Incrementally testing GH action.

jcpitre · jcpitre · commit e7b88c3be297 · 2025-04-28T17:25:21.000-04:00
diff --git a/.github/workflows/duplicate-prod-db.yml b/.github/workflows/duplicate-prod-db.yml
@@ -26,97 +26,98 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-#      - name: Authenticate to Google Cloud PROD project
-#        id: gcloud_auth_prod
-#        uses: google-github-actions/auth@v2
-#        with:
-#          credentials_json: ${{ secrets.PROD_GCP_MOBILITY_FEEDS_SA_KEY }}
-#
-#      - name: GCloud Setup PROD
-#        uses: google-github-actions/setup-gcloud@v2
-#
-#      - name: Get PROD SQL service account
-#        run: |
-#          SERVICE_ACCOUNT=$(gcloud sql instances describe "mobilitydata-database-instance" --project=$SOURCE_PROJECT_ID --format="value(serviceAccountEmailAddress)")
-#          echo "SOURCE_SQL_SERVICE_ACCOUNT=$SERVICE_ACCOUNT" >> $GITHUB_ENV
-#          echo "Destination SQL Service Account: $SERVICE_ACCOUNT"
-#
-#      - name: Authenticate to Google Cloud QA project
-#        id: gcloud_auth_qa
-#        uses: google-github-actions/auth@v2
-#        with:
-#          credentials_json: ${{ secrets.QA_GCP_MOBILITY_FEEDS_SA_KEY }}
-#
-#      - name: GCloud Setup QA
-#        uses: google-github-actions/setup-gcloud@v2
-#
-#      - name: Create DB dump bucket and give permissions
-#        run: |
-#          BUCKET_PROJECT_ID=$DEST_PROJECT_ID
-#
-#          # Check if the bucket already exists
-#          if ! gsutil ls -b "gs://${DUMP_BUCKET_NAME}" &> /dev/null; then
-#            echo "Bucket doesn't exist. Creating..."
-#            gsutil mb -l $GCP_REGION -p $BUCKET_PROJECT_ID "gs://${DUMP_BUCKET_NAME}"
-#          else
-#            echo "Bucket already exists."
-#          fi
-#
-#          # Give write permission for the source sql instance to write to the bucket
-#          gsutil iam ch serviceAccount:$SOURCE_SQL_SERVICE_ACCOUNT:objectAdmin gs://$DUMP_BUCKET_NAME
-#
-#          # Get the service account for the QA DB and give read permission to the bucket
-#          DEST_SQL_SERVICE_ACCOUNT=$(gcloud sql instances describe $DB_INSTANCE_NAME --format="value(serviceAccountEmailAddress)")
-#          echo "Destination SQL Service Account: $DEST_SQL_SERVICE_ACCOUNT"
-#
-#          # Give read-write permission on the bucket to the destination sql instance
-#          gsutil iam ch serviceAccount:$DEST_SQL_SERVICE_ACCOUNT:objectAdmin gs://$DUMP_BUCKET_NAME
-#
-#      - name: Authenticate to Google Cloud PROD project Again
-#        uses: google-github-actions/auth@v2
-#        with:
-#          credentials_json: ${{ secrets.PROD_GCP_MOBILITY_FEEDS_SA_KEY }}
-#
-#      - name: GCloud Setup PROD again
-#        uses: google-github-actions/setup-gcloud@v2
-#
-#      - name: Dump the PROD DB
-#        run: |
-#          gcloud sql export sql $DB_INSTANCE_NAME gs://$DUMP_BUCKET_NAME/$DUMP_FILE_NAME --database=$SOURCE_DATABASE_NAME --quiet
-#
+
+      - name: Authenticate to Google Cloud PROD project
+        id: gcloud_auth_prod
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.PROD_GCP_MOBILITY_FEEDS_SA_KEY }}
+
+      - name: GCloud Setup PROD
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Get PROD SQL service account
+        run: |
+          SERVICE_ACCOUNT=$(gcloud sql instances describe "mobilitydata-database-instance" --project=$SOURCE_PROJECT_ID --format="value(serviceAccountEmailAddress)")
+          echo "SOURCE_SQL_SERVICE_ACCOUNT=$SERVICE_ACCOUNT" >> $GITHUB_ENV
+          echo "Destination SQL Service Account: $SERVICE_ACCOUNT"
+
+      - name: Authenticate to Google Cloud QA project
+        id: gcloud_auth_qa
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.QA_GCP_MOBILITY_FEEDS_SA_KEY }}
+
+      - name: GCloud Setup QA
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Create DB dump bucket and give permissions
+        run: |
+          BUCKET_PROJECT_ID=$DEST_PROJECT_ID
+
+          # Check if the bucket already exists
+          if ! gsutil ls -b "gs://${DUMP_BUCKET_NAME}" &> /dev/null; then
+            echo "Bucket doesn't exist. Creating..."
+            gsutil mb -l $GCP_REGION -p $BUCKET_PROJECT_ID "gs://${DUMP_BUCKET_NAME}"
+          else
+            echo "Bucket already exists."
+          fi
+
+          # Give write permission for the source sql instance to write to the bucket
+          gsutil iam ch serviceAccount:$SOURCE_SQL_SERVICE_ACCOUNT:objectAdmin gs://$DUMP_BUCKET_NAME
+
+          # Get the service account for the QA DB and give read permission to the bucket
+          DEST_SQL_SERVICE_ACCOUNT=$(gcloud sql instances describe $DB_INSTANCE_NAME --format="value(serviceAccountEmailAddress)")
+          echo "Destination SQL Service Account: $DEST_SQL_SERVICE_ACCOUNT"
+
+          # Give read-write permission on the bucket to the destination sql instance
+          gsutil iam ch serviceAccount:$DEST_SQL_SERVICE_ACCOUNT:objectAdmin gs://$DUMP_BUCKET_NAME
+
+      - name: Authenticate to Google Cloud PROD project Again
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.PROD_GCP_MOBILITY_FEEDS_SA_KEY }}
+
+      - name: GCloud Setup PROD again
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Dump the PROD DB
+        run: |
+          gcloud sql export sql $DB_INSTANCE_NAME gs://$DUMP_BUCKET_NAME/$DUMP_FILE_NAME --database=$SOURCE_DATABASE_NAME --quiet
+
       - name: Authenticate to Google Cloud QA project Again
         uses: google-github-actions/auth@v2
         with:
           credentials_json: ${{ secrets.QA_GCP_MOBILITY_FEEDS_SA_KEY }}
 
       - name: GCloud Setup QA Again
         uses: google-github-actions/setup-gcloud@v2
-#
-#      - name: QA backup and import dump into the QA DB
-#        run: |
-#          # Dump the QA database as a backup
-#          # According to chatgpt,
-#          # This is Google's recommended, safe method and doesn’t require direct access to the DB. It runs the export
-#          # in a way that avoids locking the database and works from GCP itself (so no traffic leaves GCP).
-#          gcloud sql export sql $DB_INSTANCE_NAME gs://$DUMP_BUCKET_NAME/qa-db-dump-backup.sql --database=$SOURCE_DATABASE_NAME --quiet
-#
-#          # Delete the existing database
-#          gcloud sql databases delete $DEST_DATABASE_NAME --instance=$DB_INSTANCE_NAME --quiet
-#
-#          # Create a the new database
-#          gcloud sql databases create $DEST_DATABASE_NAME --instance=$DB_INSTANCE_NAME
-#
-#          # Import the dump into the QA database
-#          # The exported sql contains statements that require authentication as user postgres.
-#          # In theory we could dump the DB without these statements, with:
-#          # pg_dump --no-owner --no-privileges -d your_database > clean_dump.sql.
-#
-#          export PGPASSWORD=$DEST_DATABASE_PASSWORD
-#          gcloud sql import sql $DB_INSTANCE_NAME gs://$DUMP_BUCKET_NAME/$DUMP_FILE_NAME --database=$DEST_DATABASE_NAME --user=$DEST_DATABASE_IMPORT_USER --quiet
-#
-#      - name: Delete dump file from bucket
-#        run: |
-#          gsutil rm gs://$DUMP_BUCKET_NAME/$DUMP_FILE_NAME
+
+      - name: QA backup and import dump into the QA DB
+        run: |
+          # Dump the QA database as a backup
+          # According to chatgpt,
+          # This is Google's recommended, safe method and doesn’t require direct access to the DB. It runs the export
+          # in a way that avoids locking the database and works from GCP itself (so no traffic leaves GCP).
+          gcloud sql export sql $DB_INSTANCE_NAME gs://$DUMP_BUCKET_NAME/qa-db-dump-backup.sql --database=$SOURCE_DATABASE_NAME --quiet
+
+          # Delete the existing database
+          gcloud sql databases delete $DEST_DATABASE_NAME --instance=$DB_INSTANCE_NAME --quiet
+
+          # Create a the new database
+          gcloud sql databases create $DEST_DATABASE_NAME --instance=$DB_INSTANCE_NAME
+
+          # Import the dump into the QA database
+          # The exported sql contains statements that require authentication as user postgres.
+          # In theory we could dump the DB without these statements, with:
+          # pg_dump --no-owner --no-privileges -d your_database > clean_dump.sql.
+
+          export PGPASSWORD=$DEST_DATABASE_PASSWORD
+          gcloud sql import sql $DB_INSTANCE_NAME gs://$DUMP_BUCKET_NAME/$DUMP_FILE_NAME --database=$DEST_DATABASE_NAME --user=$DEST_DATABASE_IMPORT_USER --quiet
+
+      - name: Delete dump file from bucket
+        run: |
+          gsutil rm gs://$DUMP_BUCKET_NAME/$DUMP_FILE_NAME
 
       - name: Load secrets from 1Password
         uses: 1password/load-secrets-action@v2.0.0
@@ -154,7 +155,7 @@ jobs:
           $$;
           EOF
           
-          cat <<'EOF' | psql -h localhost -p 5454 -U data_feeds_user -d $DEST_DATABASE_NAME
+          cat <<'EOF' | psql -h localhost -p 5454 -U postgres -d $DEST_DATABASE_NAME
           UPDATE feed
           SET feed_contact_email = REPLACE(feed_contact_email, '@', '_') || '@mobilitydata.org'
           WHERE feed_contact_email IS NOT NULL
