Merge pull request #179 from github/ritchxu/actions-settings

ritchxu · web-flow · commit d96eae9e84f3 · 2020-07-23T16:42:19.000-04:00
Always restore Actions settings
diff --git a/share/github-backup-utils/ghe-backup-actions b/share/github-backup-utils/ghe-backup-actions
@@ -37,7 +37,7 @@ if [ -d "$GHE_DATA_DIR/current/actions" ] && [ "$(ls -A $GHE_DATA_DIR/current/ac
 fi
 
 # Transfer all Actions data from the user data directory using rsync.
-ghe_verbose "* Transferring actions files from $host ..."
+ghe_verbose "* Transferring Actions files from $host ..."
 
 ghe-rsync -avz \
   -e "ghe-ssh -p $port" \
diff --git a/share/github-backup-utils/ghe-backup-config b/share/github-backup-utils/ghe-backup-config
@@ -477,3 +477,13 @@ prompt_for_confirmation(){
 
   echo
 }
+
+# Function to restore a secret setting stored in a file.
+#   restore-secret <description> <file-name> <setting-name>
+restore-secret() {
+  if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/$2" ]; then
+    echo "Restoring $1 ..."
+    echo "ghe-config '$3' '$(cat "$GHE_RESTORE_SNAPSHOT_PATH/$2")'" |
+    ghe-ssh "$GHE_HOSTNAME" -- /bin/bash
+  fi
+}
diff --git a/share/github-backup-utils/ghe-restore-actions b/share/github-backup-utils/ghe-restore-actions
@@ -22,11 +22,14 @@ GHE_HOSTNAME="$1"
 # us run this script directly.
 : ${GHE_RESTORE_SNAPSHOT:=current}
 
+# Path to snapshot dir we're restoring from
+GHE_RESTORE_SNAPSHOT_PATH="$GHE_DATA_DIR/$GHE_RESTORE_SNAPSHOT"
+
 port=$(ssh_port_part "$GHE_HOSTNAME")
 host=$(ssh_host_part "$GHE_HOSTNAME")
 
 # No need to restore anything, early exit
-if [ ! -d "$GHE_DATA_DIR/$GHE_RESTORE_SNAPSHOT/actions" ]; then
+if [ ! -d "$GHE_RESTORE_SNAPSHOT_PATH/actions" ]; then
   echo "Warning: Actions backup missing. Skipping ..."
   exit 0
 fi
@@ -35,15 +38,35 @@ fi
 ghe_remote_version_required "$host"
 
 # Transfer all Actions data from the snapshot to the user data directory using rsync.
-ghe_verbose "* Transferring actions files to $host ..."
+ghe_verbose "* Transferring Actions files to $host ..."
 
 ghe-ssh -p "$port" "$host" -- sudo mkdir -p "$GHE_REMOTE_DATA_USER_DIR/actions"
 ghe-ssh -p "$port" "$host" -- sudo chown -R actions:actions "$GHE_REMOTE_DATA_USER_DIR/actions"
 
 ghe-rsync -arvHR --delete \
   -e "ghe-ssh -p $port" \
   --rsync-path='sudo -u actions rsync' \
-  "$GHE_DATA_DIR/$GHE_RESTORE_SNAPSHOT/actions/./" \
+  "$GHE_RESTORE_SNAPSHOT_PATH/actions/./" \
   "$host:$GHE_REMOTE_DATA_USER_DIR/actions/" 1>&3
 
+# Restore Actions settings.
+ghe_verbose "* Restoring Actions settings to $host ..."
+
+restore-secret "Actions configuration database login" "actions-config-db-login" "secrets.actions.ConfigurationDatabaseSqlLogin"
+restore-secret "Actions configuration database password" "actions-config-db-password" "secrets.actions.ConfigurationDatabaseSqlPassword"
+restore-secret "Actions framework access token key secret" "actions-framework-access-token" "secrets.actions.FrameworkAccessTokenKeySecret"
+restore-secret "Actions Url signing HMAC key primary" "actions-url-signing-hmac-key-primary" "secrets.actions.UrlSigningHmacKeyPrimary"
+restore-secret "Actions Url signing HMAC key secondary" "actions-url-signing-hmac-key-secondary" "secrets.actions.UrlSigningHmacKeySecondary"
+restore-secret "Actions OAuth S2S signing cert" "actions-oauth-s2s-signing-cert" "secrets.actions.OAuthS2SSigningCert"
+restore-secret "Actions OAuth S2S signing key" "actions-oauth-s2s-signing-key" "secrets.actions.OAuthS2SSigningKey"
+restore-secret "Actions OAuth S2S signing cert thumbprint" "actions-oauth-s2s-signing-cert-thumbprint" "secrets.actions.OAuthS2SSigningCertThumbprint"
+restore-secret "Actions primary encryption cert thumbprint" "actions-primary-encryption-cert-thumbprint" "secrets.actions.PrimaryEncryptionCertificateThumbprint"
+restore-secret "Actions AAD cert thumbprint" "actions-aad-cert-thumbprint" "secrets.actions.AADCertThumbprint"
+restore-secret "Actions delegated auth cert thumbprint" "actions-delegated-auth-cert-thumbprint" "secrets.actions.DelegatedAuthCertThumbprint"
+restore-secret "Actions runtime service principal cert" "actions-runtime-service-principal-cert" "secrets.actions.RuntimeServicePrincipalCertificate"
+restore-secret "Actions S2S encryption cert" "actions-s2s-encryption-cert" "secrets.actions.S2SEncryptionCertificate"
+restore-secret "Actions secondary encryption cert thumbprint" "actions-secondary-encryption-cert-thumbprint" "secrets.actions.SecondaryEncryptionCertificateThumbprint"
+restore-secret "Actions service principal cert" "actions-service-principal-cert" "secrets.actions.ServicePrincipalCertificate"
+restore-secret "Actions SPS validation cert thumbprint" "actions-sps-validation-cert-thumbprint" "secrets.actions.SpsValidationCertThumbprint"
+
 bm_end "$(basename $0)"
diff --git a/share/github-backup-utils/ghe-restore-settings b/share/github-backup-utils/ghe-restore-settings
@@ -28,39 +28,11 @@ GHE_RESTORE_SNAPSHOT_PATH="$GHE_DATA_DIR/$GHE_RESTORE_SNAPSHOT"
 echo "Restoring license ..."
 ghe-ssh "$GHE_HOSTNAME" -- 'ghe-import-license' < "$GHE_RESTORE_SNAPSHOT_PATH/enterprise.ghl" 1>&3
 
-# Function to restore a secret setting stored in a file.
-#   restore-secret <description> <file-name> <setting-name>
-restore-secret() {
-  if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/$2" ]; then
-    echo "Restoring $1 ..."
-    echo "ghe-config '$3' '$(cat "$GHE_RESTORE_SNAPSHOT_PATH/$2")'" |
-    ghe-ssh "$GHE_HOSTNAME" -- /bin/bash
-  fi
-}
-
 echo "Restoring settings ..."
 
 # Restore external MySQL password if running external MySQL DB.
 restore-secret "external MySQL password" "external-mysql-password" "secrets.external.mysql"
 
-# Restore Actions settings.
-restore-secret "Actions configuration database login" "actions-config-db-login" "secrets.actions.ConfigurationDatabaseSqlLogin"
-restore-secret "Actions configuration database password" "actions-config-db-password" "secrets.actions.ConfigurationDatabaseSqlPassword"
-restore-secret "Actions framework access token key secret" "actions-framework-access-token" "secrets.actions.FrameworkAccessTokenKeySecret"
-restore-secret "Actions Url signing HMAC key primary" "actions-url-signing-hmac-key-primary" "secrets.actions.UrlSigningHmacKeyPrimary"
-restore-secret "Actions Url signing HMAC key secondary" "actions-url-signing-hmac-key-secondary" "secrets.actions.UrlSigningHmacKeySecondary"
-restore-secret "Actions OAuth S2S signing cert" "actions-oauth-s2s-signing-cert" "secrets.actions.OAuthS2SSigningCert"
-restore-secret "Actions OAuth S2S signing key" "actions-oauth-s2s-signing-key" "secrets.actions.OAuthS2SSigningKey"
-restore-secret "Actions OAuth S2S signing cert thumbprint" "actions-oauth-s2s-signing-cert-thumbprint" "secrets.actions.OAuthS2SSigningCertThumbprint"
-restore-secret "Actions primary encryption cert thumbprint" "actions-primary-encryption-cert-thumbprint" "secrets.actions.PrimaryEncryptionCertificateThumbprint"
-restore-secret "Actions AAD cert thumbprint" "actions-aad-cert-thumbprint" "secrets.actions.AADCertThumbprint"
-restore-secret "Actions delegated auth cert thumbprint" "actions-delegated-auth-cert-thumbprint" "secrets.actions.DelegatedAuthCertThumbprint"
-restore-secret "Actions runtime service principal cert" "actions-runtime-service-principal-cert" "secrets.actions.RuntimeServicePrincipalCertificate"
-restore-secret "Actions S2S encryption cert" "actions-s2s-encryption-cert" "secrets.actions.S2SEncryptionCertificate"
-restore-secret "Actions secondary encryption cert thumbprint" "actions-secondary-encryption-cert-thumbprint" "secrets.actions.SecondaryEncryptionCertificateThumbprint"
-restore-secret "Actions service principal cert" "actions-service-principal-cert" "secrets.actions.ServicePrincipalCertificate"
-restore-secret "Actions SPS validation cert thumbprint" "actions-sps-validation-cert-thumbprint" "secrets.actions.SpsValidationCertThumbprint"
-
 # work around issue importing settings with bad storage mode values
 ( cat "$GHE_RESTORE_SNAPSHOT_PATH/settings.json" && echo ) |
   sed 's/"storage_mode": "device"/"storage_mode": "rootfs"/' |
diff --git a/test/test-ghe-backup.sh b/test/test-ghe-backup.sh
@@ -490,7 +490,7 @@ begin_test "ghe-backup takes backup of Actions files"
   enable_actions
 
   output=$(ghe-backup -v)
-  echo $output | grep "Transferring actions files from"
+  echo $output | grep "Transferring Actions files from"
   
   diff -ru "$GHE_REMOTE_DATA_USER_DIR/actions" "$GHE_DATA_DIR/current/actions"
 )
diff --git a/test/test-ghe-restore.sh b/test/test-ghe-restore.sh
@@ -377,7 +377,7 @@ begin_test "ghe-restore with Actions data"
 
   output=$(ghe-restore -v -f localhost 2>&1)
 
-  echo "$output" | grep -q "Transferring actions files to"
+  echo "$output" | grep -q "Transferring Actions files to"
 
   diff -ru "$GHE_REMOTE_DATA_USER_DIR/actions" "$GHE_DATA_DIR/current/actions"
 )

Original file line number	Diff line number	Diff line change
`@@ -490,7 +490,7 @@ begin_test "ghe-backup takes backup of Actions files"`
`490`	`490`	`enable_actions`
`491`	`491`
`492`	`492`	`output=$(ghe-backup -v)`
`493`		`- echo $output \| grep "Transferring actions files from"`
	`493`	`+ echo $output \| grep "Transferring Actions files from"`
`494`	`494`
`495`	`495`	`diff -ru "$GHE_REMOTE_DATA_USER_DIR/actions" "$GHE_DATA_DIR/current/actions"`
`496`	`496`	`)`
Original file line number	Diff line number	Diff line change
`@@ -377,7 +377,7 @@ begin_test "ghe-restore with Actions data"`
`377`	`377`
`378`	`378`	`output=$(ghe-restore -v -f localhost 2>&1)`
`379`	`379`
`380`		`- echo "$output" \| grep -q "Transferring actions files to"`
	`380`	`+ echo "$output" \| grep -q "Transferring Actions files to"`
`381`	`381`
`382`	`382`	`diff -ru "$GHE_REMOTE_DATA_USER_DIR/actions" "$GHE_DATA_DIR/current/actions"`
`383`	`383`	`)`