[Scheduled] Run test restores on Integration #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Scheduled] Run test restores on Integration" | |
| on: | |
| schedule: | |
| # 2pm every Saturday | |
| - cron: "0 14 * * 6" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| security-events: none | |
| pull-requests: none | |
| actions: none | |
| checks: none | |
| deployments: none | |
| issues: none | |
| packages: none | |
| repository-projects: none | |
| statuses: none | |
| jobs: | |
| restore_to_point_in_time: | |
| runs-on: ubuntu-latest | |
| name: restore to a point in time | |
| steps: | |
| - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 # pin@v3 | |
| - name: install python | |
| uses: actions/setup-python@55aad42e4674b58b2b2fb7d8e7552402d922b4e7 # pin@v4.2.0 | |
| with: | |
| python-version: "3.11" | |
| cache: "pip" | |
| - name: install requirements | |
| id: requirements | |
| run: pip install -r requirements.txt | |
| working-directory: disaster-recovery/restore | |
| - name: configure OIDC AWS credentials for terraform | |
| uses: aws-actions/configure-aws-credentials@97834a484a5ab3c40fa9e2eb40fcf8041105a573 | |
| with: | |
| role-to-assume: "arn:aws:iam::631181914621:role/oidc-digideps-preproduction" | |
| role-session-name: github-actions-terraform-run-task | |
| role-duration-seconds: 7200 | |
| aws-region: eu-west-1 | |
| - name: restore to a point in time | |
| id: restore | |
| run: | | |
| export TEN_MINS_AGO=$(TZ=UTC date -d '-5 minutes' +'%Y-%m-%d %H:%M:%S') | |
| python3 database_restore.py \ | |
| --environment preproduction \ | |
| --cluster_from api-integration \ | |
| --pitr "${TEN_MINS_AGO}" | |
| working-directory: disaster-recovery/restore | |
| - name: Unset AWS variables | |
| if: always() | |
| run: | | |
| echo "AWS_SECRET_ACCESS_KEY=" >> $GITHUB_ENV | |
| echo "AWS_ACCESS_KEY_ID=" >> $GITHUB_ENV | |
| echo "AWS_SESSION_TOKEN=" >> $GITHUB_ENV | |
| restore_from_remote_backup: | |
| runs-on: ubuntu-latest | |
| name: restore from cross account backup | |
| needs: | |
| - restore_to_point_in_time | |
| steps: | |
| - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 # pin@v3 | |
| - name: install python | |
| uses: actions/setup-python@55aad42e4674b58b2b2fb7d8e7552402d922b4e7 # pin@v4.2.0 | |
| with: | |
| python-version: "3.11" | |
| cache: "pip" | |
| - name: install requirements | |
| id: requirements | |
| run: pip install -r requirements.txt | |
| working-directory: disaster-recovery/restore | |
| - name: configure OIDC AWS credentials for terraform | |
| uses: aws-actions/configure-aws-credentials@97834a484a5ab3c40fa9e2eb40fcf8041105a573 | |
| with: | |
| role-to-assume: "arn:aws:iam::631181914621:role/oidc-digideps-preproduction" | |
| role-session-name: github-actions-terraform-run-task | |
| role-duration-seconds: 7200 | |
| aws-region: eu-west-1 | |
| - name: get latest integration snapshot id | |
| id: snapshot | |
| run: | | |
| export SNAPSHOT_ID=$(python get_cross_acct_snapshot.py) | |
| echo "snapshot_id=${SNAPSHOT_ID}" >> $GITHUB_OUTPUT | |
| working-directory: disaster-recovery/restore | |
| - name: restore from remote backup | |
| id: restore | |
| env: | |
| SNAPSHOT_ID: ${{ steps.snapshot.outputs.snapshot_id }} | |
| run: | | |
| python database_restore.py \ | |
| --environment preproduction \ | |
| --cluster_from api-integration \ | |
| --restore_from_remote True \ | |
| --snapshot_id ${SNAPSHOT_ID} | |
| working-directory: disaster-recovery/restore | |
| - name: Unset AWS variables | |
| if: always() | |
| run: | | |
| echo "AWS_SECRET_ACCESS_KEY=" >> $GITHUB_ENV | |
| echo "AWS_ACCESS_KEY_ID=" >> $GITHUB_ENV | |
| echo "AWS_SESSION_TOKEN=" >> $GITHUB_ENV | |
| slack_notify_success: | |
| name: notify of result | |
| uses: ./.github/workflows/_slack-notification.yml | |
| needs: | |
| - restore_from_remote_backup | |
| with: | |
| success: yes | |
| branch: integration | |
| account: 248804316466 | |
| slack_notify_failure: | |
| name: notify of failure | |
| uses: ./.github/workflows/_slack-notification.yml | |
| if: ${{ failure() }} | |
| needs: | |
| - restore_from_remote_backup | |
| with: | |
| success: no | |
| branch: integration | |
| account: 248804316466 |