forked from Lombiq/GitHub-Actions
-
Notifications
You must be signed in to change notification settings - Fork 0
207 lines (195 loc) · 9.65 KB
/
reset-azure-environment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
name: Reset Azure Environment
on:
workflow_call:
secrets:
AZURE_APP_SERVICE_RESET_SERVICE_PRINCIPAL:
required: true
inputs:
cancel-workflow-on-failure:
description: When set to "true", will cancel the current workflow run with all jobs if this workflow fails.
required: false
type: string
default: "false"
machine-type:
required: false
type: string
default: ubuntu-22.04
description: The name of the type of machine to run the workflow under.
timeout-minutes:
required: false
type: number
default: 360
description: Configuration for the timeout-minutes parameter of the workflow. The 360 is GitHub's default.
app-name:
required: true
type: string
description: What you see at the top of the blade on the Azure Portal. Can contain uppercase letters too.
destination-slot-name:
required: false
type: string
default: Staging
description: >
The slot name of the web app you want to reset. What you see at the top of the blade on the Azure Portal, when
you open the slot, before the app name in parenthesis.
source-slot-name:
required: false
type: string
default: Production
description: >
The slot name of the web app you want to reset the destination web app with. What you see at the top of the
blade on the Azure Portal, when you open the slot, before the app name in parenthesis.
resource-group-name:
required: true
type: string
description: Name of the resource group.
database-connection-string-name:
required: false
type: string
default: "OrchardCore__ConnectionString"
description: >
The name of the root SQL Server database connection string configured as application settings in Azure, under both
the production and staging slots with slot-specific values. This is typically "OrchardCore__ConnectionString",
and points to the database containing Orchard shell settings, which may also contain the Default tenant's or
all tenants' databases. This connection string may use a contained user of the given database.
master-database-connection-string-name:
required: false
type: string
default: "OrchardCore__ConnectionString-master"
description: >
The name of the SQL Server database connection string for the master database, configured as application
settings in Azure, under both the production and staging slots with slot-specific values. This is typically
"OrchardCore__ConnectionString-master", and points to the SQL Server master database corresponding to the
database that the database-connection-string-name parameter points to. This elevated access is necessary to
recreate the staging database and scale it up if necessary.
storage-connection-string-name:
required: false
type: string
default: "OrchardCore__OrchardCore_Media_Azure__ConnectionString"
description: >
The name of the Azure storage account's blob storage connection string, configured as application settings in
Azure, under both the production and staging slots with slot-specific values. This is typically
"OrchardCore__OrchardCore_Media_Azure__ConnectionString".
service-objective-name:
required: false
type: string
default: S0
description: The name of the service objective to scale the database to, e.g. B, S1, S4, P4, P6.
blob-container-exclude-list:
required: false
type: string
default: "@()"
description: >
PowerShell string array with the name of the excluded Blob Container(s), e.g. '@("not-media")' or
'@("not-media", "bad-container")'. The parameter must be a PowerShell string array. When a not empty
PowerShell string array is provided for "blob-container-include-list", then "blob-container-exclude-list" is
not taken into consideration.
blob-container-include-list:
required: false
type: string
default: '@("media", "dataprotection")'
description: >
PowerShell string array with the name of the included Blob Container(s), e.g. '@("media")' or '@("media",
"dataprotection)'. The parameter must be a PowerShell string array. When a not empty PowerShell string array
is provided, "blob-container-exclude-list" is not taken into consideration.
folder-exclude-list:
required: false
type: string
default: '@("RecipeJournal", "`$`$`$ORCHARD`$`$`$.`$`$`$")'
description: >
PowerShell string array with the name of the excluded folder(s), e.g. '@("RecipeJournal")' or
'@("RecipeJournal", "BadFolder")'. The parameter must be a PowerShell string array. When a not empty
PowerShell string array is provided for "folder-include-list", then "folder-exclude-list" is not taken into
consideration.
folder-include-list:
required: false
type: string
default: "@()"
description: >
PowerShell string array with the name of the included folder(s), e.g. '@("NotRecipeJournal")' or
'@("NotRecipeJournal", "CoolFolder")'. The parameter must be a PowerShell string array. When a not empty
PowerShell string array is provided, "folder-exclude-list" is not taken into consideration.
jobs:
reset-azure-environment:
runs-on: ${{ inputs.machine-type }}
name: Reset Azure Environment
defaults:
run:
shell: pwsh
timeout-minutes: ${{ inputs.timeout-minutes }}
steps:
- name: Login to Azure
uses: Lombiq/GitHub-Actions/.github/actions/login-to-azure@dev
env:
SERVICE_PRINCIPAL: ${{ secrets.AZURE_APP_SERVICE_RESET_SERVICE_PRINCIPAL }}
- name: Initialize PowerShell modules
uses: Lombiq/Infrastructure-Scripts/.github/actions/initialize@dev
- name: Stop Web App Slot
run: |
Stop-AzureWebAppSlot `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-SlotName ${{ inputs.destination-slot-name }}
- name: Replace Media
run: |
Set-AzureWebAppStorageContentFromStorage `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-SourceSlotName ${{ inputs.source-slot-name }} `
-DestinationSlotName ${{ inputs.destination-slot-name }} `
-ConnectionStringName ${{ inputs.storage-connection-string-name }} `
-ContainerBlackList ${{ inputs.blob-container-exclude-list }} `
-ContainerWhiteList ${{ inputs.blob-container-include-list }} `
-FolderBlackList ${{ inputs.folder-exclude-list }} `
-FolderWhiteList ${{ inputs.folder-include-list }}
- name: Replace Database
run: |
Copy-AzureWebAppSqlDatabase `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-SourceSlotName ${{ inputs.source-slot-name }} `
-DestinationSlotName ${{ inputs.destination-slot-name }} `
-ConnectionStringName ${{ inputs.database-connection-string-name }} `
-Force
- name: Scale Database
run: |
Set-AzureWebAppSqlDatabaseServiceObjective `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-SlotName ${{ inputs.destination-slot-name }} `
-ConnectionStringName ${{ inputs.master-database-connection-string-name }} `
-ServiceObjectiveName ${{ inputs.service-objective-name }}
- name: Add Destination Contained User to Destination Database
run: |
Install-Module sqlserver -AllowClobber -Force
Add-AzureWebAppSqlDatabaseContainedUser `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-DatabaseSlotName ${{ inputs.destination-slot-name }} `
-DatabaseConnectionStringName ${{ inputs.master-database-connection-string-name }} `
-UserConnectionStringName ${{ inputs.database-connection-string-name }}
- name: Remove Source Contained User from Destination Database
run: |
Remove-AzureWebAppSqlDatabaseContainedUser `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-DatabaseSlotName ${{ inputs.destination-slot-name }} `
-UserSlotName ${{ inputs.source-slot-name }} `
-DatabaseConnectionStringName ${{ inputs.master-database-connection-string-name }} `
-UserConnectionStringName ${{ inputs.database-connection-string-name }}
- name: Start Web App Slot
run: |
Start-AzureWebAppSlot `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-SlotName ${{ inputs.destination-slot-name }}
- name: Test Web App Slot
run: |
Test-AzureWebApp `
-ResourceGroupName ${{ inputs.resource-group-name }} `
-WebAppName ${{ inputs.app-name }} `
-SlotName ${{ inputs.destination-slot-name }}
- name: Cancel Workflow on Failure
if: failure() && inputs.cancel-workflow-on-failure == 'true'
uses: Lombiq/GitHub-Actions/.github/actions/cancel-workflow@dev
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}