From a1b2daf40e395cc55fc8b00738d4186d65fc7281 Mon Sep 17 00:00:00 2001
From: Jannik Clausen <12862103+masseelch@users.noreply.github.com>
Date: Thu, 28 Nov 2024 13:42:15 +0100
Subject: [PATCH] .github/workflows: add action to monitor schema changes
 agentless (#120)

---
 .github/workflows/monitor-ecommerce.yaml | 42 ++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 .github/workflows/monitor-ecommerce.yaml

diff --git a/.github/workflows/monitor-ecommerce.yaml b/.github/workflows/monitor-ecommerce.yaml
new file mode 100644
index 0000000..eafb145
--- /dev/null
+++ b/.github/workflows/monitor-ecommerce.yaml
@@ -0,0 +1,42 @@
+name: Monitor Ecommerce DB
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 9,16 * * 0-4' # Runs at 9 AM and 4 PM (UTC) on Sunday to Thursday
+jobs:
+  monitor:
+    runs-on: ubuntu-latest
+    steps:
+      # This is a public repository to showcase how a GitHub action can be used to monitor schema changes.
+      # This action runs on a schedule to check if the schema of the ecommerce database has changed.
+      # The first few steps are done to hide sensitive information like database credentials from the logs.
+      - name: Add AWS Profile
+        run: |
+          aws configure set aws_access_key_id ${{ secrets.AWS_SANDBOX_DEPLOYER_KEY_ID }} --profile sandbox
+          aws configure set aws_secret_access_key ${{ secrets.AWS_SANDBOX_SECRET_SECRET_KEY }} --profile sandbox
+          aws configure set region us-east-1 --profile sandbox
+      - name: Read AWS Secret
+        id: secrets
+        run: |
+          SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id aurora-mysql --profile sandbox | jq -rc '.SecretString')
+          for key in $(echo $SECRET_STRING | jq -r 'keys[]'); do
+            SECRET=$(echo $SECRET_STRING | jq -r ".$key")
+            echo "::add-mask::$SECRET"
+            echo "$key=$SECRET" >> $GITHUB_OUTPUT
+          done
+      - name: Install socat
+        run: sudo apt-get install -y socat
+      - name: Port Forward to Aurora
+        run: |
+          socat tcp-l:3306,fork,reuseaddr tcp:${{ steps.secrets.outputs.host }}:${{ steps.secrets.outputs.port }} &
+          echo "127.0.0.1 ecommerce.atlas.ariga" | sudo tee -a /etc/hosts
+
+      # The next steps are the only ones required to monitor schema changes.
+      - name: Setup Atlas
+        uses: ariga/setup-atlas@master
+        with:
+          cloud-token: ${{ secrets.ATLAS_CLOUD_TOKEN }}
+      - uses: ariga/atlas-action/monitor/schema@master
+        with:
+          cloud-token: ${{ secrets.ATLAS_CLOUD_TOKEN }}
+          url: mysql://${{ steps.secrets.outputs.username }}:${{ steps.secrets.outputs.password }}@ecommerce.atlas.ariga:3306/${{ steps.secrets.outputs.schema }}