-
Notifications
You must be signed in to change notification settings - Fork 131
135 lines (123 loc) · 5.2 KB
/
recover_s3_repository.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: . ⚠️⚠️⚠️ Recover S3 Repository back in time ⚠️⚠️⚠️
on:
workflow_dispatch:
inputs:
#description: 'UTC DateTime to recover the S3 repository back in time (MM-DD-YYYY HH:MM:SS +0)'
date_year:
description: 'UTC Date YEAR (YYYY) to recover the S3 repository back in time'
type: string
required: true
date_month:
description: 'UTC Date MONTH (MM) to recover the S3 repository back in time'
type: string
required: true
date_day:
description: 'UTC Date DAY (DD) to recover the S3 repository back in time'
type: string
required: true
time:
description: 'UTC Time (HH:MM:SS) to recover the S3 repository back in time'
type: string
required: true
path:
description: 'Path under infrastructure_agent folder to recover (w/o leading nor trailing slash)'
type: string
required: true
environment:
type: choice
required: true
description: 'Environment to run the action'
options:
- staging
- production
default: 'staging'
env:
MANDATORY_PREFIX: 'infrastructure_agent/'
IMAGE: 'ghcr.io/newrelic-forks/s3-pit-restore:latest'
AWS_REGION: "us-east-1"
TEMP_AWS_PROFILE: temp_aws_profile
jobs:
recover-s3-repository:
name: Execute S3 PIT restore
runs-on: ubuntu-24.04
steps:
- name: Validate datetime
run: |
echo "Validating that datetime is in correct format"
datetime="${{ github.event.inputs.date_month }}-${{ github.event.inputs.date_day }}-${{ github.event.inputs.date_year }} ${{ github.event.inputs.time }} +0000"
# Use Python's strptome (same as s3-pit-restore) to check if it's a valid datetime
python3 -c "from datetime import datetime; datetime.strptime('$datetime', '%m-%d-%Y %H:%M:%S %z')" 2> /dev/null
exit_code=$?
if [ $exit_code -ne 0 ]; then
exit 1
fi
echo "datetime format is correct"
echo ""
echo "Validating that datetime is not in the future"
# check that datetime is not in the future
python3 -c "from datetime import datetime,timezone; import sys; sys.exit(1) if datetime.strptime('$datetime', '%m-%d-%Y %H:%M:%S %z') >= datetime.now(timezone.utc) else sys.exit(0)"
exit_code=$?
if [ $exit_code -ne 0 ]; then
exit 1
fi
echo "datetime is not in the future"
echo "DATE_TIME=$datetime" >> $GITHUB_ENV
- name: Validate path input does not have leading nor trailing slash
run: |
set -e
s3_path="${{ github.event.inputs.path }}"
# Check if the path has a leading slash
if [[ "$s3_path" == /* ]]; then
echo "Invalid path: should not have a leading slash."
exit 1
fi
# Check if the path has a trailing slash
if [[ "$s3_path" == */ ]]; then
echo "Invalid path: should not have a trailing slash."
exit 1
fi
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: newrelic-forks/s3-pit-restore
ref: master
- name: Setup AWS credentials for Production
if: ${{ github.event.inputs.environment == 'production' }}
run: |
./setup_aws_credentials.sh
env:
AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }}
AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }}
AWS_ROLE_SESSION_NAME: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_PRODUCTION }}
AWS_SESSION_DURATION_SECONDS: 14400
TEMP_AWS_PROFILE: ${{ env.TEMP_AWS_PROFILE }}
- name: Run S3 PIT restore
if: ${{ github.event.inputs.environment == 'production' }}
run: |
BUCKET="nr-downloads-main" \
PREFIX="${{ env.MANDATORY_PREFIX }}${{ github.event.inputs.path }}" \
TIME="${{ env.DATE_TIME }}" \
IMAGE="${{ env.IMAGE }}" \
AWS_PROFILE="${{ env.TEMP_AWS_PROFILE }}" \
make restore
- name: Setup AWS credentials for Staging
if: ${{ github.event.inputs.environment == 'staging' }}
run: |
./setup_aws_credentials.sh
env:
AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }}
AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }}
AWS_ROLE_SESSION_NAME: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_STAGING }}
AWS_SESSION_DURATION_SECONDS: 14400
TEMP_AWS_PROFILE: ${{ env.TEMP_AWS_PROFILE }}
- name: Run S3 PIT restore in Staging S3
if: ${{ github.event.inputs.environment == 'staging' }}
run: |
BUCKET="nr-downloads-ohai-staging" \
PREFIX="${{ env.MANDATORY_PREFIX }}${{ github.event.inputs.path }}" \
TIME="${{ env.DATE_TIME }}" \
IMAGE="${{ env.IMAGE }}" \
AWS_PROFILE="${{ env.TEMP_AWS_PROFILE }}" \
make restore