gitea/.helm/templates/restore-job.yaml
bootstrap 90fd37101b
Some checks failed
trash-ci / smoke (push) Failing after 11s
Initial Gitea chart with smoke CI
2026-05-06 17:35:56 +03:00

183 lines
8.2 KiB
YAML

{{- if and .Values.restore .Values.restore.enabled }}
{{- $restoreFiles := default false .Values.restore.files.enabled }}
{{- $restorePostgresql := default false .Values.restore.postgresql.enabled }}
{{- if not (or $restoreFiles $restorePostgresql) }}
{{- fail "restore.enabled=true requires restore.files.enabled=true or restore.postgresql.enabled=true" }}
{{- end }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Values.restore.name | quote }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-weight: "0"
helm.sh/hook-delete-policy: before-hook-creation
spec:
backoffLimit: 1
template:
spec:
restartPolicy: Never
initContainers:
- name: download
image: "{{ .Values.restore.images.awsCli.repository }}:{{ .Values.restore.images.awsCli.tag }}"
imagePullPolicy: {{ .Values.restore.images.awsCli.pullPolicy }}
command:
- /bin/sh
- -ec
- |
case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; exit 1;; esac
case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; exit 1;; esac
test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; exit 1; }
{{- if $restoreFiles }}
test -n "${GITEA_FILES_KEY}"
aws --endpoint-url "${AWS_ENDPOINT_URL}" s3 cp "s3://${S3_BUCKET}/${GITEA_FILES_KEY}" /restore/gitea-files.tar.gz
{{- end }}
{{- if $restorePostgresql }}
test -n "${POSTGRESQL_DUMP_KEY}"
aws --endpoint-url "${AWS_ENDPOINT_URL}" s3 cp "s3://${S3_BUCKET}/${POSTGRESQL_DUMP_KEY}" /restore/postgresql.sql.gz
{{- end }}
env:
- name: S3_BUCKET
value: {{ .Values.restore.s3.bucket | quote }}
- name: GITEA_FILES_KEY
value: {{ default "" .Values.restore.s3.giteaFilesKey | quote }}
- name: POSTGRESQL_DUMP_KEY
value: {{ default "" .Values.restore.s3.postgresqlDumpKey | quote }}
- name: AWS_DEFAULT_REGION
value: {{ .Values.restore.s3.region | quote }}
- name: AWS_ENDPOINT_URL
value: {{ .Values.restore.s3.endpointUrl | quote }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ include "gitea.secretName" . | quote }}
key: aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "gitea.secretName" . | quote }}
key: aws-secret-access-key
volumeMounts:
- name: restore
mountPath: /restore
{{- if $restoreFiles }}
- name: restore-files
image: "{{ .Values.restore.images.busybox.repository }}:{{ .Values.restore.images.busybox.tag }}"
imagePullPolicy: {{ .Values.restore.images.busybox.pullPolicy }}
command:
- /bin/sh
- -ec
- |
rm -rf /data/* /data/.[!.]* /data/..?*
tar -C /data -xzf /restore/gitea-files.tar.gz
volumeMounts:
- name: restore
mountPath: /restore
- name: gitea-data
mountPath: /data
{{- end }}
{{- if $restorePostgresql }}
- name: restore-postgresql
image: "{{ .Values.restore.images.postgres.repository }}:{{ .Values.restore.images.postgres.tag }}"
imagePullPolicy: {{ .Values.restore.images.postgres.pullPolicy }}
command:
- /bin/sh
- -ec
- |
export PGPASSWORD="${POSTGRES_PASSWORD}"
until pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d postgres; do
sleep 5
done
escaped_user="$(printf "%s" "${POSTGRES_USER}" | sed 's/"/""/g')"
escaped_db="$(printf "%s" "${POSTGRES_DB}" | sed 's/"/""/g')"
if ! psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d postgres -tAc "select 1 from pg_database where datname = '${POSTGRES_DB}'" | grep -q 1; then
createdb -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -O "${POSTGRES_USER}" "${POSTGRES_DB}"
fi
psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d postgres -v ON_ERROR_STOP=1 \
-c "ALTER DATABASE \"${escaped_db}\" OWNER TO \"${escaped_user}\";"
psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -v ON_ERROR_STOP=1 \
-c "DROP SCHEMA IF EXISTS public CASCADE; CREATE SCHEMA public AUTHORIZATION \"${POSTGRES_USER}\"; GRANT ALL ON SCHEMA public TO \"${POSTGRES_USER}\";"
gunzip -c /restore/postgresql.sql.gz | psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -v ON_ERROR_STOP=1
env:
- name: POSTGRES_HOST
value: {{ .Values.restore.postgresql.host | quote }}
- name: POSTGRES_DB
value: {{ .Values.postgresql.auth.database | quote }}
- name: POSTGRES_USER
value: {{ .Values.postgresql.auth.username | quote }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.databaseSecret.name | quote }}
key: {{ .Values.databaseSecret.passwordKey | quote }}
volumeMounts:
- name: restore
mountPath: /restore
{{- end }}
containers:
{{- if .Values.restore.verify.enabled }}
- name: verify
image: "{{ .Values.restore.images.postgres.repository }}:{{ .Values.restore.images.postgres.tag }}"
imagePullPolicy: {{ .Values.restore.images.postgres.pullPolicy }}
command:
- /bin/sh
- -ec
- |
{{- if $restoreFiles }}
test -d /data
objects="$(find /data -mindepth 1 -maxdepth 2 | head -n 1)"
test -n "${objects}"
{{- end }}
{{- if $restorePostgresql }}
tables="$(psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -tAc "select count(*) from information_schema.tables where table_schema = 'public'")"
test "${tables}" -gt 0
core_tables="$(psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" -tAc "select count(*) from information_schema.tables where table_schema = 'public' and table_name in ('user', 'repository', 'version')")"
test "${core_tables}" -gt 0
echo "Gitea database restore verification passed: ${tables} public tables, ${core_tables} core tables"
{{- end }}
echo "Gitea restore verification passed"
env:
- name: POSTGRES_HOST
value: {{ .Values.restore.postgresql.host | quote }}
- name: POSTGRES_DB
value: {{ .Values.postgresql.auth.database | quote }}
- name: POSTGRES_USER
value: {{ .Values.postgresql.auth.username | quote }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.databaseSecret.name | quote }}
key: {{ .Values.databaseSecret.passwordKey | quote }}
{{- if $restoreFiles }}
volumeMounts:
- name: gitea-data
mountPath: /data
readOnly: true
{{- end }}
{{- else }}
- name: done
image: "{{ .Values.restore.images.busybox.repository }}:{{ .Values.restore.images.busybox.tag }}"
imagePullPolicy: {{ .Values.restore.images.busybox.pullPolicy }}
command:
- /bin/sh
- -ec
- echo "Gitea restore completed"
{{- end }}
volumes:
- name: restore
emptyDir: {}
{{- if $restoreFiles }}
- name: gitea-data
persistentVolumeClaim:
claimName: {{ include "gitea.giteaPvcName" . | quote }}
{{- end }}
{{- end }}