Backup Azure production database to Azure storage #557
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backup Azure production database to Azure storage | |
| concurrency: build_and_deploy_main | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| overwriteThisMorningsBackup: | |
| required: true | |
| type: boolean | |
| default: false | |
| schedule: # 02:00 UTC | |
| - cron: '0 2 * * *' | |
| jobs: | |
| backup: | |
| name: Backup Azure Database (production) | |
| if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.overwriteThisMorningsBackup == 'true') }}# | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: production_aks | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: azure/login@v2 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Setup postgres client | |
| uses: DFE-Digital/github-actions/install-postgres-client@master | |
| with: | |
| version: 14 | |
| - name: Set up environment variables | |
| shell: bash | |
| run: | | |
| tf_backend_vars_file=terraform/aks/workspace_variables/production_aks_backend.tfvars | |
| echo "STORAGE_ACCOUNT_RG=$(awk '/resource_group_name/ {print $3}' ${tf_backend_vars_file} | tr -d '"')" >> $GITHUB_ENV | |
| . ./global_config/production_aks.sh | |
| SERVICE_SHORT=att | |
| echo "STORAGE_ACCOUNT_NAME=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}dbbkp${CONFIG_SHORT}sa" >> $GITHUB_ENV | |
| tf_vars_file=terraform/aks/workspace_variables/production_aks.tfvars.json | |
| echo "BACKUP_FILE_NAME=apply_production_$(date +"%F")" >> $GITHUB_ENV | |
| - name: Install kubectl | |
| uses: azure/setup-kubectl@v4 | |
| with: | |
| version: 'v1.26.1' # default is latest stable | |
| - uses: DFE-Digital/github-actions/set-kubelogin-environment@master | |
| with: | |
| azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: K8 setup | |
| shell: bash | |
| run: | | |
| make ci production_aks get-cluster-credentials | |
| make install-konduit | |
| - name: Back up Azure database | |
| shell: bash | |
| run: | | |
| bin/konduit.sh -t 7200 apply-production -- pg_dump -E utf8 --compress=1 --clean --if-exists --no-owner --verbose --no-password -f ${BACKUP_FILE_NAME}.sql.gz | |
| - name: Set Connection String | |
| run: | | |
| STORAGE_CONN_STR=$(az storage account show-connection-string -g $STORAGE_ACCOUNT_RG -n $STORAGE_ACCOUNT_NAME --query 'connectionString') | |
| echo "::add-mask::$STORAGE_CONN_STR" | |
| echo "AZURE_STORAGE_CONNECTION_STRING=$STORAGE_CONN_STR" >> $GITHUB_ENV | |
| - name: Upload Backup to Azure Storage | |
| run: | | |
| az config set extension.use_dynamic_install=yes_without_prompt | |
| az config set core.only_show_errors=true | |
| az storage azcopy blob upload --container database-backup \ | |
| --source ${BACKUP_FILE_NAME}.sql.gz | |
| - name: Notify Slack channel on job failure | |
| if: failure() | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_USERNAME: CI Deployment | |
| SLACK_TITLE: Database backup failure | |
| SLACK_MESSAGE: Production database backup job failed | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_COLOR: failure | |
| SLACK_FOOTER: Sent from backup job in database-backup workflow |