-
Notifications
You must be signed in to change notification settings - Fork 0
81 lines (67 loc) · 2.73 KB
/
database-backup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
name: Backup Database to Azure Storage
on:
workflow_dispatch:
inputs:
overwriteThisMorningsBackup:
required: true
type: boolean
default: false
schedule: # 01:00 UTC
- cron: '0 1 * * *'
jobs:
backup:
name: Backup AKS Database (production)
if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.overwriteThisMorningsBackup == 'true') }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
name: Checkout
- name: Set KV environment variables
run: |
tf_vars_file=terraform/aks/config/production.tfvars.json
echo "key_vault_name=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS_PRODUCTION }}
- uses: DFE-Digital/github-actions/set-kubelogin-environment@master
with:
azure-credentials: ${{ secrets.AZURE_CREDENTIALS_PRODUCTION }}
- name: Install kubectl
uses: azure/setup-kubectl@v3
with:
version: "v1.26.1" # default is latest stable
- name: K8 setup
shell: bash
run: |
make ci production get-cluster-credentials
make install-konduit
- name: Setup postgres client
uses: DFE-Digital/github-actions/install-postgres-client@master
- name: Set environment variable
run: echo "BACKUP_FILE_NAME=trp_prod_$(date +"%F")" >> $GITHUB_ENV
- name: Backup Prod DB
run: |
bin/konduit.sh teacher-relocation-payment-production -- pg_dump -E utf8 --clean --if-exists --no-owner --verbose --no-password -f ${BACKUP_FILE_NAME}.sql
tar -cvzf ${BACKUP_FILE_NAME}.tar.gz ${BACKUP_FILE_NAME}.sql
- name: Set Connection String
run: |
STORAGE_CONN_STR="$(az keyvault secret show --name TRP-BACKUP-STORAGE-CONNECTION-STRING --vault-name ${{ env.key_vault_name }} | jq -r .value)"
echo "::add-mask::$STORAGE_CONN_STR"
echo "STORAGE_CONN_STR=$STORAGE_CONN_STR" >> $GITHUB_ENV
- name: Upload Backup to Azure Storage
run: |
az storage blob upload --container-name database-backup \
--file ${BACKUP_FILE_NAME}.tar.gz --name ${BACKUP_FILE_NAME}.tar.gz --overwrite \
--connection-string '${{ env.STORAGE_CONN_STR }}'
rm ${BACKUP_FILE_NAME}.tar.gz
- name: Check for Failure
if: ${{ failure() }}
uses: rtCamp/action-slack-notify@master
env:
SLACK_CHANNEL: twd_bat_devops
SLACK_COLOR: '#ef5343'
SLACK_ICON_EMOJI: ':github-logo:'
SLACK_USERNAME: Teacher Relocation Payment
SLACK_TITLE: Backup Failure
SLACK_MESSAGE: ':alert: Backup failure :sadparrot:'
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}