Add backup workflow

Author: solmazabbaspour

.github/workflows/backup.yml

@@ -0,0 +1,112 @@
+name: Backup and save to Azure
+run-name: "${{ github.actor }} - Backup and save to Azure"
+
+on:
+  workflow_call:
+    inputs:
+      github-hostname:
+        description: GitHub Hostname to backup
+        required: true
+        type: string
+      backup-name:
+        description: The name of the backup to be saved in Azure storage
+        required: false
+        default: ""
+        type: string
+    secrets:
+      BACKUP_SSH_KEY:
+        description: SSH key to access the GitHub Enterprise instance
+        required: true
+      INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN:
+        description: Token for the internal actions dx bot account
+        required: true
+      AZURE_USERNAME:
+        description: Azure service principal username
+        required: false
+      AZURE_PASSWORD:
+        description: Azure service principal password
+        required: false
+      AZURE_TENANT_ID:
+        description: Azure tenant ID
+        required: false
+      AZURE_SUBSCRIPTION_ID:
+        description: Azure subscription ID
+        required: false
+      CONNECTIONSTRING:
+        description: Azure storage connection string
+        required: false
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        repository: github/backup-utils-private
+        token: "${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}"
+    - run: docker build . --file Dockerfile --tag backup-utils
+    - run: docker save backup-utils -o backup-utils.tar
+    - uses: actions/upload-artifact@v3
+      with:
+        name: backup-utils
+        path: backup-utils.tar
+
+  backup-utils-backup:
+    needs: build
+    runs-on:
+      group: larger-hosted-public-runners
+      labels: ubuntu-latest-xl
+    env:
+        SSH_KEY: ${{ secrets.BACKUP_SSH_KEY }}
+    steps:
+    - uses: actions/download-artifact@v3
+      with:
+        name: backup-utils
+    - name: Load docker container
+      run: docker load -i backup-utils.tar
+    - uses: actions/checkout@v3
+    - name: Create backup directory
+      run: mkdir $HOME/ghe-backup-data
+    - name: set up ssh SSH_KEY
+      run: echo -e "${SSH_KEY}\n" > $HOME/backup
+    - name: set up ssh key permissions
+      run: chmod 0600 $HOME/backup
+    - name: change version
+      run: echo "3.8.0" > $HOME/version
+
+    - name: Perform backup
+      run: |
+        docker run -e "GHE_HOSTNAME=${{ inputs.github-hostname }}" \
+        -e "GHE_DATA_DIR=/data" \
+        -e "GHE_EXTRA_SSH_OPTS=-p 122 -i /ghe-ssh/id_rsa -o ServerAliveInterval=30 -o ServerAliveCountMax=12000 -o StrictHostKeyChecking=no" \
+        -e "GHE_NUM_SNAPSHOTS=15" \
+        -v "$HOME/ghe-backup-data:/data" \
+        -v "$HOME/backup:/ghe-ssh/id_rsa" \
+        -v "$HOME/version:/backup-utils/share/github-backup-utils/version" \
+        --rm \
+        backup-utils ghe-backup
+    - name: Check the backup file
+      run: |
+        current=$(readlink $HOME/ghe-backup-data/current)
+        sudo tar -czvf ${{ inputs.backup-name }}.tar.gz -C $HOME/ghe-backup-data/$current .
+
+    - name: Login to Azure
+      if: ${{ inputs.backup-name }} != ""
+      run: |
+        az login \
+          --service-principal \
+          -u ${{ secrets.AZURE_USERNAME }} \
+          -p ${{ secrets.AZURE_PASSWORD }} \
+          --tenant ${{ secrets.AZURE_TENANT_ID }}
+        az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
+
+    - name: Upload backup to Azure
+      if: ${{ inputs.backup-name }} != ""
+      run: |
+        az storage blob upload \
+        --account-name "ghesresults" \
+        --container-name "ghes-data" \
+        --name ${{ inputs.backup-name }}.tar.gz \
+        --file ${{ inputs.backup-name }}.tar.gz \
+        --connection-string "${{ secrets.CONNECTIONSTRING }}"