Compare commits
7 Commits
ba63df67c3
...
0.1.0
| Author | SHA1 | Date | |
|---|---|---|---|
| fb31691451 | |||
| 0c0305301e | |||
| cd92ce697e | |||
| 4cfb634397 | |||
| cb466747cd | |||
| 3f544409f1 | |||
| 6ff6e8759e |
@@ -1,86 +1,111 @@
|
||||
name: Build and Release Docker Image
|
||||
name: CD
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- v2
|
||||
- main
|
||||
|
||||
env:
|
||||
DOCKER_REGISTRY: gitea.t000-n.de
|
||||
|
||||
jobs:
|
||||
build_amd64:
|
||||
name: Build and Push amd64
|
||||
runs-on: [ubuntu-latest, linux_amd64]
|
||||
check-changes:
|
||||
name: Check changes
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
changes: ${{ steps.filter.outputs.code }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: Log in to registry
|
||||
uses: docker/login-action@v3
|
||||
- name: Get changed files
|
||||
id: filter
|
||||
uses: dorny/paths-filter@v3
|
||||
with:
|
||||
registry: gitea.t000-n.de
|
||||
username: ${{ secrets.REGISTRY_USERNAME }}
|
||||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
filters: |
|
||||
code:
|
||||
- 'src/**'
|
||||
- 'Dockerfile'
|
||||
- 'gitea/workflows/**'
|
||||
|
||||
- name: Build Docker image for amd64
|
||||
run: |
|
||||
docker build \
|
||||
--platform linux/amd64 \
|
||||
-f Dockerfile \
|
||||
-t gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }}-amd64 \
|
||||
.
|
||||
|
||||
- name: Push Docker image for amd64
|
||||
run: |
|
||||
docker push gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }}-amd64
|
||||
|
||||
build_arm64:
|
||||
name: Build and Push arm64
|
||||
runs-on: [ubuntu-latest, linux_arm64]
|
||||
build_and_push:
|
||||
name: Build and push
|
||||
needs:
|
||||
- check-changes
|
||||
if: ${{ needs.check-changes.outputs.changes != '0' }}
|
||||
strategy:
|
||||
matrix:
|
||||
arch:
|
||||
- amd64
|
||||
- arm64
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
- linux_${{ matrix.arch }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Log in to registry
|
||||
uses: docker/login-action@v3
|
||||
- uses: actions/checkout@v5
|
||||
- uses: docker/setup-buildx-action@v3
|
||||
- uses: docker/login-action@v3
|
||||
with:
|
||||
registry: gitea.t000-n.de
|
||||
username: ${{ secrets.REGISTRY_USERNAME }}
|
||||
registry: ${{ env.DOCKER_REGISTRY }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
|
||||
- name: Build Docker image for arm64
|
||||
- id: meta
|
||||
run: |
|
||||
docker build \
|
||||
--platform linux/arm64 \
|
||||
-f Dockerfile \
|
||||
-t gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }}-arm64 \
|
||||
.
|
||||
echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
|
||||
echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
|
||||
- uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/${{ matrix.arch }}
|
||||
push: true
|
||||
provenance: false
|
||||
tags: |
|
||||
${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-${{ matrix.arch }}
|
||||
|
||||
- name: Push Docker image for arm64
|
||||
create_tag:
|
||||
name: Create tag
|
||||
needs:
|
||||
- check-changes
|
||||
if: ${{ needs.check-changes.outputs.changes != '0' }}
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
tag: ${{ steps.tag.outputs.new-tag }}
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- uses: https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment@0.0.2
|
||||
id: tag
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
- run: |
|
||||
git tag ${{ steps.tag.outputs.new-tag }}
|
||||
git push origin ${{ steps.tag.outputs.new-tag }}
|
||||
- name: Set output
|
||||
run: |
|
||||
docker push gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }}-arm64
|
||||
echo "tag=${{ steps.tag.outputs.new-tag }}" >> $GITHUB_OUTPUT
|
||||
|
||||
manifest:
|
||||
name: Create and Push Multi-Arch Manifest
|
||||
needs: [build_amd64, build_arm64]
|
||||
create_manifest:
|
||||
name: Create manifest
|
||||
needs:
|
||||
- build_and_push
|
||||
- create_tag
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Log in to registry
|
||||
uses: docker/login-action@v3
|
||||
- uses: actions/checkout@v5
|
||||
- id: meta
|
||||
run: |
|
||||
echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
|
||||
echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
|
||||
- uses: docker/login-action@v3
|
||||
with:
|
||||
registry: gitea.t000-n.de
|
||||
username: ${{ secrets.REGISTRY_USERNAME }}
|
||||
registry: ${{ env.DOCKER_REGISTRY }}
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
- run: |
|
||||
docker manifest create ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ needs.create_tag.outputs.tag }} \
|
||||
${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-amd64 \
|
||||
${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-arm64
|
||||
|
||||
- name: Create and push manifest with git SHA
|
||||
run: |
|
||||
docker manifest create gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }} \
|
||||
gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }}-amd64 \
|
||||
gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }}-arm64
|
||||
docker manifest push gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }}
|
||||
|
||||
- name: Optionally tag manifest as latest
|
||||
if: ${{ inputs.latest == true }}
|
||||
run: |
|
||||
docker manifest create gitea.t000-n.de/t.behrendt/backupsidecar:latest \
|
||||
gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }}-amd64 \
|
||||
gitea.t000-n.de/t.behrendt/backupsidecar:${{ github.sha }}-arm64
|
||||
docker manifest push gitea.t000-n.de/t.behrendt/backupsidecar:latest
|
||||
docker manifest push ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ needs.create_tag.outputs.tag }}
|
||||
|
||||
24
.gitea/workflows/ci.yaml
Normal file
24
.gitea/workflows/ci.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
name: CI
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build Docker image
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
- linux_amd64
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
- uses: docker/setup-buildx-action@v3
|
||||
- name: Build image
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/amd64
|
||||
push: false
|
||||
provenance: false
|
||||
tags: |
|
||||
backupsidecar:ci-test
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM alpine:3.21
|
||||
FROM alpine:3.22
|
||||
|
||||
RUN apk update && apk add --no-cache \
|
||||
bash \
|
||||
|
||||
31
README.md
31
README.md
@@ -1,6 +1,6 @@
|
||||
# BackupSidecar
|
||||
|
||||
BackupSidecar is a lightweight backup solution designed to run as a cron job in Kubernetes. It automates backups using Restic and supports both directory and PostgreSQL database backups. Notifications are sent via Gotify to keep you informed of backup results.
|
||||
BackupSidecar is a lightweight backup solution designed to run as a cron job in Kubernetes. It automates backups using Restic and supports both directory and PostgreSQL database backups. Optional notifications can be sent via Gotify to keep you informed of backup results.
|
||||
|
||||
## Configuration
|
||||
|
||||
@@ -15,9 +15,10 @@ These variables apply to both directory and PostgreSQL backups.
|
||||
- **`RESTIC_REPOSITORY`** _(required)_ - The URI of the Restic repository (e.g., `rest:http://your-rest-server:8000/backup`).
|
||||
- **`RESTIC_REST_USERNAME`** _(optional)_ - The username for REST server authentication.
|
||||
- **`RESTIC_REST_PASSWORD`** _(optional)_ - The password for REST server authentication.
|
||||
- **`GOTIFYHOST`** _(required)_ - The Gotify server URL.
|
||||
- **`GOTIFYTOKEN`** _(required)_ - The API token for Gotify.
|
||||
- **`GOTIFYTOPIC`** _(required)_ - The topic under which backup notifications will be sent.
|
||||
- **`ENABLE_GOTIFY`** _(optional)_ - Enable Gotify notifications. Set to `true` to enable, any other value or unset disables notifications. Defaults to `true`.
|
||||
- **`GOTIFYHOST`** _(required when ENABLE_GOTIFY=true)_ - The Gotify server URL.
|
||||
- **`GOTIFYTOKEN`** _(required when ENABLE_GOTIFY=true)_ - The API token for Gotify.
|
||||
- **`GOTIFYTOPIC`** _(required when ENABLE_GOTIFY=true)_ - The topic under which backup notifications will be sent.
|
||||
|
||||
### Directory Backup
|
||||
|
||||
@@ -50,16 +51,23 @@ Ensure the following commands are available in the container:
|
||||
Example Kubernetes CronJob manifest for running BackupSidecar as a cron job for directory backups in minimal configuration:
|
||||
|
||||
```yaml
|
||||
apiVersion: batch/v1beta1
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: backupsidecar-cron
|
||||
namespace: authentik
|
||||
spec:
|
||||
schedule: "0 2 * * *" # Run daily at 2:00 AM
|
||||
schedule: "0 7 * * *"
|
||||
concurrencyPolicy: Forbid
|
||||
successfulJobsHistoryLimit: 5
|
||||
failedJobsHistoryLimit: 3
|
||||
jobTemplate:
|
||||
spec:
|
||||
backoffLimit: 3
|
||||
activeDeadlineSeconds: 300
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
containers:
|
||||
- name: backupsidecar
|
||||
image: backupsidecar:latest
|
||||
@@ -75,6 +83,8 @@ spec:
|
||||
value: "directory" # or "postgres"
|
||||
- name: SOURCEDIR
|
||||
value: "/data/source"
|
||||
- name: ENABLE_GOTIFY
|
||||
value: "true"
|
||||
- name: GOTIFYHOST
|
||||
value: "http://gotify.example.com"
|
||||
- name: GOTIFYTOKEN
|
||||
@@ -97,10 +107,17 @@ spec:
|
||||
|
||||
## Notifications
|
||||
|
||||
The script sends success or failure notifications via Gotify.
|
||||
The script can send success or failure notifications via Gotify when enabled. To enable notifications, set `ENABLE_GOTIFY=true` and provide the required Gotify configuration variables (`GOTIFYHOST`, `GOTIFYTOKEN`, `GOTIFYTOPIC`). When notifications are disabled, backup status messages are still logged to the console.
|
||||
|
||||
Example success notification:
|
||||
|
||||
```
|
||||
Backup successful. Snapshot 56ff6a909a44e01f67d2d88f9a76aa713d437809d7ed14a2361e28893f38befb: files new: 1, files changed: 0, data added: 1019 bytes in 0.277535184 sec
|
||||
```
|
||||
|
||||
When Gotify is disabled, you'll see a single message at startup indicating notifications are disabled, followed by normal backup status messages:
|
||||
|
||||
```
|
||||
2024-01-15T10:30:00 - Gotify notifications disabled. Backup status will be logged to console only.
|
||||
2024-01-15T10:30:05 - Backup successful. Snapshot 56ff6a909a44e01f67d2d88f9a76aa713d437809d7ed14a2361e28893f38befb: files new: 1, files changed: 0, data added: 1019 bytes in 0.277535184 sec
|
||||
```
|
||||
|
||||
3
renovate.json
Normal file
3
renovate.json
Normal file
@@ -0,0 +1,3 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
|
||||
}
|
||||
@@ -1,6 +1,20 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
#######################################
|
||||
# Date format for logging.
|
||||
#######################################
|
||||
LOG_DATE_FORMAT="%Y-%m-%dT%T"
|
||||
|
||||
#######################################
|
||||
# Log a message with a timestamp.
|
||||
# Arguments:
|
||||
# Message to log.
|
||||
#######################################
|
||||
log() {
|
||||
echo "$(date +"$LOG_DATE_FORMAT") - $*"
|
||||
}
|
||||
|
||||
#######################################
|
||||
# Determine backup mode from the environment only.
|
||||
# Valid values: "directory" or "postgres".
|
||||
@@ -18,7 +32,7 @@ fi
|
||||
|
||||
for cmd in "${REQUIRED_CMDS[@]}"; do
|
||||
if ! command -v "$cmd" &>/dev/null; then
|
||||
echo "Error: Required command '$cmd' is not installed." >&2
|
||||
log "Error: Required command '$cmd' is not installed."
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
@@ -26,10 +40,17 @@ done
|
||||
#######################################
|
||||
# Validate common required environment variables.
|
||||
#######################################
|
||||
# Gotify notification settings.
|
||||
: "${GOTIFYHOST:?Environment variable GOTIFYHOST is not set}"
|
||||
: "${GOTIFYTOKEN:?Environment variable GOTIFYTOKEN is not set}"
|
||||
: "${GOTIFYTOPIC:?Environment variable GOTIFYTOPIC is not set}"
|
||||
# Gotify notification settings (optional).
|
||||
# Set ENABLE_GOTIFY to "true" to enable notifications, any other value or unset disables them.
|
||||
ENABLE_GOTIFY="${ENABLE_GOTIFY:-true}"
|
||||
|
||||
if [ "$ENABLE_GOTIFY" = "true" ]; then
|
||||
: "${GOTIFYHOST:?Environment variable GOTIFYHOST is not set (required when ENABLE_GOTIFY=true)}"
|
||||
: "${GOTIFYTOKEN:?Environment variable GOTIFYTOKEN is not set (required when ENABLE_GOTIFY=true)}"
|
||||
: "${GOTIFYTOPIC:?Environment variable GOTIFYTOPIC is not set (required when ENABLE_GOTIFY=true)}"
|
||||
else
|
||||
log "Gotify notifications disabled. Backup status will be logged to console only."
|
||||
fi
|
||||
|
||||
# Restic encryption password.
|
||||
: "${RESTIC_PASSWORD:?Environment variable RESTIC_PASSWORD is not set}"
|
||||
@@ -62,23 +83,11 @@ case "$BACKUP_MODE" in
|
||||
esac
|
||||
|
||||
#######################################
|
||||
# Build the Gotify URL.
|
||||
# Build the Gotify URL (only if Gotify is enabled).
|
||||
#######################################
|
||||
GOTIFYURL="${GOTIFYHOST}/message?token=${GOTIFYTOKEN}"
|
||||
|
||||
#######################################
|
||||
# Date format for logging.
|
||||
#######################################
|
||||
LOG_DATE_FORMAT="%Y-%m-%dT%T"
|
||||
|
||||
#######################################
|
||||
# Log a message with a timestamp.
|
||||
# Arguments:
|
||||
# Message to log.
|
||||
#######################################
|
||||
log() {
|
||||
echo "$(date +"$LOG_DATE_FORMAT") - $*"
|
||||
}
|
||||
if [ "$ENABLE_GOTIFY" = "true" ]; then
|
||||
GOTIFYURL="${GOTIFYHOST}/message?token=${GOTIFYTOKEN}"
|
||||
fi
|
||||
|
||||
#######################################
|
||||
# Send a notification via Gotify.
|
||||
@@ -87,6 +96,13 @@ log() {
|
||||
#######################################
|
||||
send_notification() {
|
||||
local message="$1"
|
||||
|
||||
# Only send notification if Gotify is enabled
|
||||
if [ "$ENABLE_GOTIFY" != "true" ]; then
|
||||
log "$message"
|
||||
return 0
|
||||
fi
|
||||
|
||||
if ! curl -s -X POST "$GOTIFYURL" -F "title=${GOTIFYTOPIC}" -F "message=${message}" >/dev/null; then
|
||||
log "Warning: Failed to send notification with message: ${message}"
|
||||
fi
|
||||
@@ -100,9 +116,10 @@ send_notification() {
|
||||
#######################################
|
||||
run_restic_backup() {
|
||||
local source_dir="$1"
|
||||
cd "${source_dir}"
|
||||
log "Starting backup of '${source_dir}' to repository ${RESTIC_REPOSITORY}"
|
||||
# Capture both stdout and stderr in a variable
|
||||
backup_output=$(restic -r "${RESTIC_REPOSITORY}" backup --no-cache --json --verbose "${source_dir}" 2>&1)
|
||||
backup_output=$(restic -r "${RESTIC_REPOSITORY}" backup --no-cache --json --verbose . 2>&1)
|
||||
# Optionally, also print the output to the console:
|
||||
echo "$backup_output"
|
||||
# Parse the JSON lines output for the summary message
|
||||
|
||||
Reference in New Issue
Block a user