From 18246ed617c1e8eb4892e0a2fa3c3dda534cefb7 Mon Sep 17 00:00:00 2001
From: Faustin Lammler <faustin@fala.red>
Date: Mon, 24 Mar 2025 09:45:26 +0100
Subject: [PATCH] Add a sanity check for backups

The check makes sure that the backup contains the latest PR information
(based on title).
---
 .github/workflows/backup.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/backup.yml b/.github/workflows/backup.yml
index 8c1d732..1c92a01 100644
--- a/.github/workflows/backup.yml
+++ b/.github/workflows/backup.yml
@@ -44,6 +44,16 @@ jobs:
             -H "Authorization: Bearer $GH_TOKEN" \
             -H "X-GitHub-Api-Version: 2022-11-28" \
             -o "archive.tgz" "$ARCHIVE_URL"
+      - name: Sanity check
+        run: |
+          TITLE_LATEST_PR=$(gh api \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer $GH_TOKEN" \
+            -H "X-GitHub-Api-Version: 2022-11-28" repos/$REPO/pulls --jq '.[0].title')
+          zgrep -a -B3 "$TITLE_LATEST_PR" archive.tgz || {
+            echo "Latest PR title not found in archive.tgz"
+            exit 1
+          }
       - name: Save backup (restic)
         run: |
           export RESTIC_REPOSITORY=$RESTIC_REPOSITORY_URL/$REPO_NAME