From a62565d63b8109244d0f310368239b1586b66046 Mon Sep 17 00:00:00 2001
From: John Ake <johnake@hotmail.com>
Date: Thu, 14 Sep 2023 16:28:01 +0100
Subject: [PATCH] add db refresh from paas to aks

---
 .github/workflows/restore-paas-db-to-aks.yml | 193 +++++++++----------
 1 file changed, 94 insertions(+), 99 deletions(-)

diff --git a/.github/workflows/restore-paas-db-to-aks.yml b/.github/workflows/restore-paas-db-to-aks.yml
index ca789b0b..90b5ba55 100644
--- a/.github/workflows/restore-paas-db-to-aks.yml
+++ b/.github/workflows/restore-paas-db-to-aks.yml
@@ -2,9 +2,9 @@ name: Backup and restore Postgres DB from PAAS to AKS
 
 on:
   push:
-    branches: 
-    - 365-enable-daily-database-refresh-from-paas-to-aks
-  
+    branches:
+      - 365-enable-daily-database-refresh-from-paas-to-aks
+
   workflow_dispatch:
     inputs:
       environment:
@@ -22,54 +22,54 @@ jobs:
     environment: dev
 
     steps:
-    - run: |
-        echo "Hello World"
-
-    - uses: actions/checkout@v4
-
-    - uses: Azure/login@v1
-      with:
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-    - uses: DFE-Digital/github-actions/install-postgres-client@master
-    
-    - name: Set environment variables
-      shell: bash
-      run: |
-        tf_vars_file=terraform/paas/workspace_variables/dev.tfvars.json
-        echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
-        echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV
-
-    - name: Retrieve Cloudfoundry credentials from KV
-      uses: azure/CLI@v1
-      id: fetch-cf-creds
-      with:
-        inlineScript: |
-          SECRET_VALUE=$(az keyvault secret show --name "PAAS-USER" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
-          echo "::add-mask::$SECRET_VALUE"
-          echo "PAAS-USER=$SECRET_VALUE" >> $GITHUB_OUTPUT
-
-          SECRET_VALUE=$(az keyvault secret show --name "PAAS-PASSWORD" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
-          echo "::add-mask::$SECRET_VALUE"
-          echo "PAAS-PASSWORD=$SECRET_VALUE" >> $GITHUB_OUTPUT
-
-    - uses: DFE-Digital/github-actions/setup-cf-cli@master
-      with:
-        CF_USERNAME: ${{ steps.fetch-cf-creds.outputs.PAAS-USER }}
-        CF_PASSWORD: ${{ steps.fetch-cf-creds.outputs.PAAS-PASSWORD }}
-        CF_SPACE_NAME: ${{ env.PAAS_SPACE }}
-        INSTALL_CONDUIT: true
-    
-    - name: Backup database
-      run: |
-        cf conduit find-a-lost-trn-dev-pg-svc -- pg_dump -E utf8 --clean --compress=1 --if-exists --no-owner --no-privileges --verbose -f backup.sql.gz
-
-    - name: Upload backup
-      uses: actions/upload-artifact@v3
-      with:
-        name: ${{ env.BACKUP_ARTIFACT_NAME }}
-        path: backup.sql.gz
-        retention-days: 1
+      - run: |
+          echo "Hello World"
+
+      - uses: actions/checkout@v4
+
+      - uses: Azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - uses: DFE-Digital/github-actions/install-postgres-client@master
+
+      - name: Set environment variables
+        shell: bash
+        run: |
+          tf_vars_file=terraform/paas/workspace_variables/dev.tfvars.json
+          echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
+          echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV
+
+      - name: Retrieve Cloudfoundry credentials from KV
+        uses: azure/CLI@v1
+        id: fetch-cf-creds
+        with:
+          inlineScript: |
+            SECRET_VALUE=$(az keyvault secret show --name "PAAS-USER" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
+            echo "::add-mask::$SECRET_VALUE"
+            echo "PAAS-USER=$SECRET_VALUE" >> $GITHUB_OUTPUT
+
+            SECRET_VALUE=$(az keyvault secret show --name "PAAS-PASSWORD" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv)
+            echo "::add-mask::$SECRET_VALUE"
+            echo "PAAS-PASSWORD=$SECRET_VALUE" >> $GITHUB_OUTPUT
+
+      - uses: DFE-Digital/github-actions/setup-cf-cli@master
+        with:
+          CF_USERNAME: ${{ steps.fetch-cf-creds.outputs.PAAS-USER }}
+          CF_PASSWORD: ${{ steps.fetch-cf-creds.outputs.PAAS-PASSWORD }}
+          CF_SPACE_NAME: ${{ env.PAAS_SPACE }}
+          INSTALL_CONDUIT: true
+
+      - name: Backup database
+        run: |
+          cf conduit find-a-lost-trn-dev-pg-svc -- pg_dump -E utf8 --clean --compress=1 --if-exists --no-owner --no-privileges --verbose -f backup.sql.gz
+
+      - name: Upload backup
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ env.BACKUP_ARTIFACT_NAME }}
+          path: backup.sql.gz
+          retention-days: 1
 
   restore:
     name: Restore to AKS
@@ -82,51 +82,46 @@ jobs:
       ENVIRONMENT_NAME: development_aks
 
     steps:
-    - uses: actions/checkout@v4
-
-    - uses: Azure/login@v1
-      with:
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-    - run: |
-        test_cluster_rg=s189t01-tsc-ts-rg
-        test_cluster_name=s189t01-tsc-test-aks
-
-        case "${ENVIRONMENT_NAME}" in
-        development_aks)
-          echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV
-          echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV
-          echo "key_vault_name=s189t01-trs-dv-inf-kv" >> $GITHUB_ENV
-          ;;
-        *)
-          echo "unknown cluster"
-          ;;
-        esac
-
-    - uses: azure/setup-kubectl@v3
-
-    - run: |
-        az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }}
-        make bin/konduit.sh
-
-    - name: Download backup
-      uses: actions/download-artifact@v3
-      with:
-        name: ${{ env.BACKUP_ARTIFACT_NAME }}
-
-    - name: Restore database
-      run: bin/konduit.sh -i backup.sql.gz -c find-a-lost-trn-development -- psql
-
-    - name: Remove PaaS event triggers
-      shell: bash
-      run: |
-        bin/konduit.sh find-a-lost-trn-development -- psql -c 'drop event trigger forbid_ddl_reader; drop event trigger make_readable; drop event trigger reassign_owned;'
-
-    - uses: geekyeggo/delete-artifact@v2
-      with:
-        name: ${{ env.BACKUP_ARTIFACT_NAME }}
-
-
-
-
-
+      - uses: actions/checkout@v4
+
+      - uses: Azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - run: |
+          test_cluster_rg=s189t01-tsc-ts-rg
+          test_cluster_name=s189t01-tsc-test-aks
+
+          case "${ENVIRONMENT_NAME}" in
+          development_aks)
+            echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV
+            echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV
+            echo "key_vault_name=s189t01-trs-dv-inf-kv" >> $GITHUB_ENV
+            ;;
+          *)
+            echo "unknown cluster"
+            ;;
+          esac
+
+      - uses: azure/setup-kubectl@v3
+
+      - run: |
+          az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }}
+          make bin/konduit.sh
+
+      - name: Download backup
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ env.BACKUP_ARTIFACT_NAME }}
+
+      - name: Restore database
+        run: bin/konduit.sh -i backup.sql.gz -c find-a-lost-trn-development -- psql
+
+      - name: Remove PaaS event triggers
+        shell: bash
+        run: |
+          bin/konduit.sh find-a-lost-trn-development -- psql -c 'drop event trigger forbid_ddl_reader; drop event trigger make_readable; drop event trigger reassign_owned;'
+
+      - uses: geekyeggo/delete-artifact@v2
+        with:
+          name: ${{ env.BACKUP_ARTIFACT_NAME }}