Merge branch 'master' into krayon-git-ver-req

Author: gamefiend

.github/CODEOWNERS

@@ -0,0 +1,7 @@
+# Backup-Utils owned by lifecycle AOR
+* @github/ghes-lifecycle
+# Actions related backups and restores
+# /share/github-backup-utils/*-actions @github/ghes-lifecycle @github/<TBD>
+# Git related backups and restores
+# /share/github-backup-utils/*-repositories @github/ghes-lifecycle @github/<TBD>
+# /share/github-backup-utils/*-git-hooks @github/ghes-lifecycle @github/<TBD>

.github/workflows/backup.yml

@@ -0,0 +1,118 @@
+name: Backup GHES instance and save to Azure
+run-name: "${{ github.actor }} - Backup GHES instance and save to Azure"
+
+on:
+  workflow_call:
+    inputs:
+      github-hostname:
+        description: GitHub Hostname to backup
+        required: true
+        type: string
+      backup-name:
+        description: The name of the backup to be saved in Azure storage
+        required: false
+        default: ""
+        type: string
+    secrets:
+      BACKUP_SSH_KEY:
+        description: SSH key to access the GitHub Enterprise instance
+        required: true
+      INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN:
+        description: Token for the internal actions dx bot account
+        required: true
+      AZURE_USERNAME:
+        description: Azure service principal username
+        required: false
+      AZURE_PASSWORD:
+        description: Azure service principal password
+        required: false
+      AZURE_TENANT_ID:
+        description: Azure tenant ID
+        required: false
+      AZURE_SUBSCRIPTION_ID:
+        description: Azure subscription ID
+        required: false
+      AZURE_ACCOUNT_NAME:
+        description: Azure storage account name
+        required: false
+      AZURE_CONTAINER_NAME:
+        description: Azure storage container name
+        required: false
+      CONNECTIONSTRING:
+        description: Azure storage connection string
+        required: false
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        repository: github/backup-utils-private
+        token: "${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}"
+    - run: docker build . --file Dockerfile --tag backup-utils
+    - run: docker save backup-utils -o backup-utils.tar
+    - uses: actions/upload-artifact@v3
+      with:
+        name: backup-utils
+        path: backup-utils.tar
+
+  backup-utils-backup:
+    needs: build
+    runs-on:
+      group: larger-hosted-public-runners
+      labels: ubuntu-latest-xl
+    env:
+        SSH_KEY: ${{ secrets.BACKUP_SSH_KEY }}
+    steps:
+    - uses: actions/download-artifact@v3
+      with:
+        name: backup-utils
+    - name: Load docker container
+      run: docker load -i backup-utils.tar
+    - uses: actions/checkout@v3
+    - name: Create backup directory
+      run: mkdir "$HOME/ghe-backup-data"
+    - name: set up ssh SSH_KEY
+      run: echo -e "${SSH_KEY}\n" > "$HOME/backup"
+    - name: set up ssh key permissions
+      run: chmod 0600 "$HOME/backup"
+    - name: change version
+      run: echo "3.8.0" > "$HOME/version"
+
+    - name: Perform backup
+      run: |
+        docker run -e "GHE_HOSTNAME=${{ inputs.github-hostname }}" \
+        -e "GHE_DATA_DIR=/data" \
+        -e "GHE_EXTRA_SSH_OPTS=-p 122 -i /ghe-ssh/id_rsa -o ServerAliveInterval=30 -o ServerAliveCountMax=12000 -o StrictHostKeyChecking=no" \
+        -e "GHE_NUM_SNAPSHOTS=15" \
+        -v "$HOME/ghe-backup-data:/data" \
+        -v "$HOME/backup:/ghe-ssh/id_rsa" \
+        -v "$HOME/version:/backup-utils/share/github-backup-utils/version" \
+        --rm \
+        backup-utils ghe-backup
+    - name: Check the backup file
+      run: |
+        current=$(readlink "$HOME/ghe-backup-data/current")
+        sudo tar -czvf "${{ inputs.backup-name }}.tar.gz" -C "$HOME/ghe-backup-data/$current" .
+
+    - name: Login to Azure
+      if: ${{ inputs.backup-name }} != ""
+      run: |
+        az login \
+          --service-principal \
+          -u "${{ secrets.AZURE_USERNAME }}" \
+          -p "${{ secrets.AZURE_PASSWORD }}" \
+          --tenant "${{ secrets.AZURE_TENANT_ID }}"
+        az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
+
+    - name: Upload backup to Azure
+      if: ${{ inputs.backup-name }} != ""
+      run: |
+        az storage blob upload \
+        --account-name "${{ secrets.AZURE_ACCOUNT_NAME }}" \
+        --container-name "${{ secrets.AZURE_CONTAINER_NAME }}" \
+        --name "${{ inputs.backup-name }}.tar.gz" \
+        --file "${{ inputs.backup-name }}.tar.gz" \
+        --connection-string "${{ secrets.CONNECTIONSTRING }}"

.github/workflows/docker-image.yml

@@ -14,12 +14,15 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
-    - name: Build the Debian Docker image
+    - name: Build the Ubuntu Docker image
       run: docker build . --file Dockerfile --tag backup-utils:${GITHUB_RUN_ID}
     - name: Build the Alpine Docker image
       run: docker build . --file Dockerfile.alpine --tag backup-utils-alpine:${GITHUB_RUN_ID}
-    - name: Run tests in Debian Docker image
-      run: docker run backup-utils:${GITHUB_RUN_ID} ghe-backup --version
+    - name: Run tests in Ubuntu Docker image
+      run: |
+        docker run backup-utils:${GITHUB_RUN_ID} ghe-backup --version
+        docker run backup-utils:${GITHUB_RUN_ID} rsync --version
     - name: Run tests in Alpine Docker image
-      run: docker run backup-utils-alpine:${GITHUB_RUN_ID} ghe-backup --version
-      
+      run: |
+        docker run backup-utils-alpine:${GITHUB_RUN_ID} ghe-backup --version
+        docker run backup-utils-alpine:${GITHUB_RUN_ID} rsync --version

.github/workflows/lint.yml

@@ -1,8 +1,6 @@
 name: Lint Code Base
 
 on:
-  push:
-    branches-ignore: [master]
   pull_request:
     branches: [master]
 
@@ -17,7 +15,8 @@ jobs:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
       - name: Lint Code Base
-        uses: github/super-linter@v5
+        uses: super-linter/super-linter@v5
         env:
           VALIDATE_ALL_CODEBASE: false
+          BASH_SEVERITY: error
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/main.yml

@@ -1,7 +1,6 @@
 name: Test and build
 
-on: [pull_request]
-
+on: [pull_request, workflow_dispatch]
 
 jobs:
   build:
@@ -18,9 +17,9 @@ jobs:
       run: |
         sudo apt-get update -y
         sudo apt-get install -y devscripts debhelper moreutils fakeroot jq pigz help2man
-        wget "https://github.com/koalaman/shellcheck/releases/download/latest/shellcheck-latest.linux.x86_64.tar.xz"
-        tar --xz -xvf "shellcheck-latest.linux.x86_64.tar.xz"
-        sudo cp shellcheck-latest/shellcheck /usr/bin/shellcheck
+        wget "https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.linux.x86_64.tar.xz"
+        tar --xz -xvf "shellcheck-stable.linux.x86_64.tar.xz"
+        sudo cp shellcheck-stable/shellcheck /usr/bin/shellcheck
       if: matrix.os != 'macos-latest'
     - name: Install Dependencies (macOS)
       run: |

.github/workflows/restore.yml

@@ -85,19 +85,22 @@ jobs:
       run: |
         version="${{ inputs.version }}"
         size="${{ inputs.size }}"
-        V3_8_COMPATIBLE="3.6 3.7 3.8 3.9 3.10"
-        echo "$V3_8_COMPATIBLE" | tr " " '\n' | grep -F -q -x "$version"
-        exit_code="$?"
-        if [ "$exit_code" -eq "0" ]; then
-            echo "Version $version is acceptable"
+        V3_6_COMPATIBLE="3.6 3.7"
+        V3_8_COMPATIBLE="3.8 3.9 3.10"
+        if echo "$V3_8_COMPATIBLE" | grep -q -w "$version"; then
+            echo "Version $version is acceptable by 3.8 backup"
             file_version=3.8
-            echo "version=3.8" >> "$GITHUB_OUTPUT"
-            echo "name=v$file_version-$size.tar.gz" >> "$GITHUB_OUTPUT"
+        elif echo "$V3_6_COMPATIBLE" | grep -q -w "$version"; then
+            echo "Version $version is acceptable by 3.6 backup"
+            file_version=3.6
         else
             echo "Version $version is not acceptable"
             exit 1
         fi
 
+        echo "version=$file_version" >> "$GITHUB_OUTPUT"
+        echo "name=v$file_version-$size.tar.gz" >> "$GITHUB_OUTPUT"
+
     - name: Download from blob storage
       run: |
         mkdir ghes-data

.github/workflows/rsync-docker-bump.yml

@@ -0,0 +1,34 @@
+name: Update Rsync Tag in Dockerfile
+
+on:
+  schedule:
+    - cron: '0 0 * * *' # Runs daily at 00:00
+
+jobs:
+  update-rsync-tag:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Get latest rsync tag
+        id: latest_tag
+        run: |
+          curl --silent "https://api.github.com/repos/WayneD/rsync/tags" | jq -r '.[0].name' | xargs -I {} echo "::set-output name=latest_tag::{}"
+
+      - name: Update Dockerfile with latest tag
+        run: |
+          sed -i -E "s/RSYNC_TAG=[0-9\.]+/RSYNC_TAG=${{ steps.latest_tag.outputs.latest_tag }}/g" Dockerfile
+
+      - name: Create Pull Request for tag update
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "Update rsync tag in Dockerfile"
+          title: "Update rsync tag in Dockerfile"
+          body: "This PR updates the rsync tag in the Dockerfile to the latest tagged version."
+          branch: "update-rsync-tag"
+          base: "master"
+          path: "."
+          labels: "automated-update,rsync"

.gitignore

@@ -1,3 +1,5 @@
 /backup.config
 /data
 /dist
+dash
+parallel

Dockerfile

@@ -1,17 +1,73 @@
-FROM ubuntu:focal
+# Multi stage build for backup-utils
+# Build layer is for compiling rsync from source
+# Runtime layer is for running backup-utils
+# https://docs.docker.com/develop/develop-images/multistage-build/
+# https://docs.docker.com/engine/userguide/eng-image/multistage-build/
 
-RUN apt-get -q -y update && \
-    apt-get install -y --no-install-recommends \
+# Build layer
+FROM ubuntu:focal AS build
+
+# Install build dependencies
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    gcc \
+    g++ \
+    gawk \
+    autoconf \
+    make \
+    automake \
+    python3-cmarkgfm \
+    acl \
+    libacl1-dev \
+    attr \
+    libattr1-dev \
+    libxxhash-dev \
+    libzstd-dev \
+    liblz4-dev \
+    libssl-dev \
+    git \
+    jq \
+    bc \
+    curl \
     tar \
-    rsync \
+    gzip \
     ca-certificates \
-    ssh \
+    && rm -rf /var/lib/apt/lists/*
+
+# Download rsync source from https://github.com/WayneD/rsync/archive/refs/tags/[TAG].tar.gz pinned to specified tag
+ARG RSYNC_TAG=v3.2.7
+RUN curl https://github.com/WayneD/rsync/archive/refs/tags/${RSYNC_TAG}.tar.gz -L -o ${RSYNC_TAG}.tar.gz
+RUN mkdir -p /rsync-${RSYNC_TAG}&& tar -xzf ${RSYNC_TAG}.tar.gz -C /rsync-${RSYNC_TAG} --strip-components=1 && ls -la
+# Change to the working directory of the rsync source
+WORKDIR /rsync-${RSYNC_TAG}
+RUN ls -la && ./configure
+RUN make
+RUN make install
+
+# Reset working directory
+WORKDIR /
+
+# Runtime layer
+FROM ubuntu:focal AS runtime
+
+# Install runtime dependencies -  bash, git, OpenSSH 5.6 or newer, and jq v1.5 or newer.
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    bash \
     git \
+    openssh-client \
+    jq \
+    bc \
     moreutils \
     gawk \
+    ca-certificates \
+    xxhash \
     && rm -rf /var/lib/apt/lists/*
 
+# Copy rsync from build layer
+COPY --from=build /usr/local/bin/rsync /usr/local/bin/rsync
+
+# Copy backup-utils from repository into /backup-utils
 COPY ./ /backup-utils/
+
 WORKDIR /backup-utils
 
 RUN chmod +x /backup-utils/share/github-backup-utils/ghe-docker-init

Makefile

@@ -1,6 +1,7 @@
 SHELL = /bin/sh
 
 test: info
+	@echo Running tests
 	@script/cibuild --no-package
 
 info: