-
Notifications
You must be signed in to change notification settings - Fork 2
147 lines (139 loc) · 6.07 KB
/
clear-all-data.yml
File metadata and controls
147 lines (139 loc) · 6.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: 08. Clear all environment data
run-name: "Clear all data on ${{ inputs.environment }} environment"
on:
workflow_dispatch:
inputs:
environment:
description: "Target environment"
required: true
default: "dev"
type: choice
options:
- ""
workflow_call:
inputs:
environment:
type: string
jobs:
approve:
environment: ${{ inputs.environment }}
runs-on: ubuntu-24.04
timeout-minutes: 60
steps:
- name: Waiting for manual approval
if: ${{ (vars.APPROVAL_REQUIRED || 'false') == 'true' }}
uses: trstringer/manual-approval@v1
with:
secret: ${{ github.TOKEN }}
approvers: ${{ vars.GH_APPROVERS }}
minimum-approvals: 3
issue-title: "Reset environment (${{ inputs.environment }})"
issue-body: >
3 separate users must approve to reset data on production.
> [!WARNING]
> **Are you sure what you are doing?**
**You are clearing all CITIZENS data on production!!**
Please approve or deny ${{ inputs.environment }} environment reset
initiated from GitHub Actions by @${{ github.actor }}.
exclude-workflow-initiator-as-approver: false
prepare:
needs: approve
outputs:
values-file: ${{ steps.get-values.outputs.values-file }}
version: ${{ steps.helm-version.outputs.version }}
env:
namespace: opencrvs-${{ inputs.environment }}
runs-on:
- self-hosted
- k8s
- ${{ inputs.environment }}
steps:
- name: Get deployed Helm chart version
id: helm-version
run: |
if ! helm list -n ${namespace} | grep -q opencrvs; then
echo "❌ Error: No OpenCRVS Helm release found in namespace"
echo "or there is in-progress deployment"
exit 1
fi
DEPLOYED_VERSION=$(helm list -n ${namespace} -o json | jq -r '.[] | select(.name=="opencrvs") | .chart' | sed 's/opencrvs-services-//')
if [ -z "$DEPLOYED_VERSION" ]; then
echo "❌ Error: Could not determine deployed version"
exit 1
fi
echo "version=$DEPLOYED_VERSION" >> $GITHUB_OUTPUT
echo "📊 Using deployed Helm chart version: $DEPLOYED_VERSION"
- name: Get helm release values and Quote specific fields that are commonly numeric
id: get-values
run: |
helm get values opencrvs -n ${namespace} -ojson | \
jq '
if has("image") and (.image | has("tag")) and (.image.tag | type == "number") then
.image.tag = (.image.tag | tostring)
else . end |
if has("version") and (.version | type == "number") then
.version = (.version | tostring)
else . end |
if has("service") and (.service | has("port")) and (.service.port | type == "number") then
.service.port = (.service.port | tostring)
else . end
' > /tmp/${namespace}.json
echo "values-file=/tmp/${namespace}.json" >> $GITHUB_OUTPUT
- name: Upload helm release values file /tmp/opencrvs-${{ inputs.environment }}.json
uses: actions/upload-artifact@v4
with:
name: opencrvs-${{ inputs.environment }}-values-file
path: /tmp/opencrvs-${{ inputs.environment }}.json
retention-days: 1
reset:
name: ${{ matrix.job-name }}
needs: prepare
env:
namespace: opencrvs-${{ inputs.environment }}
runs-on:
- self-hosted
- k8s
- ${{ inputs.environment }}
strategy:
max-parallel: 1 # Ensure jobs run one by one
fail-fast: true # Stop on first failure
matrix:
job-name:
- data-cleanup
- postgres-on-deploy
- data-migration
- data-migration-analytics
steps:
- name: Download helm release values file into /tmp/opencrvs-${{ inputs.environment }}.json
uses: actions/download-artifact@v5
with:
name: opencrvs-${{ inputs.environment }}-values-file
path: /tmp
- name: Create job ${{ matrix.job-name }} from helm template and apply it
run: |
kubectl delete job -n ${namespace} --ignore-not-found=true ${{ matrix.job-name }}
echo "Templating with version: ${{ needs.prepare.outputs.version }}"
helm template \
--version ${{ needs.prepare.outputs.version }} \
--values ${{ needs.prepare.outputs.values-file }} \
--set data_cleanup.enabled=true \
--set data_seed.enabled=true \
--namespace ${namespace} \
--show-only templates/${{ matrix.job-name }}-job.yaml \
oci://ghcr.io/opencrvs/opencrvs-services \
| kubectl apply -n ${namespace} --wait=true -f -
echo "✅ ${{ matrix.job-name }} job created successfully"
- name: Checking ${{ matrix.job-name }} job status
run: |
while true; do
kubectl wait --for=condition=ready pod -ljob-name=${{ matrix.job-name }} --timeout=300s -n ${namespace} && \
kubectl logs job/${{ matrix.job-name }} --all-containers -f -n ${namespace} && \
touch /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt || break;
sleep 1; done &
echo "---------------------- Waiting for job completion ----------------------"
kubectl wait --for=condition=complete job/${{ matrix.job-name }} -n ${namespace} --timeout=600s; status=$? || true
[ $status -ne 0 ] && kubectl get pods -n ${namespace} --show-labels && kubectl describe pod -ljob-name=${job_name} -n ${namespace};
[ ! -f /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt ] && kubectl logs job/${{ matrix.job-name }} --all-containers -n ${namespace} || \
rm -vf /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt
kill %1 2>/dev/null && echo "Stopped log streaming" || true
exit $status