Skip to content

Commit

Permalink
add db refresh from paas to aks
Browse files Browse the repository at this point in the history
  • Loading branch information
johnake committed Sep 15, 2023
1 parent 60aecd6 commit 61d2865
Show file tree
Hide file tree
Showing 3 changed files with 143 additions and 0 deletions.
138 changes: 138 additions & 0 deletions .github/workflows/restore-paas-db-to-aks.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
name: Backup and restore Postgres DB from PAAS to AKS

on:
workflow_dispatch:
inputs:
environment:
type: choice
options:
- dev

env:
BACKUP_ARTIFACT_NAME: dev-backup

jobs:
backup:
name: Backup from PAAS
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}

outputs:
ENVIRONMENT_NAME: ${{ env.ENVIRONMENT_NAME }}

steps:
- uses: actions/checkout@v4

- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- uses: DFE-Digital/github-actions/install-postgres-client@master

- name: Set environment variables
shell: bash
run: |
tf_vars_file=terraform/paas/workspace_variables/${{ inputs.environment }}.tfvars.json
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV
- name: Retrieve Cloudfoundry credentials from KV
uses: azure/CLI@v1
id: fetch-cf-creds
with:
inlineScript: |
SECRET_VALUE=$(az keyvault secret show --name "PAAS-USER" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "PAAS-USER=$SECRET_VALUE" >> $GITHUB_OUTPUT
SECRET_VALUE=$(az keyvault secret show --name "PAAS-PASSWORD" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "PAAS-PASSWORD=$SECRET_VALUE" >> $GITHUB_OUTPUT
- uses: DFE-Digital/github-actions/setup-cf-cli@master
with:
CF_USERNAME: ${{ steps.fetch-cf-creds.outputs.PAAS-USER }}
CF_PASSWORD: ${{ steps.fetch-cf-creds.outputs.PAAS-PASSWORD }}
CF_SPACE_NAME: ${{ env.PAAS_SPACE }}
INSTALL_CONDUIT: true

- name: Backup database
run: |
cf conduit find-a-lost-trn-${{ inputs.environment }}-pg-svc -- pg_dump -E utf8 --clean --compress=1 --if-exists --no-owner --no-privileges --verbose -f backup.sql.gz
- name: Upload backup
uses: actions/upload-artifact@v3
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}
path: backup.sql.gz
retention-days: 1

- run: |
case "${ENVIRONMENT_NAME}" in
dev)
echo "ENVIRONMENT_NAME=development_aks" >> $GITHUB_ENV
;;
*)
echo "unknown cluster"
;;
esac
restore:
name: Restore to AKS
runs-on: ubuntu-latest
needs: backup

environment: ${{ needs.backup.outputs.ENVIRONMENT_NAME }}

env:
ENVIRONMENT_NAME: ${{ needs.backup.outputs.ENVIRONMENT_NAME }}

steps:
- uses: actions/checkout@v4

- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- name: Set environment variables
shell: bash
run: |
tf_vars_file=terraform/aks/workspace_variables/${{ env.ENVIRONMENT_NAME }}.tfvars.json
- run: |
test_cluster_rg=s189t01-tsc-ts-rg
test_cluster_name=s189t01-tsc-test-aks
case "${ENVIRONMENT_NAME}" in
development_aks)
echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV
echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV
echo "app_name=find-a-lost-trn-development" >> $GITHUB_ENV
;;
*)
echo "unknown cluster"
;;
esac
- uses: azure/setup-kubectl@v3

- run: |
az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }}
make bin/konduit.sh
- name: Download backup
uses: actions/download-artifact@v3
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}

- name: Restore database
run: bin/konduit.sh -i backup.sql.gz -c ${{ env.app_name }} -- psql

- name: Remove PaaS event triggers
shell: bash
run: |
bin/konduit.sh ${{ env.app_name }} -- psql -c 'drop event trigger forbid_ddl_reader; drop event trigger make_readable; drop event trigger reassign_owned;'
- uses: geekyeggo/delete-artifact@v2
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ terraform/*token*
terraform/*/vendor
terraform/*/.terraform
bin/terrafile
bin/konduit.sh

# Local .terraform directories
**/.terraform/*
Expand Down
4 changes: 4 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,10 @@ ci: ## Run in automation environment
$(eval AUTO_APPROVE=-auto-approve)
$(eval SP_AUTH=true)

bin/konduit.sh:
curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/main/scripts/konduit.sh -o bin/konduit.sh \
&& chmod +x bin/konduit.sh

bin/terrafile: ## Install terrafile to manage terraform modules
curl -sL https://github.com/coretech/terrafile/releases/download/v${TERRAFILE_VERSION}/terrafile_${TERRAFILE_VERSION}_$$(uname)_x86_64.tar.gz \
| tar xz -C ./bin terrafile
Expand Down

0 comments on commit 61d2865

Please sign in to comment.