Skip to content

add db refresh from paas to aks #7

add db refresh from paas to aks

add db refresh from paas to aks #7

name: Backup and restore Postgres DB from PAAS to AKS
on:
push:
branches:
- 365-enable-daily-database-refresh-from-paas-to-aks
workflow_dispatch:
inputs:
environment:
type: choice
options:
- dev
env:
BACKUP_ARTIFACT_NAME: dev-backup
jobs:
backup:
name: Backup from PAAS
runs-on: ubuntu-latest
environment: dev
outputs:
ENVIRONMENT_NAME: ${{ env.ENVIRONMENT_NAME }}
steps:
- uses: actions/checkout@v4
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: DFE-Digital/github-actions/install-postgres-client@master
- name: Set environment variables
shell: bash
run: |
tf_vars_file=terraform/paas/workspace_variables/${{ inputs.environment }}.tfvars.json
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV
- name: Retrieve Cloudfoundry credentials from KV
uses: azure/CLI@v1
id: fetch-cf-creds
with:
inlineScript: |
SECRET_VALUE=$(az keyvault secret show --name "PAAS-USER" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "PAAS-USER=$SECRET_VALUE" >> $GITHUB_OUTPUT
SECRET_VALUE=$(az keyvault secret show --name "PAAS-PASSWORD" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "PAAS-PASSWORD=$SECRET_VALUE" >> $GITHUB_OUTPUT
- uses: DFE-Digital/github-actions/setup-cf-cli@master
with:
CF_USERNAME: ${{ steps.fetch-cf-creds.outputs.PAAS-USER }}
CF_PASSWORD: ${{ steps.fetch-cf-creds.outputs.PAAS-PASSWORD }}
CF_SPACE_NAME: ${{ env.PAAS_SPACE }}
INSTALL_CONDUIT: true
- name: Backup database
run: |
cf conduit find-a-lost-trn-dev-pg-svc -- pg_dump -E utf8 --clean --compress=1 --if-exists --no-owner --no-privileges --verbose -f backup.sql.gz
- name: Upload backup
uses: actions/upload-artifact@v3
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}
path: backup.sql.gz
retention-days: 1
- run: |
case "${ENVIRONMENT_NAME}" in
dev)
echo "ENVIRONMENT_NAME=development_aks" >> $GITHUB_ENV
;;
*)
echo "unknown cluster"
;;
esac
restore:
name: Restore to AKS
runs-on: ubuntu-latest
needs: backup
environment: ${{ needs.backup.outputs.ENVIRONMENT_NAME }}
env:
ENVIRONMENT_NAME: ${{ needs.backup.outputs.ENVIRONMENT_NAME }}
steps:
- uses: actions/checkout@v4
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set environment variables
shell: bash
run: |
tf_vars_file=terraform/aks/workspace_variables/${{ env.ENVIRONMENT_NAME }}_aks.tfvars.json
- run: |
test_cluster_rg=s189t01-tsc-ts-rg
test_cluster_name=s189t01-tsc-test-aks
case "${ENVIRONMENT_NAME}" in
development_aks)
echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV
echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV
echo "app_name=find-a-lost-trn-development" >> $GITHUB_ENV
;;
*)
echo "unknown cluster"
;;
esac
- uses: azure/setup-kubectl@v3
- run: |
az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }}
make bin/konduit.sh
- name: Download backup
uses: actions/download-artifact@v3
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}
- name: Restore database
run: bin/konduit.sh -i backup.sql.gz -c ${{ env.app_name }} -- psql
- name: Remove PaaS event triggers
shell: bash
run: |
bin/konduit.sh ${{ env.app_name }} -- psql -c 'drop event trigger forbid_ddl_reader; drop event trigger make_readable; drop event trigger reassign_owned;'
- uses: geekyeggo/delete-artifact@v2
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}