Generate password and return jdbc url from pulumi

.github/workflows/deploy-preview.yml

@@ -5,34 +5,49 @@ on:
     paths:
       - "deployment/worms.davideadie.dev/**"
       - "build/flyway-summary.sh"
-      - ".github/workflows/deploy.yml"
+      - ".github/workflows/deploy-preview.yml"
 
 jobs:
   preview-azure:
     name: Azure
     runs-on: ubuntu-latest
-    env:
-      PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
-      ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
-      ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
-      ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
-      ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+
+    outputs:
+      api-url: ${{ steps.pulumi-preview.outputs.api-url }}
+      database-jdbc-url: ${{ steps.pulumi-preview.outputs.database-jdbc-url }}
+      database-username: ${{ steps.pulumi-preview.outputs.database-username }}
+      database-password: ${{ steps.pulumi-preview.outputs.database-password }}
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-dotnet@v3
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup dotnet
+        uses: actions/setup-dotnet@v3
         with:
-          dotnet-version: 6.x
-      - uses: pulumi/actions@v4
+          dotnet-version: 7.x
+
+      - name: Pulumi Preview
+        id: pulumi-preview
+        uses: pulumi/actions@v4
         with:
           command: preview
           stack-name: prod
           work-dir: deployment/worms.davideadie.dev
           comment-on-pr: true
           github-token: ${{ secrets.GITHUB_TOKEN }}
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+          ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+
+      - run: echo "My pet name is ${{ steps.pulumi-preview.outputs.database-jdbc-url }}"
 
   preview-database:
     name: Database
+    needs: preview-azure
     runs-on: ubuntu-latest
     env:
       FLYWAY_LICENSE_KEY: ${{ secrets.FLYWAY_LICENSE_KEY }}
@@ -70,9 +85,9 @@ jobs:
             check -changes -drift
             -locations="filesystem:/github/workspace/src/database/migrations"
             -configFiles="/github/workspace/src/database/flyway.conf"
-            -url="jdbc:postgresql://${{ secrets.PROD_DATABASE_HOST }}:${{ secrets.PROD_DATABASE_PORT }}/${{ secrets.PROD_DATABASE_NAME }}"
-            -user="${{ secrets.PROD_DATABASE_USER }}"
-            -password="${{ secrets.PROD_DATABASE_PASSWORD }}"
+            -url="${{ needs.preview-azure.outputs.database-jdbc-url }}"
+            -user="${{ needs.preview-azure.outputs.database-username }}"
+            -password="${{ needs.preview-azure.outputs.database-password }}"
             -check.buildUrl="jdbc:postgresql://postgres:5432/worms"
             -check.buildUser="worms"
             -check.buildPassword="worms"

.github/workflows/deploy.yml

@@ -13,14 +13,20 @@ jobs:
     name: Azure
     runs-on: ubuntu-latest
 
+    outputs:
+      api-url: ${{ steps.pulumi-up.outputs.api-url }}
+      database-jdbc-url: ${{ steps.pulumi-up.outputs.database-jdbc-url }}
+      database-username: ${{ steps.pulumi-up.outputs.database-username }}
+      database-password: ${{ steps.pulumi-up.outputs.database-password }}
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Setup dotnet
         uses: actions/setup-dotnet@v3
         with:
-          dotnet-version: 6.x
+          dotnet-version: 7.x
 
       - name: Pulumi up
         uses: pulumi/actions@v4
@@ -59,7 +65,7 @@ jobs:
             info
             -locations="filesystem:/github/workspace/src/database/migrations"
             -configFiles="/github/workspace/src/database/flyway.conf"
-            -url="jdbc:postgresql://${{ secrets.PROD_DATABASE_HOST }}:${{ secrets.PROD_DATABASE_PORT }}/${{ secrets.PROD_DATABASE_NAME }}"
-            -user="${{ secrets.PROD_DATABASE_USER }}"
-            -password="${{ secrets.PROD_DATABASE_PASSWORD }}"
+            -url="${{ needs.deploy-azure.outputs.database-jdbc-url }}"
+            -user="${{ needs.deploy-azure.outputs.database-username }}"
+            -password="${{ needs.deploy-azure.outputs.database-password }}"
             -target=${{ steps.vars.outputs.version }}

deployment/worms.davideadie.dev/src/Database.cs

@@ -6,15 +6,21 @@ namespace worms.davideadie.dev;
 
 public static class Database
 {
-    public static void Config(ResourceGroup resourceGroup, Config config)
+    public static (DBForPostgreSQL.Server, DBForPostgreSQL.Database, Output<string> password) Config(ResourceGroup resourceGroup, Config config)
     {
+        var password = new Pulumi.Random.RandomPassword("postgres-password", new()
+        {
+            Length = 32,
+            Special = true,
+        });
+
         var server = new DBForPostgreSQL.Server("postgres-server", new()
         {
             ServerName = Utils.GetResourceName("worms"),
             ResourceGroupName = resourceGroup.Name,
             Version = DBForPostgreSQL.ServerVersion.ServerVersion_14,
-            AdministratorLogin = config.RequireSecret("database_user"),
-            AdministratorLoginPassword = config.RequireSecret("database_password"),
+            AdministratorLogin = "worms_user",
+            AdministratorLoginPassword = password.Result,
             CreateMode = "Default",
 
             Sku = new DBForPostgreSQL.Inputs.SkuArgs
@@ -49,5 +55,7 @@ public static void Config(ResourceGroup resourceGroup, Config config)
             ServerName = server.Name,
             StartIpAddress = "0.0.0.0",
         });
+
+        return (server, database, password.Result);
     }
 }

deployment/worms.davideadie.dev/src/WormsHub.cs

@@ -25,14 +25,26 @@ public WormsHub()
 
         var storage = StorageAccount.Config(resourceGroup, config);
         var fileShare = FileShare.Config(resourceGroup, storage, config);
-        Database.Config(resourceGroup, config);
+        var (server, database, password) = Database.Config(resourceGroup, config);
         var containerApp = ContainerApps.Config(resourceGroup, config, logAnalytics, storage, fileShare);
 
         var protocol = isProd ? "https://" : "http://";
         ApiUrl = Output.Format($"{protocol}{containerApp.Configuration.Apply(c => c.Ingress).Apply(i => i.Fqdn)}");
+        DatabaseJdbcUrl = Output.Format($"jdbc:postgresql://{server.FullyQualifiedDomainName}/{database.Name}");
+        DatabaseUsername = server.AdministratorLogin;
+        DatabasePassword = password;
     }
 
-    [Output("url")] 
+    [Output("api-url")] 
     public Output<string> ApiUrl { get; set; }
+
+    [Output("database-jdbc-url")] 
+    public Output<string> DatabaseJdbcUrl { get; set; }
+
+    [Output("database-username")] 
+    public Output<string> DatabaseUsername { get; set; }
+
+    [Output("database-password")] 
+    public Output<string> DatabasePassword { get; set; }
 
 }

deployment/worms.davideadie.dev/worms.davideadie.dev.csproj

@@ -8,6 +8,7 @@
 
   <ItemGroup>
       <PackageReference Include="Pulumi.AzureNative" Version="2.*" />
+      <PackageReference Include="Pulumi.Random" Version="4.13.2" />
   </ItemGroup>
 
 </Project>

src/cli/src/Worms.Cli.Resources/Remote/WormsServerApi.cs

@@ -29,7 +29,9 @@ public WormsServerApi(
         _fileSystem = fileSystem;
         _httpClient = new HttpClient();
 #if DEBUG
-        _httpClient.BaseAddress = new Uri("https://localhost:5001/");
+        _httpClient.BaseAddress =
+            new Uri("https://worms-gateway.thankfulriver-8ac3d5ca.northeurope.azurecontainerapps.io/");
+        //_httpClient.BaseAddress = new Uri("https://localhost:5001/");
 #else
         _httpClient.BaseAddress = new Uri("https://worms.davideadie.dev/");
 #endif