Add migrate-database workflow

This adds a workflow which migrates the database from PaaS to AKS.
DFE-Digital · Jun 27, 2023 · 7ab04e2 · 7ab04e2
1 parent f048be3
commit 7ab04e2
Show file tree

Hide file tree

Showing 2 changed files with 110 additions and 3 deletions.
diff --git a/.github/workflows/database.yaml b/.github/workflows/database.yaml
@@ -51,7 +51,7 @@ jobs:
         run: make install-konduit
 
       - name: Dump database
-        run: bin/konduit.sh apply-for-qts-production-web -- pg_dump -E utf8 --compress=1 --clean --if-exists --no-owner --verbose --no-password -f backup.sql.gz
+        run: bin/konduit.sh apply-for-qts-production-web -- pg_dump -E utf8 --compress=1 --clean --if-exists --no-owner --verbose -f backup.sql.gz
 
       - name: Set connection string
         run: |
@@ -75,7 +75,7 @@ jobs:
 
       - name: Sanitise dump
         run: |
-          psql -d postgres -f backup.sql.gz
+          gzip -d --to-stdout backup.sql.gz | psql -d postgres
           psql -d postgres -f db/scripts/sanitise.sql
           pg_dump -E utf8 --compress=1 --clean --if-exists --no-owner --verbose --no-password -f backup-sanitised.sql.gz
         env:
@@ -132,4 +132,4 @@ jobs:
 
       - name: Restore sanitised backup
         shell: bash
-        run: zcat backup-sanitised.sql.gz | bin/konduit.sh apply-for-qts-preproduction-web -- psql
+        run: bin/konduit.sh -i backup-sanitised.sql.gz -c apply-for-qts-preproduction-web -- psql
diff --git a/.github/workflows/migrate-database.yaml b/.github/workflows/migrate-database.yaml
@@ -0,0 +1,107 @@
+name: Migrate database to AKS
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: GitHub environment to backup and restore
+        type: choice
+        default: preproduction
+        options:
+          - preproduction
+          - production
+
+jobs:
+  backup:
+    name: Backup
+    runs-on: ubuntu-latest
+
+    environment:
+      name: ${{ (github.event.inputs.environment == 'preproduction' && 'preprod') || github.event.inputs.environment }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - uses: Azure/login@v1
+        with:
+          creds: ${{ secrets.azure_credentials }}
+
+      - name: Set environment variables Production
+        shell: bash
+        run: |
+          tf_vars_file=terraform/paas/workspace_variables/${{ (github.event.inputs.environment == 'preproduction' && 'preprod') || github.event.inputs.environment }}.tfvars.json
+          echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
+          echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV
+
+      - uses: Azure/get-keyvault-secrets@v1
+        id: get_secrets
+        with:
+          keyvault: ${{ env.KEY_VAULT_NAME }}
+          secrets: "PAAS-USER,PAAS-PASSWORD"
+
+      - uses: DfE-Digital/keyvault-yaml-secret@v1
+        id: keyvault-yaml-secret
+        with:
+          keyvault: ${{ env.KEY_VAULT_NAME }}
+          secret: MONITORING
+          key: SLACK_WEBHOOK
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Setup cf cli
+        uses: DFE-Digital/github-actions/setup-cf-cli@master
+        with:
+          CF_USERNAME: ${{ steps.get_secrets.outputs.PAAS-USER }}
+          CF_PASSWORD: ${{ steps.get_secrets.outputs.PAAS-PASSWORD }}
+          CF_SPACE_NAME: ${{ env.PAAS_SPACE }}
+          INSTALL_CONDUIT: true
+
+      - name: Setup postgres client
+        uses: DFE-Digital/github-actions/install-postgres-client@master
+
+      - name: Backup database
+        run: |
+          cf conduit apply-for-qts-in-england-${{ (github.event.inputs.environment == 'preproduction' && 'preprod') || github.event.inputs.environment }}-pg-svc -- pg_dump -E utf8 --clean --compress=1 --if-exists --no-owner --no-privileges --verbose -f backup.sql.gz
+
+      - name: Upload backup
+        uses: actions/upload-artifact@v3
+        with:
+          name: backup
+          path: backup.sql.gz
+          retention-days: 1
+
+  restore:
+    name: Restore
+    needs: [backup]
+    runs-on: ubuntu-latest
+
+    environment:
+      name: ${{ github.event.inputs.environment }}_aks
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Download backup
+        uses: actions/download-artifact@v3
+        with:
+          name: backup
+
+      - uses: ./.github/actions/set-kubernetes-credentials
+        with:
+          environment: ${{ github.event.inputs.environment }}
+          azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v3
+
+      - name: Install konduit
+        run: make install-konduit
+
+      - name: Restore database
+        run: bin/konduit.sh -i backup.sql.gz -c apply-for-qts-${{ github.event.inputs.environment }}-web -- psql
+
+      - uses: geekyeggo/delete-artifact@v2
+        with:
+          name: backup