[Tech] Ajout de scripts de restauration de base de données (#3098)

## Linked issues

None

----

- [ ] Tests E2E (Cypress)


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit


- **New Features**
- Enhanced data management and security with automated database backup
and restoration capabilities.
- **Chores**
- Updated `.gitignore` to exclude backup directories, ensuring sensitive
data is not accidentally committed.
- **Documentation**
- Added Makefile targets `backup-db`, `restore-db`, and `dev-restore-db`
for database backup and restoration scripts.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

.editorconfig

@@ -14,6 +14,9 @@ trim_trailing_whitespace = true
 max_line_length = 0
 trim_trailing_whitespace = false
 
+[*.sh]
+indent_size = 4
+
 [COMMIT_EDITMSG]
 max_line_length = 0
 

.github/actions/build-application-docker-image/action.yml

@@ -0,0 +1,53 @@
+name: "Build Application Docker Image"
+description: "Build application Docker image."
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Set version and environment profile
+      uses: ./.github/actions/set-version-and-environment-profile
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@master
+
+    - name: Cache Docker layers
+      uses: actions/cache@v4
+      with:
+        path: /tmp/.buildx-cache-app
+        key: ${{ runner.os }}-app
+        restore-keys: |
+          ${{ runner.os }}-app
+
+    - name: Build image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        load: true
+        builder: ${{ steps.buildx.outputs.name }}
+        file: infra/docker/app/Dockerfile
+        push: false
+        tags: monitorfish-app:${{ env.VERSION }}
+        cache-from: type=local,src=/tmp/.buildx-cache-app
+        cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-app-new
+        build-args: |
+          IS_RELEASE=false
+          VERSION=${{ env.VERSION }}
+          ENV_PROFILE=${{ env.ENV_PROFILE }}
+          GITHUB_SHA=${{ github.sha }}
+          SENTRY_URL=${{ secrets.SENTRY_URL }}
+          SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG=${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }}
+
+    # Temp fix
+    # https://github.com/docker/build-push-action/issues/252
+    # https://github.com/moby/buildkit/issues/1896
+    - name: Move cache
+      shell: bash
+      run: |
+        rm -rf /tmp/.buildx-cache-app
+        mv /tmp/.buildx-cache-app-new /tmp/.buildx-cache-app

.github/workflows/database_helthcheck.yml

@@ -0,0 +1,66 @@
+name: Database Healthcheck
+
+on:
+  schedule:
+    # Every day at 7am UTC
+    - cron: "0 7 * * *"
+  workflow_dispatch:
+
+jobs:
+  backup_and_restore_database:
+    name: Backup and restore database
+    runs-on: ubuntu-latest
+    env:
+      MONITORFISH_BACKUPS_FOLDER: /opt/monitorfish_backups
+      MONITORFISH_GEOSERVER_REMOTE_URL: ""
+      MONITORFISH_GEOSERVER_LOCAL_URL: ""
+      MONITORFISH_MONITORENV_PUBLIC_URL: ""
+      MONITORFISH_MONITORENV_URL: ""
+      MONITORFISH_MAPBOX_KEY: ""
+      MONITORFISH_SHOM_KEY: ""
+      MONITORFISH_OIDC_ENABLED: ""
+      MONITORFISH_OIDC_REDIRECT_URI: ""
+      MONITORFISH_OIDC_AUTHORITY: ""
+      MONITORFISH_OIDC_CLIENT: ""
+      MONITORFISH_API_PROTECTED_API_KEY: ${{ secrets.MONITORFISH_API_KEY }}
+      MONITORFISH_API_PROTECTED_PATHS: ""
+      MONITORFISH_API_PROTECTED_PUBLIC_PATHS: ""
+      MONITORFISH_SENTRY_ENV: "prod"
+      MONITORFISH_SENTRY_DSN: ""
+      MONITORFISH_SENTRY_TRACING_ORIGINS: ""
+      # MONITORFISH_VERSION: "0.0.0"
+      MONITORFISH_MISSION_FORM_AUTO_SAVE_ENABLED: "true"
+      MONITORFISH_MISSION_FORM_AUTO_UPDATE_ENABLED: "true"
+      MONITORFISH_PRIOR_NOTIFICATION_LIST_ENABLED: "true"
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get last release version
+        id: get-last-release-version
+        uses: pozetroninc/github-action-get-latest-release@master
+        with:
+          repository: mtes-mct/monitorfish
+
+      - name: Set `MONITORFISH_VERSION` & `VERSION` env vars to the latest release version
+        run: |
+          echo "MONITORFISH_VERSION=${{ steps.get-last-release-version.outputs.release }}" >> $GITHUB_ENV
+          # echo "VERSION=${{ steps.get-last-release-version.outputs.release }}" >> $GITHUB_ENV
+
+      - name: Pull and run application
+        run: |
+          # docker compose up -d --quiet-pull --build db
+          make restart-remote-app
+        working-directory: ./infra/remote
+
+      - name: Backup database
+        run: |
+          echo "MONITORFISH_BACKUPS_FOLDER=${MONITORFISH_BACKUPS_FOLDER}" >> ~/.monitorfish
+          cp ./infra/remote/backup/pg_backup.config.template ./infra/remote/backup/pg_backup.config
+          make db-backup
+
+      - name: Restore database
+        run: |
+          make db-restore TAG="$(date +"%Y-%m-%d")-daily"

CONTRIBUTING.md

@@ -22,6 +22,12 @@
     - [Start uplifter props name with `on`](#start-uplifter-props-name-with-on)
 - [Visual Studio Code](#visual-studio-code)
   - [`.vscode/settings.json`](#vscodesettingsjson)
+- [Development](#development)
+  - [Database](#database)
+  - [Backup and restore database](#backup-and-restore-database)
+    - [Local development](#local-development)
+    - [Remote deployment](#remote-deployment)
+    - [Restoring a remote dump locally (for debugging purposes)](#restoring-a-remote-dump-locally-for-debugging-purposes)
 
 ## File Structure
 
@@ -127,7 +133,7 @@ should be dispatched.
 Example:
 
 ```ts
-import * as domainActions from '...'
+import * as domainActions from "...";
 ```
 
 ## Naming Conventions
@@ -153,7 +159,7 @@ expecting a callback. React native uplifter props follow this convention themsel
 
 ```json
 {
-   "editor.codeActionsOnSave": {
+  "editor.codeActionsOnSave": {
     "source.fixAll": true
   },
   "editor.defaultFormatter": "dbaeumer.vscode-eslint",
@@ -167,3 +173,88 @@ expecting a callback. React native uplifter props follow this convention themsel
   }
 }
 ```
+
+## Development
+
+### Database
+
+### Backup and restore database
+
+#### Local development
+
+In local development, the backup config file is already set up [there](infra/dev/database/pg_backup.config).
+
+You can just run the following commands:
+
+Backup:
+
+```sh
+make dev-backup-db
+```
+
+Restore:
+
+```sh
+# This will recreate the database container and its volume before restoring the dump:
+make dev-restore-db TAG=YYYY-MM-DD-[daily|weekly]
+```
+
+Example, to restore a dump directory from `./.backups/2024-04-13-daily`:
+
+```
+make dev-restore-db TAG=2024-04-13-daily
+```
+
+#### Remote deployment
+
+In a remote deployment, if not done already, you need to copy and customize the backup config file:
+
+```sh
+cp infra/remote/backup/pg_backup.config.example infra/remote/backup/pg_backup.config
+```
+
+The remote server database is automatically backed up using [this crontab file](infra/remote/backup/crontab.txt).
+This generates daily and weekly dumps in the backup directory defined via the `BACKUP_DIR` var declared in
+`infra/remote/backup/pg_backup.config` (ex: `2024-04-12-weekly`, `2024-04-13-daily`, etc).
+
+Backup:
+
+```sh
+make backup-db
+```
+
+Restore:
+
+> [!IMPORTANT]
+>
+> - Stop all applications from connecting to the dababases.
+> - The database container and its volume must be cleared (removed and recreated) before restoring a dump.
+
+```sh
+make restore-db TAG=YYYY-MM-DD-[daily|weekly]
+```
+
+Example, to restore a dump directory from `[YOUR_CONFIG_BACKUP_PATH]/2024-04-13-daily/`:
+
+```
+make dev-restore-db TAG=2024-04-13-daily
+```
+
+#### Restoring a remote dump locally (for debugging purposes)
+
+On the remote server:
+
+```sh
+# Dump the databases:
+make backup-db
+# Compress the dump directory:
+cd YOUR_CONFIG_BACKUP_PATH
+tar -cvzf YYYY-MM-DD-[daily|weekly].tar.gz YYYY-MM-DD-[daily|weekly]
+```
+
+Then use SCP to download the dump locally into the `.backups/` directory and restore it on your local machine:
+
+```sh
+tar -xvzf ./.backups/YYYY-MM-DD-[daily|weekly].tar.gz -C ./.backups
+make dev-restore-db TAG=YYYY-MM-DD-[daily|weekly]
+```

Makefile

@@ -6,6 +6,7 @@ HOST_MIGRATIONS_FOLDER=$(shell pwd)/backend/src/main/resources/db/migration
 docker-env:
 	cd ./infra/docker && ../../frontend/node_modules/.bin/import-meta-env-prepare -u -x ./.env.local.defaults\
 
+
 ################################################################################
 # Local Development
 
@@ -50,6 +51,17 @@ check-clean-archi:
 update-test-data:
 	cd frontend && node ./scripts/generate_test_data_seeds.mjs
 
+dev-backup-db:
+	@export CONFIG_FILE_PATH=$$(pwd)/infra/dev/database/pg_backup.config; \
+		./infra/remote/backup/pg_backup_rotated.sh
+dev-restore-db:
+	docker compose down -v
+	docker compose up -d --quiet-pull --wait db
+	sleep 5
+	@export CONFIG_FILE_PATH=$$(pwd)/infra/dev/database/pg_backup.config; \
+		./infra/remote/backup/pg_restore.sh -t "$(TAG)"
+
+
 ################################################################################
 # Testing
 
@@ -73,7 +85,13 @@ run-back-for-puppeteer: docker-env run-stubbed-apis
 run-front-for-puppeteer:
 	cd ./frontend && npm run dev-puppeteer
 
-# CI commands - app
+
+################################################################################
+# CI
+
+# ----------------------------------------------------------
+# CI: App Commands
+
 docker-build:
 	docker build --no-cache -f infra/docker/app/Dockerfile . -t monitorfish-app:$(VERSION) \
 		--build-arg VERSION=$(VERSION) \
@@ -104,7 +122,9 @@ docker-compose-puppeteer-up: docker-env
 	@printf 'Waiting for MonitorFish app to be ready'
 	@until curl --output /dev/null --silent --fail "http://localhost:8880/bff/v1/healthcheck"; do printf '.' && sleep 1; done
 
-# CI commands - data pipeline
+# ----------------------------------------------------------
+# CI: Pipeline Commands
+
 docker-build-pipeline:
 	docker build -f ./infra/docker/datapipeline/Dockerfile . -t monitorfish-pipeline:$(VERSION)
 docker-test-pipeline:
@@ -115,13 +135,18 @@ docker-push-pipeline:
 	docker push docker.pkg.github.com/mtes-mct/monitorfish/monitorfish-pipeline:$(VERSION)
 
 
-# RUN commands
+################################################################################
+# Remote (Integration / Production)
+
+# ----------------------------------------------------------
+# Remote: Run commands
+
 init-local-sig:
 	./infra/local/postgis_insert_layers.sh && ./infra/init/geoserver_init_layers.sh
 init-remote-sig:
 	./infra/remote/postgis_insert_layers.sh && ./infra/init/geoserver_init_layers.sh
 restart-remote-app:
-	cd infra/remote && docker compose pull && docker compose up -d --build app
+	cd infra/remote && docker compose pull && docker compose up -d --build --wait app
 restart-remote-app-dev:
 	export POSTGRES_USER=postgres && export POSTGRES_PASSWORD=postgres && export POSTGRES_DB=monitorfishdb && cd infra/remote && docker compose pull && docker compose up -d --build app
 
@@ -134,13 +159,25 @@ register-pipeline-flows-int:
 	docker pull docker.pkg.github.com/mtes-mct/monitorfish/monitorfish-pipeline:$(MONITORFISH_VERSION) && \
 	infra/remote/data-pipeline/register-flows-int.sh
 
-# DATA commands
+# ----------------------------------------------------------
+# Remote: Pipeline commands
+
 install-pipeline:
 	cd datascience && poetry install
 test-pipeline:
 	cd datascience && export TEST_LOCAL=True && poetry run coverage run -m pytest --pdb tests/ && poetry run coverage report && poetry run coverage html
 
-# DOC commands
+# ----------------------------------------------------------
+# Remote: Database commands
+
+backup-db:
+	./infra/remote/backup/pg_backup_rotated.sh
+restore-db:
+	./infra/remote/backup/pg_restore.sh
+
+# ----------------------------------------------------------
+# ???: Documentation commands
+
 push-docs-to-transifex:
 	cd datascience/docs && \
 	poetry run sphinx-build -b gettext -D extensions="sphinx.ext.viewcode","sphinx.ext.napoleon" source pot && \
@@ -154,6 +191,7 @@ build-docs-locally:
 	poetry run sphinx-build -b html source build/html/en && \
 	poetry run sphinx-build -b html -D language=fr source build/html/fr
 
+
 ################################################################################
 # Alias commands
 

docker-compose.yml

@@ -1,6 +1,7 @@
 version: "3"
 services:
   db:
+    container_name: monitorfish_database
     image: timescale/timescaledb-postgis:1.7.4-pg11
     environment:
       - POSTGRES_USER=postgres

infra/dev/database/pg_backup.config

@@ -0,0 +1,6 @@
+################################################################################
+# POSTGRESQL BACKUP & RESTORE CONFIG FOR DEV ENVIRONMENT
+
+HOSTNAME=0.0.0.0
+USERNAME=postgres
+BACKUP_DIR=./.backups/