diff --git a/.github/workflows/backup.yml b/.github/workflows/backup.yml new file mode 100644 index 0000000..781a730 --- /dev/null +++ b/.github/workflows/backup.yml @@ -0,0 +1,56 @@ +--- +name: backup + +on: + schedule: + - cron: "32 00 * * *" + +jobs: + backup: + runs-on: ubuntu-latest + env: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + REPO: ${{ github.repository }} + RESTIC_PASSWORD: ${{ secrets.RESTIC_PASSWORD }} + RESTIC_REPOSITORY_URL: ${{ secrets.RESTIC_REPOSITORY }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + steps: + # - uses: actions/checkout@v4 + - name: Install requirements + run: | + sudo apt-get update + sudo apt-get -y install restic + - name: Trigger backup export + run: | + ID=$(gh api --method POST /user/migrations \ + --raw-field "repositories[]=$REPO" \ + --field lock_repositories=false \ + --field exclude_git_data=true --jq '.id') + # define some ENV vars needed below + echo "EXPORT_ID=$ID" >>$GITHUB_ENV + echo "REPO_NAME=${{ github.event.repository.name }}" >> $GITHUB_ENV + - name: Wait until backup is finished + run: | + while true; do + STATE=$(gh api --method GET "/user/migrations/$EXPORT_ID" --jq '.state') + [[ $STATE == "exported" ]] && break + sleep 10 + done + - name: Download backup + run: | + ARCHIVE_URL=$(gh api --method GET "/user/migrations/$EXPORT_ID" --jq '.archive_url') + curl -L -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GH_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + -o "archive.tgz" "$ARCHIVE_URL" + - name: Export backup + run: | + export RESTIC_REPOSITORY=$RESTIC_REPOSITORY_URL/$REPO_NAME + # init repository if necessary + if ! restic cat config >/dev/null 2>&1; then + restic init + fi + restic backup --host gh-runner --stdin --stdin-filename archive.tgz <./archive.tgz + restic forget --prune --keep-within 6m + restic check