Delius Core: RDS instance Data Refresh #8

Workflow file for this run

.github/workflows/delius-core-rds-data-refresh.yaml at 89d4ed8

	---
	name: "Delius Core: RDS instance Data Refresh"
	permissions:
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout
	on:
	workflow_dispatch:
	inputs:
	manually_specified_snapshot_id: # This is the name of the input
	description: "Snapshot ID"
	required: false
	trigger_mp_workflow:
	type: choice
	description: "Trigger MP workflow for gdpr [true\|false]"
	default: "true"
	options:
	- "true"
	- "false"
	required: true
	source_environment:
	type: choice
	description: "Select source environment"
	default: "true"
	options:
	- "test"
	- "stage"
	- "preprod"
	- "prod"
	required: true
	dest_environment:
	type: choice
	description: "Select destination environment"
	default: "true"
	options:
	- "dev"
	- "test"
	- "stage"
	- "preprod"
	required: true
	rds_instance:
	type: choice
	description: "Select rds instance for refreshing"
	default: "true"
	options:
	- "merge-api"
	- "gdpr-api"
	required: true

	jobs:
	get_source_account_id:
	runs-on: ubuntu-latest
	environment: delius-core-${{ inputs.source_environment }}
	outputs:
	account_id: "${{ steps.output_account_id.account_id}}"
	steps:
	- name: output account id
	id: output_account_id
	run: echo "account_id=${{ vars.AWS_ACCOUNT_ID }}" >> $GITHUB_OUTPUT

	get_dest_account_id:
	runs-on: ubuntu-latest
	environment: delius-core-${{ inputs.dest_environment }}
	outputs:
	account_id: "${{ steps.output_account_id.outputs.account_id}}"
	steps:
	- name: output account id
	id: output_account_id
	run: echo "account_id=${{ vars.AWS_ACCOUNT_ID }}" >> $GITHUB_OUTPUT

	source_environment:
	needs: [get_source_account_id, get_dest_account_id]
	runs-on: ubuntu-latest
	environment: delius-core-${{ inputs.source_environment }}
	outputs:
	DATETIME_STRING: "${{ steps.name.outputs.DATETIME_STRING }}"
	SNAPSHOT_SOURCE_COPY_NAME": "${{ steps.name.outputs.SNAPSHOT_SOURCE_COPY_NAME }}"
	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	with:
	role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
	role-session-name: "${{ inputs.rds_instance }}-data-refresh-${{ github.run_number }}"
	aws-region: "eu-west-2"

	- name: Get latest overnight backup
	if: ${{ github.event.inputs.manually_specified_snapshot_id == '' }}
	run: \|
	overnight_snapshot_identifier=$(aws rds describe-db-snapshots \
	--snapshot-type "automated" \
	--db-instance-identifier "${{ inputs.rds_instance }}-${{ inputs.source_environment }}-db" \
	--query "reverse(sort_by(DBSnapshots, &SnapshotCreateTime))[0].DBSnapshotIdentifier" \
	--output text)
	if [ -z "$overnight_snapshot_identifier" ]; then
	echo "No snapshot found"
	exit 1
	fi
	echo SOURCE_SNAPSHOT_IDENTIFIER=${overnight_snapshot_identifier} >> $GITHUB_ENV
	echo SOURCE_SNAPSHOT_IDENTIFIER=${overnight_snapshot_identifier} >> $GITHUB_OUTPUT

	- name: Snapshot ID provided
	if: ${{ github.event.inputs.manually_specified_snapshot_id != '' }}
	run: \|
	echo SOURCE_SNAPSHOT_IDENTIFIER=${{ github.event.inputs.manually_specified_snapshot_id }} >> $GITHUB_ENV
	echo SOURCE_SNAPSHOT_IDENTIFIER=${{ github.event.inputs.manually_specified_snapshot_id }} >> $GITHUB_OUTPUT

	- name: Set snapshot name string
	id: name
	run: \|
	echo DATETIME_STRING="$(echo $SOURCE_SNAPSHOT_IDENTIFIER \| sed s/"rds:${{ inputs.rds_instance }}-"//)" >> $GITHUB_ENV
	echo DATETIME_STRING="$(echo $SOURCE_SNAPSHOT_IDENTIFIER \| sed s/"rds:${{ inputs.rds_instance }}-"//)" >> $GITHUB_OUTPUT
	echo SNAPSHOT_SOURCE_COPY_NAME="${{ inputs.rds_instance }}-${{ inputs.source_environment }}-db-snapshot-$(echo $SOURCE_SNAPSHOT_IDENTIFIER \| sed s/"rds:${{ inputs.rds_instance }}-${{ inputs.source_environment}}-"//)-${{ github.run_id }}" >> $GITHUB_ENV
	echo SNAPSHOT_SOURCE_COPY_NAME="${{ inputs.rds_instance }}-${{ inputs.source_environment }}-db-snapshot-$(echo $SOURCE_SNAPSHOT_IDENTIFIER \| sed s/"rds:${{ inputs.rds_instance }}-${{ inputs.source_environment}}-"//)-${{ github.run_id }}" >> $GITHUB_OUTPUT

	- name: Copy snapshot (within ${{ inputs.source_account }})
	run: \|
	aws rds copy-db-snapshot \
	--source-db-snapshot-identifier "${{ env.SOURCE_SNAPSHOT_IDENTIFIER }}" \
	--target-db-snapshot-identifier "${{ env.SNAPSHOT_SOURCE_COPY_NAME }}" \
	--region "eu-west-2"

	- name: Wait for RDS Snapshot to be ready
	run: \|
	for run in {1..5}; do
	aws rds wait db-snapshot-available \
	--db-snapshot-identifier "${{ env.SNAPSHOT_SOURCE_COPY_NAME }}" && break \|\| sleep 10 * run
	done

	- name: Share RDS snapshot with Pre-Prod
	run: \|
	aws rds modify-db-snapshot-attribute \
	--db-snapshot-identifier "${{ env.SNAPSHOT_SOURCE_COPY_NAME }}" \
	--attribute-name restore \
	--values-to-add "${{ needs.get_dest_account_id.outputs.account_id }}"

	destination_environment:
	runs-on: ubuntu-latest
	environment: delius-core-${{ inputs.dest_environment }}
	needs: [source_environment, get_source_account_id, get_dest_account_id]
	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	with:
	role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
	role-session-name: "${{ inputs.rds_instance }}-data-refresh-${{ github.run_number }}"
	aws-region: "eu-west-2"

	- name: Set final snapshot name string
	run: \|
	echo FINAL_SNAPSHOT_DEST_COPY_NAME="${{ inputs.rds_instance }}-refresh-ready-${{ needs.source_environment.outputs.DATETIME_STRING }}-${{ github.run_id }}" >> $GITHUB_ENV

	- name: Copy snapshot (${{ inputs.source_environment }}[shared]-${{ inputs.dest_environment }})
	run: \|
	aws rds copy-db-snapshot \
	--source-db-snapshot-identifier "arn:aws:rds:eu-west-2:${{ needs.get_source_account_id.outputs.account_id }}:snapshot:${{ needs.source_environment.outputs.SNAPSHOT_PROD_COPY_NAME }}" \
	--target-db-snapshot-identifier "${{ env.FINAL_SNAPSHOT_DEST_COPY_NAME }}" \
	--kms-key-id "arn:aws:kms:eu-west-2:374269020027:alias/rds-hmpps" \
	--region "eu-west-2"

	- name: Wait for RDS Snapshot to be ready in ${{ inputs.dest_environment }}
	run: \|
	for run in {1..5}; do
	aws rds wait db-snapshot-available \
	--db-snapshot-identifier "${{ env.FINAL_SNAPSHOT_DEST_COPY_NAME }}" && break \|\| sleep 10 * run
	done

	- name: Store identifier in SSM parameter store
	run: \|
	aws ssm put-parameter \
	--name "/${{ inputs.rds_instance }}/snapshot_id" \
	--value "${{ env.FINAL_SNAPSHOT_DEST_COPY_NAME }}" \
	--type "String" \
	--overwrite \
	--region "eu-west-2"

	- name: Output snapshot identifier
	run: \|
	echo "Snapshot identifier: ${{env.FINAL_SNAPSHOT_DEST_COPY_NAME}}"

	- name: Generate token
	if: ${{ github.event.inputs.trigger_mp_workflow == 'true' }}
	id: generate_token
	uses: tibdex/[email protected]
	with:
	app_id: ${{ secrets.HMPPS_BOT_APP_ID }}
	private_key: ${{ secrets.HMPPS_BOT_PRIVATE_KEY }}

	- name: Trigger mp delius-core workflow
	if: ${{ github.event.inputs.trigger_mp_workflow == 'true' }}
	env:
	GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
	run: gh workflow run delius-core --ref main -F action=deploy --repo ministryofjustice/modernisation-platform-environments

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Delius Core: RDS instance Data Refresh #8

Workflow file

Delius Core: RDS instance Data Refresh #8

Jobs

Run details

Workflow file for this run