diff --git a/.github/workflows/database-backup.yml b/.github/workflows/database-backup.yml index d5f0855a..1d2c29a6 100644 --- a/.github/workflows/database-backup.yml +++ b/.github/workflows/database-backup.yml @@ -42,6 +42,10 @@ jobs: steps: - uses: actions/checkout@v4 + - uses: azure/login@v2 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + - name: Set environment variables run: | source global_config/${DEPLOY_ENV}.sh @@ -61,6 +65,15 @@ jobs: echo "BACKUP_FILE=${BACKUP_FILE}" >> $GITHUB_ENV echo "KEYVAULT_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv" >> $GITHUB_ENV + - name: Fetch secrets from key vault + uses: azure/CLI@v2 + id: key-vault-secrets + with: + inlineScript: | + SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name ${KEYVAULT_NAME} --query "value" -o tsv) + echo "::add-mask::$SLACK_WEBHOOK" + echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT + - name: Backup ${{ env.DEPLOY_ENV }} postgres uses: DFE-Digital/github-actions/backup-postgres@master with: @@ -71,38 +84,4 @@ jobs: azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} backup-file: ${{ env.BACKUP_FILE }}.sql db-server-name: ${{ inputs.db-server }} - - - name: Backup Summary - if: success() - run: | - NOW=$(TZ=Europe/London date +"%F %R") - echo 'BACKUP SUCCESSFUL!' >> $GITHUB_STEP_SUMMARY - echo ' ENV: ${{ env.DEPLOY_ENV }}' >> $GITHUB_STEP_SUMMARY - echo " AT : ${NOW}" >> $GITHUB_STEP_SUMMARY - echo ' DB SERVER: ${{ inputs.db-server || env.DB_SERVER }}' >> $GITHUB_STEP_SUMMARY - echo ' STORAGE ACCOUNT: ${{ env.STORAGE_ACCOUNT_NAME }}' >> $GITHUB_STEP_SUMMARY - echo ' FILENAME: ${{ env.BACKUP_FILE }}.sql.gz' >> $GITHUB_STEP_SUMMARY - - - uses: azure/login@v2 - if: failure() - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - name: Get Slack webhook - uses: Azure/get-keyvault-secrets@v1 - if: failure() - id: key-vault-secrets - with: - keyvault: ${{ env.KEYVAULT_NAME }} - secrets: "SLACK-WEBHOOK" - - - name: Notify Slack channel on job failure - if: failure() - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_USERNAME: CI Deployment - SLACK_TITLE: Database backup failure - SLACK_MESSAGE: Production database backup job failed - SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK-WEBHOOK }} - SLACK_COLOR: failure - SLACK_FOOTER: Sent from backup job in backup-db workflow + slack-webhook: ${{ steps.key-vault-secrets.outputs.SLACK_WEBHOOK }}