adding db migrations

.github/workflows/create-release.yml

@@ -41,8 +41,10 @@ jobs:
           go-version: ${{ vars.GO_VERSION }}
           cache-dependency-path: "**/*.sum"
 
-      - name: Build binary
-        run: go build -o bin/goschema ./cmd/schema
+      - name: Build binaries
+        run: |
+          go build -o bin/goschema ./cmd/schema
+          go build -o bin/vaultdb ./cmd/vaultdb
 
       - name: Create Changelog
         run: |
@@ -84,4 +86,4 @@ jobs:
           prerelease: false
           generate_release_notes: false
           make_latest: true
-          files: "bin/goschema"
+          files: "bin/*"

.github/workflows/database-migrations.yml

@@ -0,0 +1,95 @@
+name: "Database Migrations"
+
+on:
+  workflow_dispatch:
+    inputs:
+      action:
+        description: 'What action should be taken?'
+        required: true
+        type: choice
+        default: 'up'
+        options:
+          - 'up'
+          - 'down'
+      steps:
+        description: 'How many migrations should be applied? (0 for all)'
+        required: true
+        type: number
+        default: 0
+  workflow_call:
+    inputs:
+      action:
+        description: 'What action should be taken?'
+        required: true
+        type: string
+        default: 'up'
+      steps:
+        description: 'How many migrations should be applied? (0 for all)'
+        required: true
+        type: number
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  cancel-in-progress: true
+
+jobs:
+  migrate:
+    name: Migrate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: See if the database connection string is available
+        id: db-connection
+        run: |
+          if [ "${{ secrets.DATABASE_URL }}" ==" ]; then
+            echo "No DATABASE_URL secret set. Trying to authenticate with Vault..."
+          
+            if [ "${{ secrets.VAULT_ADDR }}" == "" ]; then
+              echo "No VAULT_ADDR secret set. Exiting..."
+              exit 1
+            elif [ "${{ secrets.VAULT_USER }}" == "" ]; then
+              echo "No VAULT_USER secret set. Exiting..."
+              exit 1
+            elif [ "${{ secrets.VAULT_PASS }}" == "" ]; then
+              echo "No VAULT_PASS secret set. Exiting..."
+              exit 1
+            fi
+          
+            url=$(curl -s -X GET https://api.github.com/repos/jacobbrewer1/goschema/releases/latest | jq '.assets[] | select(.name == "vaultdb")' | jq -r .browser_download_url)
+            wget $url
+            chmod +x vaultdb
+            mv vaultdb /usr/local/bin
+          
+            export DATABASE_URL=$(vaultdb -addr=${{ secrets.VAULT_ADDR }} -user=${{ secrets.VAULT_USER }} -pass=${{ secrets.VAULT_PASS }} -path=${{ secrets.VAULT_PATH }}) -host=${{ secrets.DATABSE_HOST }} -schema=${{ secrets.DATABASE_SCHEMA }}
+            if [ "${{ DATABASE_URL }}" == "" ]; then
+              echo "Failed to authenticate with Vault. Exiting..."
+              exit 1
+            fi
+          fi
+          
+          echo "DATABASE_URL is set. Continuing..."
+
+      - name: Install GoSchema
+        run: |
+          url=$(curl -s -X GET https://api.github.com/repos/jacobbrewer1/goschema/releases/latest | jq '.assets[] | select(.name == "goschema")' | jq -r .browser_download_url)
+          wget $url
+          chmod +x goschema
+          mv goschema /usr/local/bin
+
+      - name: Run Migrations
+        run: |
+          goschema migrate --${{ github.event.inputs.action }} --steps=${{ github.event.inputs.steps }} --loc=./example/database/migrations
+
+      - name: Cleanup
+        if: ${{ always() }}
+        run: |
+          rm -f /usr/local/bin/goschema
+          rm -f /usr/local/bin/vaultdb
+          
+          if [ "${{ secrets.DATABASE_URL }}" == "" ]; then
+              unset DATABASE_URL
+          fi
+          
+          echo "Cleanup complete."

cmd/vault_connector/README.md → cmd/vaultdb/README.md

@@ -1,3 +1,3 @@
-# Vault Connector
+# Vault DB
 
 This app is primarily designed to be used in the CICD that prints a connection string for the database.

cmd/vaultdb/main.go

@@ -0,0 +1,52 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+
+	hashiVault "github.com/hashicorp/vault/api"
+	"github.com/jacobbrewer1/vaulty"
+)
+
+var (
+	vaultAddr = flag.String("addr", "http://localhost:8200", "The address of the vault server")
+	vaultUser = flag.String("user", "root", "The username to authenticate with")
+	vaultPass = flag.String("pass", "root", "The password to authenticate with")
+	vaultPath = flag.String("path", "secret", "The path to the secrets")
+	dbHost    = flag.String("host", "localhost:3306", "The host of the database")
+	dbSchema  = flag.String("schema", "test", "The schema of the database")
+)
+
+func init() {
+	flag.Parse()
+}
+
+func generateConnectionStr(vs *hashiVault.Secret) string {
+	return fmt.Sprintf("%s:%s@tcp(%s)/%s?timeout=90s&multiStatements=true&parseTime=true",
+		vs.Data["username"],
+		vs.Data["password"],
+		*dbHost,
+		*dbSchema,
+	)
+}
+
+func main() {
+	vc, err := vaulty.NewClient(
+		vaulty.WithGeneratedVaultClient(*vaultAddr),
+		vaulty.WithUserPassAuth(
+			*vaultUser,
+			*vaultPass,
+		),
+	)
+	if err != nil {
+		panic(fmt.Errorf("error creating vault client: %w", err))
+	}
+
+	got, err := vc.Path(*vaultPath).GetSecret(context.Background())
+	if err != nil {
+		panic(fmt.Errorf("error getting secret: %w", err))
+	}
+
+	fmt.Println(generateConnectionStr(got))
+}

go.mod

@@ -1,12 +1,15 @@
 module github.com/jacobbrewer1/goschema
 
-go 1.22
+go 1.23
+
+toolchain go1.23.2
 
 require (
 	github.com/Masterminds/sprig v2.22.0+incompatible
 	github.com/go-sql-driver/mysql v1.8.1
 	github.com/google/subcommands v1.2.0
 	github.com/huandu/xstrings v1.5.0
+	github.com/jacobbrewer1/vaulty v0.1.3
 	github.com/jmoiron/sqlx v1.4.0
 	github.com/pingcap/tidb v2.0.7+incompatible
 	github.com/prometheus/client_golang v1.11.1
@@ -19,25 +22,41 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.4.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect
 	github.com/coreos/etcd v3.2.18+incompatible // indirect
 	github.com/cznic/mathutil v0.0.0-20180504122225-ca4c9f2c1369 // indirect
 	github.com/cznic/sortutil v0.0.0-20150617083342-4c7342852e65 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db // indirect
 	github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/vault/api v1.15.0 // indirect
+	github.com/hashicorp/vault/api/auth/approle v0.8.0 // indirect
+	github.com/hashicorp/vault/api/auth/userpass v0.8.0 // indirect
 	github.com/imdario/mergo v0.3.5 // indirect
 	github.com/juju/errors v0.0.0-20170703010042-c7d06af17c68 // indirect
 	github.com/juju/loggo v0.0.0-20180524022052-584905176618 // indirect
 	github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073 // indirect
 	github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/ngaut/pools v0.0.0-20180318154953-b7bc8c42aac7 // indirect
 	github.com/ngaut/sync2 v0.0.0-20141008032647-7a24ed77b2ef // indirect
@@ -50,20 +69,23 @@ require (
 	github.com/pingcap/pd v2.0.5+incompatible // indirect
 	github.com/pingcap/tipb v0.0.0-20180621072330-658ea9c14169 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.26.0 // indirect
 	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sirupsen/logrus v1.6.0 // indirect
 	github.com/spaolacci/murmur3 v0.0.0-20170819071325-9f5d223c6079 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/twinj/uuid v1.0.0 // indirect
 	github.com/uber-go/atomic v1.3.2 // indirect
 	github.com/uber/jaeger-client-go v2.14.0+incompatible // indirect
 	github.com/uber/jaeger-lib v1.5.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.56.3 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect