--- name: QA Deploy on: workflow_dispatch: inputs: migrateDb: required: true default: "true" resetDb: required: true default: "false" jobs: reset-db: name: Reset Database if: ${{ github.event.inputs.resetDb == 'true' }} runs-on: ubuntu-20.04 steps: - name: Reset Test Data - Stub run: | echo "placeholder for cleaning DB" echo "placeholder for loading test dataset" update-db: name: Update Database if: ${{ github.event.inputs.migrateDb == 'true' }} runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-qa-kv" secrets: "mssql-server-host, mssql-admin-login, mssql-admin-login-password" - name: Migrate database env: MSSQL_HOST: ${{ steps.retrieve-secrets.outputs.mssql-server-host }} MSSQL_USER: ${{ steps.retrieve-secrets.outputs.mssql-admin-login }} MSSQL_PASS: ${{ steps.retrieve-secrets.outputs.mssql-admin-login-password }} MSSQL_DATABASE: vault MSSQL_MIGRATIONS_DIRECTORY: util/Migrator/DbScripts run: | echo "Running database migrations..." $GITHUB_WORKSPACE/dev/helpers/mssql/run_migrations.sh -p deploy: name: Deploy runs-on: ubuntu-20.04 if: always() needs: - reset-db - update-db strategy: fail-fast: false matrix: include: - name: Api - name: Admin - name: Billing - name: Events - name: Sso - name: Identity steps: - name: Setup id: setup run: | NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}') echo "Matrix name: ${{ matrix.name }}" echo "NAME_LOWER: $NAME_LOWER" echo "::set-output name=name_lower::$NAME_LOWER" BRANCH_NAME=$(echo "$GITHUB_REF" | sed "s#refs/heads/##g") echo "GITHUB_REF: $GITHUB_REF" echo "BRANCH_NAME: $BRANCH_NAME" echo "::set-output name=branch_name::$BRANCH_NAME" mkdir publish - name: Create GitHub deployment for ${{ matrix.name }} uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48 id: deployment with: token: '${{ secrets.GITHUB_TOKEN }}' initial-status: 'in_progress' environment: 'Server ${{ matrix.name }} - QA' task: 'deploy' description: 'Deploy from ${{ env.branch_name }} branch' - name: Download latest ${{ matrix.name }} asset from ${{ env.branch_name }} uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8 env: branch_name: ${{ steps.setup.outputs.branch_name }} with: workflow: build.yml workflow_conclusion: success branch: ${{ env.branch_name }} artifacts: ${{ matrix.name }}.zip - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets env: VAULT_NAME: "bitwarden-qa-kv" run: | webapp_name=$( az keyvault secret show --vault-name $VAULT_NAME \ --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \ --query value --output tsv ) echo "::add-mask::$webapp_name" echo "::set-output name=webapp-name::$webapp_name" - name: Stop App Service env: AZURE_RESOURCE_GROUP: "bw-qa-env" run: | az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} \ --resource-group $AZURE_RESOURCE_GROUP - name: Deploy App uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 with: app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }} package: ./${{ matrix.name }}.zip - name: Start App Service env: AZURE_RESOURCE_GROUP: "bw-qa-env" run: | az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} \ --resource-group $AZURE_RESOURCE_GROUP - name: Update ${{ matrix.name }} deployment status to Success if: ${{ success() }} uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'success' deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update ${{ matrix.name }} deployment status to Failure if: ${{ failure() }} uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'failure' deployment-id: ${{ steps.deployment.outputs.deployment_id }}