Backup Database to Azure Storage #443
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backup Database to Azure Storage | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| overwriteThisMorningsBackup: | |
| required: true | |
| type: boolean | |
| default: false | |
| schedule: # 01:00 UTC | |
| - cron: '0 1 * * *' | |
| jobs: | |
| backup: | |
| name: Backup AKS Database (production) | |
| if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.overwriteThisMorningsBackup == 'true') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| name: Checkout | |
| - name: Set KV environment variables | |
| run: | | |
| tf_vars_file=terraform/aks/config/production.tfvars.json | |
| echo "key_vault_name=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV | |
| - uses: azure/login@v2 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS_PRODUCTION }} | |
| - uses: DFE-Digital/github-actions/set-kubelogin-environment@master | |
| with: | |
| azure-credentials: ${{ secrets.AZURE_CREDENTIALS_PRODUCTION }} | |
| - name: Install kubectl | |
| uses: DFE-Digital/github-actions/set-kubectl@master | |
| - name: K8 setup | |
| shell: bash | |
| run: | | |
| make ci production get-cluster-credentials | |
| make install-konduit | |
| - name: Setup postgres client | |
| uses: DFE-Digital/github-actions/install-postgres-client@master | |
| - name: Set environment variable | |
| run: echo "BACKUP_FILE_NAME=trp_prod_$(date +"%F")" >> $GITHUB_ENV | |
| - name: Backup Prod DB | |
| run: | | |
| bin/konduit.sh teacher-relocation-payment-production -- pg_dump -E utf8 --clean --if-exists --no-owner --verbose --no-password -f ${BACKUP_FILE_NAME}.sql | |
| tar -cvzf ${BACKUP_FILE_NAME}.tar.gz ${BACKUP_FILE_NAME}.sql | |
| - name: Set Connection String | |
| run: | | |
| STORAGE_CONN_STR="$(az keyvault secret show --name TRP-BACKUP-STORAGE-CONNECTION-STRING --vault-name ${{ env.key_vault_name }} | jq -r .value)" | |
| echo "::add-mask::$STORAGE_CONN_STR" | |
| echo "STORAGE_CONN_STR=$STORAGE_CONN_STR" >> $GITHUB_ENV | |
| - name: Upload Backup to Azure Storage | |
| run: | | |
| az storage blob upload --container-name database-backup \ | |
| --file ${BACKUP_FILE_NAME}.tar.gz --name ${BACKUP_FILE_NAME}.tar.gz --overwrite \ | |
| --connection-string '${{ env.STORAGE_CONN_STR }}' | |
| rm ${BACKUP_FILE_NAME}.tar.gz | |
| - name: Check for Failure | |
| if: ${{ failure() }} | |
| uses: rtCamp/action-slack-notify@master | |
| env: | |
| SLACK_CHANNEL: twd_bat_devops | |
| SLACK_COLOR: '#ef5343' | |
| SLACK_ICON_EMOJI: ':github-logo:' | |
| SLACK_USERNAME: Teacher Relocation Payment | |
| SLACK_TITLE: Backup Failure | |
| SLACK_MESSAGE: ':alert: Backup failure :sadparrot:' | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |