From 886cbb292ffc894644f3a3dc8fddac7cb99e3cee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sun, 21 Sep 2025 15:51:47 +0100 Subject: [PATCH] refactored container image and gitea workflows --- .../workflows/ docker-image.deploy.beta.yml | 33 +++++++ ...ploy.yml => docker-image.deploy.prod.yml} | 1 + .gitignore | 1 + README.md | 96 +++++++++++-------- docker-compose.dev.yaml | 33 ++++--- docker/Dockerfile | 39 ++++++-- docker/app/README.md | 9 ++ docker/app/scripts/entrypoint.sh | 33 +++++++ docker/app/scripts/loadenv | 3 +- 9 files changed, 185 insertions(+), 63 deletions(-) create mode 100644 .gitea/workflows/ docker-image.deploy.beta.yml rename .gitea/workflows/{ docker-image.deploy.yml => docker-image.deploy.prod.yml} (97%) create mode 100644 docker/app/README.md create mode 100755 docker/app/scripts/entrypoint.sh diff --git a/.gitea/workflows/ docker-image.deploy.beta.yml b/.gitea/workflows/ docker-image.deploy.beta.yml new file mode 100644 index 0000000..7ca4b8c --- /dev/null +++ b/.gitea/workflows/ docker-image.deploy.beta.yml @@ -0,0 +1,33 @@ +on: + push: + branches: [ feature/* ] + paths: + - "docker/**" + - ".gitea/**" + schedule: + - cron: "0 02 * * *" +jobs: + + build-docker-image: + runs-on: ubuntu-latest + + steps: + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Log in to git.limbosolutions.com docker registry + uses: docker/login-action@v3 + with: + registry: git.limbosolutions.com + username: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_USERNAME }} + password: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_PASSWORD }} + + - name: Build and push Docker images + id: push + uses: docker/build-push-action@v6 + with: + context: . + file: ${{gitea.workspace}}/docker/Dockerfile + push: true + tags: git.limbosolutions.com/kb/borg-backup:alpha \ No newline at end of file diff --git a/.gitea/workflows/ docker-image.deploy.yml b/.gitea/workflows/ docker-image.deploy.prod.yml similarity index 97% rename from .gitea/workflows/ docker-image.deploy.yml rename to .gitea/workflows/ docker-image.deploy.prod.yml index 3d421aa..3ccebba 100644 --- a/.gitea/workflows/ docker-image.deploy.yml +++ b/.gitea/workflows/ docker-image.deploy.prod.yml @@ -1,5 +1,6 @@ on: push: + branches: [ main ] paths: - "docker/**" - ".gitea/**" diff --git a/.gitignore b/.gitignore index 621cb7b..4afd74e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ **.local.** +.env diff --git a/README.md b/README.md index 406ff97..cd99dbb 100644 --- a/README.md +++ b/README.md @@ -2,17 +2,20 @@ +- [container image](#container-image) + - [environment variables](#environment-variables) + - [borg repo init](#borg-repo-init) + - [creating a backup](#creating-a-backup) + - [using a bash script](#using-a-bash-script) + - [dev](#dev) + ## container image -## environment variables +### environment variables -``` bash -docker run git.limbosolutions.com/kb/borg-backup:latest -``` - -## repo init +### borg repo init ```bash services: @@ -20,28 +23,39 @@ services: image: git.limbosolutions.com/kb/borg-backup:latest restart: no tty: true + entrypoint: [ "bash", "-c", "loadenv && /init-repo"] environment: - BORG_REPO: ssh://user@server/home/user/borg-repo - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR" configs: - source: id_ed25519 # required for ssh client target: /home/borg/.ssh/id_ed25519 + - source: borg_init_repo_sh + target: /init-repo configs: - create.sh: - content: - while true; do - sleep 5 - done - # execute for example - #borg init --encryption=keyfile-blake2 $BORG_REPO - # dont forget to copy key file content on borg folder (/root/.borg/keys/*) and BORG_PASSPHRASE - + borg_init_repo_sh: + # Example, execute + # borg init --encryption=keyfile-blake2 $BORG_REPO + # don't forget to copy key file content on borg folder (/root/.borg/keys/*) and BORG_PASSPHRASE used during initialization + content: + while true; do + sleep 5 + done + + id_ed25519: + content: | + -----BEGIN OPENSSH PRIVATE KEY----- + ************** + ************** + -----END OPENSSH PRIVATE KEY----- + ``` + +``` bash +docker run git.limbosolutions.com/kb/borg-backup:latest ``` -### docker compose - -Example of simple usage for creating a backup +### creating a backup ```yaml services: @@ -54,16 +68,17 @@ services: - ./home/user:/mnt/user # Mount local folder to container environment: - - BORG_REPO=????? + - BORG_REPO: "?????" - BORG_RSH: "-o StrictHostKeyChecking=no -o LogLevel=ERROR" - - BORG_PASSPHRASE=???? + - BORG_PASSPHRASE: "????" configs: - source: id_ed25519 # required for ssh client - target: /home/borg/.ssh/id_ed25519 + mode: 0400 + target: /root/.ssh/id_ed25519 - source: borg_key # required for borg client target: /app/borg/key - + mode: 0400 configs: @@ -79,26 +94,27 @@ configs: BORG_KEY ??????? ???????????????? ???????????????? - - ``` -Example using an bash script +### using a bash script ```yaml services: borg-backup: restart: no image: git.limbosolutions.com/kb/borg-backup:latest - entrypoint: ["bash", "backup.sh"] + # execute loadenv before you re scripts + # so some enviromnent variables are set + entrypoint: ["bash", "loadenv & /backup"] configs: - source: backup_script - target: /backup.sh + target: /backup - source: id_ed25519 target: /root/.ssh/id_ed25519 mode: 0400 - source: borg_key target: /app/borg/key + mode: 0400 environment: BORG_REPO: ssh://user@server/path BORG_RSH: "ssh -o StrictHostKeyChecking=no" @@ -107,12 +123,15 @@ services: volumes: - - /home/mf/repos:/mnt/repos + - /home/user/repos:/mnt/repos configs: + # $$ instead of $ so it replaced during runtime and not on docker compose up + backup_script: content: | - source loadenv + + #/!bin/bash set -e # while true; do @@ -161,20 +180,17 @@ configs: ### dev +For development environment and testing this docker compose files. + ``` bash +BUILD="" + +# uncomment do force build +#BUILD="--build" + docker compose \ --project-name borg-backup-dev \ -f docker-compose.dev.yaml \ -f docker-compose.dev.local.yaml \ -up -``` - -Force Build: - -``` bash -docker compose \ ---project-name borg-backup-dev \ --f docker-compose.dev.yaml \ --f docker-compose.dev.local.yaml \ -up --build +up $BUILD ``` diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml index e874d4a..5ea78ea 100644 --- a/docker-compose.dev.yaml +++ b/docker-compose.dev.yaml @@ -2,34 +2,41 @@ services: borg: tty: true stdin_open: true - # entrypoint: ["bash"] + build: dockerfile: docker/Dockerfile context: . - environment: - - BORG_REPO=??????? - - BORG_RSH="ssh -o StrictHostKeyChecking=no" - - BORG_PASSPHRASE=???? + environment: + - BORG_REPO="${BORG_REPO}" + - BORG_RSH="${BORG_REPO}" + - BORG_PASSPHRASE="${BORG_PASSPHRASE}" + - MODE=SCRIPT # Valid modes are: BORG, SCRIPT, SHELL, default is BORG + command: "${CONTAINER_COMMAND:-list}" configs: + # - source: backup_script + # target: /app/backup-scripts/run - source: id_ed25519 target: /root/.ssh/id_ed25519 + mode: 0400 - source: borg_key target: /app/borg/key - + mode: 0400 volumes: - ./docker/app/scripts:/app/scripts + - ./docker/dev-backup-scripts:/app/backup-scripts configs: + + # backup_script: + # content: | + # #!bin/bash + # echo "hello work!!!! (please override me)" + id_ed25519: content: | - -----BEGIN OPENSSH PRIVATE KEY----- - ??????? - ??????? - -----END OPENSSH PRIVATE KEY----- + ${ID_ED25519} borg_key: content: | - BORG_KEY ??????? - ???????????????? - ???????????????? \ No newline at end of file + ${BORG_KEY} \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile index 0478bd9..593eb11 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,25 +1,48 @@ FROM alpine:latest -# Install BorgBackup and OpenSSH client +# Installs +# - BorgBackup +# - OpenSSH client +RUN echo "Installing packages." RUN apk update && apk add --no-cache \ borgbackup \ openssh \ bash \ tzdata +RUN echo "Copying app." COPY ./docker/app /app -RUN chmod +x /app/scripts -R + + + +# having some problems if app/scripts files not set with executable permissions +# this is not working, so please confirm files are executable on host building docker file +# setting app owner. +# RUN chown -R root:root /app +#RUN echo "Setting app permissions" +#RUN chown -R root:root /app/scripts && find /app/scripts -type f -exec chmod +x {} \; +# use this entrypoint to verify final permissions on container +#ENTRYPOINT ["ls", "-lah", "/app/scripts"] + + +RUN echo "creating symbolic links to app/scripts." RUN ln -s /app/scripts/loadenv /usr/local/bin/loadenv RUN ln -s /app/scripts/remote-connect /usr/local/bin/remote-connect -RUN ln -s /app/scripts/remote-connect /usr/local/bin/remote-get-folder-size +RUN ln -s /app/scriptsremote-get-folder-size /usr/local/bin/remote-get-folder-size -#RUN addgroup -g 1001 -S borg && adduser -u 1001 -S borg -G borg -#USER borg -#WORKDIR /app +RUN echo "creating .ssh folder." +RUN mkdir /root/.ssh +RUN echo "setting .ssh folder permissions." +RUN chmod 700 /root/.ssh + +# for files inside correct permission is chmod 600 /root/.ssh/key + +RUN echo "Setting loadenv to bashrc and bash_profile" RUN echo "source /usr/local/bin/loadenv" > /root/.bash_profile RUN echo "source /usr/local/bin/loadenv" > /root/.bashrc -ENTRYPOINT ["bash" , "-c", "borg $0"] +RUN echo "setting entrypoint." +ENTRYPOINT ["/app/scripts/entrypoint.sh"] -CMD ["--help"] \ No newline at end of file +#CMD ["--help"] \ No newline at end of file diff --git a/docker/app/README.md b/docker/app/README.md new file mode 100644 index 0000000..ade21f2 --- /dev/null +++ b/docker/app/README.md @@ -0,0 +1,9 @@ +# borg backup helper + +for mode SCRIPT, file /app/backup-scripts/backup must be created. + +- Docker Compose Configs Sections (check repo readme file for more information); +- binding mounts (Ex: ./backup-scripts:/app/backup-scripts); +- kubernetes secrets, configSections or even volumes; + +The file backup will be automatically executed if exists. diff --git a/docker/app/scripts/entrypoint.sh b/docker/app/scripts/entrypoint.sh new file mode 100755 index 0000000..7d7c2b7 --- /dev/null +++ b/docker/app/scripts/entrypoint.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +source /app/scripts/loadenv + + +case "$MODE" in + + BORG) + echo "executing borg cli" + borg "${@:1}" # Forward all arguments except $0 to another CLI so first argument (the name of this scripts don't passthrough)" + ;; + + SCRIPT) + # check if file exists + if [ ! -f /app/backup-scripts/backup ]; then + cat /app/README.md + exit 1 + fi + echo "Executing: backup script with arguments: "\${@:1\"." + cd /app/backup-scripts && bash backup "${@:1}" + ;; + + SHELL) + echo "Executing: bash -c \"${@:1}\"." + bash -c "${@:1}" + ;; + + *) + echo "Unknown mode: $MODE." + echo "Valid modes are: BORG, SCRIPT, SHELL" + exit 1 + ;; +esac \ No newline at end of file diff --git a/docker/app/scripts/loadenv b/docker/app/scripts/loadenv index c28b179..19b3497 100755 --- a/docker/app/scripts/loadenv +++ b/docker/app/scripts/loadenv @@ -25,8 +25,7 @@ fi export SSH_COMMAND="$SSH_COMMAND $SSH_CONNECTION" - - + : "${MODE:=BORG}" # Set default if MODE is unset to borg cli