bitwarden-server/.github/workflows/qa-deploy.yml

---
name: QA Deploy

on:
  workflow_dispatch:
    inputs:
      migrateDb:
        required: true
        default: "true"
      resetDb:
        required: true
        default: "false"

jobs:
  reset-db:
    name: Reset Database
    if: ${{ github.event.inputs.resetDb == 'true' }}
    runs-on: ubuntu-20.04
    steps:
      - name: Reset Test Data - Stub
        run: |
          echo "placeholder for cleaning DB"
          echo "placeholder for loading test dataset"          


  update-db:
    name: Update Database
    if: ${{ github.event.inputs.migrateDb == 'true' }}
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

      - name: Login to Azure
        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
        with:
          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
        with:
          keyvault: "bitwarden-qa-kv"
          secrets: "mssql-server-host,
                    mssql-admin-login,
                    mssql-admin-login-password"

      - name: Migrate database
        env:
          MSSQL_HOST: ${{ steps.retrieve-secrets.outputs.mssql-server-host }}
          MSSQL_USER: ${{ steps.retrieve-secrets.outputs.mssql-admin-login }}
          MSSQL_PASS: ${{ steps.retrieve-secrets.outputs.mssql-admin-login-password }}
        working-directory: ./util/Migrator/DbScripts
        run: |
          echo "Running database migrations..."
          for f in `ls -v ./*.sql`; do
            echo "Executing file: ${f}..."
            sqlcmd -S $MSSQL_HOST -d vault -U $MSSQL_USER -P $MSSQL_PASS -I -i $f
          done;          


  deploy:
    name: Deploy
    runs-on: ubuntu-20.04
    if: always()
    needs:
      - reset-db
      - update-db
    strategy:
      fail-fast: false
      matrix:
        include:
          - name: Api
          - name: Admin
          - name: Billing
          - name: Events
          - name: Sso
          - name: Portal
          - name: Identity
    steps:
      - name: Setup
        id: setup
        run: |
          NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}')
          echo "Matrix name: ${{ matrix.name }}"
          echo "NAME_LOWER: $NAME_LOWER"
          echo "::set-output name=name_lower::$NAME_LOWER"

          BRANCH_NAME=$(echo "{{ github.ref }}" | awk '{split($0, a, "/"); print a[3]}')
          echo "::set-output name=branch_name::$BRANCH_NAME"          

      - name: Download latest ${{ matrix.name }} asset from ${{ env.branch_name }}
        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ env.branch_name }}
          name: ${{ matrix.name }}.zip

      - name: Login to Azure
        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
        with:
          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}

      - name: Retrieve secrets
        id: retrieve-secrets
        env:
          VAULT_NAME: "bitwarden-qa-kv"
        run: |
          webapp_name=$(
            az keyvault secret show --vault-name $VAULT_NAME \
              --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
              --query value --output tsv
          )
          echo "::add-mask::$webapp_name"
          echo "::set-output name=webapp-name::$webapp_name"          

      - name: Stop App Service
        env:
          AZURE_RESOURCE_GROUP: "bw-qa-env"
        run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP

      - name: Deploy App
        uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
        with:
          app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }}
          package: ./${{ matrix.name }}.zip

      - name: Start App Service
        env:
          AZURE_RESOURCE_GROUP: "bw-qa-env"
        run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP