feat: Add process for automated contentful backups #19

Workflow file for this run

.github/workflows/contentful-backup.yml at 59e21fb

	name: Contentful Backup
	on:
	pull_request:
	schedule:
	- cron: 0 0 * * *
	workflow_dispatch:
	inputs:
	environment:
	description: Which Contentful environment to backup
	required: true
	type: choice
	options: [ 'Dev', 'Tst', 'Staging', 'Production' ]
	default: 'Staging'

	jobs:
	backup_content:
	runs-on: ubuntu-latest
	environment: ${{ inputs.environment \|\| 'Dev' }}
	name: Backup content for ${{ inputs.environment \|\| 'Dev' }}
	env:
	az_keyvault_name: ${{ secrets.AZ_ENVIRONMENT }}${{ secrets.DFE_PROJECT_NAME }}-kv
	az_resource_group_name: ${{ secrets.AZ_ENVIRONMENT }}${{ secrets.DFE_PROJECT_NAME }}
	az_sql_database_server_name: ${{ secrets.AZ_ENVIRONMENT }}${{ secrets.DFE_PROJECT_NAME }}
	az_keyvault_contentful_environment: contentful--environment
	az_keyvault_contentful_space_id: contentful--spaceid
	az_keyvault_contentful_delivery_token: contentful--deliveryapikey
	az_keyvault_contentful_backup_storage_key: contentful--backupstoragekey
	az_keyvault_contentful_management_token: contentful--managementtoken
	SQL_IP_NAME: export-processor
	USE_PREVIEW: true
	SAVE_FILE: true
	OUTPUT_FILE_DIR: "./output/"

	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Login with AZ
	uses: ./.github/actions/azure-login
	with:
	az_tenant_id: ${{ secrets.AZ_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	az_client_id: ${{ secrets.AZ_CLIENT_ID }}
	az_client_secret: ${{ secrets.AZ_CLIENT_SECRET }}

	- name: Get workflow IP address
	id: whats-my-ip
	uses: ./.github/actions/whats-my-ip-address

	- name: Add Azure firewall rules
	uses: ./.github/actions/azure-ip-whitelist
	with:
	ip_address: ${{ steps.whats-my-ip.outputs.ip }}
	verb: "add"
	az_keyvault_name: ${{ env.az_keyvault_name }}
	az_ip_name: ${{ env.SQL_IP_NAME }}
	az_resource_group: ${{ env.az_resource_group_name}}
	az_sql_database_server_name: ${{ env.az_sql_database_server_name }}

	- name: Get secrets
	id: get-contentful-export-secrets
	shell: bash
	run: \|
	environment=$(az keyvault secret show --name ${{ env.az_keyvault_contentful_environment }} --vault-name ${{ env.az_keyvault_name }} --query value -o tsv)
	space_id=$(az keyvault secret show --name ${{ env.az_keyvault_contentful_space_id }} --vault-name ${{ env.az_keyvault_name }} --query value -o tsv)
	delivery_token=$(az keyvault secret show --name ${{ env.az_keyvault_contentful_delivery_token }} --vault-name ${{ env.az_keyvault_name }} --query value -o tsv)
	backup_storage_key=$(az keyvault secret show --name ${{ env.az_keyvault_contentful_backup_storage_key }} --vault-name ${{ env.az_keyvault_name }} --query value -o tsv)
	management_token=$(az keyvault secret show --name ${{ env.az_keyvault_contentful_management_token }} --vault-name ${{ env.az_keyvault_name }} --query value -o tsv)
	echo "::add-mask::$environment"
	echo "::add-mask::$space_id"
	echo "::add-mask::$delivery_token"
	echo "::add-mask::$backup_storage_key"
	echo "::add-mask::$management_token"
	echo "ENVIRONMENT=$environment" >> $GITHUB_ENV
	echo "SPACE_ID=$space_id" >> $GITHUB_ENV
	echo "DELIVERY_TOKEN=$delivery_token" >> $GITHUB_ENV
	echo "BACKUP_STORAGE_KEY=$backup_storage_key" >> $GITHUB_ENV
	echo "MANAGEMENT_TOKEN=$management_token" >> $GITHUB_ENV

	- name: Install contentful-exporter
	working-directory: ./contentful/export-processor
	run: npm i

	- name: Export contentful data
	working-directory: ./contentful/export-processor
	run: npm run export-all-only

	- name: Upload export to Azure storage container
	working-directory: ./contentful/export-processor
	run: \|
	json_files=(output/*/.json)
	backup="${json_files[0]}"
	account_name=$(echo "${az_resource_group_name}content" \| sed 's/-//g')
	az storage blob upload \
	--account-name "$account_name" \
	--account-key "$BACKUP_STORAGE_KEY" \
	--container-name backups-container \
	--file "$backup"

	- name: Remove Azure Firewall Rules
	if: always()
	uses: ./.github/actions/azure-ip-whitelist
	with:
	ip_address: ${{ steps.what-is-my-ip.outputs.ip }}
	verb: "remove"
	az_keyvault_name: ${{ env.az_keyvault_name }}
	az_ip_name: ${{ env.SQL_IP_NAME }}
	az_resource_group: ${{ env.az_resource_group_name}}
	az_sql_database_server_name: ${{ env.az_sql_database_server_name }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Add process for automated contentful backups #19

Workflow file

feat: Add process for automated contentful backups #19

Jobs

Run details

Workflow file for this run