diff --git a/.github/workflows/database-backup.yml b/.github/workflows/database-backup.yml new file mode 100644 index 00000000..1d3a8ca5 --- /dev/null +++ b/.github/workflows/database-backup.yml @@ -0,0 +1,103 @@ +name: Backup database to Azure storage + +on: + workflow_dispatch: + inputs: + environment: + description: Environment to backup + required: true + default: test + type: choice + options: + - test + - production + backup-file: + description: | + Backup file name (without extension). Default is aytq_[env]_adhoc_YYYY-MM-DD. Set it explicitly when backing up a point-in-time (PTR) server. (Optional) + required: false + type: string + default: default + db-server: + description: | + Name of the database server. Default is the live server. When backing up a point-in-time (PTR) server, use the full name of the PTR server. (Optional) + + schedule: + - cron: "0 4 * * *" # 04:00 UTC + +env: + SERVICE_NAME: access-your-teaching-qualifications + SERVICE_SHORT: aytq + TF_VARS_PATH: terraform/application/config + +jobs: + backup: + name: Backup database + runs-on: ubuntu-latest + environment: + name: aks-${{ inputs.environment || 'production' }} + env: + DEPLOY_ENV: ${{ inputs.environment || 'production' }} + BACKUP_FILE: ${{ inputs.backup-file || 'schedule' }} + + steps: + - uses: actions/checkout@v4 + + - name: Set environment variables + run: | + source global_config/${DEPLOY_ENV}.sh + tf_vars_file=${TF_VARS_PATH}/${DEPLOY_ENV}.tfvars.json + echo "CLUSTER=$(jq -r '.cluster' ${tf_vars_file})" >> $GITHUB_ENV + echo "RESOURCE_GROUP_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV + echo "STORAGE_ACCOUNT_NAME=${AZURE_RESOURCE_PREFIX}${SERVICE_SHORT}dbbkp${CONFIG_SHORT}sa" >> $GITHUB_ENV + TODAY=$(date +"%F") + echo "DB_SERVER=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-pg" >> $GITHUB_ENV + if [ "${BACKUP_FILE}" == "schedule" ]; then + BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_${TODAY} + elif [ "${BACKUP_FILE}" == "default" ]; then + BACKUP_FILE=${SERVICE_SHORT}_${CONFIG_SHORT}_adhoc_${TODAY} + else + BACKUP_FILE=${BACKUP_FILE} + fi + echo "BACKUP_FILE=${BACKUP_FILE}" >> $GITHUB_ENV + echo "KEYVAULT_NAME=${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-inf-kv" >> $GITHUB_ENV + + - name: Backup ${{ env.DEPLOY_ENV }} postgres + uses: DFE-Digital/github-actions/backup-postgres@master + with: + storage-account: ${{ env.STORAGE_ACCOUNT_NAME }} + resource-group: ${{ env.RESOURCE_GROUP_NAME }} + app-name: ${{ env.SERVICE_SHORT }}-${{ env.DEPLOY_ENV }}-api + cluster: ${{ env.CLUSTER }} + azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} + backup-file: ${{ env.BACKUP_FILE }}.sql + db-server-name: ${{ inputs.db-server }} + + - name: Backup Summary + if: success() + run: | + NOW=$(TZ=Europe/London date +"%F %R") + echo 'BACKUP SUCCESSFUL!' >> $GITHUB_STEP_SUMMARY + echo ' ENV: ${{ env.DEPLOY_ENV }}' >> $GITHUB_STEP_SUMMARY + echo " AT : ${NOW}" >> $GITHUB_STEP_SUMMARY + echo ' DB SERVER: ${{ inputs.db-server || env.DB_SERVER }}' >> $GITHUB_STEP_SUMMARY + echo ' STORAGE ACCOUNT: ${{ env.STORAGE_ACCOUNT_NAME }}' >> $GITHUB_STEP_SUMMARY + echo ' FILENAME: ${{ env.BACKUP_FILE }}.sql.gz' >> $GITHUB_STEP_SUMMARY + + - name: Get Slack webhook + uses: Azure/get-keyvault-secrets@v1 + if: failure() + id: key-vault-secrets + with: + keyvault: ${{ env.KEYVAULT_NAME }} + secrets: "SLACK-WEBHOOK" + + - name: Notify Slack channel on job failure + if: failure() + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_USERNAME: CI Deployment + SLACK_TITLE: Database backup failure + SLACK_MESSAGE: Production database backup job failed + SLACK_WEBHOOK: ${{ steps.key-vault-secrets.outputs.SLACK-WEBHOOK }} + SLACK_COLOR: failure + SLACK_FOOTER: Sent from backup job in backup-db workflow