From 300b380cfb3b8761a6387e4e9eabace48e30894d Mon Sep 17 00:00:00 2001 From: David Eadie Date: Wed, 6 Sep 2023 16:03:31 +0100 Subject: [PATCH] Generate password and return jdbc url from pulumi --- .github/workflows/deploy-preview.yml | 41 ++++++++++++------- .github/workflows/deploy.yml | 14 +++++-- .../worms.davideadie.dev/src/Database.cs | 14 +++++-- .../worms.davideadie.dev/src/WormsHub.cs | 16 +++++++- .../worms.davideadie.dev.csproj | 1 + .../Remote/WormsServerApi.cs | 4 +- 6 files changed, 66 insertions(+), 24 deletions(-) diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml index 2cded89d..d80df20f 100644 --- a/.github/workflows/deploy-preview.yml +++ b/.github/workflows/deploy-preview.yml @@ -5,34 +5,47 @@ on: paths: - "deployment/worms.davideadie.dev/**" - "build/flyway-summary.sh" - - ".github/workflows/deploy.yml" + - ".github/workflows/deploy-preview.yml" jobs: preview-azure: name: Azure runs-on: ubuntu-latest - env: - PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} + + outputs: + api-url: ${{ steps.pulumi-preview.outputs.api-url }} + database-jdbc-url: ${{ steps.pulumi-preview.outputs.database-jdbc-url }} + database-username: ${{ steps.pulumi-preview.outputs.database-username }} + database-password: ${{ steps.pulumi-preview.outputs.database-password }} steps: - - uses: actions/checkout@v4 - - uses: actions/setup-dotnet@v3 + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup dotnet + uses: actions/setup-dotnet@v3 with: - dotnet-version: 6.x - - uses: pulumi/actions@v4 + dotnet-version: 7.x + + - name: Pulumi Preview + id: pulumi-preview + uses: pulumi/actions@v4 with: command: preview stack-name: prod work-dir: deployment/worms.davideadie.dev comment-on-pr: true github-token: ${{ secrets.GITHUB_TOKEN }} + env: + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} preview-database: name: Database + needs: preview-azure runs-on: ubuntu-latest env: FLYWAY_LICENSE_KEY: ${{ secrets.FLYWAY_LICENSE_KEY }} @@ -70,9 +83,9 @@ jobs: check -changes -drift -locations="filesystem:/github/workspace/src/database/migrations" -configFiles="/github/workspace/src/database/flyway.conf" - -url="jdbc:postgresql://${{ secrets.PROD_DATABASE_HOST }}:${{ secrets.PROD_DATABASE_PORT }}/${{ secrets.PROD_DATABASE_NAME }}" - -user="${{ secrets.PROD_DATABASE_USER }}" - -password="${{ secrets.PROD_DATABASE_PASSWORD }}" + -url="${{ needs.preview-azure.outputs.database-jdbc-url }}" + -user="${{ needs.preview-azure.outputs.database-username }}" + -password="${{ needs.preview-azure.outputs.database-password }}" -check.buildUrl="jdbc:postgresql://postgres:5432/worms" -check.buildUser="worms" -check.buildPassword="worms" diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6db69df8..9f929481 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,6 +13,12 @@ jobs: name: Azure runs-on: ubuntu-latest + outputs: + api-url: ${{ steps.pulumi-up.outputs.api-url }} + database-jdbc-url: ${{ steps.pulumi-up.outputs.database-jdbc-url }} + database-username: ${{ steps.pulumi-up.outputs.database-username }} + database-password: ${{ steps.pulumi-up.outputs.database-password }} + steps: - name: Checkout uses: actions/checkout@v4 @@ -20,7 +26,7 @@ jobs: - name: Setup dotnet uses: actions/setup-dotnet@v3 with: - dotnet-version: 6.x + dotnet-version: 7.x - name: Pulumi up uses: pulumi/actions@v4 @@ -59,7 +65,7 @@ jobs: info -locations="filesystem:/github/workspace/src/database/migrations" -configFiles="/github/workspace/src/database/flyway.conf" - -url="jdbc:postgresql://${{ secrets.PROD_DATABASE_HOST }}:${{ secrets.PROD_DATABASE_PORT }}/${{ secrets.PROD_DATABASE_NAME }}" - -user="${{ secrets.PROD_DATABASE_USER }}" - -password="${{ secrets.PROD_DATABASE_PASSWORD }}" + -url="${{ needs.deploy-azure.outputs.database-jdbc-url }}" + -user="${{ needs.deploy-azure.outputs.database-username }}" + -password="${{ needs.deploy-azure.outputs.database-password }}" -target=${{ steps.vars.outputs.version }} diff --git a/deployment/worms.davideadie.dev/src/Database.cs b/deployment/worms.davideadie.dev/src/Database.cs index 903f5abb..0f2ca0cb 100644 --- a/deployment/worms.davideadie.dev/src/Database.cs +++ b/deployment/worms.davideadie.dev/src/Database.cs @@ -6,15 +6,21 @@ namespace worms.davideadie.dev; public static class Database { - public static void Config(ResourceGroup resourceGroup, Config config) + public static (DBForPostgreSQL.Server, DBForPostgreSQL.Database, Output password) Config(ResourceGroup resourceGroup, Config config) { + var password = new Pulumi.Random.RandomPassword("postgres-password", new() + { + Length = 32, + Special = true, + }); + var server = new DBForPostgreSQL.Server("postgres-server", new() { ServerName = Utils.GetResourceName("worms"), ResourceGroupName = resourceGroup.Name, Version = DBForPostgreSQL.ServerVersion.ServerVersion_14, - AdministratorLogin = config.RequireSecret("database_user"), - AdministratorLoginPassword = config.RequireSecret("database_password"), + AdministratorLogin = "worms_user", + AdministratorLoginPassword = password.Result, CreateMode = "Default", Sku = new DBForPostgreSQL.Inputs.SkuArgs @@ -49,5 +55,7 @@ public static void Config(ResourceGroup resourceGroup, Config config) ServerName = server.Name, StartIpAddress = "0.0.0.0", }); + + return (server, database, password.Result); } } \ No newline at end of file diff --git a/deployment/worms.davideadie.dev/src/WormsHub.cs b/deployment/worms.davideadie.dev/src/WormsHub.cs index b71ba493..8af9cdb7 100644 --- a/deployment/worms.davideadie.dev/src/WormsHub.cs +++ b/deployment/worms.davideadie.dev/src/WormsHub.cs @@ -25,14 +25,26 @@ public WormsHub() var storage = StorageAccount.Config(resourceGroup, config); var fileShare = FileShare.Config(resourceGroup, storage, config); - Database.Config(resourceGroup, config); + var (server, database, password) = Database.Config(resourceGroup, config); var containerApp = ContainerApps.Config(resourceGroup, config, logAnalytics, storage, fileShare); var protocol = isProd ? "https://" : "http://"; ApiUrl = Output.Format($"{protocol}{containerApp.Configuration.Apply(c => c.Ingress).Apply(i => i.Fqdn)}"); + DatabaseJdbcUrl = Output.Format($"jdbc:postgresql://{server.FullyQualifiedDomainName}/{database.Name}"); + DatabaseUsername = server.AdministratorLogin; + DatabasePassword = password; } - [Output("url")] + [Output("api-url")] public Output ApiUrl { get; set; } + + [Output("database-jdbc-url")] + public Output DatabaseJdbcUrl { get; set; } + + [Output("database-username")] + public Output DatabaseUsername { get; set; } + + [Output("database-password")] + public Output DatabasePassword { get; set; } } \ No newline at end of file diff --git a/deployment/worms.davideadie.dev/worms.davideadie.dev.csproj b/deployment/worms.davideadie.dev/worms.davideadie.dev.csproj index 4fe13a67..6ea1a6f5 100644 --- a/deployment/worms.davideadie.dev/worms.davideadie.dev.csproj +++ b/deployment/worms.davideadie.dev/worms.davideadie.dev.csproj @@ -8,6 +8,7 @@ + diff --git a/src/cli/src/Worms.Cli.Resources/Remote/WormsServerApi.cs b/src/cli/src/Worms.Cli.Resources/Remote/WormsServerApi.cs index 399f5ee7..ea7599f1 100644 --- a/src/cli/src/Worms.Cli.Resources/Remote/WormsServerApi.cs +++ b/src/cli/src/Worms.Cli.Resources/Remote/WormsServerApi.cs @@ -29,7 +29,9 @@ public WormsServerApi( _fileSystem = fileSystem; _httpClient = new HttpClient(); #if DEBUG - _httpClient.BaseAddress = new Uri("https://localhost:5001/"); + _httpClient.BaseAddress = + new Uri("https://worms-gateway.thankfulriver-8ac3d5ca.northeurope.azurecontainerapps.io/"); + //_httpClient.BaseAddress = new Uri("https://localhost:5001/"); #else _httpClient.BaseAddress = new Uri("https://worms.davideadie.dev/"); #endif