-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c18c428
commit dbd7c97
Showing
1 changed file
with
73 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| name: Update Staging Database | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
||
| # on: | ||
| # schedule: | ||
| # - cron: '0 0 * * *' # Runs at 00:00 UTC daily. | ||
|
|
||
| jobs: | ||
| backup_upload: | ||
| runs-on: ubuntu-latest | ||
| environment: staging | ||
| steps: | ||
| - name: Setup SSH | ||
| run: | | ||
| mkdir -p ~/.ssh | ||
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/private_key.pem | ||
| chmod 600 ~/.ssh/private_key.pem | ||
| ssh-keyscan -H ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts | ||
| - name: Update from backup | ||
| run: | | ||
| echo "Authenticating with GCP." | ||
| echo '${{ secrets.GCP_SA_KEY }}' > /tmp/gcp-sa-key.json | ||
| gcloud auth activate-service-account --key-file=/tmp/gcp-sa-key.json | ||
| rm /tmp/gcp-sa-key.json $BACKUP_NAME | ||
| BACKUP=$(gsutil ls -l gs://ocho-osai/track/pg_data/ | grep -v "TOTAL:" | sort -k2,2 -r | awk '{ $1=$2=""; print $0 }' | sed 's/^[ \t]*//' | head -n 1 | tr -d '\n') | ||
| BACKUP_NAME=$(basename $BACKUP) | ||
| BACKUP_FILE="backups/$BACKUP_NAME" | ||
| mkdir -p ./track/backups/ | ||
| gsutil cp $BACKUP $BACKUP_FILE | ||
| echo "Most recent backup found: $BACKUP_NAME" | ||
| # Check if the backup file exists and is a gzip file | ||
| if [ -f "$BACKUP_FILE" ] && [[ $BACKUP_FILE == *.gz ]]; then | ||
| echo "Decompressing backup file $BACKUP_FILE" | ||
| gunzip -k "$BACKUP_FILE" | ||
| BACKUP_FILE="${BACKUP_FILE%.gz}" | ||
| echo "Backup decompressed to $BACKUP_FILE" | ||
| else | ||
| echo "Backup file does not exist or is not a gzip file." | ||
| exit 1 | ||
| fi | ||
| ssh -i ~/.ssh/private_key.pem ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << ENDSSH | ||
| echo "Removing old backups." | ||
| rm -r /home/${{ secrets.SERVER_USER }}/track/backups/ || true | ||
| mkdir -p /home/${{ secrets.SERVER_USER }}/track/backups/ | ||
| ENDSSH | ||
| scp -i ~/.ssh/private_key.pem $BACKUP_FILE ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:/home/${{ secrets.SERVER_USER }}/track/$BACKUP_FILE | ||
| ssh -i ~/.ssh/private_key.pem ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << ENDSSH | ||
| echo "Restoring from backup: ./track/$BACKUP_FILE" | ||
| ls ./track/backups/ | ||
| export APP_ENV=${{ vars.APP_ENV }} | ||
| export HOST_PORT=${{ vars.HOST_PORT }} | ||
| export POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} | ||
| # Restore from backup. The postgres docker service is called "db" | ||
| docker compose -f track/base.yml -f track/prod.yml down | ||
| docker compose -f track/base.yml -f track/prod.yml up -d db | ||
| echo "copying backup to container at /backup" | ||
| docker compose -f track/base.yml -f track/prod.yml cp ./track/$BACKUP_FILE db:/backup | ||
| docker compose -f track/base.yml -f track/prod.yml exec db psql -U postgres -d postgres -f /backup | ||
| docker compose -f track/base.yml -f track/prod.yml down | ||
| docker compose -f track/base.yml -f track/prod.yml up -d | ||
| # docker compose -f track/base.yml -f track/prod.yml pull | ||
| ENDSSH |