CD: Run database migrations (#90)

* check if env vars can be referenced directly in deploy config

* try as deployments vars, and out of the manifest

* add back to manifest

* was it proactively checking other branches?

* check that we really need vars in manifest

* try migrate as cf run-task in single command

* ignore that failing fe test for now

* omg, this takes forever

* try wo explicit wait

* add back sleep, up to 120; add db connect directions

* move sequelize-cli to production deps

* change migrations path to build dir

* move production sequalizerc to file

* update migration command

* add back all the jobs

* rename prod sequalize config

* missing '

* don't restart app

Co-authored-by: Sarah-Jaine Szekeresh <[email protected]>

.cfignore

@@ -1,5 +1,6 @@
 docs/
-frontend/
+cucumber/
 deployment_config/
+frontend/
 src/
 terraform/

.circleci/config.yml

@@ -32,6 +32,10 @@ commands:
     description: "Login to cloud foundry space with service account credentials
       and push application using deployment configuration file."
     parameters:
+      app_name:
+        description: "Name of Cloud Foundry cloud.gov application; must match
+          application name specified in manifest"
+        type: string
       auth_client_id:
         description: "Name of CircleCi project environment variable that
           holds authentication client id, a required application variable"
@@ -63,6 +67,22 @@ commands:
         description: "Name of CircleCI project environment variable that
           holds the New Relic License key, a required application variable"
         type: env_var_name
+      postgres_db:
+        description: "Name of CircleCI project environment variable that
+          holds the postgres database name"
+        type: env_var_name
+      postgres_host:
+        description: "Name of CircleCI project environment variable that
+          holds the postgres host"
+        type: env_var_name
+      postgres_password:
+        description: "Name of CircleCI project environment variable that
+          holds the postgres password"
+        type: env_var_name
+      postgres_username:
+        description: "Name of CircleCI project environment variable that
+          holds the postgres username"
+        type: env_var_name
     steps:
       - run:
           name: Login with service account
@@ -79,7 +99,15 @@ commands:
               --var AUTH_CLIENT_ID=${<< parameters.auth_client_id >>} \
               --var AUTH_CLIENT_SECRET=${<< parameters.auth_client_secret >>} \
               --var NEW_RELIC_LICENSE_KEY=${<< parameters.new_relic_license >>} \
+              --var POSTGRES_DB=${<< parameters.postgres_db >>} \
+              --var POSTGRES_HOST=${<< parameters.postgres_host >>} \
+              --var POSTGRES_PASSWORD=${<< parameters.postgres_password >>} \
+              --var POSTGRES_USERNAME=${<< parameters.postgres_username >>} \
               --var SESSION_SECRET=${<< parameters.session_secret >>}
+      - run:
+          name: Run database migrations
+          command: |
+            cf run-task << parameters.app_name >> "yarn db:migrate:prod"
 parameters:
   cg_org:
     description: "Cloud Foundry cloud.gov organization name"
@@ -114,7 +142,7 @@ parameters:
     default: "main"
     type: string
   sandbox_git_branch:  # change to feature branch to test deployment
-    default: "js-140-add-navigator"
+    default: "sj-db-migrations"
     type: string
 jobs:
   build:
@@ -291,13 +319,18 @@ jobs:
               - equal: [<< pipeline.git.branch >>, << pipeline.parameters.sandbox_git_branch >>]
           steps:
             - cf_deploy:
+                app_name: tta-smarthub-sandbox
                 auth_client_id: SANDBOX_AUTH_CLIENT_ID
                 auth_client_secret: SANDBOX_AUTH_CLIENT_SECRET
                 cloudgov_username: CLOUDGOV_SANDBOX_USERNAME
                 cloudgov_password: CLOUDGOV_SANDBOX_PASSWORD
                 cloudgov_space: CLOUDGOV_SANDBOX_SPACE
                 deploy_config_file: deployment_config/sandbox_vars.yml
                 new_relic_license: NEW_RELIC_LICENSE_KEY
+                postgres_db: SANDBOX_POSTGRES_DB
+                postgres_host: SANDBOX_POSTGRES_HOST
+                postgres_password: SANDBOX_POSTGRES_PASSWORD
+                postgres_username: SANDBOX_POSTGRES_USERNAME
                 session_secret: SANDBOX_SESSION_SECRET
       - when:  # dev
           condition:
@@ -306,13 +339,18 @@ jobs:
               - equal: [<< pipeline.git.branch >>, << pipeline.parameters.dev_git_branch >>]
           steps:
             - cf_deploy:
+                app_name: tta-smarthub-dev
                 auth_client_id: DEV_AUTH_CLIENT_ID
                 auth_client_secret: DEV_AUTH_CLIENT_SECRET
                 cloudgov_username: CLOUDGOV_DEV_USERNAME
                 cloudgov_password: CLOUDGOV_DEV_PASSWORD
                 cloudgov_space: CLOUDGOV_DEV_SPACE
                 deploy_config_file: deployment_config/dev_vars.yml
                 new_relic_license: NEW_RELIC_LICENSE_KEY
+                postgres_db: DEV_POSTGRES_DB
+                postgres_host: DEV_POSTGRES_HOST
+                postgres_password: DEV_POSTGRES_PASSWORD
+                postgres_username: DEV_POSTGRES_USERNAME
                 session_secret: DEV_SESSION_SECRET
       - when:  # staging
           condition:
@@ -321,13 +359,18 @@ jobs:
               - equal: [<< pipeline.git.branch >>, << pipeline.parameters.staging_git_branch >>]
           steps:
             - cf_deploy:
+                app_name: tta-smarthub-staging
                 auth_client_id: STAGING_AUTH_CLIENT_ID
                 auth_client_secret: STAGING_AUTH_CLIENT_SECRET
                 cloudgov_username: CLOUDGOV_STAGING_USERNAME
                 cloudgov_password: CLOUDGOV_STAGING_PASSWORD
                 cloudgov_space: CLOUDGOV_STAGING_SPACE
                 deploy_config_file: deployment_config/staging_vars.yml
                 new_relic_license: NEW_RELIC_LICENSE_KEY
+                postgres_db: STAGING_POSTGRES_DB
+                postgres_host: STAGING_POSTGRES_HOST
+                postgres_password: STAGING_POSTGRES_PASSWORD
+                postgres_username: STAGING_POSTGRES_USERNAME
                 session_secret: STAGING_SESSION_SECRET
       - when:  # prod
           condition:
@@ -336,13 +379,18 @@ jobs:
               - equal: [<< pipeline.git.branch >>, << pipeline.parameters.prod_git_branch >>]
           steps:
             - cf_deploy:
+                app_name: tta-smarthub-prod
                 auth_client_id: PROD_AUTH_CLIENT_ID
                 auth_client_secret: PROD_AUTH_CLIENT_SECRET
                 cloudgov_username: CLOUDGOV_PROD_USERNAME
                 cloudgov_password: CLOUDGOV_PROD_PASSWORD
                 cloudgov_space: CLOUDGOV_PROD_SPACE
                 deploy_config_file: deployment_config/prod_vars.yml
                 new_relic_license: PROD_NEW_RELIC_LICENSE_KEY
+                postgres_db: PROD_POSTGRES_DB
+                postgres_host: PROD_POSTGRES_HOST
+                postgres_password: PROD_POSTGRES_PASSWORD
+                postgres_username: PROD_POSTGRES_USERNAME
                 session_secret: PROD_SESSION_SECRET
 workflows:
   build_test_deploy:
@@ -368,6 +416,7 @@ workflows:
             - build
       - deploy:
           requires:
+            - build
             - lint_audit
             - test_backend
             - cucumber_test

.production.sequelizerc

@@ -0,0 +1,8 @@
+const path = require('path');
+
+module.exports = {
+  'config': path.resolve('build', 'config', 'config.js'),
+  'models-path': path.resolve('build', 'server', 'models'),
+  'seeders-path': path.resolve('build', 'server', 'seeders'),
+  'migrations-path': path.resolve('build', 'server', 'migrations')
+}

README.md

@@ -111,10 +111,43 @@ who have proper cloud.gov permissions at any time.
 - The application `SESSION_SECRET`.
 - NewRelic license key, passed to the application as `NEW_RELIC_LICENSE_KEY`
 
+**Interacting with a deployed database**
+
+Our project includes four deployed Postgres databases, one to interact with each application environment (sandbox, dev, staging, prod). For instructions on how to create and modify databases instances within the cloud.gov ecosystem see the [terraform/README.md](terraform/README.md).
+
+You can run psql commands directly against a deployed database by following these directions.
+
+1. Install the cloud foundry plugin [cf-service-connect][cf-service-connect]
+
+	```bash
+	# Example install for macOS
+	cf install-plugin https://github.com/18F/cf-service-connect/releases/download/1.1.0/cf-service-connect-darwin-386
+	```
+
+1. Target the desired organization and space
+
+	```bash
+	cf target -o <org> -s <space>
+	# Example for sandbox
+	cf target -o hhs-acf-ohs-tta -s ttahub-sandbox
+	```
+
+1. Connect to the desired database
+
+	```bash
+	cf connect-to-service <app_name> <service_instance_name>
+	# Example for sandbox
+	cf connect-to-service tta-smarthub-sandbox ttahub-sandbox
+	```
+
+	On success, your terminal prompt will change to match the `db_name` from the database instance credentials.
+	This indicates you are in an open psql session, the command-line interface to PostgreSQL.
+
 <!-- Links -->
 
 [adhoc-main]: https://github.com/adhocteam/Head-Start-TTADP/tree/main
 [cloudgov]: https://dashboard.fr.cloud.gov/home
 [cloudgov-deployer]: https://cloud.gov/docs/services/cloud-gov-service-account/
+[cf-service-connect]: https://github.com/cloud-gov/cf-service-connect
 [hhs-main]: https://github.com/HHS/Head-Start-TTADP/tree/main
 [hhs-prod]: https://github.com/HHS/Head-Start-TTADP/tree/production

package.json

@@ -27,6 +27,7 @@
     "docs:serve": "npx redoc-cli serve -p 5000 docs/openapi/index.yaml",
     "cucumber": "./node_modules/.bin/cucumber-js --publish ./cucumber/features/*.feature -f json:./reports/cucumber_report.json && node ./cucumber/index.js",
     "cucumber:ci": "cross-env TTA_SMART_HUB_URI=http://localhost:3000 CUCUMBER_USER_ID=999999 yarn cucumber",
+    "db:migrate:prod": "node_modules/.bin/sequelize db:migrate --options-path .production.sequelizerc",
     "db:migrate": "node_modules/.bin/sequelize db:migrate",
     "db:migrate:ci": "cross-env POSTGRES_USERNAME=postgres POSTGRES_DB=ttasmarthub node_modules/.bin/sequelize db:migrate",
     "db:migrate:undo": "node_modules/.bin/sequelize db:migrate:undo",
@@ -118,7 +119,6 @@
     "nodemon": "^2.0.4",
     "redoc-cli": "^0.9.12",
     "selenium-webdriver": "^4.0.0-alpha.7",
-    "sequelize-cli": "^6.2.0",
     "supertest": "^4.0.2"
   },
   "dependencies": {
@@ -143,6 +143,7 @@
     "puppeteer": "^5.3.1",
     "puppeteer-select": "^1.0.3",
     "sequelize": "^5.22.3",
+    "sequelize-cli": "^6.2.0",
     "url-join": "^4.0.1",
     "winston": "^3.3.3",
     "yargs": "^16.1.1"