Backup Database to Azure Storage #523
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Backup Database to Azure Storage | |
on: | |
workflow_dispatch: | |
schedule: # 01:00 UTC | |
- cron: "0 1 * * *" | |
jobs: | |
backup: | |
name: Backup PaaS Database ( Production ) | |
runs-on: ubuntu-latest | |
environment: | |
name: production | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- uses: Azure/login@v1 | |
with: | |
creds: ${{ secrets.azure_credentials }} | |
- name: Set environment variables | |
shell: bash | |
run: | | |
tf_vars_file=terraform/paas/workspace_variables/production.tfvars.json | |
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV | |
echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV | |
- uses: Azure/get-keyvault-secrets@v1 | |
id: get_secrets | |
with: | |
keyvault: ${{ env.KEY_VAULT_NAME }} | |
secrets: "BACKUP-STORAGE-CONNECTION-STRING,PAAS-USER,PAAS-PASSWORD" | |
- uses: DfE-Digital/keyvault-yaml-secret@v1 | |
id: keyvault-yaml-secret | |
with: | |
keyvault: ${{ env.KEY_VAULT_NAME }} | |
secret: MONITORING | |
key: SLACK_WEBHOOK | |
env: | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
- name: Setup cf cli | |
uses: DFE-Digital/github-actions/setup-cf-cli@master | |
with: | |
CF_USERNAME: ${{ steps.get_secrets.outputs.PAAS-USER }} | |
CF_PASSWORD: ${{ steps.get_secrets.outputs.PAAS-PASSWORD }} | |
CF_SPACE_NAME: ${{ env.PAAS_SPACE }} | |
INSTALL_CONDUIT: true | |
- name: Setup postgres client | |
uses: DFE-Digital/github-actions/install-postgres-client@master | |
- name: Set environment variable | |
run: echo "BACKUP_FILE_NAME=find-a-lost-trn-production-pg-svc-$(date +"%F-%H")" >> $GITHUB_ENV | |
- name: Backup Production DB | |
run: | | |
cf conduit find-a-lost-trn-production-pg-svc -- pg_dump -E utf8 --clean --if-exists --no-owner --verbose --no-password -f ${BACKUP_FILE_NAME}.sql | |
tar -cvzf ${BACKUP_FILE_NAME}.tar.gz ${BACKUP_FILE_NAME}.sql | |
- name: Upload Backup to Azure Storage | |
run: | | |
az storage blob upload --container-name find-a-lost-trn \ | |
--file ${BACKUP_FILE_NAME}.tar.gz --name ${BACKUP_FILE_NAME}.tar.gz \ | |
--connection-string '${{ steps.get_secrets.outputs.BACKUP-STORAGE-CONNECTION-STRING }}' \ | |
--overwrite true | |
- name: Notify Slack channel on job failure | |
if: failure() | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_USERNAME: CI Deployment | |
SLACK_TITLE: Database backup failure | |
SLACK_MESSAGE: Production database backup job failed | |
SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK_WEBHOOK }} | |
SLACK_COLOR: failure | |
SLACK_FOOTER: Sent from backup job in database-backup workflow |