opencrvs · rikukissa · Jan 5, 2024 · Dec 15, 2023 · Dec 15, 2023 · Dec 15, 2023
diff --git a/.github/workflows/backup-check.yml b/.github/workflows/backup-check.yml
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -5,10 +5,10 @@ on:
  inputs:
  branch_name:
  description: Branch to build from
- default: develop
+ default: master
  required: true
  release_version:
- description: Release version number
+ description: Release tag. It will be prepended by your repository name
  required: true
 
 jobs:
@@ -20,15 +20,26 @@ jobs:
  secret: ${{ github.TOKEN }}
  approvers: euanmillar,rikukissa
  minimum-approvals: 1
- issue-title: "Release: ${{ github.event.inputs.release_version }}"
- issue-body: "Please approve or deny the publishing of release: ${{ github.event.inputs.release_version }} to Dockerhub"
+ issue-title: "Release: ${{ github.event.repository.name }}-${{ github.event.inputs.release_version }}"
+ issue-body: "Please approve or deny the publishing of release: ${{ github.event.repository.name }}-${{ github.event.inputs.release_version }} to Dockerhub"
  exclude-workflow-initiator-as-approver: false
  - uses: actions/checkout@v2
  if: github.event_name == 'workflow_dispatch'
  with:
  ref: '${{ github.event.inputs.branch_name }}'
- - uses: actions/checkout@v2
- if: github.event_name == 'push'
+ - name: Bump version and push tag
+ id: tag_version
+ uses: mathieudutour/[email protected]
+ with:
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ tag_prefix: ${{ github.event.repository.name }}-
+ custom_tag: ${{ github.event.inputs.release_version }}
+ - name: Create a GitHub release
+ uses: ncipollo/release-action@v1
+ with:
+ tag: ${{ steps.tag_version.outputs.new_tag }}
+ name: Release ${{ steps.tag_version.outputs.new_tag }}
+ body: ${{ steps.tag_version.outputs.changelog }}
  - name: Login to DockerHub
  uses: docker/login-action@v1
  with:
@@ -39,6 +50,6 @@ jobs:
  DOCKERHUB_ACCOUNT: ${{ secrets.DOCKERHUB_ACCOUNT }}
  DOCKERHUB_REPO: ${{ secrets.DOCKERHUB_REPO }}
  run: |
- export COUNTRY_CONFIG_VERSION=${{ github.event.inputs.release_version }}
+ export COUNTRY_CONFIG_VERSION=${{ github.event.repository.name }}-${{ github.event.inputs.release_version }}
  echo "Publishing a Docker image with a tag $COUNTRY_CONFIG_VERSION"
  bash build-and-push.sh && unset COUNTRY_CONFIG_VERSION
diff --git a/.github/workflows/test-restore-backup.yml b/.github/workflows/test-restore-backup.yml
diff --git a/infrastructure/backup-check.sh b/infrastructure/backup-check.sh
diff --git a/infrastructure/emergency-backup-metadata.sh → infrastructure/backup.sh b/infrastructure/emergency-backup-metadata.sh → infrastructure/backup.sh
@@ -63,7 +63,7 @@ for i in "$@"; do
 done
 
 print_usage_and_exit() {
- echo 'Usage: ./emergency-backup-metadata.sh --passphrase=XXX --ssh_user=XXX --ssh_host=XXX --ssh_port=XXX --production_ip=XXX --remote_dir=XXX --replicas=XXX --label=XXX'
+ echo 'Usage: ./backup.sh --passphrase=XXX --ssh_user=XXX --ssh_host=XXX --ssh_port=XXX --production_ip=XXX --remote_dir=XXX --replicas=XXX --label=XXX'
  echo "Script must receive SSH details and a target directory of a remote server to copy backup files to."
  echo "Optionally a LABEL i.e. 'v1.0.1' can be provided to be appended to the backup file labels"
  echo "7 days of backup data will be retained in the manager node"
@@ -102,6 +102,10 @@ if [ "$IS_LOCAL" = false ]; then
  echo "Error: Argument for the --replicas is required."
  print_usage_and_exit
  fi
+ if [ -z "$PASSPHRASE" ]; then
+ echo "Error: Argument for the --passphrase is required."
+ print_usage_and_exit
+ fi
  # In this example, we load the MONGODB_ADMIN_USER, MONGODB_ADMIN_PASSWORD, ELASTICSEARCH_ADMIN_USER & ELASTICSEARCH_ADMIN_PASSWORD database access secrets from a file.
  # We recommend that the secrets are served via a secure API from a Hardware Security Module
  source /data/secrets/opencrvs.secrets
@@ -316,7 +320,7 @@ fi
 if [[ "$OWN_IP" = "$PRODUCTION_IP" || "$OWN_IP" = "$(dig $PRODUCTION_IP +short)" ]]; then
 
  # Create a temporary directory to store the backup files before packaging
- BACKUP_RAW_FILES_DIR=/tmp/backup-$LABEL/
+ BACKUP_RAW_FILES_DIR=/tmp/backup-${LABEL:-$BACKUP_DATE}/
  mkdir -p $BACKUP_RAW_FILES_DIR
 
  # Copy full directories to the temporary directory

diff --git a/infrastructure/deploy.sh b/infrastructure/deploy.sh
@@ -326,11 +326,11 @@ mkdir -p /tmp/opencrvs/infrastructure/cryptfs
 # Copy decrypt script
 cp $BASEDIR/decrypt.sh /tmp/opencrvs/infrastructure/cryptfs/decrypt.sh
 
-# Copy emergency backup script
-cp $BASEDIR/emergency-backup-metadata.sh /tmp/opencrvs/infrastructure/emergency-backup-metadata.sh
+# Copy backup script
+cp $BASEDIR/backup.sh /tmp/opencrvs/infrastructure/backup.sh
 
-# Copy emergency restore script
-cp $BASEDIR/emergency-restore-metadata.sh /tmp/opencrvs/infrastructure/emergency-restore-metadata.sh
+# Copy restore script
+cp $BASEDIR/restore.sh /tmp/opencrvs/infrastructure/restore.sh
 
 # Download base docker compose files to the server
 rsync -e "ssh -p $SSH_PORT" --exclude='vagrant/' -rP /tmp/docker-compose* infrastructure $SSH_USER@$SSH_HOST:/opt/opencrvs/

diff --git a/infrastructure/logrotate.conf b/infrastructure/logrotate.conf
@@ -51,6 +51,13 @@ include /etc/logrotate.d
  rotate 1
 }
 
+/var/log/opencrvs-restore.log {
+ missingok
+ monthly
+ create 0660 root application
+ rotate 1
+}
+
 /var/log/setup-deploy-config.log {
  missingok
  monthly

diff --git a/infrastructure/monitoring/filebeat/filebeat.yml b/infrastructure/monitoring/filebeat/filebeat.yml
@@ -11,6 +11,10 @@ filebeat.inputs:
  enabled: true
  paths:
  - /var/log/opencrvs-backup.log
+ - type: log
+ enabled: true
+ paths:
+ - /var/log/opencrvs-restore.log
 
 # https://github.com/elastic/beats/blob/master/filebeat/filebeat.reference.yml
 

diff --git a/infrastructure/restore-snapshot.sh b/infrastructure/restore-snapshot.sh
@@ -60,4 +60,4 @@ cat $ARCHIVE_PATH | tar -xzf - -C $OPENCRVS_CORE_PATH/data/backups
 # Automatically detect the label
 LABEL=$(ls -t $OPENCRVS_CORE_PATH/data/backups/influxdb | head -n 1)
 
-yes | bash $DIR/infrastructure/emergency-restore-metadata.sh --label=$LABEL --replicas=1
+yes | bash $DIR/infrastructure/restore.sh --label=$LABEL --replicas=1