rename

2026-04-22 21:48:02 +02:00
parent 92ddc22322
commit c8c2dedea5
30 changed files with 60 additions and 60 deletions
--- a/scripts/gitea-backup-gke.sh
+++ b/scripts/gitea-backup-gke.sh
@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Gitea backup helper for Google Cloud Storage
+# Uses the gitea-backup-gcs secret in the gitea namespace
+# Required secret keys:
+#   GCS_BUCKET              — bucket name (without gs:// prefix)
+#   GOOGLE_APPLICATION_CREDENTIALS_JSON — service account key JSON
+#     (alternatively, use Workload Identity and omit the key)
+#
+# Usage:
+#   ./scripts/gitea-backup-gke.sh list                    # list all backups
+#   ./scripts/gitea-backup-gke.sh download <filename>     # download a backup
+#   ./scripts/gitea-backup-gke.sh download latest          # download the most recent backup
+
+NAMESPACE="gitea"
+SECRET="gitea-backup-gcs"
+IMAGE="gcr.io/google.com/cloudsdktool/google-cloud-cli:slim"
+POD_NAME="gitea-backup-helper"
+AUTH_CMD='if [ -n "${GOOGLE_APPLICATION_CREDENTIALS_JSON:-}" ]; then echo "${GOOGLE_APPLICATION_CREDENTIALS_JSON}" > /tmp/gcs-key.json && gcloud auth activate-service-account --key-file=/tmp/gcs-key.json > /dev/null 2>&1; fi'
+
+cleanup() {
+  kubectl -n "$NAMESPACE" delete pod "$POD_NAME" --ignore-not-found --grace-period=0 > /dev/null 2>&1 || true
+}
+
+gcs_run() {
+  cleanup
+  kubectl -n "$NAMESPACE" run "$POD_NAME" --restart=Never \
+    --image="$IMAGE" \
+    --overrides="{
+      \"spec\":{\"containers\":[{
+        \"name\":\"$POD_NAME\",
+        \"image\":\"$IMAGE\",
+        \"env\":[{\"name\":\"HOME\",\"value\":\"/tmp\"}],
+        \"command\":[\"sh\",\"-c\",\"${AUTH_CMD}; $1\"],
+        \"envFrom\":[{\"secretRef\":{\"name\":\"$SECRET\"}}]
+      }]}
+    }" > /dev/null 2>&1
+
+  kubectl -n "$NAMESPACE" wait --for=jsonpath='{.status.phase}'=Succeeded "pod/$POD_NAME" --timeout=120s > /dev/null 2>&1
+  kubectl -n "$NAMESPACE" logs "$POD_NAME"
+  cleanup
+}
+
+case "${1:-help}" in
+  list)
+    echo "Listing backups..."
+    gcs_run 'gsutil ls -l gs://${GCS_BUCKET}/'
+    ;;
+
+  download)
+    FILE="${2:?Usage: $0 download <filename|latest>}"
+
+    if [ "$FILE" = "latest" ]; then
+      echo "Finding latest backup..."
+      FILE=$(gcs_run 'gsutil ls gs://${GCS_BUCKET}/' | grep -v '^$' | grep -v 'TOTAL' | sort | tail -1 | xargs -I{} basename {} | tr -d '[:space:]')
+      if [ -z "$FILE" ]; then
+        echo "No backups found."
+        exit 1
+      fi
+      echo "Latest: $FILE"
+    fi
+
+    echo "Downloading $FILE..."
+    cleanup
+    kubectl -n "$NAMESPACE" run "$POD_NAME" --restart=Never \
+      --image="$IMAGE" \
+      --overrides="{
+        \"spec\":{\"containers\":[{
+          \"name\":\"$POD_NAME\",
+          \"image\":\"$IMAGE\",
+          \"env\":[{\"name\":\"HOME\",\"value\":\"/tmp\"}],
+          \"command\":[\"sh\",\"-c\",\"sleep 300\"],
+          \"envFrom\":[{\"secretRef\":{\"name\":\"$SECRET\"}}]
+        }]}
+      }" > /dev/null 2>&1
+
+    kubectl -n "$NAMESPACE" wait --for=condition=Ready "pod/$POD_NAME" --timeout=60s > /dev/null 2>&1
+
+    echo "Saving to ./$FILE ..."
+    kubectl -n "$NAMESPACE" exec "$POD_NAME" -- sh -c "${AUTH_CMD} && gsutil cat gs://\${GCS_BUCKET}/$FILE" > "./$FILE"
+    cleanup
+
+    echo "Downloaded: ./$FILE"
+    ;;
+
+  *)
+    echo "Gitea backup helper (Google Cloud Storage)"
+    echo ""
+    echo "Usage:"
+    echo "  $0 list                    List all backups in GCS"
+    echo "  $0 download <filename>     Download a specific backup"
+    echo "  $0 download latest         Download the most recent backup"
+    ;;
+esac