#!/usr/bin/env bash set -euo pipefail # Gitea backup helper for Azure Blob Storage # Uses the gitea-backup-aks secret in the gitea namespace # Required secret keys: # AZURE_STORAGE_ACCOUNT — storage account name # AZURE_STORAGE_KEY — storage account key # AZURE_CONTAINER — blob container name # # Usage: # ./scripts/gitea-backup-aks.sh list # list all backups # ./scripts/gitea-backup-aks.sh download # download a backup # ./scripts/gitea-backup-aks.sh download latest # download the most recent backup NAMESPACE="gitea" SECRET="gitea-backup-aks" IMAGE="mcr.microsoft.com/azure-cli:latest" POD_NAME="gitea-backup-helper" cleanup() { kubectl -n "$NAMESPACE" delete pod "$POD_NAME" --ignore-not-found --grace-period=0 > /dev/null 2>&1 || true } az_run() { cleanup kubectl -n "$NAMESPACE" run "$POD_NAME" --restart=Never \ --image="$IMAGE" \ --overrides="{ \"spec\":{\"containers\":[{ \"name\":\"$POD_NAME\", \"image\":\"$IMAGE\", \"env\":[{\"name\":\"HOME\",\"value\":\"/tmp\"}], \"command\":[\"sh\",\"-c\",\"$1\"], \"envFrom\":[{\"secretRef\":{\"name\":\"$SECRET\"}}] }]} }" > /dev/null 2>&1 kubectl -n "$NAMESPACE" wait --for=jsonpath='{.status.phase}'=Succeeded "pod/$POD_NAME" --timeout=120s > /dev/null 2>&1 kubectl -n "$NAMESPACE" logs "$POD_NAME" cleanup } case "${1:-help}" in list) echo "Listing backups..." az_run 'az storage blob list --account-name ${AZURE_STORAGE_ACCOUNT} --account-key ${AZURE_STORAGE_KEY} --container-name ${AZURE_CONTAINER} --output table --query "[].{Name:name, Size:properties.contentLength, Modified:properties.lastModified}"' ;; download) FILE="${2:?Usage: $0 download }" if [ "$FILE" = "latest" ]; then echo "Finding latest backup..." FILE=$(az_run 'az storage blob list --account-name ${AZURE_STORAGE_ACCOUNT} --account-key ${AZURE_STORAGE_KEY} --container-name ${AZURE_CONTAINER} --query "sort_by([], &properties.lastModified)[-1].name" -o tsv' | tr -d '[:space:]') if [ -z "$FILE" ]; then echo "No backups found." exit 1 fi echo "Latest: $FILE" fi echo "Downloading $FILE..." cleanup kubectl -n "$NAMESPACE" run "$POD_NAME" --restart=Never \ --image="$IMAGE" \ --overrides="{ \"spec\":{\"containers\":[{ \"name\":\"$POD_NAME\", \"image\":\"$IMAGE\", \"env\":[{\"name\":\"HOME\",\"value\":\"/tmp\"}], \"command\":[\"sh\",\"-c\",\"sleep 300\"], \"envFrom\":[{\"secretRef\":{\"name\":\"$SECRET\"}}] }]} }" > /dev/null 2>&1 kubectl -n "$NAMESPACE" wait --for=condition=Ready "pod/$POD_NAME" --timeout=60s > /dev/null 2>&1 echo "Saving to ./$FILE ..." kubectl -n "$NAMESPACE" exec "$POD_NAME" -- \ az storage blob download \ --account-name "\${AZURE_STORAGE_ACCOUNT}" \ --account-key "\${AZURE_STORAGE_KEY}" \ --container-name "\${AZURE_CONTAINER}" \ --name "$FILE" \ --file /dev/stdout 2>/dev/null > "./$FILE" cleanup echo "Downloaded: ./$FILE" ;; *) echo "Gitea backup helper (Azure Blob Storage)" echo "" echo "Usage:" echo " $0 list List all backups in Azure Blob" echo " $0 download Download a specific backup" echo " $0 download latest Download the most recent backup" ;; esac