Nightly data replication refresh

This job deploys the data replication infrastructure
each night with the latest DB snapshot.

Author: bogsi17

.github/workflows/data-replication-pipeline.yml

@@ -21,6 +21,20 @@ on:
           Use code from: ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
           (Git ref to deploy, for example, a tag, branch name or commit SHA. Will use workflow ref if not provided.)
         type: string
+  workflow_call:
+    inputs:
+      environment:
+        description: Deployment environment
+        required: true
+        type: string
+      git_ref_to_deploy:
+        description: Git ref to deploy, for example, a tag, branch name or commit SHA
+        type: string
+        required: true  
+      skip_approval:
+        description: Skip environment approval (auto-approve)
+        type: boolean
+        default: false
 
 permissions: {}
 
@@ -134,7 +148,7 @@ jobs:
     name: Notify on approval required
     runs-on: ubuntu-latest
     needs: prepare-deployment
-    if: ${{ inputs.environment == 'production' }}
+    if: ${{ inputs.environment == 'production' && inputs.skip_approval == 'false' }}
     steps:
       - name: Notify pending approval
         if: inputs.environment == 'production'
@@ -160,7 +174,7 @@ jobs:
     name: Wait for approval if required
     runs-on: ubuntu-latest
     needs: prepare-deployment
-    environment: ${{ inputs.environment }}
+    environment: ${{ inputs.skip_approval && null || inputs.environment }}
     steps:
       - run: echo "Proceeding with deployment to $environment environment"
 

.github/workflows/refresh-data-replication.yml

@@ -28,6 +28,29 @@ on:
         description: Take a new DB snapshot before creating the environment
         type: boolean
         default: false
+  workflow_call:
+    inputs:
+      environment:
+        description: Deployment environment
+        required: true
+        type: string
+      db_snapshot_arn:
+        description: ARN of the DB snapshot to use (optional)
+        required: false
+        type: string
+      egress_cidr:
+        description: CIDR blocks to allow egress traffic.
+        type: string
+        required: true
+        default: "[]"
+      take_db_snapshot:
+        description: Take a new DB snapshot before creating the environment
+        type: boolean
+        default: false
+      skip_approval:
+        description: Skip environment approval (auto-approve)
+        type: boolean
+        default: false
 
 permissions: {}
 
@@ -161,7 +184,7 @@ jobs:
     name: Notify on approval required
     runs-on: ubuntu-latest
     needs: plan
-    if: ${{ inputs.environment == 'production' }}
+    if: ${{ inputs.environment == 'production' && inputs.skip_approval == 'false' }}
     steps:
       - name: Notify pending approval
         if: inputs.environment == 'production'
@@ -187,7 +210,7 @@ jobs:
     name: Terraform apply
     runs-on: ubuntu-latest
     needs: plan
-    environment: ${{ inputs.environment }}
+    environment: ${{ inputs.skip_approval && null || inputs.environment }}
     permissions:
       id-token: write
     steps:

.github/workflows/scheduled-data-replication-refresh.yml

@@ -0,0 +1,36 @@
+name: Scheduled Data Replication Refresh
+run-name: Nightly refresh of data replication environment
+
+on:
+  schedule:
+    - cron: '0 2 * * *'
+
+permissions: {}
+
+jobs:
+  refresh-data-replication:
+    name: Refresh data replication
+    uses: ./.github/workflows/refresh-data-replication.yml
+    permissions:
+      id-token: write
+    with:
+      environment: production
+      egress_cidr: >-
+        [
+          "13.107.246.64/32", # GIAS
+          "13.107.213.64/32", # GIAS
+          "35.234.138.138/32", # PDS
+          "52.178.45.139/32" # GIAS
+        ]
+      take_db_snapshot: false
+      skip_approval: true
+  deploy-image:
+    name: Deploy image
+    needs: refresh-data-replication
+    uses: ./.github/workflows/data-replication-pipeline.yml
+    permissions:
+      id-token: write
+    with:
+      environment: production
+      git_ref_to_deploy: main
+      skip_approval: true