1010 IMAGE_NAME : bica-backup
1111 TAG : test
1212
13+ # Docker network
14+ DOCKER_NETWORK : bica-net
15+
16+ # PostgreSQL container related variables
17+ POSTGRES_CONTAINER_NAME : postgres-db
18+ POSTGRES_USER : myuser
19+ POSTGRES_PASSWORD : mypass
20+ POSTGRES_DB : mydatabase
21+ POSTGRES_PORT : 5432
22+
23+ # Database backup related variables
24+ DB_HOST : postgres-db
25+ DB_PORT : 5432
26+ DB_USER : myuser
27+ DB_PASSWORD : mypass
28+ DB_NAME : mydatabase
29+
30+ # Backup settings
31+ BACKUP_DIR : /mnt/backups
32+ RETENTION_DAYS : 7
33+ ENCRYPT : true
34+ ENCRYPT_PASS : MySecretKey
35+
1336jobs :
1437 build :
1538 name : Build Docker Image
@@ -47,34 +70,34 @@ jobs:
4770 - name : Load docker image
4871 run : docker load -i image.tar
4972
50- - name : Create Docker network
51- run : docker network create bica-net || true
73+ - name : Create Docker network (if not exists)
74+ run : docker network create $DOCKER_NETWORK || true
5275
5376 - name : Start PostgreSQL container
5477 run : |
55- docker run -d --name postgres-db --network bica-net \
56- -e POSTGRES_USER=myuser \
57- -e POSTGRES_PASSWORD=mypass \
58- -e POSTGRES_DB=mydatabase \
78+ docker run -d --name $POSTGRES_CONTAINER_NAME --network $DOCKER_NETWORK \
79+ -e POSTGRES_USER=$POSTGRES_USER \
80+ -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD \
81+ -e POSTGRES_DB=$POSTGRES_DB \
5982 postgres:15
6083
61- name : Wait for Postgres to be ready
84+ name : Wait for PostgreSQL to be ready
6285 run : |
6386 for i in {1..30}; do
64- docker run --rm --network bica-net postgres:15 \
65- bash -c "PGPASSWORD=mypass pg_isready -h postgres-db -p 5432 -U myuser " && echo "Postgres is ready" && exit 0
66- echo "Waiting for Postgres ... attempt $i"
87+ docker run --rm --network $DOCKER_NETWORK postgres:15 \
88+ bash -c "PGPASSWORD=$POSTGRES_PASSWORD pg_isready -h $POSTGRES_CONTAINER_NAME -p $POSTGRES_PORT -U $POSTGRES_USER " && echo "PostgreSQL is ready" && exit 0
89+ echo "Waiting for PostgreSQL ... attempt $i"
6790 sleep 2
6891 done
69- echo "Postgres did not become ready in time"
92+ echo "PostgreSQL did not become ready in time"
7093 exit 1
7194
7295name : Populate database with sample data
7396 run : |
74- docker run --rm --network bica-net \
75- -e PGPASSWORD=mypass \
97+ docker run --rm --network $DOCKER_NETWORK \
98+ -e PGPASSWORD=$POSTGRES_PASSWORD \
7699 postgres:15 \
77- psql -h postgres-db -U myuser -d mydatabase -c "
100+ psql -h $POSTGRES_CONTAINER_NAME -U $POSTGRES_USER -d $POSTGRES_DB -c "
78101 CREATE TABLE IF NOT EXISTS users (
79102 id SERIAL PRIMARY KEY,
80103 username TEXT NOT NULL UNIQUE,
@@ -122,40 +145,40 @@ jobs:
122145
123146 - name : Run encrypted backup
124147 run : |
125- docker run --rm --network bica-net \
148+ docker run --rm --network $DOCKER_NETWORK \
126149 --entrypoint /backup.sh \
127- -e DB_HOST=postgres-db \
128- -e DB_PORT=5432 \
129- -e DB_USER=myuser \
130- -e DB_PASSWORD=mypass \
131- -e DB_NAME=mydatabase \
132- -e BACKUP_DIR=/mnt/backups \
133- -e RETENTION_DAYS=7 \
134- -e ENCRYPT=true \
135- -e ENCRYPT_PASS=MySecretKey \
136- -v ${{ github.workspace }}/backups:/mnt/backups \
150+ -e DB_HOST=$DB_HOST \
151+ -e DB_PORT=$DB_PORT \
152+ -e DB_USER=$DB_USER \
153+ -e DB_PASSWORD=$DB_PASSWORD \
154+ -e DB_NAME=$DB_NAME \
155+ -e BACKUP_DIR=$BACKUP_DIR \
156+ -e RETENTION_DAYS=$RETENTION_DAYS \
157+ -e ENCRYPT=$ENCRYPT \
158+ -e ENCRYPT_PASS=$ENCRYPT_PASS \
159+ -v ${{ github.workspace }}/backups:$BACKUP_DIR \
137160 $IMAGE_NAME:$TAG
138161
139- name : List backups
162+ name : List backup files
140163 run : ls -lh ./backups
141164
142- - name : Upload encrypted backup
165+ - name : Upload encrypted backup artifact
143166 uses : actions/upload-artifact@v4
144167 with :
145168 name : encrypted-backup
146169 path : ./backups/*.enc
147170
148- - name : Cleanup
171+ - name : Cleanup Docker resources
149172 run : |
150- docker rm -f postgres-db || true
151- docker network rm bica-net || true
173+ docker rm -f $POSTGRES_CONTAINER_NAME || true
174+ docker network rm $DOCKER_NETWORK || true
152175
153176decrypt-and-show :
154177 name : Decrypt backup and show pg_dump
155178 runs-on : ubuntu-latest
156179 needs : backup-encrypted
157180 steps :
158- - name : Prepare folder
181+ - name : Prepare local backup folder
159182 run : mkdir -p ./backups
160183
161184 - name : Download encrypted backup artifact
@@ -164,20 +187,20 @@ jobs:
164187 name : encrypted-backup
165188 path : ./backups
166189
167- - name : Decrypt backup
190+ - name : Decrypt backup files
168191 run : |
169- ENCRYPT_PASS=MySecretKey
192+ ENCRYPT_PASS=$ENCRYPT_PASS
170193 for f in ./backups/*.enc; do
171194 openssl enc -aes-256-cbc -d -pbkdf2 -salt -in "$f" -out "${f%.enc}.tar.gz" -k "$ENCRYPT_PASS"
172195 done
173196
174- name : Extract decrypted tarball and show pg_dump
197+ name : Extract decrypted tarball and display first 40 lines of pg_dump
175198 run : |
176199 tar -xzf ./backups/*.tar.gz -C ./backups
177200 head -40 ./backups/db_backup.sql
178201
179202docker-publish :
180- name : Push to Docker Hub
203+ name : Push Docker image to Docker Hub
181204 runs-on : ubuntu-latest
182205 needs : [decrypt-and-show]
183206 if : github.ref == 'refs/heads/main' && github.event_name == 'push'
@@ -187,16 +210,16 @@ jobs:
187210 - name : Setup Docker Buildx
188211 uses : docker/setup-buildx-action@v3
189212
190- - name : Build image
213+ - name : Build Docker image
191214 run : docker build -t $IMAGE_NAME:$TAG .
192215
193- - name : Docker Login
216+ - name : Docker login
194217 uses : docker/login-action@v3
195218 with :
196219 username : ${{ secrets.DOCKER_USERNAME }}
197220 password : ${{ secrets.DOCKER_PASSWORD }}
198221
199- - name : Push image
222+ - name : Push image to Docker Hub
200223 run : |
201224 docker tag $IMAGE_NAME:$TAG ${{ secrets.DOCKER_USERNAME }}/$IMAGE_NAME:latest
202225 docker push ${{ secrets.DOCKER_USERNAME }}/$IMAGE_NAME:latest
0 commit comments