{{- if and .Values.restore .Values.restore.enabled }} {{- $restoreFiles := default false .Values.restore.files.enabled }} {{- $restorePostgresql := default false .Values.restore.postgresql.enabled }} {{- if not (or $restoreFiles $restorePostgresql) }} {{- fail "restore.enabled=true requires restore.files.enabled=true or restore.postgresql.enabled=true" }} {{- end }} apiVersion: batch/v1 kind: Job metadata: name: {{ .Values.restore.name | quote }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} annotations: helm.sh/hook: pre-install,pre-upgrade helm.sh/hook-weight: "0" helm.sh/hook-delete-policy: before-hook-creation spec: backoffLimit: 1 template: spec: restartPolicy: Never initContainers: - name: download image: "{{ .Values.restore.images.awsCli.repository }}:{{ .Values.restore.images.awsCli.tag }}" imagePullPolicy: {{ .Values.restore.images.awsCli.pullPolicy }} command: - /bin/sh - -ec - | case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; exit 1;; esac case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; exit 1;; esac test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; exit 1; } {{- if $restoreFiles }} test -n "${GITEA_FILES_KEY}" aws --endpoint-url "${AWS_ENDPOINT_URL}" s3 cp "s3://${S3_BUCKET}/${GITEA_FILES_KEY}" /restore/gitea-files.tar.gz {{- end }} {{- if $restorePostgresql }} test -n "${POSTGRESQL_DUMP_KEY}" aws --endpoint-url "${AWS_ENDPOINT_URL}" s3 cp "s3://${S3_BUCKET}/${POSTGRESQL_DUMP_KEY}" /restore/postgresql.sql.gz {{- end }} env: - name: S3_BUCKET value: {{ .Values.restore.s3.bucket | quote }} - name: GITEA_FILES_KEY value: {{ default "" .Values.restore.s3.giteaFilesKey | quote }} - name: POSTGRESQL_DUMP_KEY value: {{ default "" .Values.restore.s3.postgresqlDumpKey | quote }} - name: AWS_DEFAULT_REGION value: {{ .Values.restore.s3.region | quote }} - name: AWS_ENDPOINT_URL value: {{ .Values.restore.s3.endpointUrl | quote }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: {{ include "gitea.secretName" . | quote }} key: aws-access-key-id - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: {{ include "gitea.secretName" . | quote }} key: aws-secret-access-key volumeMounts: - name: restore mountPath: /restore {{- if $restoreFiles }} - name: restore-files image: "{{ .Values.restore.images.busybox.repository }}:{{ .Values.restore.images.busybox.tag }}" imagePullPolicy: {{ .Values.restore.images.busybox.pullPolicy }} command: - /bin/sh - -ec - | rm -rf /data/* /data/.[!.]* /data/..?* tar -C /data -xzf /restore/gitea-files.tar.gz volumeMounts: - name: restore mountPath: /restore - name: gitea-data mountPath: /data {{- end }} {{- if $restorePostgresql }} - name: restore-postgresql image: "{{ .Values.restore.images.postgres.repository }}:{{ .Values.restore.images.postgres.tag }}" imagePullPolicy: {{ .Values.restore.images.postgres.pullPolicy }} command: - /bin/sh - -ec - | export PGPASSWORD="${POSTGRES_PASSWORD}" until pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d postgres; do sleep 5 done escaped_user="$(printf "%s" "${POSTGRES_USER}" | sed 's/"/""/g')" escaped_db="$(printf "%s" "${POSTGRES_DB}" | sed 's/"/""/g')" if ! psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d postgres -tAc "select 1 from pg_database where datname = '${POSTGRES_DB}'" | grep -q 1; then createdb -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -O "${POSTGRES_USER}" "${POSTGRES_DB}" fi psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d postgres -v ON_ERROR_STOP=1 \ -c "ALTER DATABASE \"${escaped_db}\" OWNER TO \"${escaped_user}\";" psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -v ON_ERROR_STOP=1 \ -c "DROP SCHEMA IF EXISTS public CASCADE; CREATE SCHEMA public AUTHORIZATION \"${POSTGRES_USER}\"; GRANT ALL ON SCHEMA public TO \"${POSTGRES_USER}\";" gunzip -c /restore/postgresql.sql.gz | psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -v ON_ERROR_STOP=1 env: - name: POSTGRES_HOST value: {{ .Values.restore.postgresql.host | quote }} - name: POSTGRES_DB value: {{ .Values.postgresql.auth.database | quote }} - name: POSTGRES_USER value: {{ .Values.postgresql.auth.username | quote }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.databaseSecret.name | quote }} key: {{ .Values.databaseSecret.passwordKey | quote }} volumeMounts: - name: restore mountPath: /restore {{- end }} containers: {{- if .Values.restore.verify.enabled }} - name: verify image: "{{ .Values.restore.images.postgres.repository }}:{{ .Values.restore.images.postgres.tag }}" imagePullPolicy: {{ .Values.restore.images.postgres.pullPolicy }} command: - /bin/sh - -ec - | {{- if $restoreFiles }} test -d /data objects="$(find /data -mindepth 1 -maxdepth 2 | head -n 1)" test -n "${objects}" {{- end }} {{- if $restorePostgresql }} tables="$(psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -tAc "select count(*) from information_schema.tables where table_schema = 'public'")" test "${tables}" -gt 0 core_tables="$(psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -tAc "select count(*) from information_schema.tables where table_schema = 'public' and table_name in ('user', 'repository', 'version')")" test "${core_tables}" -gt 0 echo "Gitea database restore verification passed: ${tables} public tables, ${core_tables} core tables" {{- end }} echo "Gitea restore verification passed" env: - name: POSTGRES_HOST value: {{ .Values.restore.postgresql.host | quote }} - name: POSTGRES_DB value: {{ .Values.postgresql.auth.database | quote }} - name: POSTGRES_USER value: {{ .Values.postgresql.auth.username | quote }} - name: PGPASSWORD valueFrom: secretKeyRef: name: {{ .Values.databaseSecret.name | quote }} key: {{ .Values.databaseSecret.passwordKey | quote }} {{- if $restoreFiles }} volumeMounts: - name: gitea-data mountPath: /data readOnly: true {{- end }} {{- else }} - name: done image: "{{ .Values.restore.images.busybox.repository }}:{{ .Values.restore.images.busybox.tag }}" imagePullPolicy: {{ .Values.restore.images.busybox.pullPolicy }} command: - /bin/sh - -ec - echo "Gitea restore completed" {{- end }} volumes: - name: restore emptyDir: {} {{- if $restoreFiles }} - name: gitea-data persistentVolumeClaim: claimName: {{ include "gitea.giteaPvcName" . | quote }} {{- end }} {{- end }}