Skip to content

Commit

Permalink
add db refresh from paas to aks
Browse files Browse the repository at this point in the history
  • Loading branch information
johnake committed Sep 14, 2023
1 parent 6eadaa4 commit a62565d
Showing 1 changed file with 94 additions and 99 deletions.
193 changes: 94 additions & 99 deletions .github/workflows/restore-paas-db-to-aks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Backup and restore Postgres DB from PAAS to AKS

on:
push:
branches:
- 365-enable-daily-database-refresh-from-paas-to-aks
branches:
- 365-enable-daily-database-refresh-from-paas-to-aks

workflow_dispatch:
inputs:
environment:
Expand All @@ -22,54 +22,54 @@ jobs:
environment: dev

steps:
- run: |
echo "Hello World"
- uses: actions/checkout@v4

- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- uses: DFE-Digital/github-actions/install-postgres-client@master
- name: Set environment variables
shell: bash
run: |
tf_vars_file=terraform/paas/workspace_variables/dev.tfvars.json
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV
- name: Retrieve Cloudfoundry credentials from KV
uses: azure/CLI@v1
id: fetch-cf-creds
with:
inlineScript: |
SECRET_VALUE=$(az keyvault secret show --name "PAAS-USER" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "PAAS-USER=$SECRET_VALUE" >> $GITHUB_OUTPUT
SECRET_VALUE=$(az keyvault secret show --name "PAAS-PASSWORD" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "PAAS-PASSWORD=$SECRET_VALUE" >> $GITHUB_OUTPUT
- uses: DFE-Digital/github-actions/setup-cf-cli@master
with:
CF_USERNAME: ${{ steps.fetch-cf-creds.outputs.PAAS-USER }}
CF_PASSWORD: ${{ steps.fetch-cf-creds.outputs.PAAS-PASSWORD }}
CF_SPACE_NAME: ${{ env.PAAS_SPACE }}
INSTALL_CONDUIT: true
- name: Backup database
run: |
cf conduit find-a-lost-trn-dev-pg-svc -- pg_dump -E utf8 --clean --compress=1 --if-exists --no-owner --no-privileges --verbose -f backup.sql.gz
- name: Upload backup
uses: actions/upload-artifact@v3
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}
path: backup.sql.gz
retention-days: 1
- run: |
echo "Hello World"
- uses: actions/checkout@v4

- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- uses: DFE-Digital/github-actions/install-postgres-client@master

- name: Set environment variables
shell: bash
run: |
tf_vars_file=terraform/paas/workspace_variables/dev.tfvars.json
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV
- name: Retrieve Cloudfoundry credentials from KV
uses: azure/CLI@v1
id: fetch-cf-creds
with:
inlineScript: |
SECRET_VALUE=$(az keyvault secret show --name "PAAS-USER" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "PAAS-USER=$SECRET_VALUE" >> $GITHUB_OUTPUT
SECRET_VALUE=$(az keyvault secret show --name "PAAS-PASSWORD" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "PAAS-PASSWORD=$SECRET_VALUE" >> $GITHUB_OUTPUT
- uses: DFE-Digital/github-actions/setup-cf-cli@master
with:
CF_USERNAME: ${{ steps.fetch-cf-creds.outputs.PAAS-USER }}
CF_PASSWORD: ${{ steps.fetch-cf-creds.outputs.PAAS-PASSWORD }}
CF_SPACE_NAME: ${{ env.PAAS_SPACE }}
INSTALL_CONDUIT: true

- name: Backup database
run: |
cf conduit find-a-lost-trn-dev-pg-svc -- pg_dump -E utf8 --clean --compress=1 --if-exists --no-owner --no-privileges --verbose -f backup.sql.gz
- name: Upload backup
uses: actions/upload-artifact@v3
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}
path: backup.sql.gz
retention-days: 1

restore:
name: Restore to AKS
Expand All @@ -82,51 +82,46 @@ jobs:
ENVIRONMENT_NAME: development_aks

steps:
- uses: actions/checkout@v4

- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- run: |
test_cluster_rg=s189t01-tsc-ts-rg
test_cluster_name=s189t01-tsc-test-aks
case "${ENVIRONMENT_NAME}" in
development_aks)
echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV
echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV
echo "key_vault_name=s189t01-trs-dv-inf-kv" >> $GITHUB_ENV
;;
*)
echo "unknown cluster"
;;
esac
- uses: azure/setup-kubectl@v3

- run: |
az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }}
make bin/konduit.sh
- name: Download backup
uses: actions/download-artifact@v3
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}

- name: Restore database
run: bin/konduit.sh -i backup.sql.gz -c find-a-lost-trn-development -- psql

- name: Remove PaaS event triggers
shell: bash
run: |
bin/konduit.sh find-a-lost-trn-development -- psql -c 'drop event trigger forbid_ddl_reader; drop event trigger make_readable; drop event trigger reassign_owned;'
- uses: geekyeggo/delete-artifact@v2
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}





- uses: actions/checkout@v4

- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- run: |
test_cluster_rg=s189t01-tsc-ts-rg
test_cluster_name=s189t01-tsc-test-aks
case "${ENVIRONMENT_NAME}" in
development_aks)
echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV
echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV
echo "key_vault_name=s189t01-trs-dv-inf-kv" >> $GITHUB_ENV
;;
*)
echo "unknown cluster"
;;
esac
- uses: azure/setup-kubectl@v3

- run: |
az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }}
make bin/konduit.sh
- name: Download backup
uses: actions/download-artifact@v3
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}

- name: Restore database
run: bin/konduit.sh -i backup.sql.gz -c find-a-lost-trn-development -- psql

- name: Remove PaaS event triggers
shell: bash
run: |
bin/konduit.sh find-a-lost-trn-development -- psql -c 'drop event trigger forbid_ddl_reader; drop event trigger make_readable; drop event trigger reassign_owned;'
- uses: geekyeggo/delete-artifact@v2
with:
name: ${{ env.BACKUP_ARTIFACT_NAME }}

0 comments on commit a62565d

Please sign in to comment.