From 3099cd7102f91ab076d7f4bb6d0bcb5011d5116a Mon Sep 17 00:00:00 2001
From: BacLuc <lucius.bachmann@gmx.ch>
Date: Mon, 31 Jul 2023 12:01:26 +0200
Subject: [PATCH] .github: add workflows to restore data to dev deployment

---
 .github/workflows/restore-backup-dev-pr.yml   | 92 +++++++++++++++++++
 .github/workflows/reusable-dev-deployment.yml | 15 +++
 2 files changed, 107 insertions(+)
 create mode 100644 .github/workflows/restore-backup-dev-pr.yml

diff --git a/.github/workflows/restore-backup-dev-pr.yml b/.github/workflows/restore-backup-dev-pr.yml
new file mode 100644
index 00000000000..4185e44b702
--- /dev/null
+++ b/.github/workflows/restore-backup-dev-pr.yml
@@ -0,0 +1,92 @@
+name: DB Restore for dev and feature branches
+
+on:
+  workflow_dispatch:
+    inputs: 
+      sourceFile:
+        type: string
+        description: |
+          The sourceFile of the backup in the bucket to restore, e.g.
+          ecamp-aws-setup-ecamp3devbucket58b42731-1kxz0xdiuxni8/dev/2023-07-17-12-55-33-dev.sql.gz.gpg
+        required: true
+        default: latest
+      pr_number:
+        type: number
+        description: |
+          The pr number if it is a pr (3898), else null
+        required: false
+      env:
+        type: environment
+        description: The environment, if name is dev then dev, else feature-branch
+        required: true
+        default: dev
+
+
+jobs:
+  log_env:
+    name: log environment
+    runs-on: ubuntu-latest
+    steps:
+      - name: log environment
+        id: log-environment
+        run: |
+          REF=$(git rev-parse HEAD)
+          echo "Git SHA: $REF"
+          echo "sha=$REF" | tr -d "\n" >> $GITHUB_OUTPUT
+
+          echo "github:"
+          cat <<-HEREDOC
+            ${{ toJSON(github) }}
+          HEREDOC
+          echo ""
+          echo "inputs:"
+          cat <<-HEREDOC
+            ${{ toJSON(inputs) }}
+          HEREDOC
+          echo ""
+          echo "job:"
+          cat <<-HEREDOC
+            ${{ toJSON(job) }}
+          HEREDOC
+          echo ""
+          echo "needs:"
+          cat <<-HEREDOC
+            ${{ toJSON(needs) }}
+          HEREDOC
+          echo ""
+          echo "env:"
+          cat <<-HEREDOC
+            ${{ toJSON(env) }}
+          HEREDOC
+          echo ""
+          echo "vars:"
+          cat <<-HEREDOC
+            ${{ toJSON(vars) }}
+          HEREDOC
+          echo ""
+          echo "secrets:"
+          cat <<-HEREDOC
+            ${{ toJSON(secrets) }}
+          HEREDOC
+
+  build-and-push:
+    if: contains(github.event.pull_request.labels.*.name, 'deploy!')
+    name: Build and push docker images
+    uses: ./.github/workflows/reusable-build-and-push.yml
+    with:
+      sha: ${{ github.event.pull_request.head.sha }}
+    secrets:
+      DOCKER_HUB_USERNAME: ${{ vars.DOCKER_HUB_USERNAME }}
+      DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+  upgrade-or-install-deployment:
+    name: Upgrade or install deployment
+    needs: build-and-push
+    uses: ./.github/workflows/reusable-dev-deployment.yml
+    with:
+      name: ${{ inputs.pr_number == null && 'dev' || format('pr{0}', inputs.pr_number) }}
+      sha: ${{ github.event.pull_request.head.sha }}
+      env: ${{ inputs.env }}
+      pr_number: ${{ inputs.pr_number }}
+      dropDBOnUninstall: ${{ inputs.pr_number != null }}
+    secrets: inherit
diff --git a/.github/workflows/reusable-dev-deployment.yml b/.github/workflows/reusable-dev-deployment.yml
index 013aab4a1a7..53f41b042d8 100644
--- a/.github/workflows/reusable-dev-deployment.yml
+++ b/.github/workflows/reusable-dev-deployment.yml
@@ -20,6 +20,9 @@ on:
         required: false
         type: boolean
         default: false
+      restoreSourceFile:
+        required: false
+        type: string
 
 jobs:
   dev-deployment:
@@ -91,6 +94,18 @@ jobs:
             --set postgresql.url='${{ secrets.POSTGRES_URL }}/ecamp3${{ inputs.name }}?sslmode=require' \
             --set postgresql.adminUrl='${{ secrets.POSTGRES_ADMIN_URL }}/ecamp3${{ inputs.name }}?sslmode=require' \
             --set postgresql.dropDBOnUninstall=${{ inputs.dropDBOnUninstall }} \
+            --set postgresql.backup.schedule='0 1 * * *' \
+            --set postgresql.backup.s3.endpoint='${{ vars.BACKUP_S3_ENDPOINT }}' \
+            --set postgresql.backup.s3.bucket='${{ vars.BACKUP_S3_BUCKET }}' \
+            --set postgresql.backup.s3.accessKeyId='${{ secrets.BACKUP_S3_ACCESS_KEY_ID }}' \
+            --set postgresql.backup.s3.accessKey='${{ secrets.BACKUP_S3_ACCESS_KEY }}' \
+            --set postgresql.backup.s3.encryptionKey='${{ secrets.BACKUP_ENCRYPTION_KEY }}' \
+            --set postgresql.restore.sourceFile=${{ inputs.restoreSourceFile != null && format("'{0}'", inputs.restoreSourceFile) || null }} \
+            --set postgresql.restore.s3.endpoint='${{ vars.RESTORE_S3_ENDPOINT }}' \
+            --set postgresql.restore.s3.bucket='${{ vars.RESTORE_S3_BUCKET }}' \
+            --set postgresql.restore.s3.accessKeyId='${{ secrets.RESTORE_S3_ACCESS_KEY_ID }}' \
+            --set postgresql.restore.s3.accessKey='${{ secrets.RESTORE_S3_ACCESS_KEY }}' \
+            --set postgresql.restore.s3.encryptionKey='${{ secrets.RESTORE_ENCRYPTION_KEY }}' \
             --set php.dataMigrationsDir='${{ vars.DATA_MIGRATIONS_DIR }}' \
             --set php.appSecret='${{ secrets.API_APP_SECRET }}' \
             --set php.sentryDsn='${{ secrets.API_SENTRY_DSN }}' \