feature/multi-cloud (#14)

Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
Reviewed-on: #14

scripts/gitea-backup-aks.sh

@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Gitea backup helper for Azure Blob Storage
+# Uses the gitea-backup-aks secret in the gitea namespace
+# Required secret keys:
+#   AZURE_STORAGE_ACCOUNT   — storage account name
+#   AZURE_STORAGE_KEY       — storage account key
+#   AZURE_CONTAINER         — blob container name
+#
+# Usage:
+#   ./scripts/gitea-backup-aks.sh list                    # list all backups
+#   ./scripts/gitea-backup-aks.sh download <filename>     # download a backup
+#   ./scripts/gitea-backup-aks.sh download latest          # download the most recent backup
+
+NAMESPACE="gitea"
+SECRET="gitea-backup-aks"
+IMAGE="mcr.microsoft.com/azure-cli:latest"
+POD_NAME="gitea-backup-helper"
+
+cleanup() {
+  kubectl -n "$NAMESPACE" delete pod "$POD_NAME" --ignore-not-found --grace-period=0 > /dev/null 2>&1 || true
+}
+
+az_run() {
+  cleanup
+  kubectl -n "$NAMESPACE" run "$POD_NAME" --restart=Never \
+    --image="$IMAGE" \
+    --overrides="{
+      \"spec\":{\"containers\":[{
+        \"name\":\"$POD_NAME\",
+        \"image\":\"$IMAGE\",
+        \"env\":[{\"name\":\"HOME\",\"value\":\"/tmp\"}],
+        \"command\":[\"sh\",\"-c\",\"$1\"],
+        \"envFrom\":[{\"secretRef\":{\"name\":\"$SECRET\"}}]
+      }]}
+    }" > /dev/null 2>&1
+
+  kubectl -n "$NAMESPACE" wait --for=jsonpath='{.status.phase}'=Succeeded "pod/$POD_NAME" --timeout=120s > /dev/null 2>&1
+  kubectl -n "$NAMESPACE" logs "$POD_NAME"
+  cleanup
+}
+
+case "${1:-help}" in
+  list)
+    echo "Listing backups..."
+    az_run 'az storage blob list --account-name ${AZURE_STORAGE_ACCOUNT} --account-key ${AZURE_STORAGE_KEY} --container-name ${AZURE_CONTAINER} --output table --query "[].{Name:name, Size:properties.contentLength, Modified:properties.lastModified}"'
+    ;;
+
+  download)
+    FILE="${2:?Usage: $0 download <filename|latest>}"
+
+    if [ "$FILE" = "latest" ]; then
+      echo "Finding latest backup..."
+      FILE=$(az_run 'az storage blob list --account-name ${AZURE_STORAGE_ACCOUNT} --account-key ${AZURE_STORAGE_KEY} --container-name ${AZURE_CONTAINER} --query "sort_by([], &properties.lastModified)[-1].name" -o tsv' | tr -d '[:space:]')
+      if [ -z "$FILE" ]; then
+        echo "No backups found."
+        exit 1
+      fi
+      echo "Latest: $FILE"
+    fi
+
+    echo "Downloading $FILE..."
+    cleanup
+    kubectl -n "$NAMESPACE" run "$POD_NAME" --restart=Never \
+      --image="$IMAGE" \
+      --overrides="{
+        \"spec\":{\"containers\":[{
+          \"name\":\"$POD_NAME\",
+          \"image\":\"$IMAGE\",
+          \"env\":[{\"name\":\"HOME\",\"value\":\"/tmp\"}],
+          \"command\":[\"sh\",\"-c\",\"sleep 300\"],
+          \"envFrom\":[{\"secretRef\":{\"name\":\"$SECRET\"}}]
+        }]}
+      }" > /dev/null 2>&1
+
+    kubectl -n "$NAMESPACE" wait --for=condition=Ready "pod/$POD_NAME" --timeout=60s > /dev/null 2>&1
+
+    echo "Saving to ./$FILE ..."
+    kubectl -n "$NAMESPACE" exec "$POD_NAME" -- \
+      az storage blob download \
+        --account-name "\${AZURE_STORAGE_ACCOUNT}" \
+        --account-key "\${AZURE_STORAGE_KEY}" \
+        --container-name "\${AZURE_CONTAINER}" \
+        --name "$FILE" \
+        --file /dev/stdout 2>/dev/null > "./$FILE"
+    cleanup
+
+    echo "Downloaded: ./$FILE"
+    ;;
+
+  *)
+    echo "Gitea backup helper (Azure Blob Storage)"
+    echo ""
+    echo "Usage:"
+    echo "  $0 list                    List all backups in Azure Blob"
+    echo "  $0 download <filename>     Download a specific backup"
+    echo "  $0 download latest         Download the most recent backup"
+    ;;
+esac