Reset production by adskyiproger #18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Reset environment | |
| run-name: "Reset ${{ inputs.environment }} by ${{ github.actor }}" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: "Target environment" | |
| required: true | |
| default: "dev" | |
| type: choice | |
| options: | |
| - demo1 | |
| - production | |
| - staging | |
| workflow_call: | |
| inputs: | |
| environment: | |
| type: string | |
| jobs: | |
| approve: | |
| environment: ${{ inputs.environment }} | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 60 | |
| steps: | |
| - name: Waiting for manual approval | |
| if: ${{ (vars.APPROVAL_REQUIRED || 'false') == 'true' }} | |
| uses: trstringer/manual-approval@v1 | |
| with: | |
| secret: ${{ github.TOKEN }} | |
| approvers: ${{ vars.GH_APPROVERS }} | |
| minimum-approvals: 3 | |
| issue-title: "Reset environment (${{ inputs.environment }})" | |
| issue-body: > | |
| Please approve or deny ${{ inputs.environment }} environment reset | |
| initiated from GitHub Actions by @${{ github.actor }}. | |
| exclude-workflow-initiator-as-approver: false | |
| prepare: | |
| needs: approve | |
| outputs: | |
| values-file: ${{ steps.get-values.outputs.values-file }} | |
| env: | |
| namespace: opencrvs-${{ inputs.environment }} | |
| runs-on: | |
| - self-hosted | |
| - k8s | |
| - ${{ inputs.environment }} | |
| steps: | |
| - name: Get helm release values and Quote specific fields that are commonly numeric | |
| id: get-values | |
| run: | | |
| helm get values opencrvs -n ${namespace} -ojson | \ | |
| jq ' | |
| if has("image") and (.image | has("tag")) and (.image.tag | type == "number") then | |
| .image.tag = (.image.tag | tostring) | |
| else . end | | |
| if has("version") and (.version | type == "number") then | |
| .version = (.version | tostring) | |
| else . end | | |
| if has("service") and (.service | has("port")) and (.service.port | type == "number") then | |
| .service.port = (.service.port | tostring) | |
| else . end | |
| ' > /tmp/${namespace}.json | |
| echo "values-file=/tmp/${namespace}.json" >> $GITHUB_OUTPUT | |
| - name: Upload helm release values file /tmp/opencrvs-${{ inputs.environment }}.json | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: opencrvs-${{ inputs.environment }}-values-file | |
| path: /tmp/opencrvs-${{ inputs.environment }}.json | |
| retention-days: 1 | |
| reset: | |
| name: ${{ matrix.job-name }} | |
| needs: prepare | |
| env: | |
| namespace: opencrvs-${{ inputs.environment }} | |
| runs-on: | |
| - self-hosted | |
| - k8s | |
| - ${{ inputs.environment }} | |
| strategy: | |
| max-parallel: 1 # Ensure jobs run one by one | |
| fail-fast: true # Stop on first failure | |
| matrix: | |
| job-name: | |
| - data-cleanup | |
| - postgres-on-update-core | |
| - postgres-data-migration | |
| - postgres-on-update-analytics | |
| - data-migration | |
| steps: | |
| - name: Download helm release values file into /tmp/opencrvs-${{ inputs.environment }}.json | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: opencrvs-${{ inputs.environment }}-values-file | |
| path: /tmp | |
| - name: Create job ${{ matrix.job-name }} from helm template and apply it | |
| run: | | |
| kubectl delete job -n ${namespace} --ignore-not-found=true ${{ matrix.job-name }} | |
| helm template -f ${{ needs.prepare.outputs.values-file }} \ | |
| --set data_cleanup.enabled=true \ | |
| --set data_seed.enabled=true \ | |
| --namespace ${namespace} \ | |
| -s templates/${{ matrix.job-name }}-job.yaml \ | |
| oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f - | |
| - name: Checking ${{ matrix.job-name }} job status | |
| run: | | |
| while true; do | |
| kubectl wait --for=condition=ready pod -ljob-name=${{ matrix.job-name }} --timeout=300s -n ${namespace} && \ | |
| kubectl logs job/${{ matrix.job-name }} --all-containers -f -n ${namespace} && \ | |
| touch /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt || break; | |
| sleep 1; done & | |
| echo "---------------------- Waiting for job completion ----------------------" | |
| kubectl wait --for=condition=complete job/${{ matrix.job-name }} -n ${namespace} --timeout=600s; status=$? || true | |
| [ $status -ne 0 ] && kubectl get pods -n ${namespace} --show-labels && kubectl describe pod -ljob-name=${job_name} -n ${namespace}; | |
| [ ! -f /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt ] && kubectl logs job/${{ matrix.job-name }} --all-containers -n ${namespace} || \ | |
| rm -vf /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt | |
| kill %1 2>/dev/null && echo "Stopped log streaming" || true | |
| exit $status |