-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (117 loc) · 5.05 KB
/
backup-db.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Backup database to Azure storage
on:
workflow_dispatch:
inputs:
environment:
description: Environment to backup
required: true
default: staging
type: choice
options:
- staging
- production
backup-file:
description: |
Backup file name (without extension). Default is cpdec2_[env]_adhoc_YYYY-MM-DD. Set it explicitly when backing up a point-in-time (PTR) server. (Optional)
required: false
type: string
default: default
db-server:
description: |
Name of the database server. Default is the live server. When backing up a point-in-time (PTR) server, use the full name of the PTR server. (Optional)
workflow_call:
secrets:
azure-credentials:
description: Azure credentials
required: false
inputs:
environment:
description: Environment to backup
required: true
default: staging
type: string
backup-file:
description: |
Backup file name (without extension). Default is cpdec2_[env]_adhoc_YYYY-MM-DD. Set it explicitly when backing up a point-in-time (PTR) server. (Optional)
required: false
type: string
default: default
db-server:
description: |
Name of the database server. Default is the live server. When backing up a point-in-time (PTR) server, use the full name of the PTR server. (Optional)
type: string
required: false
env:
SERVICE_NAME: cpd-ec2
SERVICE_SHORT: cpdec2
TF_VARS_PATH: config/terraform/application/config
jobs:
backup:
name: Backup database
runs-on: ubuntu-latest
environment:
name: ${{ inputs.environment || 'production' }}
env:
DEPLOY_ENV: ${{ inputs.environment || 'production' }}
BACKUP_FILE: ${{ inputs.backup-file || 'schedule' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: azure/login@v2
with:
creds: ${{ secrets.azure-credentials || secrets.AZURE_CREDENTIALS }}
- name: Set Azure environment variables
run: |
# Load environment-specific configuration
source config/global_config/${DEPLOY_ENV}.sh
tf_vars_file=${TF_VARS_PATH}/${DEPLOY_ENV}.tfvars.json
# Set Azure environment variables
echo "CLUSTER=$(jq -r '.cluster' ${tf_vars_file})" >> $GITHUB_ENV
echo "RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV
echo "STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}dbbkp${CONFIG_SHORT}sa" >> $GITHUB_ENV
echo "DB_SERVER=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-pg" >> $GITHUB_ENV
echo "KEYVAULT_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv" >> $GITHUB_ENV
echo "APP_NAME=${SERVICE_NAME}-${DEPLOY_ENV}-web" >> $GITHUB_ENV
- name: Generate the backup file name
run: |
# Load environment-specific configuration
source config/global_config/${DEPLOY_ENV}.sh
TODAY=$(date +"%F")
# Set BACKUP_FILE variable
if [ "${BACKUP_FILE}" == "schedule" ]; then
BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_${TODAY}
elif [ "${BACKUP_FILE}" == "default" ]; then
BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_adhoc_${TODAY}
else
BACKUP_FILE=${BACKUP_FILE}
fi
echo "BACKUP_FILE=${BACKUP_FILE}" >> $GITHUB_ENV
- name: Fetch secrets from key vault
uses: azure/CLI@v2
id: key-vault-secrets
with:
inlineScript: |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name ${KEYVAULT_NAME} --query "value" -o tsv)
echo "::add-mask::$SLACK_WEBHOOK"
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT
- name: Backup ${{ env.DEPLOY_ENV }} postgres
uses: DFE-Digital/github-actions/backup-postgres@master
with:
storage-account: ${{ env.STORAGE_ACCOUNT_NAME }}
resource-group: ${{ env.RESOURCE_GROUP_NAME }}
app-name: ${{ env.APP_NAME }}
cluster: ${{ env.CLUSTER }}
azure-credentials: ${{ secrets.azure-credentials || secrets.AZURE_CREDENTIALS }}
backup-file: ${{ env.BACKUP_FILE }}.sql
db-server-name: ${{ inputs.db-server }}
slack-webhook: ${{ steps.key-vault-secrets.outputs.SLACK_WEBHOOK }}
- name: Notify Slack channel on job success
if: success()
uses: rtCamp/action-slack-notify@v2
env:
SLACK_USERNAME: CI Deployment
SLACK_TITLE: ${{ env.APP_NAME }} - ${{ env.DEPLOY_ENV }} database backup job succeeded
SLACK_MESSAGE: ${{ env.DEPLOY_ENV }} database dump stored in Azure Storage (${{ env.STORAGE_ACCOUNT_NAME }} / database-backup / ${{ env.BACKUP_FILE }}.sql) - Success
SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK_WEBHOOK }}
SLACK_COLOR: success
SLACK_FOOTER: Sent from backup-db workflow