opencrvs
diff --git a/‎.github/workflows/deploy-prod.yml‎
Lines changed: 35 additions & 49 deletions b/‎.github/workflows/deploy-prod.yml‎
Lines changed: 35 additions & 49 deletions
diff --git a/‎.github/workflows/deploy.yml‎
Lines changed: 48 additions & 48 deletions b/‎.github/workflows/deploy.yml‎
Lines changed: 48 additions & 48 deletions
diff --git a/‎.github/workflows/extract-backup-file.yml‎
Lines changed: 63 additions & 0 deletions b/‎.github/workflows/extract-backup-file.yml‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎.github/workflows/get-secret-from-environment.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/get-secret-from-environment.yml‎
Lines changed: 2 additions & 0 deletions
@@ -14,7 +14,7 @@ on:
       core-image-tag:
         description: Core DockerHub image tag
         required: true
-        default: 'v1.6.1'
+        default: 'v1.6.3'
       countryconfig-image-tag:
         description: Your Country Config DockerHub image tag
         required: true
@@ -28,11 +28,34 @@ jobs:
       - uses: trstringer/manual-approval@v1
         with:
           secret: ${{ github.TOKEN }}
-          approvers: euanmillar,rikukissa
+          approvers: rochel07,solomcfly
           minimum-approvals: 1
           issue-title: 'Deploy (${{ github.event.inputs.environment }}): core: ${{ github.event.inputs.core-image-tag }} country config: ${{ github.event.inputs.countryconfig-image-tag }}'
           issue-body: 'Please approve or deny the deployment of core: ${{ github.event.inputs.core-image-tag }} country config: ${{ github.event.inputs.countryconfig-image-tag }} to ${{ github.event.inputs.environment }}'
           exclude-workflow-initiator-as-approver: false
+      - name: Set ENV_VAR dynamically
+        run: echo "ENV_VAR=ENV_${{ github.event.inputs.environment }}" >> $GITHUB_ENV
+
+      - name: Create .env file
+        run: |
+          echo "${{ vars[env.ENV_VAR] }}" | sed 's/[[:space:]]*$//' | awk -F= '{print $1 "=\"" $2 "\""}' > .env.${{ github.event.inputs.environment }}
+
+      - name: Load environment variables
+        run: |
+          set -a
+          source .env.${{ github.event.inputs.environment }}
+          set +a
+
+      - name: Charger les variables autrement
+        run: |
+          while IFS= read -r line; do
+            if [[ ! -z "$line" && "$line" != \#* ]]; then
+              line=$(echo "$line" | sed -E 's/^([^=]+)="(.*)"$/\1=\2/')
+              export "$line"
+              echo "$line" >> $GITHUB_ENV
+            fi
+          done < .env.${{ github.event.inputs.environment }}
+
       - name: Clone core
         uses: actions/checkout@v3
         with:
@@ -64,11 +87,12 @@ jobs:
           cat ./infrastructure/known-hosts >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
 
-      - name: Install SSH Key
+      - name: Install SSH Key for Prod
         uses: shimataro/ssh-key-action@v2
         with:
-          key: ${{ secrets.SSH_KEY }}
+          key: ${{ secrets.SSH_KEY_PROD }}
           known_hosts: ${{ env.KNOWN_HOSTS }}
+        if: ${{ github.event.inputs.environment == 'production' }}
 
       - name: Unset KNOWN_HOSTS variable
         run: |
@@ -95,56 +119,18 @@ jobs:
             sleep 10
           done
 
-      - name: Export all secrets and environment variables
-        run: |
-          cd ./${{ github.event.repository.name }}
-
-          SECRETS_JSON_WITH_NEWLINES=$(cat<<EOF
-            ${{ toJSON(secrets) }}
-          EOF)
-
-          #
-          # Secrets & variables with newlines are filtered out automatically
-          # This includes SSH_KEY and KNOWN_HOSTS
-          #
-          while IFS= read -r secret; do
-            echo "$secret" >> .env.${{ github.event.inputs.environment }}
-          done < <(
-            jq -r '
-              to_entries |
-              map(
-                select(.value | test("\n") | not) |
-                "\(.key)=\"\(.value)\""
-              ) |
-              .[]' <<< "$SECRETS_JSON_WITH_NEWLINES"
-          )
-
-          VARS_JSON_WITH_NEWLINES=$(cat<<EOF
-            ${{ toJSON(vars) }}
-          EOF)
-
-          while IFS= read -r var; do
-            echo "$var" >> .env.${{ github.event.inputs.environment }}
-          done < <(
-            jq -r '
-              to_entries |
-              map(
-                select(.value | test("\n") | not) |
-                "\(.key)=\"\(.value)\""
-              ) |
-              .[]' <<< "$VARS_JSON_WITH_NEWLINES"
-          )
-
       - name: Deploy to ${{ github.event.inputs.environment }}
         run: |
+          export DOCKER_USERNAME="${{ secrets.DOCKER_USERNAME }}"
+          export DOCKER_TOKEN="${{ secrets.DOCKER_TOKEN }}"
           cd ./${{ github.event.repository.name }}
           yarn deploy \
           --clear_data=no \
           --environment=${{ github.event.inputs.environment }} \
-          --host=${{ vars.DOMAIN }} \
-          --ssh_host=${{ vars.SSH_HOST || secrets.SSH_HOST }} \
-          --ssh_port=${{ vars.SSH_PORT || secrets.SSH_PORT }} \
-          --ssh_user=${{ secrets.SSH_USER }} \
+          --host=$DOMAIN \
+          --ssh_host=$SSH_HOST \
+          --ssh_port=$SSH_PORT \
+          --ssh_user=$SSH_USER \
           --version=${{ github.event.inputs.core-image-tag }} \
           --country_config_version=${{ github.event.inputs.countryconfig-image-tag }} \
-          --replicas=${{ vars.REPLICAS }}
+          --replicas=$REPLICAS
@@ -15,7 +15,7 @@ on:
       core-image-tag:
         description: Core DockerHub image tag
         required: true
-        default: 'v1.6.1'
+        default: 'v1.6.3'
       countryconfig-image-tag:
         description: Your Country Config DockerHub image tag
         required: true
@@ -31,6 +31,29 @@ jobs:
       outcome: ${{ steps.deploy.outcome }}
     timeout-minutes: 60
     steps:
+      - name: Set ENV_VAR dynamically
+        run: echo "ENV_VAR=ENV_${{ github.event.inputs.environment }}" >> $GITHUB_ENV
+
+      - name: Create .env file
+        run: |
+          echo "${{ vars[env.ENV_VAR] }}" | sed 's/[[:space:]]*$//' | awk -F= '{print $1 "=\"" $2 "\""}' > .env.${{ github.event.inputs.environment }}
+
+      - name: Load environment variables
+        run: |
+          set -a
+          source .env.${{ github.event.inputs.environment }}
+          set +a
+
+      - name: Charger les variables autrement
+        run: |
+          while IFS= read -r line; do
+            if [[ ! -z "$line" && "$line" != \#* ]]; then
+              line=$(echo "$line" | sed -E 's/^([^=]+)="(.*)"$/\1=\2/')
+              export "$line"
+              echo "$line" >> $GITHUB_ENV
+            fi
+          done < .env.${{ github.event.inputs.environment }}
+
       - name: Clone core
         uses: actions/checkout@v3
         with:
@@ -62,11 +85,26 @@ jobs:
           cat ./infrastructure/known-hosts >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
 
-      - name: Install SSH Key
+      - name: Install SSH Key for QA
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.SSH_KEY_QA }}
+          known_hosts: ${{ env.KNOWN_HOSTS }}
+        if: ${{ github.event.inputs.environment == 'qa' }}
+
+      - name: Install SSH Key for Staging
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.SSH_KEY_STAGING }}
+          known_hosts: ${{ env.KNOWN_HOSTS }}
+        if: ${{ github.event.inputs.environment == 'staging' }}
+
+      - name: Install SSH Key for Prod
         uses: shimataro/ssh-key-action@v2
         with:
-          key: ${{ secrets.SSH_KEY }}
+          key: ${{ secrets.SSH_KEY_PROD }}
           known_hosts: ${{ env.KNOWN_HOSTS }}
+        if: ${{ github.event.inputs.environment == 'production' }}
 
       - name: Unset KNOWN_HOSTS variable
         run: |
@@ -93,60 +131,22 @@ jobs:
             sleep 10
           done
 
-      - name: Export all secrets and environment variables
-        run: |
-          cd ./${{ github.event.repository.name }}
-
-          SECRETS_JSON_WITH_NEWLINES=$(cat<<EOF
-            ${{ toJSON(secrets) }}
-          EOF)
-
-          #
-          # Secrets & variables with newlines are filtered out automatically
-          # This includes SSH_KEY and KNOWN_HOSTS
-          #
-          while IFS= read -r secret; do
-            echo "$secret" >> .env.${{ github.event.inputs.environment }}
-          done < <(
-            jq -r '
-              to_entries |
-              map(
-                select(.value | test("\n") | not) |
-                "\(.key)=\"\(.value)\""
-              ) |
-              .[]' <<< "$SECRETS_JSON_WITH_NEWLINES"
-          )
-
-          VARS_JSON_WITH_NEWLINES=$(cat<<EOF
-            ${{ toJSON(vars) }}
-          EOF)
-
-          while IFS= read -r var; do
-            echo "$var" >> .env.${{ github.event.inputs.environment }}
-          done < <(
-            jq -r '
-              to_entries |
-              map(
-                select(.value | test("\n") | not) |
-                "\(.key)=\"\(.value)\""
-              ) |
-              .[]' <<< "$VARS_JSON_WITH_NEWLINES"
-          )
-
       - name: Deploy to ${{ github.event.inputs.environment }}
         id: deploy
         run: |
+          export DOCKER_USERNAME="${{ secrets.DOCKER_USERNAME }}"
+          export DOCKER_TOKEN="${{ secrets.DOCKER_TOKEN }}"
           cd ./${{ github.event.repository.name }}
           yarn deploy \
           --clear_data=no \
           --environment=${{ github.event.inputs.environment }} \
-          --host=${{ vars.DOMAIN }} \
-          --ssh_host=${{ vars.SSH_HOST || secrets.SSH_HOST }} \
-          --ssh_port=${{ vars.SSH_PORT || secrets.SSH_PORT }} \
-          --ssh_user=${{ secrets.SSH_USER }} \
+          --host=$DOMAIN \
+          --ssh_host=$SSH_HOST \
+          --ssh_port=$SSH_PORT \
+          --ssh_user=$SSH_USER \
           --version=${{ github.event.inputs.core-image-tag }} \
           --country_config_version=${{ github.event.inputs.countryconfig-image-tag }} \
-          --replicas=${{ vars.REPLICAS }}
+          --replicas=$REPLICAS
 
   reset:
     needs: deploy
 
@@ -0,0 +1,63 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# OpenCRVS is also distributed under the terms of the Civil Registration
+# & Healthcare Disclaimer located at http://opencrvs.org/license.
+#
+# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
+name: Extract backup file on environment
+
+on:
+  workflow_dispatch:
+    inputs:
+      backup-destination-environment:
+        type: choice
+        description: Environment backup file is located
+        required: true
+        default: qa
+        options:
+          - qa
+          - staging
+          - production
+      version_label:
+        description: The version label for the backups
+        required: true
+jobs:
+  extract-backup-file:
+    environment: ${{ github.event.inputs.backup-destination-environment }}
+    runs-on: ubuntu-22.04
+    env:
+      BACKUP_DESTINATION_SSH_HOST: ${{ vars.SSH_HOST || secrets.SSH_HOST }}
+      BACKUP_DESTINATION_SSH_PORT: ${{ vars.SSH_PORT || secrets.SSH_PORT }}
+      BACKUP_DESTINATION_SSH_USER: ${{ secrets.SSH_USER }}
+      BACKUP_DESTINATION_SSH_KEY: ${{ secrets.SSH_KEY }}
+      BACKUP_DESTINATION_DIR: /tmp/backup-${{ github.event.inputs.version_label }}/${{ github.event.inputs.version_label }}
+    steps:
+      - name: Clone country config resource package
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          path: './${{ github.event.repository.name }}'
+
+      - name: Read known hosts
+        run: |
+          cd ${{ github.event.repository.name }}
+          echo "KNOWN_HOSTS<<EOF" >> $GITHUB_ENV
+          sed -i -e '$a\' ./infrastructure/known-hosts
+          cat ./infrastructure/known-hosts >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+
+      - name: Install SSH Key
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ env.BACKUP_DESTINATION_SSH_KEY }}
+          known_hosts: ${{ env.KNOWN_HOSTS }}
+      - name: Extract backup data in backup environment
+        run: |
+          cd ${{ github.event.repository.name }}
+          scp -P $BACKUP_DESTINATION_SSH_PORT infrastructure/backups/extract-backup.sh $BACKUP_DESTINATION_SSH_USER@$BACKUP_DESTINATION_SSH_HOST:/tmp/
+          ssh $BACKUP_DESTINATION_SSH_USER@$BACKUP_DESTINATION_SSH_HOST -p $BACKUP_DESTINATION_SSH_PORT "\
+          sudo bash /tmp/extract-backup.sh \
+          --label=${{ github.event.inputs.version_label }} \
+          --backup_raw_files_dir=$BACKUP_DESTINATION_DIR >> /tmp/opencrvs-backup-extract-${{ github.event.inputs.version_label }}.log 2>&1"
@@ -27,6 +27,8 @@ on:
         required: false
       SSH_KEY:
         required: false
+      SSH_USER:
+        required: false
 
 jobs:
   check-environment: