readme fl #62

Workflow file for this run

.github/workflows/bica-ci.yml at 7b6f2ee

	name: BICA Backup CI/CD

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	env:
	IMAGE_NAME: bica-backup
	TAG: test

	# Docker network
	DOCKER_NETWORK: bica-net

	# PostgreSQL container related variables
	POSTGRES_CONTAINER_NAME: postgres-db
	POSTGRES_USER: myuser
	POSTGRES_PASSWORD: mypass
	POSTGRES_DB: mydatabase
	POSTGRES_PORT: 5432

	# Database backup related variables
	DB_HOST: postgres-db
	DB_PORT: 5432
	DB_USER: myuser
	DB_PASSWORD: mypass
	DB_NAME: mydatabase

	# Backup settings
	BACKUP_DIR: /mnt/backups
	RETENTION_DAYS: 7
	ENCRYPT: true
	ENCRYPT_PASS: MySecretKey

	jobs:
	build:
	name: Build Docker Image
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build image
	run: docker build -t $IMAGE_NAME:$TAG .

	- name: Save image as artifact
	run: docker save $IMAGE_NAME:$TAG -o image.tar

	- uses: actions/upload-artifact@v4
	with:
	name: docker-image
	path: image.tar

	backup-encrypted:
	name: Backup Encrypted
	runs-on: ubuntu-latest
	needs: [build]
	steps:
	- uses: actions/checkout@v4

	- name: Download image artifact
	uses: actions/download-artifact@v4
	with:
	name: docker-image
	path: .

	- name: Load docker image
	run: docker load -i image.tar

	- name: Create Docker network (if not exists)
	run: docker network create $DOCKER_NETWORK \|\| true

	- name: Start PostgreSQL container
	run: \|
	docker run -d --name $POSTGRES_CONTAINER_NAME --network $DOCKER_NETWORK \
	-e POSTGRES_USER=$POSTGRES_USER \
	-e POSTGRES_PASSWORD=$POSTGRES_PASSWORD \
	-e POSTGRES_DB=$POSTGRES_DB \
	postgres:15

	- name: Wait for PostgreSQL to be ready
	run: \|
	for i in {1..30}; do
	docker run --rm --network $DOCKER_NETWORK postgres:15 \
	bash -c "PGPASSWORD=$POSTGRES_PASSWORD pg_isready -h $POSTGRES_CONTAINER_NAME -p $POSTGRES_PORT -U $POSTGRES_USER" && echo "PostgreSQL is ready" && exit 0
	echo "Waiting for PostgreSQL... attempt $i"
	sleep 2
	done
	echo "PostgreSQL did not become ready in time"
	exit 1

	- name: Populate database with sample data
	run: \|
	docker run --rm --network $DOCKER_NETWORK \
	-e PGPASSWORD=$POSTGRES_PASSWORD \
	postgres:15 \
	psql -h $POSTGRES_CONTAINER_NAME -U $POSTGRES_USER -d $POSTGRES_DB -c "
	CREATE TABLE IF NOT EXISTS users (
	id SERIAL PRIMARY KEY,
	username TEXT NOT NULL UNIQUE,
	email TEXT NOT NULL UNIQUE,
	created_at TIMESTAMP DEFAULT NOW()
	);

	CREATE TABLE IF NOT EXISTS posts (
	id SERIAL PRIMARY KEY,
	user_id INTEGER NOT NULL REFERENCES users(id),
	title TEXT NOT NULL,
	content TEXT,
	published_at TIMESTAMP
	);

	CREATE TABLE IF NOT EXISTS comments (
	id SERIAL PRIMARY KEY,
	post_id INTEGER NOT NULL REFERENCES posts(id),
	author_name TEXT NOT NULL,
	comment TEXT NOT NULL,
	created_at TIMESTAMP DEFAULT NOW()
	);

	INSERT INTO users (username, email) VALUES
	('alice', 'alice@example.com'),
	('bob', 'bob@example.com'),
	('carol', 'carol@example.com')
	ON CONFLICT DO NOTHING;

	INSERT INTO posts (user_id, title, content, published_at) VALUES
	(1, 'First post', 'This is the content of the first post.', NOW() - INTERVAL '5 days'),
	(1, 'Second post', 'More content here.', NOW() - INTERVAL '2 days'),
	(2, 'Bob''s post', 'Bob writes something interesting.', NOW() - INTERVAL '3 days')
	ON CONFLICT DO NOTHING;

	INSERT INTO comments (post_id, author_name, comment) VALUES
	(1, 'Eve', 'Great post, thanks!'),
	(1, 'Mallory', 'I disagree with your point.'),
	(3, 'Trent', 'Nice one, Bob!')
	ON CONFLICT DO NOTHING;
	"

	- name: Prepare backup folder
	run: mkdir -p ./backups

	- name: Run encrypted backup
	run: \|
	docker run --rm --network $DOCKER_NETWORK \
	--entrypoint /backup.sh \
	-e DB_HOST=$DB_HOST \
	-e DB_PORT=$DB_PORT \
	-e DB_USER=$DB_USER \
	-e DB_PASSWORD=$DB_PASSWORD \
	-e DB_NAME=$DB_NAME \
	-e BACKUP_DIR=$BACKUP_DIR \
	-e RETENTION_DAYS=$RETENTION_DAYS \
	-e ENCRYPT=$ENCRYPT \
	-e ENCRYPT_PASS=$ENCRYPT_PASS \
	-v ${{ github.workspace }}/backups:$BACKUP_DIR \
	$IMAGE_NAME:$TAG

	- name: List backup files
	run: ls -lh ./backups

	- name: Upload encrypted backup artifact
	uses: actions/upload-artifact@v4
	with:
	name: encrypted-backup
	path: ./backups/*.enc

	- name: Cleanup Docker resources
	run: \|
	docker rm -f $POSTGRES_CONTAINER_NAME \|\| true
	docker network rm $DOCKER_NETWORK \|\| true

	decrypt-and-show:
	name: Decrypt backup and show pg_dump
	runs-on: ubuntu-latest
	needs: backup-encrypted
	steps:
	- name: Prepare local backup folder
	run: mkdir -p ./backups

	- name: Download encrypted backup artifact
	uses: actions/download-artifact@v4
	with:
	name: encrypted-backup
	path: ./backups

	- name: Decrypt backup files
	run: \|
	ENCRYPT_PASS=$ENCRYPT_PASS
	for f in ./backups/*.enc; do
	openssl enc -aes-256-cbc -d -pbkdf2 -salt -in "$f" -out "${f%.enc}.tar.gz" -k "$ENCRYPT_PASS"
	done

	- name: Extract decrypted tarball and display of pg_dump
	run: \|
	tar -xzf ./backups/*.tar.gz -C ./backups
	cat ./backups/db_backup.sql

	docker-publish:
	name: Push Docker image to Docker Hub
	runs-on: ubuntu-latest
	needs: [decrypt-and-show]
	if: github.ref == 'refs/heads/main' && github.event_name == 'push'
	steps:
	- uses: actions/checkout@v4

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Docker image
	run: docker build -t $IMAGE_NAME:$TAG .

	- name: Docker login
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Push image to Docker Hub
	run: \|
	docker tag $IMAGE_NAME:$TAG ${{ secrets.DOCKER_USERNAME }}/$IMAGE_NAME:latest
	docker push ${{ secrets.DOCKER_USERNAME }}/$IMAGE_NAME:latest
	#teste pedro

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

readme fl #62

Workflow file

readme fl #62

Uh oh!

Workflow file for this run