NIH GHMP (Prod) - Update Database Org Settings #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: NIH GHMP (Prod) - Update Database Org Settings | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: ruby/[email protected] | |
| with: | |
| ruby-version: '3.0' # Not needed with a .ruby-version file | |
| - name: update ruby reqs | |
| run: | | |
| gem install jwt | |
| # ruby jwt script has hardcoded reference to GitHub app id - unique in each branch | |
| - name: run jwt generator | |
| run: | | |
| ruby .github/scripts/jwt.rb >> token | |
| ls -lah | |
| env: | |
| PEM: ${{ secrets.PROD_APP_PEM }} | |
| APPID: ${{ secrets.PROD_APP_ID }} | |
| - name: run gh cli to get app install info | |
| run: | | |
| curl \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Authorization: Bearer $(cat token)" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| https://api.github.com/app/installations?per_page=100 | jq >> app_output.json | |
| cat ./app_output.json | |
| # needs a PAT that can read org and enterprise data | |
| - name: run powershell script to build sql | |
| run: | | |
| .github/scripts/Create-PSQLUpdate.ps1 | |
| shell: pwsh | |
| env: | |
| PAT: ${{ secrets.ENT_READ_PAT }} | |
| - name: output sql | |
| run: | | |
| ls -lah | |
| cat ./app_output.json | |
| cat ./update.sql | |
| - name: Azure Login | |
| uses: Azure/[email protected] | |
| with: | |
| creds: '{"clientId":"${{ secrets.AAD_CLIENT_ID }}","clientSecret":"${{ secrets.AAD_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AAD_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AAD_TENANT_ID }}"}' | |
| - name: PSQL update | |
| uses: azure/postgresql@v1 | |
| with: | |
| connection-string: ${{β―secrets.PROD_PSQL_CONN }} | |
| server-name: $${{ secrets.PROD_PSQL_SERVER }} | |
| plsql-file: ./update.sql | |
| - name: Azure CLI Action | |
| uses: Azure/cli@v1 | |
| with: | |
| # Needs the azure webapp name and resource group - unique in each branch | |
| inlineScript: az webapp restart --name ${{ secrets.PROD_AAS }} --resource-group ${{ secrets.PROD_RG }} | |