Go to file

Renovate Bot ef181d85b4 chore(deps): update docker/login-action action to v4 (#47 )

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [docker/login-action](https://github.com/docker/login-action) | action | major | `v3.7.0` → `v4.1.0` |

---

### Release Notes

<details>
<summary>docker/login-action (docker/login-action)</summary>

### [`v4.1.0`](https://github.com/docker/login-action/releases/tag/v4.1.0)

[Compare Source](https://github.com/docker/login-action/compare/v4.0.0...v4.1.0)

- Fix scoped Docker Hub cleanup path when registry is omitted by [@&#8203;crazy-max](https://github.com/crazy-max) in [#&#8203;945](https://github.com/docker/login-action/pull/945)
- Bump [@&#8203;aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) and [@&#8203;aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) to 3.1020.0 in [#&#8203;930](https://github.com/docker/login-action/pull/930)
- Bump [@&#8203;docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.77.0 to 0.86.0 in [#&#8203;932](https://github.com/docker/login-action/pull/932) [#&#8203;936](https://github.com/docker/login-action/pull/936)
- Bump brace-expansion from 1.1.12 to 1.1.13 in [#&#8203;952](https://github.com/docker/login-action/pull/952)
- Bump fast-xml-parser from 5.3.4 to 5.3.6 in [#&#8203;942](https://github.com/docker/login-action/pull/942)
- Bump flatted from 3.3.3 to 3.4.2 in [#&#8203;944](https://github.com/docker/login-action/pull/944)
- Bump glob from 10.3.12 to 10.5.0 in [#&#8203;940](https://github.com/docker/login-action/pull/940)
- Bump handlebars from 4.7.8 to 4.7.9 in [#&#8203;949](https://github.com/docker/login-action/pull/949)
- Bump http-proxy-agent and https-proxy-agent to 8.0.0 in [#&#8203;937](https://github.com/docker/login-action/pull/937)
- Bump lodash from 4.17.23 to 4.18.1 in [#&#8203;958](https://github.com/docker/login-action/pull/958)
- Bump minimatch from 3.1.2 to 3.1.5 in [#&#8203;941](https://github.com/docker/login-action/pull/941)
- Bump picomatch from 4.0.3 to 4.0.4 in [#&#8203;948](https://github.com/docker/login-action/pull/948)
- Bump undici from 6.23.0 to 6.24.1 in [#&#8203;938](https://github.com/docker/login-action/pull/938)

**Full Changelog**: <https://github.com/docker/login-action/compare/v4.0.0...v4.1.0>

### [`v4.0.0`](https://github.com/docker/login-action/releases/tag/v4.0.0)

[Compare Source](https://github.com/docker/login-action/compare/v3.7.0...v4.0.0)

- Node 24 as default runtime (requires [Actions Runner v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) or later) by [@&#8203;crazy-max](https://github.com/crazy-max) in [#&#8203;929](https://github.com/docker/login-action/pull/929)
- Switch to ESM and update config/test wiring by [@&#8203;crazy-max](https://github.com/crazy-max) in [#&#8203;927](https://github.com/docker/login-action/pull/927)
- Bump [@&#8203;actions/core](https://github.com/actions/core) from 1.11.1 to 3.0.0 in [#&#8203;919](https://github.com/docker/login-action/pull/919)
- Bump [@&#8203;aws-sdk/client-ecr](https://github.com/aws-sdk/client-ecr) from 3.890.0 to 3.1000.0 in [#&#8203;909](https://github.com/docker/login-action/pull/909) [#&#8203;920](https://github.com/docker/login-action/pull/920)
- Bump [@&#8203;aws-sdk/client-ecr-public](https://github.com/aws-sdk/client-ecr-public) from 3.890.0 to 3.1000.0 in [#&#8203;909](https://github.com/docker/login-action/pull/909) [#&#8203;920](https://github.com/docker/login-action/pull/920)
- Bump [@&#8203;docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.63.0 to 0.77.0 in [#&#8203;910](https://github.com/docker/login-action/pull/910) [#&#8203;928](https://github.com/docker/login-action/pull/928)
- Bump [@&#8203;isaacs/brace-expansion](https://github.com/isaacs/brace-expansion) from 5.0.0 to 5.0.1 in [#&#8203;921](https://github.com/docker/login-action/pull/921)
- Bump js-yaml from 4.1.0 to 4.1.1 in [#&#8203;901](https://github.com/docker/login-action/pull/901)

**Full Changelog**: <https://github.com/docker/login-action/compare/v3.7.0...v4.0.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=-->

Reviewed-on: #47
Reviewed-by: t.behrendt <t.behrendt@noreply.localhost>
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>

2026-04-16 19:32:17 +02:00

.gitea/workflows

chore(deps): update docker/login-action action to v4 (#47 )

2026-04-16 19:32:17 +02:00

src

feat: add restore functionality (#12 )

2025-09-04 20:36:40 +02:00

Dockerfile

fix: docker alpine image tag to minor patch (#40 )

2026-02-14 23:04:36 +01:00

LICENSE

Initial commit

2023-04-28 20:04:23 +02:00

README.md

feat: add restore functionality (#12 )

2025-09-04 20:36:40 +02:00

renovate.json

ci(renovate): switch to shared configs (#20 )

2025-11-14 17:01:09 +01:00

README.md

BackupSidecar

BackupSidecar is a lightweight backup and restore solution designed to run as a cron job in Kubernetes. It automates backups and restores using Restic and supports both directory and PostgreSQL database operations. Optional notifications can be sent via Gotify to keep you informed of operation results.

Configuration

BackupSidecar is configured through environment variables. Below is a breakdown of the available settings.

General Settings

These variables apply to both backup and restore operations.

OPERATION_MODE (optional) - Defines the operation type (backup or restore). Defaults to backup.
BACKUP_MODE (optional) - Defines the backup type (directory or postgres). Defaults to directory.
RESTIC_PASSWORD (required) - The encryption password for Restic.
RESTIC_REPOSITORY (required) - The URI of the Restic repository (e.g., rest:http://your-rest-server:8000/backup).
RESTIC_REST_USERNAME (optional) - The username for REST server authentication.
RESTIC_REST_PASSWORD (optional) - The password for REST server authentication.
ENABLE_GOTIFY (optional) - Enable Gotify notifications. Set to true to enable, any other value or unset disables notifications. Defaults to true.
GOTIFYHOST (required when ENABLE_GOTIFY=true) - The Gotify server URL.
GOTIFYTOKEN (required when ENABLE_GOTIFY=true) - The API token for Gotify.
GOTIFYTOPIC (required when ENABLE_GOTIFY=true) - The topic under which backup notifications will be sent.

Directory Operations

When running in directory mode, the following variables must be set:

For Backup Operations:

SOURCEDIR (required) - The path of the directory to be backed up.

For Restore Operations:

RESTOREDIR (required) - The path where files should be restored to.
RESTORE_SNAPSHOT_ID (optional) - The specific snapshot ID to restore (defaults to latest).

PostgreSQL Operations

For postgres mode, the following database-related variables are required:

Common Variables:

PGHOST (required) - The hostname of the PostgreSQL server.
PGDATABASE (required) - The name of the database.
PGUSER (required) - The PostgreSQL username.
PGPORT (optional) - The port for PostgreSQL (defaults to 5432).
PGPASSWORD (optional) - The password for authentication. Setting this prevents interactive prompts.

Backup-Specific Variables:

PG_DUMP_ARGS (optional) - Additional flags for pg_dump.

Restore-Specific Variables:

RESTORE_SNAPSHOT_ID (optional) - The specific snapshot ID to restore (defaults to latest).
PSQL_ARGS (optional) - Additional flags for psql (e.g., --single-transaction).

Dependencies

Ensure the following commands are available in the container:

restic
curl
jq
pg_dump (only required for PostgreSQL backup operations)
psql (only required for PostgreSQL restore operations)

Usage

Backup Operations

Example Kubernetes CronJob manifest for running BackupSidecar as a cron job for directory backups in minimal configuration:

apiVersion: batch/v1
kind: CronJob
metadata:
  name: backupsidecar-cron
  namespace: authentik
spec:
  schedule: "0 7 * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 5
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      backoffLimit: 3
      activeDeadlineSeconds: 300
      template:
        spec:
          restartPolicy: OnFailure
          containers:
            - name: backupsidecar
              image: backupsidecar:latest
              env:
                - name: RESTIC_REPOSITORY
                  value: "rest:http://rest-server:8000/backup"
                - name: RESTIC_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: backupsidecar-secret
                      key: restic_password
                - name: BACKUP_MODE
                  value: "directory" # or "postgres"
                - name: SOURCEDIR
                  value: "/data/source"
                - name: ENABLE_GOTIFY
                  value: "true"
                - name: GOTIFYHOST
                  value: "http://gotify.example.com"
                - name: GOTIFYTOKEN
                  valueFrom:
                    secretKeyRef:
                      name: backupsidecar-secret
                      key: gotify_token
                - name: GOTIFYTOPIC
                  value: "Backup Notification"
              # (For PostgreSQL mode, add PGHOST, PGDATABASE, PGUSER, PGPORT, PGPASSWORD)
              volumeMounts:
                - name: source-data
                  mountPath: /data/source
          restartPolicy: OnFailure
          volumes:
            - name: source-data
              persistentVolumeClaim:
                claimName: source-data-pvc

Restore Operations

Example Kubernetes Job manifest for running BackupSidecar to restore a directory:

apiVersion: batch/v1
kind: Job
metadata:
  name: backupsidecar-restore
  namespace: authentik
spec:
  backoffLimit: 3
  activeDeadlineSeconds: 600
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: backupsidecar
          image: backupsidecar:latest
          env:
            - name: OPERATION_MODE
              value: "restore"
            - name: BACKUP_MODE
              value: "directory"
            - name: RESTOREDIR
              value: "/data/restore"
            - name: RESTORE_SNAPSHOT_ID
              value: "abc123def456" # optional, defaults to latest
            - name: RESTIC_REPOSITORY
              value: "rest:http://rest-server:8000/backup"
            - name: RESTIC_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: backupsidecar-secret
                  key: restic_password
            - name: GOTIFYHOST
              value: "http://gotify.example.com"
            - name: GOTIFYTOKEN
              valueFrom:
                secretKeyRef:
                  name: backupsidecar-secret
                  key: gotify_token
            - name: GOTIFYTOPIC
              value: "Restore Notification"
          volumeMounts:
            - name: restore-data
              mountPath: /data/restore
      volumes:
        - name: restore-data
          persistentVolumeClaim:
            claimName: restore-data-pvc

Example Kubernetes Job manifest for running BackupSidecar to restore a PostgreSQL database:

apiVersion: batch/v1
kind: Job
metadata:
  name: backupsidecar-postgres-restore
  namespace: authentik
spec:
  backoffLimit: 3
  activeDeadlineSeconds: 600
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: backupsidecar
          image: backupsidecar:latest
          env:
            - name: OPERATION_MODE
              value: "restore"
            - name: BACKUP_MODE
              value: "postgres"
            - name: PGHOST
              value: "postgres.example.com"
            - name: PGDATABASE
              value: "mydatabase"
            - name: PGUSER
              value: "myuser"
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres-secret
                  key: password
            - name: PGPORT
              value: "5432"
            - name: RESTORE_SNAPSHOT_ID
              value: "abc123def456" # optional, defaults to latest
            - name: PSQL_ARGS
              value: "--single-transaction" # optional
            - name: RESTIC_REPOSITORY
              value: "rest:http://rest-server:8000/backup"
            - name: RESTIC_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: backupsidecar-secret
                  key: restic_password
            - name: GOTIFYHOST
              value: "http://gotify.example.com"
            - name: GOTIFYTOKEN
              valueFrom:
                secretKeyRef:
                  name: backupsidecar-secret
                  key: gotify_token
            - name: GOTIFYTOPIC
              value: "Database Restore Notification"

Notifications

The script can send success or failure notifications via Gotify when enabled. To enable notifications, set ENABLE_GOTIFY=true and provide the required Gotify configuration variables (GOTIFYHOST, GOTIFYTOKEN, GOTIFYTOPIC). When notifications are disabled, backup status messages are still logged to the console.