Backup database #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Backup database | |
on: | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: Environment to backup | |
required: true | |
default: test | |
type: choice | |
options: | |
- test | |
- preprod | |
- production | |
backup-file: | |
description: | | |
Backup file name (without extension). Default is rsm_[env]_adhoc_YYYY-MM-DD. Set it explicitly when backing up a point-in-time (PTR) server. (Optional) | |
required: false | |
type: string | |
default: default | |
db-server: | |
description: | | |
Name of the database server. Default is the live server. When backing up a point-in-time (PTR) server, use the full name of the PTR server. (Optional) | |
schedule: | |
- cron: "0 4 * * *" # 04:00 UTC | |
env: | |
SERVICE_NAME: refer-serious-misconduct | |
SERVICE_SHORT: rsm | |
TF_VARS_PATH: terraform/application/config | |
jobs: | |
backup: | |
name: Backup database | |
runs-on: ubuntu-latest | |
environment: | |
name: aks-${{ inputs.environment || 'production' }} | |
env: | |
DEPLOY_ENV: ${{ inputs.environment || 'production' }} | |
BACKUP_FILE: ${{ inputs.backup-file || 'schedule' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: azure/login@v2 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Set environment variables | |
run: | | |
source global_config/${DEPLOY_ENV}.sh | |
tf_vars_file=${TF_VARS_PATH}/${DEPLOY_ENV}.tfvars.json | |
echo "CLUSTER=$(jq -r '.cluster' ${tf_vars_file})" >> $GITHUB_ENV | |
echo "RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV | |
echo "STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}dbbkp${CONFIG_SHORT}sa" >> $GITHUB_ENV | |
TODAY=$(date +"%F") | |
echo "DB_SERVER=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-pg" >> $GITHUB_ENV | |
if [ "${BACKUP_FILE}" == "schedule" ]; then | |
BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_${TODAY} | |
elif [ "${BACKUP_FILE}" == "default" ]; then | |
BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_adhoc_${TODAY} | |
else | |
BACKUP_FILE=${BACKUP_FILE} | |
fi | |
echo "BACKUP_FILE=${BACKUP_FILE}" >> $GITHUB_ENV | |
echo "KEYVAULT_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv" >> $GITHUB_ENV | |
- name: Fetch secrets from key vault | |
uses: azure/CLI@v2 | |
id: key-vault-secrets | |
with: | |
inlineScript: | | |
SLACK_WEBHOOK=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name ${KEYVAULT_NAME} --query "value" -o tsv) | |
echo "::add-mask::$SLACK_WEBHOOK" | |
echo "SLACK_WEBHOOK=$SLACK_WEBHOOK" >> $GITHUB_OUTPUT | |
- name: Backup AKS ${{ env.DEPLOY_ENV }} postgres | |
uses: DFE-Digital/github-actions/backup-postgres@master | |
with: | |
storage-account: ${{ env.STORAGE_ACCOUNT_NAME }} | |
resource-group: ${{ env.RESOURCE_GROUP_NAME }} | |
app-name: refer-serious-misconduct-${{ env.DEPLOY_ENV }} | |
cluster: ${{ env.CLUSTER }} | |
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
backup-file: ${{ env.BACKUP_FILE }}.sql | |
db-server-name: ${{ inputs.db-server }} | |
slack-webhook: ${{ steps.key-vault-secrets.outputs.SLACK_WEBHOOK }} |