DBP-1084-rollout-to-namespaces-do-not-delete-dbs

.github/workflows/deploy-branch-to-namespace.yml → .github/workflows/convert-branch-name.yml

@@ -1,5 +1,5 @@
 ---
-name: Deploy Branch to Namespace
+name: Convert Branch Name
 
 on:
   workflow_call:
@@ -18,10 +18,11 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       namespace_from_branch: ${{ steps.create_branch_identifier.outputs.namespace_from_branch }}
+    # This step will match and return either text-1234 or text-1234-1234 from the input branch name
     steps:
       - id: create_branch_identifier
         shell: bash
         run: |
-          temp=$(echo ${{ inputs.branch }} | sed 's@.*/@@' | tr [A-Z] [a-z] | tr _ - | tr \. - | cut -c1-63)
-          echo "before" ${{ inputs.branch }} "after" $temp
+          temp=$(echo ${{ inputs.branch }} | sed 's@.*/@@' | tr [A-Z] [a-z] | tr _ - | tr \. - | sed 's/\([[:alpha:]]*-[[:digit:]]*-[[:digit:]]*\).*/\1/' | sed 's/-*$//' | cut -c1-63)
+          echo "before:" ${{ inputs.branch }} "-- after: $temp"
           echo "namespace_from_branch=$temp" >> $GITHUB_OUTPUT

.github/workflows/delete-namespace.yml

@@ -15,7 +15,7 @@ permissions:
 
 
 jobs:
-  create_dbildungs_iam_keycloak_db_name:
+  recreate_dbildungs_iam_keycloak_db_name:
     runs-on: ubuntu-latest
     outputs:
       db_name: ${{ steps.create_db_name.outputs.db_name }}
@@ -29,7 +29,7 @@ jobs:
           echo "before" ${{ inputs.namespace }} "after" $temp
           echo "db_name=$temp" >> $GITHUB_OUTPUT
 
-  create_dbildungs_iam_server_db_name:
+  recreate_dbildungs_iam_server_db_name:
     runs-on: ubuntu-latest
     outputs:
       db_name: ${{ steps.create_db_name.outputs.db_name }}
@@ -57,8 +57,8 @@ jobs:
 
   delete_databases_and_namespace:
     needs: 
-      - create_dbildungs_iam_keycloak_db_name
-      - create_dbildungs_iam_server_db_name
+      - recreate_dbildungs_iam_keycloak_db_name
+      - recreate_dbildungs_iam_server_db_name
       - create_ticket_nr_variable
     runs-on: ubuntu-latest
     steps:
@@ -109,7 +109,7 @@ jobs:
           --namespace ${{ inputs.namespace }} \
           --set auth.existingSecret="psql-config-secret" \
           --kubeconfig $(pwd)/kubeconfig \
-          --set database.name=${{ needs.create_dbildungs_iam_keycloak_db_name.outputs.db_name }} \
+          --set database.name=${{ needs.recreate_dbildungs_iam_keycloak_db_name.outputs.db_name }} \
           --wait
 
         # Wait for Job to be completed
@@ -135,7 +135,7 @@ jobs:
           --namespace ${{ inputs.namespace }} \
           --set auth.existingSecret="psql-config-secret" \
           --kubeconfig $(pwd)/kubeconfig \
-          --set database.name=${{ needs.create_dbildungs_iam_server_db_name.outputs.db_name }} \
+          --set database.name=${{ needs.recreate_dbildungs_iam_server_db_name.outputs.db_name }} \
           --wait
 
         # Wait for Job to be completed

.github/workflows/deploy-to-dev-manual.yml

@@ -37,16 +37,22 @@ on:
         - "chart_value"
         - "true"
         - "false"
+      database_recreation:
+        required: true
+        description: "Recreate databases? Yes = true; No = false;"
+        default: "false"
+        type: choice
+        options:
+        - "true"
+        - "false"
 
 jobs:
   create_branch_identifier:
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@2
+    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/convert-branch-name.yml@6
     with:
       branch: ${{ github.event.inputs.namespace }}
 
   check_namespace_input:
-    needs:
-      - create_branch_identifier
     runs-on: ubuntu-latest
     steps:
     - name: Check if namespace is allowed, fails if it not starts with ticketnr, e.g. spsh-1234 or is exactly 'main'
@@ -61,7 +67,7 @@ jobs:
     needs:
       - check_namespace_input
       - create_branch_identifier
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@5
+    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@6
     with:
       dbildungs_iam_server_branch: ${{ github.event.inputs.dbildungs_iam_server_branch }}
       schulportal_client_branch: ${{ github.event.inputs.schulportal_client_branch }}
@@ -70,6 +76,7 @@ jobs:
       dbseeding: ${{ github.event.inputs.dbseeding }}
       namespace: ${{ needs.create_branch_identifier.outputs.namespace_from_branch }}
       user_name: spsh-bot
+      database_recreation: ${{ inputs.database_recreation }}
     secrets:
       SPSH_DEV_KUBECONFIG: ${{ secrets.SPSH_DEV_KUBECONFIG }}
 

.github/workflows/deploy.yml

@@ -36,6 +36,11 @@ on:
         description: "Enable Seeding (true, false, chart_value)"
         default: chart_value
         type: string
+      database_recreation:
+        required: false
+        description: "Decide whether databases should be recreated or not"
+        default: false
+        type: string
     secrets:
       SPSH_DEV_KUBECONFIG:
         required: true
@@ -71,18 +76,8 @@ jobs:
       github_repository: "dBildungsplattform/helm-charts-registry"
       branch: ${{ inputs.dbildungs_iam_ldap_branch }}
       chart_name: "dbildungs-iam-ldap"
-
-  create_ingress_prefix:
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/get-branch-meta.yml@2
-
-  create_lowercase_ingress_prefix:
-    needs:
-    - create_ingress_prefix
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy-branch-to-namespace.yml@2
-    with:
-      branch: ${{ github.ref_name == 'main' && inputs.namespace || needs.create_ingress_prefix.outputs.ticket }}
 
-  create_dbildungs_iam_keycloak_db_name:
+  recreate_dbildungs_iam_keycloak_db_name:
     runs-on: ubuntu-latest
     outputs:
       db_name: ${{ steps.create_db_name.outputs.db_name }}
@@ -96,7 +91,7 @@ jobs:
           echo "before" ${{ inputs.namespace }} "after" $temp
           echo "db_name=$temp" >> $GITHUB_OUTPUT
 
-  create_dbildungs_iam_server_db_name:
+  recreate_dbildungs_iam_server_db_name:
     runs-on: ubuntu-latest
     outputs:
      db_name: ${{ steps.create_db_name.outputs.db_name }}
@@ -116,9 +111,8 @@ jobs:
       - find_schulportal_client_helm_chart_tag
       - find_dbildungs_iam_keycloak_helm_chart_tag
       - find_dbildungs_iam_ldap_helm_chart_tag
-      - create_lowercase_ingress_prefix
-      - create_dbildungs_iam_keycloak_db_name
-      - create_dbildungs_iam_server_db_name
+      - recreate_dbildungs_iam_keycloak_db_name
+      - recreate_dbildungs_iam_server_db_name
     runs-on: 'ubuntu-latest'
     env:
       GITHUB_TOKEN: ${{ github.token }}
@@ -192,62 +186,48 @@ jobs:
               --wait
           fi
 
-      - name: Create dbildungs-iam-server secret
+      - name: Create all secrets
         run: |
           kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-server-secret-dev.yaml
-
-      - name: Create dbildungs-iam-server-redis secret
-        run: |
           kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-server-redis-secret-dev.yaml
-
-      - name: Create dbildungs-iam-keycloak secret
-        run: |
           kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-keycloak-secret-dev.yaml
-
-      - name: Create dbildungs-iam-ldap secret
-        run: |
           kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-ldap-secret-dev.yaml
-
-      - name: Create dbildungs-iam-ldap modify secret
-        run: |
           kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-ldap-config-modify.yaml
-
-      - name: Create dbildungs-iam-ldap apply secret
-        run: |
           kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-ldap-config-apply.yaml
 
-      - name: Create Database for dbildungs-iam-keycloak
+      - name: "Recreate Database for dbildungs-iam-keycloak - Recreate: ${{ inputs.database_recreation }}"
         run: |
           # Generate timestamp for job name uniqueness
           DATE=$(date +%Y%m%d%H%M%S)
 
           # Define job name for Keycloak database creation job
-          HELM_KEYCLOAK_DB_JOB_NAME="psql-db-${DATE}-keycloak-${{ needs.create_lowercase_ingress_prefix.outputs.namespace_from_branch }}"
+          HELM_KEYCLOAK_DB_JOB_NAME="psql-db-${DATE}-keycloak-${{ inputs.namespace }}"
 
-          # Deploy Database for dbildungs-iam-keycloak
+          # Recreate Database for dbildungs-iam-keycloak
           helm upgrade --install \
             $HELM_KEYCLOAK_DB_JOB_NAME \
-            ./charts/postgres_config \
+            ./charts/postgres_recreate_databases \
             --namespace ${{ inputs.namespace }} \
             --set auth.existingSecret="psql-config-secret" \
-            --set database.name=${{ needs.create_dbildungs_iam_keycloak_db_name.outputs.db_name }}
-
+            --set database.name=${{ needs.recreate_dbildungs_iam_keycloak_db_name.outputs.db_name }} \
+            --set database.recreation=${{ inputs.database_recreation }}
 
-      - name: Create Database for dbildungs-iam-server
+      - name: "Recreate Database for dbildungs-iam-server - Recreate: ${{ inputs.database_recreation }}"
         run: |
           # Generate timestamp for job name uniqueness
           DATE=$(date +%Y%m%d%H%M%S)
 
           # Define job name for SPSH-App database creation job
-          HELM_SERVER_DB_JOB_NAME="psql-db-${DATE}-database-${{ needs.create_lowercase_ingress_prefix.outputs.namespace_from_branch }}"
+          HELM_SERVER_DB_JOB_NAME="psql-db-${DATE}-database-${{ inputs.namespace }}"
 
-          # Deploy Database for SPSH-App 
+          # Recreate Database for SPSH-App 
           helm upgrade --install \
             $HELM_SERVER_DB_JOB_NAME \
-            ./charts/postgres_config \
+            ./charts/postgres_recreate_databases \
             --namespace ${{ inputs.namespace }} \
             --set auth.existingSecret="psql-config-secret" \
-            --set database.name=${{ needs.create_dbildungs_iam_server_db_name.outputs.db_name }}
+            --set database.name=${{ needs.recreate_dbildungs_iam_server_db_name.outputs.db_name }} \
+            --set database.recreation=${{ inputs.database_recreation }}
 
       # Wait is needed, dbildungs_iam_server expects keycloak to be up!
       - name: Deploy dbildungs_iam_keycloak Helm chart
@@ -257,9 +237,9 @@ jobs:
             dbildungs-iam-keycloak \
             --namespace ${{ inputs.namespace }} \
             --set auth.existingSecret="dbildungs-iam-keycloak" \
-            --set keycloakHostname=${{ needs.create_lowercase_ingress_prefix.outputs.namespace_from_branch }}-keycloak.dev.spsh.dbildungsplattform.de \
-            --set frontendHostname=${{ needs.create_lowercase_ingress_prefix.outputs.namespace_from_branch }}.dev.spsh.dbildungsplattform.de \
-            --set database.name=${{ needs.create_dbildungs_iam_keycloak_db_name.outputs.db_name }} \
+            --set keycloakHostname=${{ inputs.namespace }}-keycloak.dev.spsh.dbildungsplattform.de \
+            --set frontendHostname=${{ inputs.namespace }}.dev.spsh.dbildungsplattform.de \
+            --set database.name=${{ needs.recreate_dbildungs_iam_keycloak_db_name.outputs.db_name }} \
             --set database.username=spshdeveloper \
             --wait \
             --timeout 210s
@@ -282,7 +262,7 @@ jobs:
             schulportal-client \
             schulportal-client \
             --namespace ${{ inputs.namespace }} \
-            --set frontendHostname=${{ needs.create_lowercase_ingress_prefix.outputs.namespace_from_branch }}.dev.spsh.dbildungsplattform.de \
+            --set frontendHostname=${{ inputs.namespace }}.dev.spsh.dbildungsplattform.de \
             --wait \
             --timeout 60s
 
@@ -295,9 +275,9 @@ jobs:
             --set auth.existingSecret="dbildungs-iam-server" \
             --set redis-cluster.existingSecret="dbildungs-iam-server-redis" \
             --set redis.auth.existingSecret="dbildungs-iam-server-redis" \
-            --set backendHostname=${{ needs.create_lowercase_ingress_prefix.outputs.namespace_from_branch }}.dev.spsh.dbildungsplattform.de \
-            --set keycloakHostname=${{ needs.create_lowercase_ingress_prefix.outputs.namespace_from_branch }}-keycloak.dev.spsh.dbildungsplattform.de \
-            --set database.name=${{ needs.create_dbildungs_iam_server_db_name.outputs.db_name }} \
+            --set backendHostname=${{ inputs.namespace }}.dev.spsh.dbildungsplattform.de \
+            --set keycloakHostname=${{ inputs.namespace }}-keycloak.dev.spsh.dbildungsplattform.de \
+            --set database.name=${{ needs.recreate_dbildungs_iam_server_db_name.outputs.db_name }} \
             ${{ inputs.dbseeding != 'chart_value' && format('--set backend.dbseeding.enabled={0}', inputs.dbseeding) || '' }} \
             --wait \
             --timeout 360s
@@ -324,11 +304,10 @@ jobs:
 
   run_playwright_tests:
     needs:
-      - create_lowercase_ingress_prefix
       - deployment
       - determine_playwright_branch
     uses: dBildungsplattform/schulportal-testautomatisierung/.github/workflows/playwright.yml@main
     secrets: inherit
     with:
-      frontendHostname: "${{ needs.create_lowercase_ingress_prefix.outputs.namespace_from_branch }}.dev.spsh.dbildungsplattform.de"
+      frontendHostname: "${{ inputs.namespace }}.dev.spsh.dbildungsplattform.de"
       playwright_branch: ${{ needs.determine_playwright_branch.outputs.playwright_branch || 'main' }}

charts/postgres_config/templates/configmap.yaml → charts/postgres_recreate_databases/templates/configmap.yaml

@@ -7,7 +7,11 @@ data:
   config-script: |-
     #!/bin/bash
     echo "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = '$DB_NAME';" | psql -d postgres -w
-    echo "DROP DATABASE IF EXISTS $DB_NAME" | psql -d postgres -w
+    if [ "$DB_RECREATE" = "true" ]; then
+      echo "DROP DATABASE IF EXISTS $DB_NAME" | psql -d postgres -w
+    else
+      echo "DB_RECREATE is not true. Progresses with creation of Database and User if they do not already exist."
+    fi
     echo "Create owner of the DB"
     echo "SELECT 'CREATE USER spshdeveloper' WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = 'spshdeveloper')\gexec" | psql -d postgres -w
     echo "GRANT spshdeveloper TO $PGUSER" | psql -d postgres -w

charts/postgres_config/templates/job.yaml → charts/postgres_recreate_databases/templates/job.yaml

@@ -26,6 +26,8 @@ spec:
         env:
         - name: DB_NAME
           value: {{ .Values.database.name }}
+        - name: DB_RECREATE
+          value: "{{ .Values.database.recreation }}"
       volumes:
       - name: config-script-volume
         configMap:

charts/postgres_config/values.yaml → charts/postgres_recreate_databases/values.yaml

@@ -12,6 +12,7 @@ configMap:
   defaultMode: 457
 database:
   name: ""
+  recreation: "false"
 auth:
   # existingSecret: Refers to a secret already present in the cluster, which is required for the authentication and configuration of the database setup tasks.
   existingSecret: ""