Skip to content

devsecops/emvaldes/remote-branch #28960

devsecops/emvaldes/remote-branch

devsecops/emvaldes/remote-branch #28960

name: Validate Resources
on:
pull_request:
branches:
- production
- main
- test
push:
branches:
- production
- main
- test
schedule:
- cron: "36 3 * * *"
env:
AZURE_CREDENTIALS: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
jobs:
pre_job:
name: Set Build Environment
runs-on: ubuntu-latest
outputs:
env_name: ${{ env.VALIDATE_ENV }}
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Build vars
id: build_vars
uses: ./.github/actions/build-vars
- name: Force env if schedule
shell: bash
run: |
if [[ ${{ github.event_name == 'schedule' }} == 'true' ]]; then
echo "VALIDATE_ENV=prod" >> $GITHUB_ENV
else
echo "VALIDATE_ENV=${{ steps.build_vars.outputs.env_name }}" >> $GITHUB_ENV
fi
validate_dns:
name: Check infrastructure resources
if: ${{ needs.pre_job.outputs.env_name && (github.actor != 'dependabot[bot]') }}
needs:
- pre_job
environment: ${{ needs.pre_job.outputs.env_name }}
concurrency: ${{ needs.pre_job.outputs.env_name }}
runs-on: ubuntu-latest
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Connect to VPN and login to Azure
uses: ./.github/actions/vpn-azure
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
tls-key: ${{ secrets.TLS_KEY }}
ca-cert: ${{ secrets.CA_CRT}}
user-crt: ${{ secrets.USER_CRT }}
user-key: ${{ secrets.USER_KEY }}
sp-creds: ${{ env.AZURE_CREDENTIALS }}
- name: Restart DNS if failure
uses: ./.github/actions/retry
with:
timeout_seconds: 60
max_attempts: 3
retry_wait_seconds: 180
command: dig google.com @10.0.2.4
shell: bash
on_retry_command: >-
az container stop --name pdh${{ needs.pre_job.outputs.env_name }}-dns
-g prime-data-hub-${{ needs.pre_job.outputs.env_name }};
az container start --name pdh${{ needs.pre_job.outputs.env_name }}-dns
-g prime-data-hub-${{ needs.pre_job.outputs.env_name }};
- name: Restart legacy SFTP if wrong ip
if: needs.pre_job.outputs.env_name != 'prod'
uses: ./.github/actions/retry
with:
timeout_seconds: 60
max_attempts: 3
retry_wait_seconds: 180
command: |
ip=$(az container show --name pdh${{ needs.pre_job.outputs.env_name }}-sftpserver \
-g prime-data-hub-${{ needs.pre_job.outputs.env_name }} -o tsv --query 'ipAddress.ip')
last_octet=${ip: -2}
if [[ $last_octet -ne 20 ]]; then exit 1; fi
shell: bash
on_retry_command: >-
az container stop --name pdh${{ needs.pre_job.outputs.env_name }}-sftpserver
-g prime-data-hub-${{ needs.pre_job.outputs.env_name }};
az container start --name pdh${{ needs.pre_job.outputs.env_name }}-sftpserver
-g prime-data-hub-${{ needs.pre_job.outputs.env_name }};
optimize_demo_dbs:
name: Optimize demo databases
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
strategy:
matrix:
env_name: [ demo1, demo2, demo3 ]
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- uses: azure/login@v2
with:
creds: ${{ env.AZURE_CREDENTIALS }}
- name: Reduce database replica sizes
uses: ./.github/actions/retry
with:
timeout_minutes: 180
max_attempts: 3
retry_wait_seconds: 1800
command: |
REPLICA_COUNT=$(az postgres server list -g prime-data-hub-${{ matrix.env_name }} --query '[*].name' | \
jq '[.[] | select(contains("pgsql-replica"))] | length')
if [[ ${REPLICA_COUNT} -gt 0 ]]; then
az postgres server update -g prime-data-hub-${{ matrix.env_name }} -n pdh${{ matrix.env_name }}-pgsql-replica --sku-name GP_Gen5_4
fi
shell: bash
vpn_validation:
name: VPN Validation
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
continue-on-error: true
strategy:
max-parallel: 2
matrix:
env_name: [ prod, staging, demo1, demo2, demo3 ]
environment: ${{ matrix.env_name }}
concurrency: ${{ matrix.env_name }}
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- uses: azure/login@v2
with:
creds: ${{ env.AZURE_CREDENTIALS }}
- name: Fetch VPN DNS IP
id: fetch_vpn_ip
shell: bash
run: |
DNS_IP=$(az container show -g prime-data-hub-${{ matrix.env_name }} \
--name pdh${{ matrix.env_name }}-dns --query 'ipAddress.ip' -o tsv)
echo "dns_ip=$DNS_IP" >> $GITHUB_OUTPUT
- name: Connect to VPN
uses: ./.github/actions/vpn-azure
with:
env-name: ${{ matrix.env_name }}
tls-key: ${{ secrets.TLS_KEY }}
ca-cert: ${{ secrets.CA_CRT}}
user-crt: ${{ secrets.USER_CRT }}
user-key: ${{ secrets.USER_KEY }}
dns-ip: ${{ steps.fetch_vpn_ip.outputs.dns_ip }}