CI: add restore-backup-stage-prod.yml

And allow to restore prod data to stage with an additional value. Issue: ecamp#3478
BacLuc · Jul 31, 2023 · d496297 · d496297
1 parent 845221d
commit d496297
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 1 deletion.
diff --git a/.github/workflows/restore-backup-stage-prod.yml b/.github/workflows/restore-backup-stage-prod.yml
@@ -0,0 +1,51 @@
+name: DB Restore for staging and prod
+
+on:
+  workflow_dispatch:
+    inputs:
+      sourceFile:
+        type: string
+        description: |
+          The sourceFile of the backup in the bucket to restore, e.g.
+          ecamp-aws-setup-ecamp3devbucket58b42731-1kxz0xdiuxni8/dev/2023-07-17-12-55-33-dev.sql.gz.gpg
+        required: true
+        default: latest
+      branch:
+        type: string
+        description: |
+          Are you really sure that you want to delete the data of this deployment
+          and restore the database with the given backup file?
+          Repeat the branch name to confirm. (e.g. staging or prod)
+        required: true
+
+jobs:
+  check-parameters:
+    name: Check the given parameters
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if branch string matches branch
+        run: |
+          if [ "${{ inputs.branch }}" != "${{ github.ref_name }}" ]; then
+            echo "the given branch name is: ${{ inputs.branch }}"
+            echo "but the workflow ran on ${{ github.ref_name }}"
+            echo "thus exiting because they are not equal."
+            exit 1
+          fi
+
+  build-and-push:
+    name: Build and push docker images
+    needs: check-parameters
+    uses: ./.github/workflows/reusable-build-and-push.yml
+    with:
+      tag: ${{ github.ref_name }}
+    secrets:
+      DOCKER_HUB_USERNAME: ${{ vars.DOCKER_HUB_USERNAME }}
+      DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+  upgrade-or-install-deployment:
+    name: Upgrade or install deployment
+    needs: build-and-push
+    uses: ./.github/workflows/reusable-stage-prod-deployment.yml
+    with:
+      sourceFile: ${{ inputs.sourceFile }}
+    secrets: inherit
diff --git a/.github/workflows/reusable-stage-prod-deployment.yml b/.github/workflows/reusable-stage-prod-deployment.yml
@@ -2,6 +2,10 @@ name: '[reusable only] Staging and Prod deployment'
 
 on:
   workflow_call:
+    inputs:
+      sourceFile:
+        type: string
+        required: false
 
 jobs:
   upgrade-or-install-deployment:
@@ -48,6 +52,19 @@ jobs:
             --set mail.dsn=${{ secrets.MAILER_DSN }} \
             --set postgresql.url='${{ secrets.POSTGRES_URL }}/${{ secrets.DB_NAME }}?sslmode=require' \
             --set postgresql.dropDBOnUninstall=false \
+            --set postgresql.backup.schedule='0 1 * * *' \
+            --set postgresql.backup.s3.endpoint='${{ vars.BACKUP_S3_ENDPOINT }}' \
+            --set postgresql.backup.s3.bucket='${{ vars.BACKUP_S3_BUCKET }}' \
+            --set postgresql.backup.s3.accessKeyId='${{ secrets.BACKUP_S3_ACCESS_KEY_ID }}' \
+            --set postgresql.backup.s3.accessKey='${{ secrets.BACKUP_S3_ACCESS_KEY }}' \
+            --set postgresql.backup.s3.encryptionKey='${{ secrets.BACKUP_ENCRYPTION_KEY }}' \
+            --set postgresql.restore.sourceFile=${{ inputs.restoreSourceFile != null && format('''{0}''', inputs.restoreSourceFile) || null }} \
+            --set postgresql.restore.sourceAppName=${{ vars.RESTORE_SOURCE_APP != null && format('''{0}''', vars.RESTORE_SOURCE_APP) || null }} \
+            --set postgresql.restore.s3.endpoint='${{ vars.RESTORE_S3_ENDPOINT }}' \
+            --set postgresql.restore.s3.bucket='${{ vars.RESTORE_S3_BUCKET }}' \
+            --set postgresql.restore.s3.accessKeyId='${{ secrets.RESTORE_S3_ACCESS_KEY_ID }}' \
+            --set postgresql.restore.s3.accessKey='${{ secrets.RESTORE_S3_ACCESS_KEY }}' \
+            --set postgresql.restore.s3.encryptionKey='${{ secrets.RESTORE_ENCRYPTION_KEY }}' \
             --set php.dataMigrationsDir='${{ vars.DATA_MIGRATIONS_DIR }}' \
             --set php.appSecret='${{ secrets.API_APP_SECRET }}' \
             --set php.sentryDsn='${{ secrets.API_SENTRY_DSN }}' \

diff --git a/.helm/ecamp3/templates/hook_db_restore.yaml b/.helm/ecamp3/templates/hook_db_restore.yaml
@@ -30,7 +30,7 @@ spec:
               {{ . }}{{ end }}
           env:
             - name: APP_NAME
-              value: {{ include "app.name" . }}
+              value: {{ .Values.postgresql.restore.sourceAppName | default (include "app.name" .) }}
             - name: SOURCE_FILE
               value: {{ .Values.postgresql.restore.sourceFile }}
             - name: ENCRYPTION_KEY

diff --git a/.helm/ecamp3/values.yaml b/.helm/ecamp3/values.yaml
@@ -170,6 +170,7 @@ postgresql:
   restore:
     # null => no restore, latest => restore latest backup, s3 key => restore this backup
     sourceFile:
+    sourceAppName:
     s3:
       endpoint:
       bucket: