Skip to content

Commit

Permalink
TEMP
Browse files Browse the repository at this point in the history
  • Loading branch information
@saliceti
saliceti committed Nov 27, 2024
1 parent 11bc77e commit 005ee47
Showing 1 changed file with 98 additions and 98 deletions.
196 changes: 98 additions & 98 deletions .github/workflows/database.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,104 +31,104 @@ env:
TF_VARS_PATH: terraform/application/config

jobs:
backup:
name: Backup database
runs-on: ubuntu-latest
environment:
name: ${{ inputs.environment || 'production' }}
env:
DEPLOY_ENV: ${{ inputs.environment || 'production' }}
BACKUP_FILE: ${{ inputs.backup-file || 'schedule' }}

services:
postgres:
image: postgres:14
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

steps:
- name: Checkout code
uses: actions/checkout@v4

- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- name: Set environment variables
run: |
source global_config/${DEPLOY_ENV}.sh
tf_vars_file=${TF_VARS_PATH}/${CONFIG}/variables.tfvars.json
echo "CLUSTER=$(jq -r '.cluster' ${tf_vars_file})" >> $GITHUB_ENV
echo "CONFIG=${CONFIG}" >> $GITHUB_ENV
echo "RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV
echo "STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}dbbkp${CONFIG_SHORT}sa" >> $GITHUB_ENV
TODAY=$(date +"%F")
echo "DB_SERVER=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-pg" >> $GITHUB_ENV
if [ "${BACKUP_FILE}" == "schedule" ]; then
BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_${TODAY}
elif [ "${BACKUP_FILE}" == "default" ]; then
BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_adhoc_${TODAY}
else
BACKUP_FILE=${BACKUP_FILE}
fi
echo "BACKUP_FILE=${BACKUP_FILE}" >> $GITHUB_ENV
echo "KEYVAULT_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv" >> $GITHUB_ENV
echo "SANITISED_FILE_NAME=afqts_sanitised_$(date +"%F")" >> $GITHUB_ENV
- name: Fetch secrets from key vault
uses: azure/CLI@v2
id: key-vault-secrets
with:
inlineScript: |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name ${KEYVAULT_NAME} --query "value" -o tsv)
echo "::add-mask::$SLACK_WEBHOOK"
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
- name: Backup ${{ env.DEPLOY_ENV }} postgres
uses: DFE-Digital/github-actions/backup-postgres@master
with:
storage-account: ${{ env.STORAGE_ACCOUNT_NAME }}
resource-group: ${{ env.RESOURCE_GROUP_NAME }}
app-name: ${{ env.SERVICE_NAME }}-${{ env.CONFIG }}-web
cluster: ${{ env.CLUSTER }}
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
backup-file: ${{ env.BACKUP_FILE }}.sql
db-server-name: ${{ inputs.db-server }}
slack-webhook: ${{ steps.key-vault-secrets.outputs.SLACK_WEBHOOK }}

- name: Install postgres client
if: github.event_name == 'schedule'
uses: DFE-Digital/github-actions/install-postgres-client@master
with:
version: 14

- name: Sanitise dump
if: github.event_name == 'schedule'
run: |
gzip -d --to-stdout ${{ env.BACKUP_FILE }}.sql.gz | psql -d postgres
psql -d postgres -f db/scripts/sanitise.sql
pg_dump -E utf8 --compress=1 --clean --if-exists --no-owner --verbose --no-password -f ${SANITISED_FILE_NAME}.sql.gz
env:
PGUSER: postgres
PGPASSWORD: postgres
PGHOST: localhost
PGPORT: 5432

- name: Upload sanitised backup to Azure Storage
if: github.event_name == 'schedule'
run: |
STORAGE_CONN_STR=$(az storage account show-connection-string -g ${{ env.RESOURCE_GROUP_NAME }} -n ${{ env.STORAGE_ACCOUNT_NAME }} --query 'connectionString')
echo "::add-mask::$STORAGE_CONN_STR"
az storage blob upload --container-name database-backup \
--file ${SANITISED_FILE_NAME}.sql.gz --name ${SANITISED_FILE_NAME}.sql.gz --overwrite \
--connection-string "${STORAGE_CONN_STR}"
rm ${SANITISED_FILE_NAME}.sql.gz
# backup:
# name: Backup database
# runs-on: ubuntu-latest
# environment:
# name: ${{ inputs.environment || 'production' }}
# env:
# DEPLOY_ENV: ${{ inputs.environment || 'production' }}
# BACKUP_FILE: ${{ inputs.backup-file || 'schedule' }}

# services:
# postgres:
# image: postgres:14
# env:
# POSTGRES_USER: postgres
# POSTGRES_PASSWORD: postgres
# POSTGRES_DB: postgres
# ports:
# - 5432:5432
# options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

# steps:
# - name: Checkout code
# uses: actions/checkout@v4

# - uses: azure/login@v2
# with:
# creds: ${{ secrets.AZURE_CREDENTIALS }}

# - name: Set environment variables
# run: |
# source global_config/${DEPLOY_ENV}.sh
# tf_vars_file=${TF_VARS_PATH}/${CONFIG}/variables.tfvars.json
# echo "CLUSTER=$(jq -r '.cluster' ${tf_vars_file})" >> $GITHUB_ENV
# echo "CONFIG=${CONFIG}" >> $GITHUB_ENV
# echo "RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV
# echo "STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}dbbkp${CONFIG_SHORT}sa" >> $GITHUB_ENV
# TODAY=$(date +"%F")
# echo "DB_SERVER=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-pg" >> $GITHUB_ENV
# if [ "${BACKUP_FILE}" == "schedule" ]; then
# BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_${TODAY}
# elif [ "${BACKUP_FILE}" == "default" ]; then
# BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_adhoc_${TODAY}
# else
# BACKUP_FILE=${BACKUP_FILE}
# fi
# echo "BACKUP_FILE=${BACKUP_FILE}" >> $GITHUB_ENV
# echo "KEYVAULT_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv" >> $GITHUB_ENV
# echo "SANITISED_FILE_NAME=afqts_sanitised_$(date +"%F")" >> $GITHUB_ENV

# - name: Fetch secrets from key vault
# uses: azure/CLI@v2
# id: key-vault-secrets
# with:
# inlineScript: |
# SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name ${KEYVAULT_NAME} --query "value" -o tsv)
# echo "::add-mask::$SLACK_WEBHOOK"
# echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT

# - name: Backup ${{ env.DEPLOY_ENV }} postgres
# uses: DFE-Digital/github-actions/backup-postgres@master
# with:
# storage-account: ${{ env.STORAGE_ACCOUNT_NAME }}
# resource-group: ${{ env.RESOURCE_GROUP_NAME }}
# app-name: ${{ env.SERVICE_NAME }}-${{ env.CONFIG }}-web
# cluster: ${{ env.CLUSTER }}
# azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
# backup-file: ${{ env.BACKUP_FILE }}.sql
# db-server-name: ${{ inputs.db-server }}
# slack-webhook: ${{ steps.key-vault-secrets.outputs.SLACK_WEBHOOK }}

# - name: Install postgres client
# if: github.event_name == 'schedule'
# uses: DFE-Digital/github-actions/install-postgres-client@master
# with:
# version: 14

# - name: Sanitise dump
# if: github.event_name == 'schedule'
# run: |
# gzip -d --to-stdout ${{ env.BACKUP_FILE }}.sql.gz | psql -d postgres
# psql -d postgres -f db/scripts/sanitise.sql
# pg_dump -E utf8 --compress=1 --clean --if-exists --no-owner --verbose --no-password -f ${SANITISED_FILE_NAME}.sql.gz
# env:
# PGUSER: postgres
# PGPASSWORD: postgres
# PGHOST: localhost
# PGPORT: 5432

# - name: Upload sanitised backup to Azure Storage
# if: github.event_name == 'schedule'
# run: |
# STORAGE_CONN_STR=$(az storage account show-connection-string -g ${{ env.RESOURCE_GROUP_NAME }} -n ${{ env.STORAGE_ACCOUNT_NAME }} --query 'connectionString')
# echo "::add-mask::$STORAGE_CONN_STR"

# az storage blob upload --container-name database-backup \
# --file ${SANITISED_FILE_NAME}.sql.gz --name ${SANITISED_FILE_NAME}.sql.gz --overwrite \
# --connection-string "${STORAGE_CONN_STR}"
# rm ${SANITISED_FILE_NAME}.sql.gz

restore-preproduction:
name: Restore preproduction
Expand Down

0 comments on commit 005ee47

Please sign in to comment.