feat: hub#18237 - Export/Import Automatic Dabtabase#11
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions setup to export a database dump via Ansible/SSM, store it as an artifact, and upload it to S3, exposed as a reusable workflow and a template entrypoint.
Changes:
- Added a workflow template to trigger DB export/import on pushes to specific branches.
- Added a reusable workflow (
workflow_call) that runs the export, saves an artifact, then uploads to S3.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 11 comments.
| File | Description |
|---|---|
| templates/database-export.yml | Adds a template workflow that calls the shared copy-database reusable workflow with environment selection and AWS role secrets. |
| .github/workflows/copy-database.yml | Implements the reusable workflow to export DB via Ansible, upload/download artifacts, and push the dump to S3. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| secrets: | ||
| aws-oidc-role-arn: | ||
| required: true | ||
| tm-tmdt-aws-oidc-role-arn: | ||
| required: true |
There was a problem hiding this comment.
The workflow declares workflow_call secrets aws-oidc-role-arn and tm-tmdt-aws-oidc-role-arn, but the job references different secret names (TM_CLIENT_AWS_OIDC_ROLE_ARN and aws-deploy-role-arn). This will fail at runtime because those secrets are not provided by workflow_call. Align all references to the declared secret names (or rename the declared secrets to match) and use those consistently for role-to-assume and any env vars.
| - name: Download artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: db-dump | ||
| path: . |
There was a problem hiding this comment.
The uploaded artifact path is ./dump/latest.sql.gz, but after download to path: . the file will typically be restored under ./dump/latest.sql.gz, not ./latest.sql.gz. As written, gzip -d latest.sql.gz and aws s3 cp latest.sql ... are likely to fail due to wrong paths. Either download into ./dump (or adjust the commands to reference dump/latest.sql.gz and dump/latest.sql) so the paths match.
| retention-days: 1 | ||
|
|
||
| Upload: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
ubuntu-latest and the container tag :latest can change over time and introduce unexpected breakages. Prefer pinning to a specific runner image (if your org standard allows) and pinning the container image to an immutable digest (or at least a version tag) for more reproducible runs.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
🎉 This PR is included in version 1.6.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
No description provided.