This repository was archived by the owner on May 12, 2026. It is now read-only.

Validate Resources #33146

Workflow file for this run

.github/workflows/validate_resources.yml at 5f58b4c

	name: Validate Resources

	on:
	pull_request:
	branches:
	- production
	- main
	- test
	push:
	branches:
	- production
	- main
	- test
	schedule:
	- cron: "36 3 * * *"

	env:
	AZURE_CREDENTIALS: '{"clientId":"${{ secrets.REPO_AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.REPO_AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.REPO_AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.REPO_AZURE_TENANT_ID }}"}'

	jobs:
	pre_job:
	name: Set Build Environment
	runs-on: ubuntu-latest
	outputs:
	env_name: ${{ env.VALIDATE_ENV }}
	steps:
	- name: Check out changes
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8

	- name: Build vars
	id: build_vars
	uses: ./.github/actions/build-vars

	- name: Force env if schedule
	shell: bash
	run: \|
	if [[ ${{ github.event_name == 'schedule' }} == 'true' ]]; then
	echo "VALIDATE_ENV=prod" >> $GITHUB_ENV
	else
	echo "VALIDATE_ENV=${{ steps.build_vars.outputs.env_name }}" >> $GITHUB_ENV
	fi

	validate_dns:
	name: Check infrastructure resources
	if: ${{ needs.pre_job.outputs.env_name && (github.actor != 'dependabot[bot]') }}
	needs:
	- pre_job
	environment: ${{ needs.pre_job.outputs.env_name }}
	concurrency: ${{ needs.pre_job.outputs.env_name }}
	runs-on: ubuntu-latest
	steps:
	- name: Check Out Changes
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8

	- name: Connect to VPN and login to Azure
	uses: ./.github/actions/vpn-azure
	with:
	env-name: ${{ needs.pre_job.outputs.env_name }}
	tls-key: ${{ secrets.TLS_KEY }}
	ca-cert: ${{ secrets.CA_CRT}}
	user-crt: ${{ secrets.USER_CRT }}
	user-key: ${{ secrets.USER_KEY }}
	sp-creds: ${{ env.AZURE_CREDENTIALS }}

	- name: Restart DNS if failure
	uses: ./.github/actions/retry
	with:
	timeout_seconds: 60
	max_attempts: 3
	retry_wait_seconds: 180
	command: dig google.com @10.0.2.4
	shell: bash
	on_retry_command: >-
	az container stop --name pdh${{ needs.pre_job.outputs.env_name }}-dns
	-g prime-data-hub-${{ needs.pre_job.outputs.env_name }};
	az container start --name pdh${{ needs.pre_job.outputs.env_name }}-dns
	-g prime-data-hub-${{ needs.pre_job.outputs.env_name }};

	- name: Restart legacy SFTP if wrong ip
	if: needs.pre_job.outputs.env_name != 'prod'
	uses: ./.github/actions/retry
	with:
	timeout_seconds: 60
	max_attempts: 3
	retry_wait_seconds: 180
	command: \|
	ip=$(az container show --name pdh${{ needs.pre_job.outputs.env_name }}-sftpserver \
	-g prime-data-hub-${{ needs.pre_job.outputs.env_name }} -o tsv --query 'ipAddress.ip')
	last_octet=${ip: -2}
	if [[ $last_octet -ne 20 ]]; then exit 1; fi
	shell: bash
	on_retry_command: >-
	az container stop --name pdh${{ needs.pre_job.outputs.env_name }}-sftpserver
	-g prime-data-hub-${{ needs.pre_job.outputs.env_name }};
	az container start --name pdh${{ needs.pre_job.outputs.env_name }}-sftpserver
	-g prime-data-hub-${{ needs.pre_job.outputs.env_name }};

	optimize_demo_dbs:
	name: Optimize test databases
	if: github.event_name == 'schedule'
	runs-on: ubuntu-latest
	strategy:
	matrix:
	env_name: [ test ]
	steps:
	- name: Check Out Changes
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8

	- uses: azure/login@v3
	with:
	creds: ${{ env.AZURE_CREDENTIALS }}

	- name: Reduce database replica sizes
	uses: ./.github/actions/retry
	with:
	timeout_minutes: 180
	max_attempts: 3
	retry_wait_seconds: 1800
	command: \|
	REPLICA_COUNT=$(az postgres server list -g prime-data-hub-${{ matrix.env_name }} --query '[*].name' \| \
	jq '[.[] \| select(contains("pgsql-replica"))] \| length')
	if [[ ${REPLICA_COUNT} -gt 0 ]]; then
	az postgres server update -g prime-data-hub-${{ matrix.env_name }} -n pdh${{ matrix.env_name }}-pgsql-replica --sku-name GP_Gen5_4
	fi
	shell: bash

	vpn_validation:
	name: VPN Validation
	if: github.event_name == 'schedule'
	runs-on: ubuntu-latest
	continue-on-error: true
	strategy:
	max-parallel: 2
	matrix:
	env_name: [ prod, staging, test ]
	environment: ${{ matrix.env_name }}
	concurrency: ${{ matrix.env_name }}
	steps:
	- name: Check Out Changes
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8

	- uses: azure/login@v3
	with:
	creds: ${{ env.AZURE_CREDENTIALS }}

	- name: Fetch VPN DNS IP
	id: fetch_vpn_ip
	shell: bash
	run: \|
	DNS_IP=$(az container show -g prime-data-hub-${{ matrix.env_name }} \
	--name pdh${{ matrix.env_name }}-dns --query 'ipAddress.ip' -o tsv)
	echo "dns_ip=$DNS_IP" >> $GITHUB_OUTPUT

	- name: Connect to VPN
	uses: ./.github/actions/vpn-azure
	with:
	env-name: ${{ matrix.env_name }}
	tls-key: ${{ secrets.TLS_KEY }}
	ca-cert: ${{ secrets.CA_CRT}}
	user-crt: ${{ secrets.USER_CRT }}
	user-key: ${{ secrets.USER_KEY }}
	dns-ip: ${{ steps.fetch_vpn_ip.outputs.dns_ip }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validate Resources #33146

Workflow file

Validate Resources #33146

Uh oh!

Workflow file for this run