,6 +84,12 @@ jobs: --authentication-method ActiveDirectoryDefault -Q "SELECT @@version" + - run: >- + sqlcmd + -S sql-radix-vulnerability-scan-dev.database.windows.net + -G + -Q "SELECT @@version" + # - uses: azure/sql-action@v2.2.1 # with: # connection-string: ${{env.connection}} From 4c73fdd527da771b44cbb4a9e759769358719b04 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 10:50:28 +0100 Subject: [PATCH 13/61] run script file --- .github/workflows/pr.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 30b3729..83eae8c 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -81,14 +81,9 @@ jobs: - run: >- modern -S sql-radix-vulnerability-scan-dev.database.windows.net - --authentication-method ActiveDirectoryDefault - -Q "SELECT @@version" + --authentication-method ActiveDirectoryManagedIdentity + -i ./azure-infrastructure/sql-scripts/predeploy.sql - - run: >- - sqlcmd - -S sql-radix-vulnerability-scan-dev.database.windows.net - -G - -Q "SELECT @@version" # - uses: azure/sql-action@v2.2.1 # with: From ca5c30906ff1fcfdfa9211d1fab283f35440ee98 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 10:59:56 +0100 Subject: [PATCH 14/61] use default auth --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 83eae8c..570cc39 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -81,7 +81,7 @@ jobs: - run: >- modern -S sql-radix-vulnerability-scan-dev.database.windows.net - --authentication-method ActiveDirectoryManagedIdentity + --authentication-method ActiveDirectoryDefault -i ./azure-infrastructure/sql-scripts/predeploy.sql From 12fd2df5adc54393e61547ec4e2e9befd7e0a9a3 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 11:03:21 +0100 Subject: [PATCH 15/61] use sql action --- .github/workflows/pr.yml | 62 ++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 38 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 570cc39..e96ca0f 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -61,51 +61,37 @@ jobs: Encrypt=True; TrustServerCertificate=False; Connection Timeout=30; - SQLCMDSERVER: sql-radix-vulnerability-scan-dev.database.windows.net steps: - uses: actions/checkout@v4 - - uses: actions/setup-go@v4 - with: - go-version: '1.21' - - name: Install sqlcmd # (binary is named `modern`) - run: go install github.com/microsoft/go-sqlcmd/cmd/modern@latest - - uses: azure/login@v1 with: client-id: "9e11916f-356b-4fb1-94ae-f06cc8e473b8" tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" allow-no-subscriptions: true - - run: >- - modern - -S sql-radix-vulnerability-scan-dev.database.windows.net - --authentication-method ActiveDirectoryDefault - -i ./azure-infrastructure/sql-scripts/predeploy.sql - - -# - uses: azure/sql-action@v2.2.1 -# with: -# connection-string: ${{env.connection}} -# path: './azure-infrastructure/sql-scripts/predeploy.sql' -# - uses: azure/sql-action@v2.2.1 -# with: -# connetion-string: ${{env.connection}} -# path: ./azure-infrastructure/sql-scripts/roles.sql -# - uses: azure/sql-action@v2.2.1 -# with: -# connetion-string: ${{env.connection}} -# path: ./azure-infrastructure/sql-scripts/types.sql -# - uses: azure/sql-action@v2.2.1 -# with: -# connetion-string: ${{env.connection}} -# path: ./azure-infrastructure/sql-scripts/tables.sql -# - uses: azure/sql-action@v2.2.1 -# with: -# connetion-string: ${{env.connection}} -# path: ./azure-infrastructure/sql-scripts/views.sql -# - uses: azure/sql-action@v2.2.1 -# with: -# connetion-string: ${{env.connection}} -# path: ./azure-infrastructure/sql-scripts/procedures.sql + - uses: azure/sql-action@v2.2.1 + with: + connection-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/predeploy.sql' + - uses: azure/sql-action@v2.2.1 + with: + connetion-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/roles.sql' + - uses: azure/sql-action@v2.2.1 + with: + connetion-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/types.sql' + - uses: azure/sql-action@v2.2.1 + with: + connetion-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/tables.sql' + - uses: azure/sql-action@v2.2.1 + with: + connetion-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/views.sql' + - uses: azure/sql-action@v2.2.1 + with: + connetion-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/procedures.sql' From 5df179d15171277963be01bfbd6c302bf99632b1 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 12:57:58 +0100 Subject: [PATCH 16/61] spelling --- .github/workflows/pr.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index e96ca0f..31ec708 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -77,21 +77,21 @@ jobs: path: './azure-infrastructure/sql-scripts/predeploy.sql' - uses: azure/sql-action@v2.2.1 with: - connetion-string: ${{env.connection}} + connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/roles.sql' - uses: azure/sql-action@v2.2.1 with: - connetion-string: ${{env.connection}} + connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/types.sql' - uses: azure/sql-action@v2.2.1 with: - connetion-string: ${{env.connection}} + connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/tables.sql' - uses: azure/sql-action@v2.2.1 with: - connetion-string: ${{env.connection}} + connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/views.sql' - uses: azure/sql-action@v2.2.1 with: - connetion-string: ${{env.connection}} + connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/procedures.sql' From 3e09f8ec56d327990badd7cc95d5e0ca44dbf8b4 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 12:59:40 +0100 Subject: [PATCH 17/61] change client-id --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 31ec708..f5fc893 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -67,7 +67,7 @@ jobs: - uses: azure/login@v1 with: - client-id: "9e11916f-356b-4fb1-94ae-f06cc8e473b8" + client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" allow-no-subscriptions: true From 1304d7f868f1762dd6f012a9f5cb29c0495c31fe Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 13:20:44 +0100 Subject: [PATCH 18/61] test matrix --- .github/workflows/pr.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index f5fc893..c689f97 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -53,9 +53,14 @@ jobs: test-sql-workflow: name: Test SQL runs-on: ubuntu-latest + matrix: + target: + - name: "dev" + client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" + server: "sql-radix-vulnerability-scan-dev.database.windows.net" env: connection: >- - Server=sql-radix-vulnerability-scan-dev.database.windows.net; + Server=${{matrix.target.server}}; Initial Catalog=radix-vulnerability-scan; Authentication=Active Directory Default; Encrypt=True; @@ -67,7 +72,7 @@ jobs: - uses: azure/login@v1 with: - client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" + client-id: ${{matrix.target.client-id}} tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" allow-no-subscriptions: true From 3dd6d6cfb610b37c5de7f8cd95c6004d96b2acdb Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 13:22:02 +0100 Subject: [PATCH 19/61] test matrix --- .github/workflows/pr.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index c689f97..8bf1d38 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -53,11 +53,13 @@ jobs: test-sql-workflow: name: Test SQL runs-on: ubuntu-latest - matrix: - target: - - name: "dev" - client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" - server: "sql-radix-vulnerability-scan-dev.database.windows.net" + strategy: + fail-fast: false + matrix: + target: + - name: "dev" + client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" + server: "sql-radix-vulnerability-scan-dev.database.windows.net" env: connection: >- Server=${{matrix.target.server}}; From 7a015480626a5da8021a7376c12398cbec45df7c Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 13:59:57 +0100 Subject: [PATCH 20/61] test acr task run --- .github/workflows/pr-test.yaml | 65 ++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 .github/workflows/pr-test.yaml diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml new file mode 100644 index 0000000..6ebb45c --- /dev/null +++ b/.github/workflows/pr-test.yaml @@ -0,0 +1,65 @@ +name: Pull request +on: + pull_request: + branches: + - main + +permissions: + id-token: write + contents: read + +jobs: + build-deploy: + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + target: + - name: "dev" + acr-name: "radixdev" + client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" + subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" +# - name: "playground" +# acr-name: "radixdev" +# client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" +# subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" +# +# - name: "platform" +# acr-name: "radixprod" +# client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" +# subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" +# +# - name: "c2" +# acr-name: "radixc2prod" +# client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" +# subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" + steps: + - uses: actions/checkout@v3 + + - uses: azure/login@v1 + with: + client-id: ${{matrix.target.client-id}} + tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + subscription-id: ${{matrix.target.subscription-id}} + + - name: Build image + run: >- + az acr task run + --subscription ${AZURE_SUBSCRIPTION_ID} + --name radix-image-builder-internal + --registry ${ACR_NAME} + --context ${GITHUB_WORKSPACE} + --file ${GITHUB_WORKSPACE}/Dockerfile + --set DOCKER_REGISTRY=${ACR_NAME} + --set BRANCH=${GITHUB_REF_NAME} + --set TAGS="--tag ${image_tag}" + --set DOCKER_FILE_NAME=Dockerfile + --set PUSH="--push" + --set REPOSITORY_NAME=${IMAGE_NAME} + --set CACHE="" + --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max" + env: + AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} + ACR_NAME: ${{matrix.target.acr-name}} + image_tag: ${{matrix.target.acr-name}}.azurecr.io/${radix-vulnerability-scanner}:${GITHUB_REF_NAME}-${GITHUB_SHA::8}-$(date +%s) + IMAGE_NAME: radix-vulnerability-scanner From 647975be0918299bafcfc0b0651cc43536c18312 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 14:06:46 +0100 Subject: [PATCH 21/61] test acr task run --- .github/workflows/pr-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index 6ebb45c..38d3ff5 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -44,7 +44,7 @@ jobs: - name: Build image run: >- - az acr task run + echo az acr task run --subscription ${AZURE_SUBSCRIPTION_ID} --name radix-image-builder-internal --registry ${ACR_NAME} From 3f64a3e93aa5134d432a8d20d294c7b7dcc8f6df Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 14:15:18 +0100 Subject: [PATCH 22/61] test acr task run --- .github/workflows/pr-test.yaml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index 38d3ff5..500a0cc 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -43,20 +43,20 @@ jobs: subscription-id: ${{matrix.target.subscription-id}} - name: Build image - run: >- - echo az acr task run - --subscription ${AZURE_SUBSCRIPTION_ID} - --name radix-image-builder-internal - --registry ${ACR_NAME} - --context ${GITHUB_WORKSPACE} - --file ${GITHUB_WORKSPACE}/Dockerfile - --set DOCKER_REGISTRY=${ACR_NAME} - --set BRANCH=${GITHUB_REF_NAME} - --set TAGS="--tag ${image_tag}" - --set DOCKER_FILE_NAME=Dockerfile - --set PUSH="--push" - --set REPOSITORY_NAME=${IMAGE_NAME} - --set CACHE="" + run: | + echo az acr task run \ + --subscription ${AZURE_SUBSCRIPTION_ID} \ + --name radix-image-builder-internal \ + --registry ${ACR_NAME} \ + --context ${GITHUB_WORKSPACE} \ + --file ${GITHUB_WORKSPACE}/Dockerfile \ + --set DOCKER_REGISTRY=${ACR_NAME} \ + --set BRANCH=${GITHUB_REF_NAME} \ + --set TAGS="--tag ${image_tag}" \ + --set DOCKER_FILE_NAME=Dockerfile \ + --set PUSH="--push" \ + --set REPOSITORY_NAME=${IMAGE_NAME} \ + --set CACHE="" \ --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max" env: AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} From 6a02106410a998043125dfc4b3d2c21ee2c1a624 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 14:30:18 +0100 Subject: [PATCH 23/61] test acr task run --- .github/workflows/pr-test.yaml | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index 500a0cc..0d8deeb 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -1,4 +1,4 @@ -name: Pull request +name: Test Pull request on: pull_request: branches: @@ -43,6 +43,11 @@ jobs: subscription-id: ${{matrix.target.subscription-id}} - name: Build image + env: + AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} + ACR_NAME: ${{matrix.target.acr-name}} + image_tag: ${{matrix.target.acr-name}}.azurecr.io/${IMAGE_NAME}:${GITHUB_REF_NAME}-${GITHUB_SHA::8}-$(date +%s) + IMAGE_NAME: radix-vulnerability-scanner run: | echo az acr task run \ --subscription ${AZURE_SUBSCRIPTION_ID} \ @@ -58,8 +63,14 @@ jobs: --set REPOSITORY_NAME=${IMAGE_NAME} \ --set CACHE="" \ --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max" - env: - AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} - ACR_NAME: ${{matrix.target.acr-name}} - image_tag: ${{matrix.target.acr-name}}.azurecr.io/${radix-vulnerability-scanner}:${GITHUB_REF_NAME}-${GITHUB_SHA::8}-$(date +%s) - IMAGE_NAME: radix-vulnerability-scanner + +# +# az acr task run +# --subscription 16ede44b-1f74-40a5-b428-46cca9a5741b +# --name radix-image-builder-internal +# --registry radixdev +# --context /home/runner/work/radix-vulnerability-scanner/radix-vulnerability-scanner +# --file /home/runner/work/radix-vulnerability-scanner/radix-vulnerability-scanner/Dockerfile +# --set DOCKER_REGISTRY=radixdev +# --set BRANCH=39/merge +# --set TAGS=--tag radixdev.azurecr.io/${radix-vulnerability-scanner}:${GITHUB_REF_NAME}-${GITHUB_SHA::8}-$(date +%s) --set DOCKER_FILE_NAME=Dockerfile --set PUSH=--push --set REPOSITORY_NAME=radix-vulnerability-scanner --set CACHE= --set CACHE_TO_OPTIONS=--cache-to=type=registry,ref=radixdev.azurecr.io/radix-vulnerability-scanner:radix-cache-39/merge,mode=max From fd84e0a922ec04c1a9d47397e8b2bb1372e6f9bf Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 14:37:02 +0100 Subject: [PATCH 24/61] test acr task run --- .github/workflows/pr-test.yaml | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index 0d8deeb..71f150b 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -42,11 +42,17 @@ jobs: tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" subscription-id: ${{matrix.target.subscription-id}} + - name: Generate image tag + id: tag + run: | + sha=${GITHUB_SHA::8} + ts=$(date +%s) + echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT + - name: Build image env: AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} ACR_NAME: ${{matrix.target.acr-name}} - image_tag: ${{matrix.target.acr-name}}.azurecr.io/${IMAGE_NAME}:${GITHUB_REF_NAME}-${GITHUB_SHA::8}-$(date +%s) IMAGE_NAME: radix-vulnerability-scanner run: | echo az acr task run \ @@ -57,20 +63,9 @@ jobs: --file ${GITHUB_WORKSPACE}/Dockerfile \ --set DOCKER_REGISTRY=${ACR_NAME} \ --set BRANCH=${GITHUB_REF_NAME} \ - --set TAGS="--tag ${image_tag}" \ + --set TAGS="--tag ${ACR_NAME}.azurecr.io/${IMAGE_NAME}:${{steps.tag.outputs.tag}}" \ --set DOCKER_FILE_NAME=Dockerfile \ --set PUSH="--push" \ --set REPOSITORY_NAME=${IMAGE_NAME} \ --set CACHE="" \ --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max" - -# -# az acr task run -# --subscription 16ede44b-1f74-40a5-b428-46cca9a5741b -# --name radix-image-builder-internal -# --registry radixdev -# --context /home/runner/work/radix-vulnerability-scanner/radix-vulnerability-scanner -# --file /home/runner/work/radix-vulnerability-scanner/radix-vulnerability-scanner/Dockerfile -# --set DOCKER_REGISTRY=radixdev -# --set BRANCH=39/merge -# --set TAGS=--tag radixdev.azurecr.io/${radix-vulnerability-scanner}:${GITHUB_REF_NAME}-${GITHUB_SHA::8}-$(date +%s) --set DOCKER_FILE_NAME=Dockerfile --set PUSH=--push --set REPOSITORY_NAME=radix-vulnerability-scanner --set CACHE= --set CACHE_TO_OPTIONS=--cache-to=type=registry,ref=radixdev.azurecr.io/radix-vulnerability-scanner:radix-cache-39/merge,mode=max From 4873b1b161c37a168d8527c293f0980d3b407e8e Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 14:38:56 +0100 Subject: [PATCH 25/61] actually run --- .github/workflows/pr-test.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index 71f150b..f9055d6 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -55,7 +55,7 @@ jobs: ACR_NAME: ${{matrix.target.acr-name}} IMAGE_NAME: radix-vulnerability-scanner run: | - echo az acr task run \ + az acr task run \ --subscription ${AZURE_SUBSCRIPTION_ID} \ --name radix-image-builder-internal \ --registry ${ACR_NAME} \ @@ -69,3 +69,4 @@ jobs: --set REPOSITORY_NAME=${IMAGE_NAME} \ --set CACHE="" \ --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max" + From 88b5527319ea6bcc7b386a3fd7b0b184be59f87f Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 14:56:16 +0100 Subject: [PATCH 26/61] test --- .github/workflows/pr-test.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index f9055d6..a10d4f2 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -47,7 +47,8 @@ jobs: run: | sha=${GITHUB_SHA::8} ts=$(date +%s) - echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT + echo "tag=test-${sha}-${ts}" >> $GITHUB_OUTPUT + # echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT - name: Build image env: From 83fbd1a5df2594dac18d6f00bb3a8446bcf41f95 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 15:28:14 +0100 Subject: [PATCH 27/61] test --- .github/workflows/pr-test.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index a10d4f2..06f92c0 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -44,17 +44,20 @@ jobs: - name: Generate image tag id: tag + env: + GITHUB_REF_NAME: test run: | sha=${GITHUB_SHA::8} ts=$(date +%s) - echo "tag=test-${sha}-${ts}" >> $GITHUB_OUTPUT - # echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT + echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT - name: Build image env: AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} ACR_NAME: ${{matrix.target.acr-name}} IMAGE_NAME: radix-vulnerability-scanner + TAG: ${{steps.tag.outputs.tag}} + GITHUB_REF_NAME: test run: | az acr task run \ --subscription ${AZURE_SUBSCRIPTION_ID} \ @@ -64,7 +67,7 @@ jobs: --file ${GITHUB_WORKSPACE}/Dockerfile \ --set DOCKER_REGISTRY=${ACR_NAME} \ --set BRANCH=${GITHUB_REF_NAME} \ - --set TAGS="--tag ${ACR_NAME}.azurecr.io/${IMAGE_NAME}:${{steps.tag.outputs.tag}}" \ + --set TAGS="--tag ${ACR_NAME}.azurecr.io/${IMAGE_NAME}:${TAG}" \ --set DOCKER_FILE_NAME=Dockerfile \ --set PUSH="--push" \ --set REPOSITORY_NAME=${IMAGE_NAME} \ From ea4c2238ae46839dbf8d067f11ddcfb0250f5077 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 15:31:58 +0100 Subject: [PATCH 28/61] test --- .github/workflows/pr-test.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml index 06f92c0..22044ad 100644 --- a/.github/workflows/pr-test.yaml +++ b/.github/workflows/pr-test.yaml @@ -45,11 +45,11 @@ jobs: - name: Generate image tag id: tag env: - GITHUB_REF_NAME: test + REF: test # ${{env.GITHUB_REF_NAME}} run: | sha=${GITHUB_SHA::8} ts=$(date +%s) - echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT + echo "tag=${REF}-${sha}-${ts}" >> $GITHUB_OUTPUT - name: Build image env: @@ -57,7 +57,7 @@ jobs: ACR_NAME: ${{matrix.target.acr-name}} IMAGE_NAME: radix-vulnerability-scanner TAG: ${{steps.tag.outputs.tag}} - GITHUB_REF_NAME: test + REF: test # ${{env.GITHUB_REF_NAME}} run: | az acr task run \ --subscription ${AZURE_SUBSCRIPTION_ID} \ @@ -72,5 +72,5 @@ jobs: --set PUSH="--push" \ --set REPOSITORY_NAME=${IMAGE_NAME} \ --set CACHE="" \ - --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max" + --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${REF},mode=max" From 11be478035c701bfaeb87487514e2084fd84d90a Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Tue, 6 Feb 2024 15:46:03 +0100 Subject: [PATCH 29/61] simplify workflows, use new managed identity for database interactions --- .github/workflows/build-push.yml | 106 ++++++++------- .github/workflows/config/common.cfg | 7 - .github/workflows/config/main/dev.cfg | 12 -- .github/workflows/config/release/c2.cfg | 12 -- .../workflows/config/release/playground.cfg | 12 -- .github/workflows/config/release/prod.cfg | 12 -- .github/workflows/deploy-database.yml | 126 ++++++++---------- .github/workflows/pr-test.yaml | 76 ----------- .github/workflows/pr.yml | 53 -------- .github/workflows/scripts/blacklist-ip.ps1 | 8 -- .github/workflows/scripts/build-push.sh | 20 --- .github/workflows/scripts/create-db.ps1 | 9 -- .github/workflows/scripts/persist-env.sh | 7 - .github/workflows/scripts/whitelist-ip.ps1 | 11 -- 14 files changed, 119 insertions(+), 352 deletions(-) delete mode 100644 .github/workflows/config/common.cfg delete mode 100644 .github/workflows/config/main/dev.cfg delete mode 100644 .github/workflows/config/release/c2.cfg delete mode 100644 .github/workflows/config/release/playground.cfg delete mode 100644 .github/workflows/config/release/prod.cfg delete mode 100644 .github/workflows/pr-test.yaml delete mode 100644 .github/workflows/scripts/blacklist-ip.ps1 delete mode 100755 .github/workflows/scripts/build-push.sh delete mode 100644 .github/workflows/scripts/create-db.ps1 delete mode 100755 .github/workflows/scripts/persist-env.sh delete mode 100644 .github/workflows/scripts/whitelist-ip.ps1 diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 2b0fa05..79e4cda 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -5,55 +5,71 @@ on: branches: [ main, release ] permissions: - actions: read - checks: read - contents: read - deployments: read id-token: write - issues: read - discussions: read - packages: read - pages: read - pull-requests: read - repository-projects: read - security-events: read - statuses: read + contents: read jobs: - get-target-configs: - name: Get target configs for branch - outputs: - target_configs: ${{ steps.get-target-configs.outputs.target_configs }} + build-deploy: runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v3 - - name: Get target configs - id: get-target-configs - run: | - configs=$(ls $GITHUB_WORKSPACE/.github/workflows/config/${GITHUB_REF_NAME} | jq -Rsc '. / "\n" - [""]') - echo "target_configs=${configs}" >> $GITHUB_OUTPUT - - build-deploy-image: - name: Build & push - runs-on: ubuntu-20.04 - needs: - - get-target-configs strategy: fail-fast: false - matrix: - config: ${{ fromJson(needs.get-target-configs.outputs.target_configs) }} + matrix: + target: + - name: "dev" + acr-name: "radixdev" + client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" + subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" + + - name: "playground" + acr-name: "radixdev" + client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" + subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" + + - name: "platform" + acr-name: "radixprod" + client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" + subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" + + - name: "c2" + acr-name: "radixc2prod" + client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" + subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" + steps: - - uses: actions/checkout@v3 - - name: Persist environment from ${{ matrix.config }} across steps - run: | - $GITHUB_WORKSPACE/.github/workflows/scripts/persist-env.sh ${{ matrix.config }} - - - uses: azure/login@v1 - with: - client-id: ${{ env.AZURE_CLIENT_ID }} - tenant-id: ${{ env.AZURE_TENANT_ID }} - subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} - - - name: Build image - run: | - $GITHUB_WORKSPACE/.github/workflows/scripts/build-push.sh + - uses: actions/checkout@v3 + + - uses: azure/login@v1 + with: + client-id: ${{matrix.target.client-id}} + tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + subscription-id: ${{matrix.target.subscription-id}} + + - name: Generate image tag + id: tag + run: | + sha=${GITHUB_SHA::8} + ts=$(date +%s) + echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT + + - name: Build image + env: + AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} + ACR_NAME: ${{matrix.target.acr-name}} + IMAGE_NAME: radix-vulnerability-scanner + TAG: ${{steps.tag.outputs.tag}} + run: | + az acr task run \ + --subscription ${AZURE_SUBSCRIPTION_ID} \ + --name radix-image-builder-internal \ + --registry ${ACR_NAME} \ + --context ${GITHUB_WORKSPACE} \ + --file ${GITHUB_WORKSPACE}/Dockerfile \ + --set DOCKER_REGISTRY=${ACR_NAME} \ + --set BRANCH=${GITHUB_REF_NAME} \ + --set TAGS="--tag ${ACR_NAME}.azurecr.io/${IMAGE_NAME}:${TAG}" \ + --set DOCKER_FILE_NAME=Dockerfile \ + --set PUSH="--push" \ + --set REPOSITORY_NAME=${IMAGE_NAME} \ + --set CACHE="" \ + --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max" + diff --git a/.github/workflows/config/common.cfg b/.github/workflows/config/common.cfg deleted file mode 100644 index bdf0ba1..0000000 --- a/.github/workflows/config/common.cfg +++ /dev/null @@ -1,7 +0,0 @@ -# build & push image -AZURE_TENANT_ID=3aa4a235-b6e2-48d5-9195-7fcf05b459b0 -IMAGE_NAME=radix-vulnerability-scanner - -# arm deployment -DB_NAME=radix-vulnerability-scan -SQL_ADMIN_USER_NAME=radix \ No newline at end of file diff --git a/.github/workflows/config/main/dev.cfg b/.github/workflows/config/main/dev.cfg deleted file mode 100644 index 9efd446..0000000 --- a/.github/workflows/config/main/dev.cfg +++ /dev/null @@ -1,12 +0,0 @@ -source $GITHUB_WORKSPACE/.github/workflows/config/common.cfg - -# build & push image -ACR_NAME=radixdev -AZURE_CLIENT_ID=1a292b18-2960-49a5-b429-c8a50349b5eb -AZURE_SUBSCRIPTION_ID=16ede44b-1f74-40a5-b428-46cca9a5741b - -# arm deployment -RESOURCE_GROUP=vulnerability-scan -SQL_SERVER_NAME=sql-radix-vulnerability-scan-dev -KEY_VAULT_NAME=radix-vault-dev -DB_ADMIN_SECRET_NAME=radix-vulnerability-scan-db-admin \ No newline at end of file diff --git a/.github/workflows/config/release/c2.cfg b/.github/workflows/config/release/c2.cfg deleted file mode 100644 index 0c9d5cb..0000000 --- a/.github/workflows/config/release/c2.cfg +++ /dev/null @@ -1,12 +0,0 @@ -source $GITHUB_WORKSPACE/.github/workflows/config/common.cfg - -# build & push image -ACR_NAME=radixc2prod -AZURE_CLIENT_ID=d1ee58e8-5896-48d9-a777-5418c3df9a58 -AZURE_SUBSCRIPTION_ID=ded7ca41-37c8-4085-862f-b11d21ab341a - -# arm deployment -RESOURCE_GROUP=vulnerability-scan-westeurope -SQL_SERVER_NAME=sql-radix-vulnerability-scan-c2-prod -KEY_VAULT_NAME=radix-vault-c2-prod -DB_ADMIN_SECRET_NAME=radix-vulnerability-scan-db-admin \ No newline at end of file diff --git a/.github/workflows/config/release/playground.cfg b/.github/workflows/config/release/playground.cfg deleted file mode 100644 index 4957c15..0000000 --- a/.github/workflows/config/release/playground.cfg +++ /dev/null @@ -1,12 +0,0 @@ -source $GITHUB_WORKSPACE/.github/workflows/config/common.cfg - -# build & push image -ACR_NAME=radixdev -AZURE_CLIENT_ID=1a292b18-2960-49a5-b429-c8a50349b5eb -AZURE_SUBSCRIPTION_ID=16ede44b-1f74-40a5-b428-46cca9a5741b - -# arm deployment -RESOURCE_GROUP=vulnerability-scan -SQL_SERVER_NAME=sql-radix-vulnerability-scan-playground -KEY_VAULT_NAME=radix-vault-dev -DB_ADMIN_SECRET_NAME=radix-vulnerability-scan-db-admin-playground \ No newline at end of file diff --git a/.github/workflows/config/release/prod.cfg b/.github/workflows/config/release/prod.cfg deleted file mode 100644 index de1bd26..0000000 --- a/.github/workflows/config/release/prod.cfg +++ /dev/null @@ -1,12 +0,0 @@ -source $GITHUB_WORKSPACE/.github/workflows/config/common.cfg - -# build & push image -ACR_NAME=radixprod -AZURE_CLIENT_ID=d1ee58e8-5896-48d9-a777-5418c3df9a58 -AZURE_SUBSCRIPTION_ID=ded7ca41-37c8-4085-862f-b11d21ab341a - -# arm deployment -RESOURCE_GROUP=vulnerability-scan -SQL_SERVER_NAME=sql-radix-vulnerability-scan-prod -KEY_VAULT_NAME=radix-vault-prod -DB_ADMIN_SECRET_NAME=radix-vulnerability-scan-db-admin \ No newline at end of file diff --git a/.github/workflows/deploy-database.yml b/.github/workflows/deploy-database.yml index d49a923..f3a1434 100644 --- a/.github/workflows/deploy-database.yml +++ b/.github/workflows/deploy-database.yml @@ -3,85 +3,75 @@ name: Deploy Database on: push: branches: [main, release] + workflow_dispatch: permissions: - actions: read - checks: read - contents: read - deployments: read id-token: write - issues: read - discussions: read - packages: read - pages: read - pull-requests: read - repository-projects: read - security-events: read - statuses: read + contents: read jobs: - get-target-configs: - name: Get target configs for branch - outputs: - target_configs: ${{ steps.get-target-configs.outputs.target_configs }} - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v3 - - name: Get target configs - id: get-target-configs - run: | - configs=$(ls $GITHUB_WORKSPACE/.github/workflows/config/${GITHUB_REF_NAME} | jq -Rsc '. / "\n" - [""]') - echo "target_configs=${configs}" >> $GITHUB_OUTPUT - - deploy-sql-server: + deploy: runs-on: ubuntu-20.04 - needs: - - get-target-configs strategy: fail-fast: false - matrix: - config: ${{ fromJson(needs.get-target-configs.outputs.target_configs) }} - steps: - - uses: actions/checkout@v3 - - name: Persist environment from ${{ matrix.config }} across steps - run: | - $GITHUB_WORKSPACE/.github/workflows/scripts/persist-env.sh ${{ matrix.config }} + matrix: + target: + - name: "dev" + client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" + server: "sql-radix-vulnerability-scan-dev.database.windows.net" - - uses: azure/login@v1 - with: - client-id: ${{ env.AZURE_CLIENT_ID }} - tenant-id: ${{ env.AZURE_TENANT_ID }} - subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} + - name: "playground" + client-id: "8d02c39d-6757-4977-9ad3-017889fe3f45" + server: "sql-radix-vulnerability-scan-playground.database.windows.net" - - name: Get DB password from KV - run: | - db_admin_pw=$(az keyvault secret show --id https://${KEY_VAULT_NAME}.vault.azure.net/secrets/${DB_ADMIN_SECRET_NAME} --query value --output tsv) - echo "::add-mask::$db_admin_pw" - echo "DB_ADMIN_PASSWORD=$db_admin_pw" >> $GITHUB_ENV +# - name: "platform" +# client-id: "to be decided" +# server: "sql-radix-vulnerability-scan-prod.database.windows.net" +# +# - name: "c2" +# client-id: "to be decided" +# server: "sql-radix-vulnerability-scan-c2.database.windows.net" - - name: Generate random firewall rule name - run: | - fw_rule_name="github-runner-$(uuidgen)" - echo "FIREWALL_RULE_NAME=$fw_rule_name" >> $GITHUB_ENV - - - name: Install SqlServer PS module - shell: pwsh - run: | - Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted - Install-Module -Name SqlServer + env: + connection: >- + Server=${{matrix.target.server}}; + Initial Catalog=radix-vulnerability-scan; + Authentication=Active Directory Default; + Encrypt=True; + TrustServerCertificate=False; + Connection Timeout=30; + + steps: - - name: Whitelist Runner IP in firewalls - shell: pwsh - run: | - ./.github/workflows/scripts/whitelist-ip.ps1 -FirewallRuleName "${env:FIREWALL_RULE_NAME}" + - uses: actions/checkout@v4 - - name: Creating DB schema and tables - shell: pwsh - run: | - ./.github/workflows/scripts/create-db.ps1 + - uses: azure/login@v1 + with: + client-id: ${{matrix.target.client-id}} + tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" + allow-no-subscriptions: true - - name: Blacklist Runner IP in firewalls - shell: pwsh - if: ${{ always() }} - run: | - ./.github/workflows/scripts/blacklist-ip.ps1 -FirewallRuleName "${env:FIREWALL_RULE_NAME}" \ No newline at end of file + - uses: azure/sql-action@v2.2.1 + with: + connection-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/predeploy.sql' + - uses: azure/sql-action@v2.2.1 + with: + connection-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/roles.sql' + - uses: azure/sql-action@v2.2.1 + with: + connection-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/types.sql' + - uses: azure/sql-action@v2.2.1 + with: + connection-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/tables.sql' + - uses: azure/sql-action@v2.2.1 + with: + connection-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/views.sql' + - uses: azure/sql-action@v2.2.1 + with: + connection-string: ${{env.connection}} + path: './azure-infrastructure/sql-scripts/procedures.sql' diff --git a/.github/workflows/pr-test.yaml b/.github/workflows/pr-test.yaml deleted file mode 100644 index 22044ad..0000000 --- a/.github/workflows/pr-test.yaml +++ /dev/null @@ -1,76 +0,0 @@ -name: Test Pull request -on: - pull_request: - branches: - - main - -permissions: - id-token: write - contents: read - -jobs: - build-deploy: - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - target: - - name: "dev" - acr-name: "radixdev" - client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" - subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" -# - name: "playground" -# acr-name: "radixdev" -# client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" -# subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" -# -# - name: "platform" -# acr-name: "radixprod" -# client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" -# subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" -# -# - name: "c2" -# acr-name: "radixc2prod" -# client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" -# subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" - steps: - - uses: actions/checkout@v3 - - - uses: azure/login@v1 - with: - client-id: ${{matrix.target.client-id}} - tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" - subscription-id: ${{matrix.target.subscription-id}} - - - name: Generate image tag - id: tag - env: - REF: test # ${{env.GITHUB_REF_NAME}} - run: | - sha=${GITHUB_SHA::8} - ts=$(date +%s) - echo "tag=${REF}-${sha}-${ts}" >> $GITHUB_OUTPUT - - - name: Build image - env: - AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} - ACR_NAME: ${{matrix.target.acr-name}} - IMAGE_NAME: radix-vulnerability-scanner - TAG: ${{steps.tag.outputs.tag}} - REF: test # ${{env.GITHUB_REF_NAME}} - run: | - az acr task run \ - --subscription ${AZURE_SUBSCRIPTION_ID} \ - --name radix-image-builder-internal \ - --registry ${ACR_NAME} \ - --context ${GITHUB_WORKSPACE} \ - --file ${GITHUB_WORKSPACE}/Dockerfile \ - --set DOCKER_REGISTRY=${ACR_NAME} \ - --set BRANCH=${GITHUB_REF_NAME} \ - --set TAGS="--tag ${ACR_NAME}.azurecr.io/${IMAGE_NAME}:${TAG}" \ - --set DOCKER_FILE_NAME=Dockerfile \ - --set PUSH="--push" \ - --set REPOSITORY_NAME=${IMAGE_NAME} \ - --set CACHE="" \ - --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${REF},mode=max" - diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 8bf1d38..cde7bcb 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -49,56 +49,3 @@ jobs: run: go mod download - name: Run Tests run: go test -cover `go list ./... | grep -v 'pkg/client'` - - test-sql-workflow: - name: Test SQL - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - target: - - name: "dev" - client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" - server: "sql-radix-vulnerability-scan-dev.database.windows.net" - env: - connection: >- - Server=${{matrix.target.server}}; - Initial Catalog=radix-vulnerability-scan; - Authentication=Active Directory Default; - Encrypt=True; - TrustServerCertificate=False; - Connection Timeout=30; - steps: - - - uses: actions/checkout@v4 - - - uses: azure/login@v1 - with: - client-id: ${{matrix.target.client-id}} - tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" - allow-no-subscriptions: true - - - uses: azure/sql-action@v2.2.1 - with: - connection-string: ${{env.connection}} - path: './azure-infrastructure/sql-scripts/predeploy.sql' - - uses: azure/sql-action@v2.2.1 - with: - connection-string: ${{env.connection}} - path: './azure-infrastructure/sql-scripts/roles.sql' - - uses: azure/sql-action@v2.2.1 - with: - connection-string: ${{env.connection}} - path: './azure-infrastructure/sql-scripts/types.sql' - - uses: azure/sql-action@v2.2.1 - with: - connection-string: ${{env.connection}} - path: './azure-infrastructure/sql-scripts/tables.sql' - - uses: azure/sql-action@v2.2.1 - with: - connection-string: ${{env.connection}} - path: './azure-infrastructure/sql-scripts/views.sql' - - uses: azure/sql-action@v2.2.1 - with: - connection-string: ${{env.connection}} - path: './azure-infrastructure/sql-scripts/procedures.sql' diff --git a/.github/workflows/scripts/blacklist-ip.ps1 b/.github/workflows/scripts/blacklist-ip.ps1 deleted file mode 100644 index d0c3ab7..0000000 --- a/.github/workflows/scripts/blacklist-ip.ps1 +++ /dev/null @@ -1,8 +0,0 @@ -param ( - [Parameter(Mandatory=$true)][string]$FirewallRuleName - ) - -az sql server firewall-rule delete ` - --name ${FirewallRuleName} ` - --resource-group ${env:RESOURCE_GROUP} ` - --server ${env:SQL_SERVER_NAME} \ No newline at end of file diff --git a/.github/workflows/scripts/build-push.sh b/.github/workflows/scripts/build-push.sh deleted file mode 100755 index 5225ebc..0000000 --- a/.github/workflows/scripts/build-push.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -sha=${GITHUB_SHA::8} -ts=$(date +%s) -build_id=${GITHUB_REF_NAME}-${sha}-${ts} - -image_tag=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:$build_id -az acr task run \ - --subscription ${AZURE_SUBSCRIPTION_ID} \ - --name radix-image-builder-internal \ - --registry ${ACR_NAME} \ - --context ${GITHUB_WORKSPACE} \ - --file ${GITHUB_WORKSPACE}/Dockerfile \ - --set DOCKER_REGISTRY=${ACR_NAME} \ - --set BRANCH=${GITHUB_REF_NAME} \ - --set TAGS="--tag ${image_tag}" \ - --set DOCKER_FILE_NAME=Dockerfile \ - --set PUSH="--push" \ - --set REPOSITORY_NAME=${IMAGE_NAME} \ - --set CACHE="" \ - --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max" \ No newline at end of file diff --git a/.github/workflows/scripts/create-db.ps1 b/.github/workflows/scripts/create-db.ps1 deleted file mode 100644 index c73ae07..0000000 --- a/.github/workflows/scripts/create-db.ps1 +++ /dev/null @@ -1,9 +0,0 @@ - -$targetSqlServerFQDN = "$(az sql server show -n ${env:SQL_SERVER_NAME} -g ${env:RESOURCE_GROUP} | jq -r .fullyQualifiedDomainName)" - -Invoke-Sqlcmd -InputFile ${env:GITHUB_WORKSPACE}/azure-infrastructure/sql-scripts/predeploy.sql -ServerInstance $targetSqlServerFQDN -Database ${env:DB_NAME} -Username ${env:SQL_ADMIN_USER_NAME} -password ${env:DB_ADMIN_PASSWORD} -Invoke-Sqlcmd -InputFile ${env:GITHUB_WORKSPACE}/azure-infrastructure/sql-scripts/roles.sql -ServerInstance $targetSqlServerFQDN -Database ${env:DB_NAME} -Username ${env:SQL_ADMIN_USER_NAME} -password ${env:DB_ADMIN_PASSWORD} -Invoke-Sqlcmd -InputFile ${env:GITHUB_WORKSPACE}/azure-infrastructure/sql-scripts/types.sql -ServerInstance $targetSqlServerFQDN -Database ${env:DB_NAME} -Username ${env:SQL_ADMIN_USER_NAME} -password ${env:DB_ADMIN_PASSWORD} -Invoke-Sqlcmd -InputFile ${env:GITHUB_WORKSPACE}/azure-infrastructure/sql-scripts/tables.sql -ServerInstance $targetSqlServerFQDN -Database ${env:DB_NAME} -Username ${env:SQL_ADMIN_USER_NAME} -password ${env:DB_ADMIN_PASSWORD} -Invoke-Sqlcmd -InputFile ${env:GITHUB_WORKSPACE}/azure-infrastructure/sql-scripts/views.sql -ServerInstance $targetSqlServerFQDN -Database ${env:DB_NAME} -Username ${env:SQL_ADMIN_USER_NAME} -password ${env:DB_ADMIN_PASSWORD} -Invoke-Sqlcmd -InputFile ${env:GITHUB_WORKSPACE}/azure-infrastructure/sql-scripts/procedures.sql -ServerInstance $targetSqlServerFQDN -Database ${env:DB_NAME} -Username ${env:SQL_ADMIN_USER_NAME} -password ${env:DB_ADMIN_PASSWORD} \ No newline at end of file diff --git a/.github/workflows/scripts/persist-env.sh b/.github/workflows/scripts/persist-env.sh deleted file mode 100755 index 2398544..0000000 --- a/.github/workflows/scripts/persist-env.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -config_name=$1 -env -i GITHUB_WORKSPACE=$GITHUB_WORKSPACE /bin/bash -c "set -a && source $GITHUB_WORKSPACE/.github/workflows/config/${GITHUB_REF_NAME}/${config_name} && printenv" > /tmp/env_vars -while read -r env_var -do - echo "$env_var" >> $GITHUB_ENV -done < /tmp/env_vars \ No newline at end of file diff --git a/.github/workflows/scripts/whitelist-ip.ps1 b/.github/workflows/scripts/whitelist-ip.ps1 deleted file mode 100644 index e558925..0000000 --- a/.github/workflows/scripts/whitelist-ip.ps1 +++ /dev/null @@ -1,11 +0,0 @@ -param ( - [Parameter(Mandatory=$true)][string]$FirewallRuleName - ) - -$runnerIp = (Invoke-WebRequest -uri "http://ifconfig.me/ip").Content -az sql server firewall-rule create ` - --end-ip-address $runnerIp ` - --start-ip-address $runnerIp ` - --name ${FirewallRuleName} ` - --resource-group ${env:RESOURCE_GROUP} ` - --server ${env:SQL_SERVER_NAME} \ No newline at end of file From 5a04006c389fe41d477aad0de6f225645eb3c49e Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 11:06:18 +0100 Subject: [PATCH 30/61] remove permissions from pr --- .github/workflows/pr.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index cde7bcb..4b0327c 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -4,10 +4,6 @@ on: branches: - main -permissions: - id-token: write - contents: read - jobs: build: name: Build From 1194435c1abcf97b97b0fe20625f1978e1de6e82 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 11:13:17 +0100 Subject: [PATCH 31/61] add matrix if --- .github/workflows/build-push.yml | 5 +++++ .github/workflows/deploy-database.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 79e4cda..1cf2a4b 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -16,25 +16,30 @@ jobs: matrix: target: - name: "dev" + if: github.ref == 'refs/heads/master' acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - name: "playground" + if: github.ref == 'refs/heads/release' acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - name: "platform" + if: github.ref == 'refs/heads/release' acr-name: "radixprod" client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" - name: "c2" + if: github.ref == 'refs/heads/release' acr-name: "radixc2prod" client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" + if: ${{matrix.target.if}} steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/deploy-database.yml b/.github/workflows/deploy-database.yml index f3a1434..462eb43 100644 --- a/.github/workflows/deploy-database.yml +++ b/.github/workflows/deploy-database.yml @@ -17,21 +17,26 @@ jobs: matrix: target: - name: "dev" + if: github.ref == 'refs/heads/master' client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" server: "sql-radix-vulnerability-scan-dev.database.windows.net" - name: "playground" + if: github.ref == 'refs/heads/release' client-id: "8d02c39d-6757-4977-9ad3-017889fe3f45" server: "sql-radix-vulnerability-scan-playground.database.windows.net" # - name: "platform" +# if: github.ref == 'refs/heads/release' # client-id: "to be decided" # server: "sql-radix-vulnerability-scan-prod.database.windows.net" # # - name: "c2" +# if: github.ref == 'refs/heads/release' # client-id: "to be decided" # server: "sql-radix-vulnerability-scan-c2.database.windows.net" + if: ${{matrix.target.if}} env: connection: >- Server=${{matrix.target.server}}; From be947d30fc9e6d7fd31def92d4d6c3d01b634940 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 12:12:22 +0100 Subject: [PATCH 32/61] test matrix in pr --- .github/workflows/testpr.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/testpr.yml diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml new file mode 100644 index 0000000..6ed2617 --- /dev/null +++ b/.github/workflows/testpr.yml @@ -0,0 +1,20 @@ +name: TEST Pull request +on: + pull_request: + branches: + - main + +jobs: + build: + name: Build + runs-on: ubuntu-latest + strategy: + matrix: + test: + - msg: "hello world" + if: true + - msg: "testing testing" + if: false + if: ${{matrix.test.if}} + steps: + - run: echo ${{matrix.test.msg}} From 9e35fd2ba389e4e001fe44d179c8f4b53383b944 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 12:13:17 +0100 Subject: [PATCH 33/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 6ed2617..101c443 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -15,6 +15,6 @@ jobs: if: true - msg: "testing testing" if: false - if: ${{matrix.test.if}} + # if: ${{matrix.test.if}} steps: - run: echo ${{matrix.test.msg}} From 6720ca8d346f4639479edd4c7febc1c377f01c4c Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 12:49:33 +0100 Subject: [PATCH 34/61] test matrix in pr --- .github/workflows/deploy-database.yml | 34 ++++++++++++++++++++------- .github/workflows/targets.json | 30 +++++++++++++++++++++++ .github/workflows/testpr.yml | 30 ++++++++++++++++------- 3 files changed, 76 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/targets.json diff --git a/.github/workflows/deploy-database.yml b/.github/workflows/deploy-database.yml index 462eb43..217afcf 100644 --- a/.github/workflows/deploy-database.yml +++ b/.github/workflows/deploy-database.yml @@ -10,6 +10,21 @@ permissions: contents: read jobs: + matrix_prep: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - name: Check out code into the Go module directory + uses: actions/checkout@v2 + - id: set-matrix + run: | + branchName=$(echo '${{ github.ref }}' | sed 's,refs/heads/,,g') + matrix=$(jq --arg branchName "$branchName" 'map( + . | select((.runOn==$branchName) or (.runOn=="always")) + )' matrix_includes.json) + echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT + deploy: runs-on: ubuntu-20.04 strategy: @@ -26,15 +41,15 @@ jobs: client-id: "8d02c39d-6757-4977-9ad3-017889fe3f45" server: "sql-radix-vulnerability-scan-playground.database.windows.net" -# - name: "platform" -# if: github.ref == 'refs/heads/release' -# client-id: "to be decided" -# server: "sql-radix-vulnerability-scan-prod.database.windows.net" -# -# - name: "c2" -# if: github.ref == 'refs/heads/release' -# client-id: "to be decided" -# server: "sql-radix-vulnerability-scan-c2.database.windows.net" + - name: "platform" + if: github.ref == 'refs/heads/release' + client-id: "to be decided" + server: "sql-radix-vulnerability-scan-prod.database.windows.net" + + - name: "c2" + if: github.ref == 'refs/heads/release' + client-id: "to be decided" + server: "sql-radix-vulnerability-scan-c2.database.windows.net" if: ${{matrix.target.if}} env: @@ -47,6 +62,7 @@ jobs: Connection Timeout=30; steps: + - - uses: actions/checkout@v4 diff --git a/.github/workflows/targets.json b/.github/workflows/targets.json new file mode 100644 index 0000000..7c6364c --- /dev/null +++ b/.github/workflows/targets.json @@ -0,0 +1,30 @@ +[ + { + "name": "dev", + "runOn": "refs/heads/master", + "mi-sql-admin-client-id": "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee", + "ar-radix-vulnerability-scanner": "1a292b18-2960-49a5-b429-c8a50349b5eb", + "server": "sql-radix-vulnerability-scan-dev.database.windows.net" + }, + { + "name": "playground", + "runOn": "refs/heads/release", + "mi-sql-admin-client-id": "8d02c39d-6757-4977-9ad3-017889fe3f45", + "ar-radix-vulnerability-scanner": "1a292b18-2960-49a5-b429-c8a50349b5eb", + "server": "sql-radix-vulnerability-scan-playground.database.windows.net" + }, + { + "name": "platform", + "runOn": "refs/heads/release", + "mi-sql-admin-client-id": "to be decided", + "ar-radix-vulnerability-scanner": "d1ee58e8-5896-48d9-a777-5418c3df9a58", + "server": "sql-radix-vulnerability-scan-prod.database.windows.net" + }, + { + "name": "c2", + "runOn": "refs/heads/release", + "mi-sql-admin-client-id": "to be decided", + "ar-radix-vulnerability-scanner": "d1ee58e8-5896-48d9-a777-5418c3df9a58", + "server": "sql-radix-vulnerability-scan-c2.database.windows.net" + } +] diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 101c443..81098ad 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -5,16 +5,28 @@ on: - main jobs: + matrix_prep: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - name: Check out code into the Go module directory + uses: actions/checkout@v4 + - id: set-matrix + run: | + branchName=$(echo '${{ github.ref }}' | sed 's,refs/heads/,,g') + + matrix=$(jq --arg ref "${{ github.ref }}" 'map( + . | select((.runOn==$ref or (.runOn=="always")) + )' targets.json) + echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT + build: name: Build runs-on: ubuntu-latest - strategy: - matrix: - test: - - msg: "hello world" - if: true - - msg: "testing testing" - if: false - # if: ${{matrix.test.if}} + needs: [matrix-prep] + # strategy: +# matrix: +# # if: ${{matrix.test.if}} steps: - - run: echo ${{matrix.test.msg}} + - run: echo ${{needs.matrix-prep.matrix}} #${{matrix.test.msg}} From 7bf459c108f1cd273ff24a611f829d296fd6e332 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 12:50:50 +0100 Subject: [PATCH 35/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 81098ad..ad670cc 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -5,7 +5,7 @@ on: - main jobs: - matrix_prep: + matrix-prep: runs-on: ubuntu-latest outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} From 5ed2e319028b240da1b9f797d47a8c17a0bcc411 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 12:51:54 +0100 Subject: [PATCH 36/61] test matrix in pr --- .github/workflows/testpr.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index ad670cc..8f79555 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -14,8 +14,6 @@ jobs: uses: actions/checkout@v4 - id: set-matrix run: | - branchName=$(echo '${{ github.ref }}' | sed 's,refs/heads/,,g') - matrix=$(jq --arg ref "${{ github.ref }}" 'map( . | select((.runOn==$ref or (.runOn=="always")) )' targets.json) From 7d27668b6ce48bc6ebe50e052bd9128a8e443491 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:05:08 +0100 Subject: [PATCH 37/61] test matrix in pr --- .github/workflows/targets.json | 6 +++++- .github/workflows/testpr.yml | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/targets.json b/.github/workflows/targets.json index 7c6364c..50627ae 100644 --- a/.github/workflows/targets.json +++ b/.github/workflows/targets.json @@ -1,13 +1,15 @@ [ { "name": "dev", - "runOn": "refs/heads/master", + "acr-name": "radixdev", + "runOn": "always" , "mi-sql-admin-client-id": "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee", "ar-radix-vulnerability-scanner": "1a292b18-2960-49a5-b429-c8a50349b5eb", "server": "sql-radix-vulnerability-scan-dev.database.windows.net" }, { "name": "playground", + "acr-name": "radixdev", "runOn": "refs/heads/release", "mi-sql-admin-client-id": "8d02c39d-6757-4977-9ad3-017889fe3f45", "ar-radix-vulnerability-scanner": "1a292b18-2960-49a5-b429-c8a50349b5eb", @@ -15,6 +17,7 @@ }, { "name": "platform", + "acr-name": "radixprod", "runOn": "refs/heads/release", "mi-sql-admin-client-id": "to be decided", "ar-radix-vulnerability-scanner": "d1ee58e8-5896-48d9-a777-5418c3df9a58", @@ -22,6 +25,7 @@ }, { "name": "c2", + "acr-name": "radixc2prod", "runOn": "refs/heads/release", "mi-sql-admin-client-id": "to be decided", "ar-radix-vulnerability-scanner": "d1ee58e8-5896-48d9-a777-5418c3df9a58", diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 8f79555..2dfc932 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -13,10 +13,10 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@v4 - id: set-matrix - run: | - matrix=$(jq --arg ref "${{ github.ref }}" 'map( - . | select((.runOn==$ref or (.runOn=="always")) - )' targets.json) + env: + REF: ${{ github.ref }} + run: | + matrix=$(jq --arg ref "$REF" 'map( . | select((.runOn==$branchName) or (.runOn=="always")))' targets.json) echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT build: From 7f02291503c4bb5d1874ce88f7c388742bb8353f Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:06:03 +0100 Subject: [PATCH 38/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 2dfc932..16be19b 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -16,7 +16,7 @@ jobs: env: REF: ${{ github.ref }} run: | - matrix=$(jq --arg ref "$REF" 'map( . | select((.runOn==$branchName) or (.runOn=="always")))' targets.json) + matrix=$(jq --arg ref "$REF" 'map( . | select((.runOn==$ref) or (.runOn=="always")))' targets.json) echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT build: From 850c66ad7c84eadd7c07a8aad97c8ddb08143810 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:07:03 +0100 Subject: [PATCH 39/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 16be19b..37a7e6e 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -16,7 +16,7 @@ jobs: env: REF: ${{ github.ref }} run: | - matrix=$(jq --arg ref "$REF" 'map( . | select((.runOn==$ref) or (.runOn=="always")))' targets.json) + matrix=$(jq --arg ref "$REF" 'map( . | select((.runOn==$ref) or (.runOn=="always")))' .github/workflows/targets.json) echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT build: From 082f6d73cbbd11d243b693dfd7973f0bc8120af8 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:08:38 +0100 Subject: [PATCH 40/61] test matrix in pr --- .github/workflows/testpr.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 37a7e6e..9e4083c 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -23,8 +23,9 @@ jobs: name: Build runs-on: ubuntu-latest needs: [matrix-prep] - # strategy: -# matrix: -# # if: ${{matrix.test.if}} + + strategy: + matrix: ${{needs.matrix-prep.matrix}} + steps: - - run: echo ${{needs.matrix-prep.matrix}} #${{matrix.test.msg}} + - run: echo ${{matrix}} From 2c6dcfbc01995051942b229d632931e80843c3ea Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:09:46 +0100 Subject: [PATCH 41/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 9e4083c..d954cbd 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -25,7 +25,7 @@ jobs: needs: [matrix-prep] strategy: - matrix: ${{needs.matrix-prep.matrix}} + matrix: ${{fromJson(needs.matrix-prep.outputs.matrix)}} steps: - run: echo ${{matrix}} From 256e350b33318696238498ca7043362093e14ae0 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:11:48 +0100 Subject: [PATCH 42/61] test matrix in pr --- .github/workflows/targets.json | 2 +- .github/workflows/testpr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/targets.json b/.github/workflows/targets.json index 50627ae..7b8898e 100644 --- a/.github/workflows/targets.json +++ b/.github/workflows/targets.json @@ -10,7 +10,7 @@ { "name": "playground", "acr-name": "radixdev", - "runOn": "refs/heads/release", + "runOn": "refs/pull/39/merge", "mi-sql-admin-client-id": "8d02c39d-6757-4977-9ad3-017889fe3f45", "ar-radix-vulnerability-scanner": "1a292b18-2960-49a5-b429-c8a50349b5eb", "server": "sql-radix-vulnerability-scan-playground.database.windows.net" diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index d954cbd..f0cb5a0 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -28,4 +28,4 @@ jobs: matrix: ${{fromJson(needs.matrix-prep.outputs.matrix)}} steps: - - run: echo ${{matrix}} + - run: echo ${{matrix.name}} From 8043079c18a03cfd32fb7815d889a3443a29118a Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:20:14 +0100 Subject: [PATCH 43/61] test matrix in pr --- .github/workflows/testpr.yml | 44 ++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index f0cb5a0..68ec53a 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -5,27 +5,37 @@ on: - main jobs: - matrix-prep: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - steps: - - name: Check out code into the Go module directory - uses: actions/checkout@v4 - - id: set-matrix - env: - REF: ${{ github.ref }} - run: | - matrix=$(jq --arg ref "$REF" 'map( . | select((.runOn==$ref) or (.runOn=="always")))' .github/workflows/targets.json) - echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT - build: name: Build runs-on: ubuntu-latest - needs: [matrix-prep] strategy: - matrix: ${{fromJson(needs.matrix-prep.outputs.matrix)}} + matrix: + target: + - name: "dev" + if: true + acr-name: "radixdev" + client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" + subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" + + - name: "playground" + if: true + acr-name: "radixdev" + client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" + subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" + + - name: "platform" + if: github.ref == 'refs/heads/release' + acr-name: "radixprod" + client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" + subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" + + - name: "c2" + if: github.ref == 'refs/heads/release' + acr-name: "radixc2prod" + client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" + subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" steps: - - run: echo ${{matrix.name}} + - if: ${{matrix.if}} + run: echo ${{matrix.name}} ${{matrix.acr-name}} From 0259bd7f473c0d5c54c69e789300ed558fdfa53b Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:21:47 +0100 Subject: [PATCH 44/61] test matrix in pr --- .github/workflows/testpr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 68ec53a..c9752b9 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -37,5 +37,6 @@ jobs: subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" steps: + - run: echo ${{matrix.if}} - if: ${{matrix.if}} run: echo ${{matrix.name}} ${{matrix.acr-name}} From b789d770d04aa4dff5da0726dff7ebd383f8bb39 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:22:28 +0100 Subject: [PATCH 45/61] test matrix in pr --- .github/workflows/testpr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index c9752b9..6b9afed 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -13,13 +13,13 @@ jobs: matrix: target: - name: "dev" - if: true + if: "true" acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - name: "playground" - if: true + if: "true" acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" From 08630671af3fa298470065c1d340e68edc3eaa83 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:24:07 +0100 Subject: [PATCH 46/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 6b9afed..c4b5636 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -38,5 +38,5 @@ jobs: steps: - run: echo ${{matrix.if}} - - if: ${{matrix.if}} + - if: true == ${{matrix.if}} run: echo ${{matrix.name}} ${{matrix.acr-name}} From ede5fb112533067fa47d09522a20ca0b465fe0fa Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:25:43 +0100 Subject: [PATCH 47/61] test matrix in pr --- .github/workflows/testpr.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index c4b5636..c6b52d2 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -13,13 +13,13 @@ jobs: matrix: target: - name: "dev" - if: "true" + if: ${{true}} acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - name: "playground" - if: "true" + if: ${{true}} acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" @@ -37,6 +37,6 @@ jobs: subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" steps: - - run: echo ${{matrix.if}} - - if: true == ${{matrix.if}} - run: echo ${{matrix.name}} ${{matrix.acr-name}} + - run: echo "${{matrix.if}}" + - if: matrix.if + run: echo "${{matrix.name}} ${{matrix.acr-name}}" From 0fb2d76c5a4fa76694f749be97fa901332b52d14 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:28:04 +0100 Subject: [PATCH 48/61] test matrix in pr --- .github/workflows/testpr.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index c6b52d2..5284573 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -13,30 +13,30 @@ jobs: matrix: target: - name: "dev" - if: ${{true}} + run: always acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - name: "playground" - if: ${{true}} + run: always acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - name: "platform" - if: github.ref == 'refs/heads/release' + run: "refs/heads/release" acr-name: "radixprod" client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" - name: "c2" - if: github.ref == 'refs/heads/release' + run: "refs/heads/release" acr-name: "radixc2prod" client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" steps: - - run: echo "${{matrix.if}}" - - if: matrix.if + - run: echo "${{matrix.run}}" + - if: matrix.run == "always" || matrix.run == ${{GITHUB_REF}} run: echo "${{matrix.name}} ${{matrix.acr-name}}" From 99f280a5ec0ecd6ba47f69817ca6fe1e47780c31 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:28:33 +0100 Subject: [PATCH 49/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 5284573..32c34d0 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -38,5 +38,5 @@ jobs: steps: - run: echo "${{matrix.run}}" - - if: matrix.run == "always" || matrix.run == ${{GITHUB_REF}} + - if: matrix.run == "always" || matrix.run == ${{env.GITHUB_REF}} run: echo "${{matrix.name}} ${{matrix.acr-name}}" From dcc91629b28ac5b4cc7a51581c43d8b6aa3e42aa Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:31:07 +0100 Subject: [PATCH 50/61] test matrix in pr --- .github/workflows/testpr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 32c34d0..2cf9dbe 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -37,6 +37,6 @@ jobs: subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" steps: - - run: echo "${{matrix.run}}" - - if: matrix.run == "always" || matrix.run == ${{env.GITHUB_REF}} + - run: echo ${{matrix.target.run}} + - if: matrix.target.run == "always" || matrix.target.run == ${{env.GITHUB_REF}} run: echo "${{matrix.name}} ${{matrix.acr-name}}" From 0562fbfa7bbc0349084790e28d76a0619edec353 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:31:26 +0100 Subject: [PATCH 51/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 2cf9dbe..0582f7c 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -39,4 +39,4 @@ jobs: steps: - run: echo ${{matrix.target.run}} - if: matrix.target.run == "always" || matrix.target.run == ${{env.GITHUB_REF}} - run: echo "${{matrix.name}} ${{matrix.acr-name}}" + run: echo "${{matrix.target.name}} ${{matrix.target.acr-name}}" From 742bb4999567fc59c5287fe80f5ba1e7001c5da5 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:33:29 +0100 Subject: [PATCH 52/61] test matrix in pr --- .github/workflows/testpr.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 0582f7c..9537a7b 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -13,13 +13,13 @@ jobs: matrix: target: - name: "dev" - run: always + run: "always" acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - name: "playground" - run: always + run: "always" acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" @@ -38,5 +38,6 @@ jobs: steps: - run: echo ${{matrix.target.run}} + - if: matrix.target.run == "always" || matrix.target.run == ${{env.GITHUB_REF}} run: echo "${{matrix.target.name}} ${{matrix.target.acr-name}}" From 2d8c46360983921ee858f2cfaa2c0dd1e585990a Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:35:29 +0100 Subject: [PATCH 53/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 9537a7b..ffa448d 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -39,5 +39,5 @@ jobs: steps: - run: echo ${{matrix.target.run}} - - if: matrix.target.run == "always" || matrix.target.run == ${{env.GITHUB_REF}} + - if: ${{ matrix.target.run == "always" || matrix.target.run == github.ref }} run: echo "${{matrix.target.name}} ${{matrix.target.acr-name}}" From 8797e4213f13b47ac4d1f35dcf7ec7e7519a39c2 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:36:19 +0100 Subject: [PATCH 54/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index ffa448d..89c0142 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -39,5 +39,5 @@ jobs: steps: - run: echo ${{matrix.target.run}} - - if: ${{ matrix.target.run == "always" || matrix.target.run == github.ref }} + - if: ${{ matrix.target.run == 'always' || matrix.target.run == github.ref }} run: echo "${{matrix.target.name}} ${{matrix.target.acr-name}}" From c1fc51e9d5021d88c4e1b42793cae289db6a2b3a Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:37:31 +0100 Subject: [PATCH 55/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 89c0142..3d836b9 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -39,5 +39,5 @@ jobs: steps: - run: echo ${{matrix.target.run}} - - if: ${{ matrix.target.run == 'always' || matrix.target.run == github.ref }} + - if: ${{ (matrix.target.run == 'always') || (matrix.target.run == github.ref) }} run: echo "${{matrix.target.name}} ${{matrix.target.acr-name}}" From f1ac92f02b971a9f27234490d1183bb19b75e0ab Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:38:26 +0100 Subject: [PATCH 56/61] test matrix in pr --- .github/workflows/testpr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 3d836b9..ba71b4c 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -39,5 +39,5 @@ jobs: steps: - run: echo ${{matrix.target.run}} - - if: ${{ (matrix.target.run == 'always') || (matrix.target.run == github.ref) }} + - if: (matrix.target.run == 'always') || (matrix.target.run == github.ref) run: echo "${{matrix.target.name}} ${{matrix.target.acr-name}}" From 1bcd99dc2f2bf760dcabf20906cb94ec638be758 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:46:58 +0100 Subject: [PATCH 57/61] only run sql updates in prod/c2/playground on push to release --- .github/workflows/build-push.yml | 15 ++++++---- .github/workflows/deploy-database.yml | 39 +++++++++++------------- .github/workflows/targets.json | 34 --------------------- .github/workflows/testpr.yml | 43 --------------------------- 4 files changed, 26 insertions(+), 105 deletions(-) delete mode 100644 .github/workflows/targets.json delete mode 100644 .github/workflows/testpr.yml diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 1cf2a4b..cc0a63b 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -16,40 +16,42 @@ jobs: matrix: target: - name: "dev" - if: github.ref == 'refs/heads/master' + ref: "refs/heads/master" acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - name: "playground" - if: github.ref == 'refs/heads/release' + ref: "refs/heads/release" acr-name: "radixdev" client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - name: "platform" - if: github.ref == 'refs/heads/release' + ref: "refs/heads/release" acr-name: "radixprod" client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" - name: "c2" - if: github.ref == 'refs/heads/release' + ref: "refs/heads/release" acr-name: "radixc2prod" client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" - if: ${{matrix.target.if}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + if: matrix.target.run == github.ref - uses: azure/login@v1 + if: matrix.target.run == github.ref with: client-id: ${{matrix.target.client-id}} tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" subscription-id: ${{matrix.target.subscription-id}} - name: Generate image tag + if: matrix.target.run == github.ref id: tag run: | sha=${GITHUB_SHA::8} @@ -57,6 +59,7 @@ jobs: echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT - name: Build image + if: matrix.target.run == github.ref env: AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} ACR_NAME: ${{matrix.target.acr-name}} diff --git a/.github/workflows/deploy-database.yml b/.github/workflows/deploy-database.yml index 217afcf..22f852c 100644 --- a/.github/workflows/deploy-database.yml +++ b/.github/workflows/deploy-database.yml @@ -10,21 +10,6 @@ permissions: contents: read jobs: - matrix_prep: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - steps: - - name: Check out code into the Go module directory - uses: actions/checkout@v2 - - id: set-matrix - run: | - branchName=$(echo '${{ github.ref }}' | sed 's,refs/heads/,,g') - matrix=$(jq --arg branchName "$branchName" 'map( - . | select((.runOn==$branchName) or (.runOn=="always")) - )' matrix_includes.json) - echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT - deploy: runs-on: ubuntu-20.04 strategy: @@ -32,26 +17,25 @@ jobs: matrix: target: - name: "dev" - if: github.ref == 'refs/heads/master' + ref: "refs/heads/master" client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" server: "sql-radix-vulnerability-scan-dev.database.windows.net" - name: "playground" - if: github.ref == 'refs/heads/release' + ref: "refs/heads/release" client-id: "8d02c39d-6757-4977-9ad3-017889fe3f45" server: "sql-radix-vulnerability-scan-playground.database.windows.net" - name: "platform" - if: github.ref == 'refs/heads/release' + ref: "refs/heads/release" client-id: "to be decided" server: "sql-radix-vulnerability-scan-prod.database.windows.net" - name: "c2" - if: github.ref == 'refs/heads/release' + ref: "refs/heads/release" client-id: "to be decided" server: "sql-radix-vulnerability-scan-c2.database.windows.net" - if: ${{matrix.target.if}} env: connection: >- Server=${{matrix.target.server}}; @@ -62,37 +46,48 @@ jobs: Connection Timeout=30; steps: - - - - uses: actions/checkout@v4 + if: matrix.target.run == github.ref - uses: azure/login@v1 + if: matrix.target.run == github.ref with: client-id: ${{matrix.target.client-id}} tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" allow-no-subscriptions: true - uses: azure/sql-action@v2.2.1 + if: matrix.target.run == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/predeploy.sql' + - uses: azure/sql-action@v2.2.1 + if: matrix.target.run == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/roles.sql' + - uses: azure/sql-action@v2.2.1 + if: matrix.target.run == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/types.sql' + - uses: azure/sql-action@v2.2.1 + if: matrix.target.run == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/tables.sql' + - uses: azure/sql-action@v2.2.1 + if: matrix.target.run == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/views.sql' + - uses: azure/sql-action@v2.2.1 + if: matrix.target.run == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/procedures.sql' diff --git a/.github/workflows/targets.json b/.github/workflows/targets.json deleted file mode 100644 index 7b8898e..0000000 --- a/.github/workflows/targets.json +++ /dev/null @@ -1,34 +0,0 @@ -[ - { - "name": "dev", - "acr-name": "radixdev", - "runOn": "always" , - "mi-sql-admin-client-id": "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee", - "ar-radix-vulnerability-scanner": "1a292b18-2960-49a5-b429-c8a50349b5eb", - "server": "sql-radix-vulnerability-scan-dev.database.windows.net" - }, - { - "name": "playground", - "acr-name": "radixdev", - "runOn": "refs/pull/39/merge", - "mi-sql-admin-client-id": "8d02c39d-6757-4977-9ad3-017889fe3f45", - "ar-radix-vulnerability-scanner": "1a292b18-2960-49a5-b429-c8a50349b5eb", - "server": "sql-radix-vulnerability-scan-playground.database.windows.net" - }, - { - "name": "platform", - "acr-name": "radixprod", - "runOn": "refs/heads/release", - "mi-sql-admin-client-id": "to be decided", - "ar-radix-vulnerability-scanner": "d1ee58e8-5896-48d9-a777-5418c3df9a58", - "server": "sql-radix-vulnerability-scan-prod.database.windows.net" - }, - { - "name": "c2", - "acr-name": "radixc2prod", - "runOn": "refs/heads/release", - "mi-sql-admin-client-id": "to be decided", - "ar-radix-vulnerability-scanner": "d1ee58e8-5896-48d9-a777-5418c3df9a58", - "server": "sql-radix-vulnerability-scan-c2.database.windows.net" - } -] diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml deleted file mode 100644 index ba71b4c..0000000 --- a/.github/workflows/testpr.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: TEST Pull request -on: - pull_request: - branches: - - main - -jobs: - build: - name: Build - runs-on: ubuntu-latest - - strategy: - matrix: - target: - - name: "dev" - run: "always" - acr-name: "radixdev" - client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" - subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - - - name: "playground" - run: "always" - acr-name: "radixdev" - client-id: "1a292b18-2960-49a5-b429-c8a50349b5eb" - subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" - - - name: "platform" - run: "refs/heads/release" - acr-name: "radixprod" - client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" - subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" - - - name: "c2" - run: "refs/heads/release" - acr-name: "radixc2prod" - client-id: "d1ee58e8-5896-48d9-a777-5418c3df9a58" - subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" - - steps: - - run: echo ${{matrix.target.run}} - - - if: (matrix.target.run == 'always') || (matrix.target.run == github.ref) - run: echo "${{matrix.target.name}} ${{matrix.target.acr-name}}" From c94cb549119ecf7a32270e87f0a06193618199a6 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:47:50 +0100 Subject: [PATCH 58/61] use checkout v4 --- .github/workflows/pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 4b0327c..aa3eb88 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -9,7 +9,7 @@ jobs: name: Build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build docker image env: REF: ${{ github. sha }} @@ -37,7 +37,7 @@ jobs: name: Unit Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-go@v4 with: go-version: '1.21' From 4f042fd6191741be1466cbe7bbc60eae8d375e56 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Wed, 7 Feb 2024 13:48:38 +0100 Subject: [PATCH 59/61] add comment --- .github/workflows/deploy-database.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-database.yml b/.github/workflows/deploy-database.yml index 22f852c..59891a9 100644 --- a/.github/workflows/deploy-database.yml +++ b/.github/workflows/deploy-database.yml @@ -28,12 +28,12 @@ jobs: - name: "platform" ref: "refs/heads/release" - client-id: "to be decided" + client-id: "to be decided" #FIXME server: "sql-radix-vulnerability-scan-prod.database.windows.net" - name: "c2" ref: "refs/heads/release" - client-id: "to be decided" + client-id: "to be decided" #FIXME server: "sql-radix-vulnerability-scan-c2.database.windows.net" env: From da7a997526166ff7951722dfc452c7fa1cca33e0 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Fri, 9 Feb 2024 15:23:39 +0100 Subject: [PATCH 60/61] fix ref --- .github/workflows/build-push.yml | 8 ++++---- .github/workflows/deploy-database.yml | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index cc0a63b..82a1f4a 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -41,17 +41,17 @@ jobs: steps: - uses: actions/checkout@v4 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref - uses: azure/login@v1 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref with: client-id: ${{matrix.target.client-id}} tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" subscription-id: ${{matrix.target.subscription-id}} - name: Generate image tag - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref id: tag run: | sha=${GITHUB_SHA::8} @@ -59,7 +59,7 @@ jobs: echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT - name: Build image - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref env: AZURE_SUBSCRIPTION_ID: ${{matrix.target.subscription-id}} ACR_NAME: ${{matrix.target.acr-name}} diff --git a/.github/workflows/deploy-database.yml b/.github/workflows/deploy-database.yml index 59891a9..1e3cf70 100644 --- a/.github/workflows/deploy-database.yml +++ b/.github/workflows/deploy-database.yml @@ -47,47 +47,47 @@ jobs: steps: - uses: actions/checkout@v4 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref - uses: azure/login@v1 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref with: client-id: ${{matrix.target.client-id}} tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" allow-no-subscriptions: true - uses: azure/sql-action@v2.2.1 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/predeploy.sql' - uses: azure/sql-action@v2.2.1 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/roles.sql' - uses: azure/sql-action@v2.2.1 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/types.sql' - uses: azure/sql-action@v2.2.1 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/tables.sql' - uses: azure/sql-action@v2.2.1 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/views.sql' - uses: azure/sql-action@v2.2.1 - if: matrix.target.run == github.ref + if: matrix.target.ref == github.ref with: connection-string: ${{env.connection}} path: './azure-infrastructure/sql-scripts/procedures.sql' From 7debf2b5dadf1855299c1f627af7f2f0ee959e37 Mon Sep 17 00:00:00 2001 From: Richard Hagen Date: Fri, 9 Feb 2024 15:50:48 +0100 Subject: [PATCH 61/61] fix ref and client-id --- .github/workflows/deploy-database.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-database.yml b/.github/workflows/deploy-database.yml index 1e3cf70..be275a9 100644 --- a/.github/workflows/deploy-database.yml +++ b/.github/workflows/deploy-database.yml @@ -18,22 +18,22 @@ jobs: target: - name: "dev" ref: "refs/heads/master" - client-id: "0f26a8a6-3593-4eb3-9d74-b2fb814c6fee" + client-id: "a23b30b8-3faa-42a1-817e-6cd097a620f1" server: "sql-radix-vulnerability-scan-dev.database.windows.net" - name: "playground" ref: "refs/heads/release" - client-id: "8d02c39d-6757-4977-9ad3-017889fe3f45" + client-id: "453fb3de-daaa-43e6-93ef-a470849a2b6b" server: "sql-radix-vulnerability-scan-playground.database.windows.net" - name: "platform" ref: "refs/heads/release" - client-id: "to be decided" #FIXME + client-id: "50e78187-ff60-49c5-bcbe-701bbbf4f5d7" server: "sql-radix-vulnerability-scan-prod.database.windows.net" - name: "c2" ref: "refs/heads/release" - client-id: "to be decided" #FIXME + client-id: "f26240e2-3095-4273-8559-2ca9a121991e" server: "sql-radix-vulnerability-scan-c2.database.windows.net" env: