.github/workflows/validate_resources.yml

name: Validate Resources

on:
  pull_request:
    branches:
      - production
      - master
      - test
  push:
    branches:
      - production
      - master
      - test
  schedule:
    - cron: "36 3 * * *"

jobs:
  pre_job:
    name: Set Build Environment
    runs-on: ubuntu-latest
    outputs:
      env_name: ${{ env.VALIDATE_ENV }}
    steps:
      - name: Check out changes
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332

      - name: Build vars
        id: build_vars
        uses: ./.github/actions/build-vars

      - name: Force env if schedule
        shell: bash
        run: |
          if [[ ${{ github.event_name == 'schedule' }} == 'true' ]]; then
            echo "VALIDATE_ENV=prod" >> $GITHUB_ENV
          else
            echo "VALIDATE_ENV=${{ steps.build_vars.outputs.env_name }}" >> $GITHUB_ENV
          fi

  validate_dns:
    name: Check infrastructure resources
    if: ${{ needs.pre_job.outputs.env_name && (github.actor != 'dependabot[bot]') }}
    needs:
      - pre_job
    environment: ${{ needs.pre_job.outputs.env_name }}
    concurrency: ${{ needs.pre_job.outputs.env_name }}
    runs-on: ubuntu-latest
    steps:
      - name: Check Out Changes
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332

      - name: Connect to VPN and login to Azure
        uses: ./.github/actions/vpn-azure
        with:
          env-name: ${{ needs.pre_job.outputs.env_name }}
          tls-key: ${{ secrets.TLS_KEY }}
          ca-cert: ${{ secrets.CA_CRT}}
          user-crt: ${{ secrets.USER_CRT }}
          user-key: ${{ secrets.USER_KEY }}
          sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}

      - name: Restart DNS if failure
        uses: ./.github/actions/retry
        with:
          timeout_seconds: 60
          max_attempts: 3
          retry_wait_seconds: 180
          command: dig google.com @10.0.2.4
          shell: bash
          on_retry_command: >-
            az container stop --name pdh${{ needs.pre_job.outputs.env_name }}-dns
            -g prime-data-hub-${{ needs.pre_job.outputs.env_name }};
            az container start --name pdh${{ needs.pre_job.outputs.env_name }}-dns
            -g prime-data-hub-${{ needs.pre_job.outputs.env_name }};

      - name: Restart legacy SFTP if wrong ip
        if: needs.pre_job.outputs.env_name != 'prod'
        uses: ./.github/actions/retry
        with:
          timeout_seconds: 60
          max_attempts: 3
          retry_wait_seconds: 180
          command: |
            ip=$(az container show --name pdh${{ needs.pre_job.outputs.env_name }}-sftpserver \
            -g prime-data-hub-${{ needs.pre_job.outputs.env_name }} -o tsv --query 'ipAddress.ip')
            last_octet=${ip: -2}
            if [[ $last_octet -ne 20 ]]; then exit 1; fi
          shell: bash
          on_retry_command: >-
            az container stop --name pdh${{ needs.pre_job.outputs.env_name }}-sftpserver
            -g prime-data-hub-${{ needs.pre_job.outputs.env_name }};
            az container start --name pdh${{ needs.pre_job.outputs.env_name }}-sftpserver
            -g prime-data-hub-${{ needs.pre_job.outputs.env_name }};

  optimize_demo_dbs:
    name: Optimize demo databases
    if: github.event_name == 'schedule'
    runs-on: ubuntu-latest
    strategy:
      matrix:
        env_name: [ demo1, demo2, demo3 ]
    steps:
      - name: Check Out Changes
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332

      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
        with:
          creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}

      - name: Reduce database replica sizes
        uses: ./.github/actions/retry
        with:
          timeout_minutes: 180
          max_attempts: 3
          retry_wait_seconds: 1800
          command: |
            REPLICA_COUNT=$(az postgres server list -g prime-data-hub-${{ matrix.env_name }} --query '[*].name' | \
            jq '[.[] | select(contains("pgsql-replica"))] | length')
            if [[ ${REPLICA_COUNT} -gt 0 ]]; then
              az postgres server update -g prime-data-hub-${{ matrix.env_name }} -n pdh${{ matrix.env_name }}-pgsql-replica --sku-name GP_Gen5_4
            fi
          shell: bash

  vpn_validation:
    name: VPN Validation
    if: github.event_name == 'schedule'
    runs-on: ubuntu-latest
    continue-on-error: true
    strategy:
      max-parallel: 2
      matrix:
        env_name: [ prod, staging, demo1, demo2, demo3 ]
    environment: ${{ matrix.env_name }}
    concurrency: ${{ matrix.env_name }}
    steps:
      - name: Check Out Changes
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332

      - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
        with:
          creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}

      - name: Fetch VPN DNS IP
        id: fetch_vpn_ip
        shell: bash
        run: |
          DNS_IP=$(az container show -g prime-data-hub-${{ matrix.env_name }} \
          --name pdh${{ matrix.env_name }}-dns --query 'ipAddress.ip' -o tsv)
          echo "dns_ip=$DNS_IP" >> $GITHUB_OUTPUT

      - name: Connect to VPN
        uses: ./.github/actions/vpn-azure
        with:
          env-name: ${{ matrix.env_name }}
          tls-key: ${{ secrets.TLS_KEY }}
          ca-cert: ${{ secrets.CA_CRT}}
          user-crt: ${{ secrets.USER_CRT }}
          user-key: ${{ secrets.USER_KEY }}
          dns-ip: ${{ steps.fetch_vpn_ip.outputs.dns_ip }}