From 9ddc631b10ebc203a8319bf390f3d0e3eb436ca1 Mon Sep 17 00:00:00 2001 From: BacLuc Date: Mon, 31 Jul 2023 14:24:17 +0200 Subject: [PATCH] CI: add restore-backup-stage-prod.yml And allow to restore prod data to stage with an additional value. Issue: #3478 --- .../workflows/restore-backup-stage-prod.yml | 51 +++++++++++++++++++ .../reusable-stage-prod-deployment.yml | 17 +++++++ .helm/ecamp3/templates/hook_db_restore.yaml | 2 +- .helm/ecamp3/values.yaml | 1 + 4 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/restore-backup-stage-prod.yml diff --git a/.github/workflows/restore-backup-stage-prod.yml b/.github/workflows/restore-backup-stage-prod.yml new file mode 100644 index 00000000000..ccc1fbb11f1 --- /dev/null +++ b/.github/workflows/restore-backup-stage-prod.yml @@ -0,0 +1,51 @@ +name: DB Restore for staging and prod + +on: + workflow_dispatch: + inputs: + sourceFile: + type: string + description: | + The sourceFile of the backup in the bucket to restore, e.g. + ecamp-aws-setup-ecamp3devbucket58b42731-1kxz0xdiuxni8/dev/2023-07-17-12-55-33-dev.sql.gz.gpg + required: true + default: latest + branch: + type: string + description: | + Are you really sure that you want to delete the data of this deployment + and restore the database with the given backup file? + Repeat the branch name to confirm. (e.g. staging or prod) + required: true + +jobs: + check-parameters: + name: Check the given parameters + runs-on: ubuntu-latest + steps: + - name: Check if branch string matches branch + run: | + if [ "${{ inputs.branch }}" != "${{ github.ref_name }}" ]; then + echo "the given branch name is: ${{ inputs.branch }}" + echo "but the workflow ran on ${{ github.ref_name }}" + echo "thus exiting because they are not equal." + exit 1 + fi + + build-and-push: + name: Build and push docker images + needs: check-parameters + uses: ./.github/workflows/reusable-build-and-push.yml + with: + tag: ${{ github.ref_name }} + secrets: + DOCKER_HUB_USERNAME: ${{ vars.DOCKER_HUB_USERNAME }} + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} + + upgrade-or-install-deployment: + name: Upgrade or install deployment + needs: build-and-push + uses: ./.github/workflows/reusable-stage-prod-deployment.yml + with: + sourceFile: ${{ inputs.sourceFile }} + secrets: inherit diff --git a/.github/workflows/reusable-stage-prod-deployment.yml b/.github/workflows/reusable-stage-prod-deployment.yml index 75e52931cfd..12b7653dc6a 100644 --- a/.github/workflows/reusable-stage-prod-deployment.yml +++ b/.github/workflows/reusable-stage-prod-deployment.yml @@ -2,6 +2,10 @@ name: '[reusable only] Staging and Prod deployment' on: workflow_call: + inputs: + sourceFile: + type: string + required: false jobs: upgrade-or-install-deployment: @@ -48,6 +52,19 @@ jobs: --set mail.dsn=${{ secrets.MAILER_DSN }} \ --set postgresql.url='${{ secrets.POSTGRES_URL }}/${{ secrets.DB_NAME }}?sslmode=require' \ --set postgresql.dropDBOnUninstall=false \ + --set postgresql.backup.schedule='0 1 * * *' \ + --set postgresql.backup.s3.endpoint='${{ vars.BACKUP_S3_ENDPOINT }}' \ + --set postgresql.backup.s3.bucket='${{ vars.BACKUP_S3_BUCKET }}' \ + --set postgresql.backup.s3.accessKeyId='${{ secrets.BACKUP_S3_ACCESS_KEY_ID }}' \ + --set postgresql.backup.s3.accessKey='${{ secrets.BACKUP_S3_ACCESS_KEY }}' \ + --set postgresql.backup.s3.encryptionKey='${{ secrets.BACKUP_ENCRYPTION_KEY }}' \ + --set postgresql.restore.sourceFile=${{ inputs.restoreSourceFile != null && format('''{0}''', inputs.restoreSourceFile) || null }} \ + --set postgresql.restore.sourceAppName=${{ vars.RESTORE_SOURCE_APP != null && format('''{0}''', vars.RESTORE_SOURCE_APP) || null }} \ + --set postgresql.restore.s3.endpoint='${{ vars.RESTORE_S3_ENDPOINT }}' \ + --set postgresql.restore.s3.bucket='${{ vars.RESTORE_S3_BUCKET }}' \ + --set postgresql.restore.s3.accessKeyId='${{ secrets.RESTORE_S3_ACCESS_KEY_ID }}' \ + --set postgresql.restore.s3.accessKey='${{ secrets.RESTORE_S3_ACCESS_KEY }}' \ + --set postgresql.restore.s3.encryptionKey='${{ secrets.RESTORE_ENCRYPTION_KEY }}' \ --set php.dataMigrationsDir='${{ vars.DATA_MIGRATIONS_DIR }}' \ --set php.appSecret='${{ secrets.API_APP_SECRET }}' \ --set php.sentryDsn='${{ secrets.API_SENTRY_DSN }}' \ diff --git a/.helm/ecamp3/templates/hook_db_restore.yaml b/.helm/ecamp3/templates/hook_db_restore.yaml index 40a2daea58d..b5c6eee6c63 100644 --- a/.helm/ecamp3/templates/hook_db_restore.yaml +++ b/.helm/ecamp3/templates/hook_db_restore.yaml @@ -30,7 +30,7 @@ spec: {{ . }}{{ end }} env: - name: APP_NAME - value: {{ include "app.name" . }} + value: {{ .Values.postgresql.restore.sourceAppName | default (include "app.name" .) }} - name: SOURCE_FILE value: {{ .Values.postgresql.restore.sourceFile }} - name: ENCRYPTION_KEY diff --git a/.helm/ecamp3/values.yaml b/.helm/ecamp3/values.yaml index 1e05596065f..0f0ac818f64 100644 --- a/.helm/ecamp3/values.yaml +++ b/.helm/ecamp3/values.yaml @@ -170,6 +170,7 @@ postgresql: restore: # null => no restore, latest => restore latest backup, s3 key => restore this backup sourceFile: + sourceAppName: s3: endpoint: bucket: