From 5a7200a98f8ffb4d2f12cb336dc7e9e71f71f225 Mon Sep 17 00:00:00 2001
From: Shahe Islam <shahe.islam@education.gov.uk>
Date: Mon, 21 Oct 2024 14:02:53 +0100
Subject: [PATCH] Draft

---
 .github/workflows/database.yaml | 90 ++++++++++++++++++---------------
 1 file changed, 49 insertions(+), 41 deletions(-)

diff --git a/.github/workflows/database.yaml b/.github/workflows/database.yaml
index 792d3eeee..767b9ba5b 100644
--- a/.github/workflows/database.yaml
+++ b/.github/workflows/database.yaml
@@ -7,10 +7,13 @@ on:
 
 jobs:
   backup-production:
-    name: Backup production
+    name: Backup database
     runs-on: ubuntu-latest
-
-    environment: production
+    environment:
+      name: ${{ inputs.environment || 'production' }}
+    env:
+      DEPLOY_ENV: ${{ inputs.environment || 'production'  }}
+      BACKUP_FILE: ${{ inputs.backup-file || 'schedule'  }}
 
     services:
       postgres:
@@ -27,9 +30,49 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Get resource group name
-        id: resource-group-name
-        run: echo "value=$(make -s production print-resource-group-name)" >> $GITHUB_OUTPUT
+      - uses: azure/login@v2
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Set environment variables
+        run: |
+          source global_config/${DEPLOY_ENV}.sh
+          tf_vars_file=${TF_VARS_PATH}/${DEPLOY_ENV}.tfvars.json
+          echo "CLUSTER=$(jq -r '.cluster' ${tf_vars_file})" >> $GITHUB_ENV
+          echo "RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV
+          echo "STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}dbbkp${CONFIG_SHORT}sa" >> $GITHUB_ENV
+          TODAY=$(date +"%F")
+          echo "DB_SERVER=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-pg" >> $GITHUB_ENV
+          if [ "${BACKUP_FILE}" == "schedule" ]; then
+            BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_${TODAY}
+          elif [ "${BACKUP_FILE}" == "default" ]; then
+            BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_adhoc_${TODAY}
+          else
+            BACKUP_FILE=${BACKUP_FILE}
+          fi
+          echo "BACKUP_FILE=${BACKUP_FILE}" >> $GITHUB_ENV
+          echo "KEYVAULT_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv" >> $GITHUB_ENV
+
+      - name: Fetch secrets from key vault
+        uses: azure/CLI@v2
+        id: key-vault-secrets
+        with:
+          inlineScript: |
+            SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name ${KEYVAULT_NAME} --query "value" -o tsv)
+            echo "::add-mask::$SLACK_WEBHOOK"
+            echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
+
+      - name: Backup ${{ env.DEPLOY_ENV }} postgres
+        uses: DFE-Digital/github-actions/backup-postgres@master
+        with:
+          storage-account: ${{ env.STORAGE_ACCOUNT_NAME }}
+          resource-group: ${{ env.RESOURCE_GROUP_NAME }}
+          app-name: ${{ env.SERVICE_NAME }}-${{ env.DEPLOY_ENV }}
+          cluster: ${{ env.CLUSTER }}
+          azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+          backup-file: ${{ env.BACKUP_FILE }}.sql
+          db-server-name: ${{ inputs.db-server }}
+          slack-webhook: ${{ steps.key-vault-secrets.outputs.SLACK_WEBHOOK }}
 
       - uses: ./.github/actions/set-kubernetes-credentials
         with:
@@ -49,30 +92,6 @@ jobs:
           echo "account-name=$(terraform output -raw postgres_azure_backup_storage_account_name)" >> $GITHUB_OUTPUT
           echo "container-name=$(terraform output -raw postgres_azure_backup_storage_container_name)" >> $GITHUB_OUTPUT
 
-      - name: Install kubectl
-        uses: DFE-Digital/github-actions/set-kubectl@master
-
-      - name: Install konduit
-        run: make install-konduit
-
-      - name: Dump database
-        run: bin/konduit.sh apply-for-qts-production-web -- pg_dump -E utf8 --compress=1 --clean --if-exists --no-owner --verbose -f backup.sql.gz
-
-      - name: Set connection string
-        run: |
-          STORAGE_CONN_STR=$(az storage account show-connection-string -g ${{ steps.resource-group-name.outputs.value }} -n ${{ steps.azure-backup-storage.outputs.account-name }} --query 'connectionString')
-          echo "::add-mask::$STORAGE_CONN_STR"
-          echo "AZURE_STORAGE_CONNECTION_STRING=$STORAGE_CONN_STR" >> $GITHUB_ENV
-
-      - name: Upload backup
-        run: |
-          az config set extension.use_dynamic_install=yes_without_prompt
-          az config set core.only_show_errors=true
-          az storage azcopy blob upload \
-            --container ${{ steps.azure-backup-storage.outputs.container-name }} \
-            --source backup.sql.gz \
-            --destination $(date +"%F-%H").sql.gz
-
       - name: Install postgres client
         uses: DFE-Digital/github-actions/install-postgres-client@master
         with:
@@ -108,17 +127,6 @@ jobs:
           keyvault: ${{ steps.key-vault-name.outputs.value }}
           secrets: "SLACK-WEBHOOK"
 
-      - name: Notify Slack channel on job failure
-        if: failure()
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_USERNAME: CI Deployment
-          SLACK_TITLE: Database backup failure
-          SLACK_MESSAGE: Production database backup job failed
-          SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK-WEBHOOK }}
-          SLACK_COLOR: failure
-          SLACK_FOOTER: Sent from backup-production job in database-backups workflow
-
   restore-preproduction:
     name: Restore preproduction
     needs: [backup-production]