Oracle: stage-restore-points #172

Workflow file for this run

.github/workflows/oracle-db-restore-points.yml at 14bc2ee

	name: "Oracle: Restore Points"
	run-name: "Oracle: ${{ github.event.inputs.TargetEnvironment }}-restore-points"
	on:
	workflow_dispatch:
	inputs:
	TargetEnvironment:
	description: "Target environment"
	required: true
	type: choice
	options:
	- "dev"
	- "test"
	- "traing"
	- "stage"
	- "preprod"
	- "prod"
	IncludeDelius:
	description: "Include Delius databases?"
	type: choice
	default: "yes"
	options:
	- "yes"
	- "no"
	IncludeMIS:
	description: "Include MIS (Management Information & Statistics) databases?"
	type: choice
	default: "yes"
	options:
	- "yes"
	- "no"
	IncludeBOE:
	description: "Include BOE (Business Objects Enterprise) databases?"
	type: choice
	default: "yes"
	options:
	- "yes"
	- "no"
	IncludeDSD:
	description: "Include DSD databases?"
	type: choice
	default: "yes"
	options:
	- "yes"
	- "no"
	RequiredAction:
	description: "Select an action to perform against each database."
	type: choice
	options:
	- "Create Restore Point"
	- "Drop Restore Point"
	- "Report Restore Points"
	- "Flashback to Restore Point"
	RestorePointName:
	description: "Name of the restore point to create/drop/restore."
	type: string
	default: ""
	RestoreDateTime:
	description: "Date time of the restore point to create in format [DD-MM-YYYY-HH24-MI-SS]. DOES NOT ALLOW GUARANTEE FLASHBACK DATABASE"
	type: string
	default: ""
	SourceCodeVersion:
	description: "Source version for the hmpps-delius-operation-automation. Enter a pull request, branch, commit ID, tag, or reference."
	type: string
	default: "main"
	SourceConfigVersion:
	description: "Source version for the modernisation-platform-configuration-management. Enter a pull request, branch, commit ID, tag, or reference."
	type: string
	default: "main"
	env:
	ansible_config: operations/playbooks/ansible.cfg
	command: ansible-playbook operations/playbooks/oracle_restore_points/playbook.yml
	inventory: inventory/ansible

	# Allow permissions on repository and docker image and OIDC token
	permissions:
	contents: read
	packages: read
	id-token: write

	jobs:
	validate-parameters:
	environment: delius-core-dev-preapproved # Choose any environment as its only used for validating parameters
	runs-on: ubuntu-latest
	outputs:
	MisTargets: ${{ steps.mis_exists.outputs.mis_targets }}
	continue-on-error: false
	steps:

	- name: Output Input Parameters
	shell: bash
	run: \|
	echo -e "IncludeDelius: ${{ github.event.inputs.IncludeDelius }}\n\
	IncludeMIS: ${{ github.event.inputs.IncludeMIS }}\n\
	IncludeBOE: ${{ github.event.inputs.IncludeBOE }}\n\
	IncludeDSD: ${{ github.event.inputs.IncludeDSD }}\n\
	RequiredAction: ${{ github.event.inputs.RequiredAction }}\n\
	RestorePointName: ${{ github.event.inputs.RestorePointName }}\n\
	RestoreDateTime: ${{ github.event.inputs.RestoreDateTime }}\n\
	SourceCodeVersion: ${{ github.event.inputs.SourceCodeVersion }}\n\
	SourceConfigVersion: ${{ github.event.inputs.SourceConfigVersion }}"

	- name: Check Restore DateTime Input
	if: ${{ github.event.inputs.RestoreDateTime != '' }}
	shell: bash
	run: \|
	isDateInvalid()
	{
	DATE="${1}"

	# Time format hour[01..23]:min[01..59]:sec[01..59]
	TIMEFORMAT="(([012][0]\|[01][1-9]\|[2][1-3])-([012345][0-9])-([012345][0-9]))"

	# Date format day[01..31], month[01,03,05,07,08,10,12], year[1900..2099]
	DATE_1="((([123][0]\|[012][1-9])\|3[1])-(0[13578]\|1[02])-(19\|20)[0-9][0-9])"

	# Date format day[01..30], month[04,06,09,11], year[1900..2099]
	DATE_2="(([123][0]\|[012][1-9])-(0[469]\|11)-(19\|20)[0-9][0-9])"

	# Date format day[01..28], month[02], year[1900..2099]
	DATE_3="(([12][0]\|[01][1-9]\|2[1-8])-02-(19\|20)[0-9][0-9])"

	# Date format day[29], month[02], year[1904..2096]
	DATE_4="(29-02-(19\|20(0[48]\|[2468][048]\|[13579][26])))"

	# Match the date in the Regex
	if [[ "${DATE}" =~ ^((${DATE_1}\|${DATE_2}\|${DATE_3}\|${DATE_4})-${TIMEFORMAT})$ ]]
	then
	echo "Restore Datetime ${DATE} valid"
	else
	echo "Restore Datetime ${DATE} invalid!"
	exit 1
	fi
	}
	isDateInvalid '${{ github.event.inputs.RestoreDateTime }}'

	- name: Check Parameters
	if: ${{ github.event.inputs.RestorePointName != '' && github.event.inputs.RestoreDateTime != '' && github.event.inputs.RequiredAction != 'Create Restore Point' }}
	run: \|
	echo "Only Create Restore Point action allowed with both RestoreDateTime and RestorePointName"
	exit 1

	- name: Checkout modernisation-platform-configuration-management
	uses: actions/checkout@v4
	with:
	repository: ministryofjustice/modernisation-platform-configuration-management
	sparse-checkout-cone-mode: false
	sparse-checkout: \|
	ansible/hosts
	ansible/group_vars
	path: inventory
	ref: ${{ github.event.inputs.SourceConfigVersion }}
	fetch-depth: 0

	- name: Check MIS Exists In Environment
	id: mis_exists
	working-directory: ${{ env.inventory }}
	run: \|
	environment_name=environment_name_delius_mis_$(echo ${{ github.event.inputs.TargetEnvironment }} \| sed 's/dev/development_dev/;s/test/test_test/;s/training/test_training/;s/stage/preproduction_stage/;s/pre-prod/preproduction_pre_prod/;s/-prod/_production_prod/')
	# Only required to check if mis_primarydb.yml Ansible inventory group vars file exists
	# to check MIS is in this environment
	if [[ -e group_vars/${environment_name}_mis_primarydb.yml ]]
	then
	[ "${{ github.event.inputs.IncludeMIS }}" == "yes" ] && mis_targets=${environment_name}_mis_dbs,
	[ "${{ github.event.inputs.IncludeBOE }}" == "yes" ] && mis_targets=${mis_targets}${environment_name}_boe_dbs,
	[ "${{ github.event.inputs.IncludeDSD }}" == "yes" ] && mis_targets=${mis_targets}${environment_name}_dsd_dbs
	fi
	echo "mis_targets=${mis_targets}" >> $GITHUB_OUTPUT

	oracle-restore-points-delius:
	needs: validate-parameters
	if: ${{ github.event.inputs.IncludeDelius == 'yes' }}
	environment: delius-core-${{ github.event.inputs.TargetEnvironment }}-preapproved
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/ministryofjustice/hmpps-delius-operational-automation:0.78.0
	timeout-minutes: 1440
	continue-on-error: false
	steps:

	- name: Checkout hmpps-delius-operation-automation
	uses: actions/checkout@v4
	with:
	sparse-checkout-cone-mode: false
	sparse-checkout: \|
	playbooks/oracle_restore_points
	playbooks/block_sessions
	playbooks/oracle_password_rotation
	playbooks/oem_blackout
	playbooks/oracle_audit_replication_management
	playbooks/ansible.cfg
	common/*
	path: operations
	ref: ${{ github.event.inputs.SourceCodeVersion }}
	fetch-depth: 0

	- name: Checkout modernisation-platform-configuration-management
	uses: actions/checkout@v4
	with:
	repository: ministryofjustice/modernisation-platform-configuration-management
	sparse-checkout-cone-mode: false
	sparse-checkout: \|
	ansible/hosts
	ansible/group_vars
	path: inventory
	ref: ${{ github.event.inputs.SourceConfigVersion }}
	fetch-depth: 0

	- name: Checkout Ansible Required Roles From modernisation-platform-configuration-management
	uses: actions/checkout@v4
	with:
	repository: ministryofjustice/modernisation-platform-configuration-management
	sparse-checkout-cone-mode: false
	sparse-checkout: \|
	ansible/roles/secretsmanager-passwords
	ansible/roles/get-modernisation-platform-facts
	path: roles
	ref: ${{ github.event.inputs.SourceConfigVersion }}
	fetch-depth: 0

	- name: Define Delius Targets
	id: definetargets
	run: \|
	delius_target=environment_name_delius_core_$(echo ${{ github.event.inputs.TargetEnvironment }} \| sed 's/dev/development_dev/;s/test/test_test/;s/training/test_training/;s/stage/preproduction_stage/;s/pre-prod/preproduction_pre_prod/;s/-prod/_production_prod/')_delius_dbs
	echo "delius_target=${delius_target}" >> $GITHUB_OUTPUT

	- name: Configure AWS Credentials
	id: login-aws
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
	role-session-name: "hmpps-delius-operational-automation-${{ github.run_number }}"
	aws-region: "eu-west-2"
	role-duration-seconds: 21600

	- name: Start Ansible Restore Points
	shell: bash
	run: \|
	export ANSIBLE_CONFIG=$ansible_config
	ln -s $PWD/operations/playbooks/oracle_audit_replication_management/oracle_audit_replication_management $PWD/roles/ansible/roles/oracle_audit_replication_management
	ln -s $PWD/roles/ansible/roles $PWD/operations/playbooks/oracle_restore_points/roles
	ln -s $PWD/roles/ansible/roles $PWD/operations/playbooks/oracle_password_rotation/roles
	$command -i $inventory -e ansible_aws_ssm_bucket_name=${{ vars.ANSIBLE_AWS_SSM_BUCKET_NAME }} \
	-e target_dbs=${{ steps.definetargets.outputs.delius_target }} \
	-e "required_action='${{ github.event.inputs.RequiredAction }}'" \
	-e restore_point_name=${{ github.event.inputs.RestorePointName }} \
	-e restore_date_time=${{ github.event.inputs.RestoreDateTime }}

	oracle-restore-points-mis:
	needs: validate-parameters
	if: ${{ needs.validate-parameters.outputs.MisTargets != '' }}
	environment: delius-mis-${{ github.event.inputs.TargetEnvironment }}-preapproved
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/ministryofjustice/hmpps-delius-operational-automation:0.78.0
	timeout-minutes: 1440
	continue-on-error: false
	steps:

	- name: Checkout modernisation-platform-configuration-management
	uses: actions/checkout@v4
	with:
	repository: ministryofjustice/modernisation-platform-configuration-management
	sparse-checkout-cone-mode: false
	sparse-checkout: \|
	ansible/hosts
	ansible/group_vars
	path: inventory
	ref: ${{ github.event.inputs.SourceConfigVersion }}
	fetch-depth: 0

	- name: Checkout hmpps-delius-operation-automation
	uses: actions/checkout@v4
	with:
	sparse-checkout-cone-mode: false
	sparse-checkout: \|
	playbooks/oracle_restore_points
	playbooks/block_sessions
	playbooks/oracle_password_rotation
	playbooks/oem_blackout
	playbooks/ansible.cfg
	common/*
	path: operations
	ref: ${{ github.event.inputs.SourceCodeVersion }}
	fetch-depth: 0

	- name: Checkout Ansible Required Roles From modernisation-platform-configuration-management
	uses: actions/checkout@v4
	with:
	repository: ministryofjustice/modernisation-platform-configuration-management
	sparse-checkout-cone-mode: false
	sparse-checkout: \|
	ansible/roles/secretsmanager-passwords
	ansible/roles/get-modernisation-platform-facts
	path: roles
	ref: ${{ github.event.inputs.SourceConfigVersion }}
	fetch-depth: 0

	- name: Configure AWS Credentials
	id: login-aws
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
	role-session-name: "hmpps-delius-operational-automation-${{ github.run_number }}"
	role-duration-seconds: 21600
	aws-region: "eu-west-2"

	- name: Start Ansible Restore Points
	shell: bash
	run: \|
	export ANSIBLE_CONFIG=$ansible_config
	ln -s $PWD/roles/ansible/roles $PWD/operations/playbooks/oracle_restore_points/roles
	ln -s $PWD/roles/ansible/roles $PWD/operations/playbooks/oracle_password_rotation/roles
	$command -i $inventory -e ansible_aws_ssm_bucket_name=${{ vars.ANSIBLE_AWS_SSM_BUCKET_NAME }} \
	-e target_dbs=${{ needs.validate-parameters.outputs.MisTargets }} \
	-e "required_action='${{ github.event.inputs.RequiredAction }}'" \
	-e restore_point_name=${{ github.event.inputs.RestorePointName }} \
	-e restore_date_time=${{ github.event.inputs.RestoreDateTime }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Oracle: stage-restore-points #172

Workflow file

Oracle: stage-restore-points #172

Jobs

Run details

Workflow file for this run