-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
.github/workflows: add action to monitor schema changes agentless (#120)
- Loading branch information
Showing
1 changed file
with
42 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
name: Monitor Ecommerce DB | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: '0 9,16 * * 0-4' # Runs at 9 AM and 4 PM (UTC) on Sunday to Thursday | ||
jobs: | ||
monitor: | ||
runs-on: ubuntu-latest | ||
steps: | ||
# This is a public repository to showcase how a GitHub action can be used to monitor schema changes. | ||
# This action runs on a schedule to check if the schema of the ecommerce database has changed. | ||
# The first few steps are done to hide sensitive information like database credentials from the logs. | ||
- name: Add AWS Profile | ||
run: | | ||
aws configure set aws_access_key_id ${{ secrets.AWS_SANDBOX_DEPLOYER_KEY_ID }} --profile sandbox | ||
aws configure set aws_secret_access_key ${{ secrets.AWS_SANDBOX_SECRET_SECRET_KEY }} --profile sandbox | ||
aws configure set region us-east-1 --profile sandbox | ||
- name: Read AWS Secret | ||
id: secrets | ||
run: | | ||
SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id aurora-mysql --profile sandbox | jq -rc '.SecretString') | ||
for key in $(echo $SECRET_STRING | jq -r 'keys[]'); do | ||
SECRET=$(echo $SECRET_STRING | jq -r ".$key") | ||
echo "::add-mask::$SECRET" | ||
echo "$key=$SECRET" >> $GITHUB_OUTPUT | ||
done | ||
- name: Install socat | ||
run: sudo apt-get install -y socat | ||
- name: Port Forward to Aurora | ||
run: | | ||
socat tcp-l:3306,fork,reuseaddr tcp:${{ steps.secrets.outputs.host }}:${{ steps.secrets.outputs.port }} & | ||
echo "127.0.0.1 ecommerce.atlas.ariga" | sudo tee -a /etc/hosts | ||
# The next steps are the only ones required to monitor schema changes. | ||
- name: Setup Atlas | ||
uses: ariga/setup-atlas@master | ||
with: | ||
cloud-token: ${{ secrets.ATLAS_CLOUD_TOKEN }} | ||
- uses: ariga/atlas-action/monitor/schema@master | ||
with: | ||
cloud-token: ${{ secrets.ATLAS_CLOUD_TOKEN }} | ||
url: mysql://${{ steps.secrets.outputs.username }}:${{ steps.secrets.outputs.password }}@ecommerce.atlas.ariga:3306/${{ steps.secrets.outputs.schema }} |