Merge branch 'master' into hackathon-restore-check

gamefiend · web-flow · commit 59d7ff95169c · 2023-01-18T14:50:29.000-05:00
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -15,11 +15,11 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: Build the Debian Docker image
-      run: docker build . --file Dockerfile --tag backup-utils-debian:${GITHUB_RUN_ID}
+      run: docker build . --file Dockerfile --tag backup-utils:${GITHUB_RUN_ID}
     - name: Build the Alpine Docker image
       run: docker build . --file Dockerfile.alpine --tag backup-utils-alpine:${GITHUB_RUN_ID}
     - name: Run tests in Debian Docker image
-      run: docker run backup-utils-debian:${GITHUB_RUN_ID} ghe-backup --version
+      run: docker run backup-utils:${GITHUB_RUN_ID} ghe-backup --version
     - name: Run tests in Alpine Docker image
       run: docker run backup-utils-alpine:${GITHUB_RUN_ID} ghe-backup --version
       
diff --git a/.github/workflows/stale-support-escalation.yml b/.github/workflows/stale-support-escalation.yml
@@ -15,7 +15,7 @@ jobs:
     if: github.repository == 'github/ghes' || github.repository == 'github/enterprise2' || github.repository == 'github/backup-utils-private'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v4
+      - uses: actions/stale@v7
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-issue-message: 'This support escalation issue is stale because it has been open 30 days with no activity. To make it never stale, add a label never-stale.'
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@v7
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: "👋 This issue has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the `Keep` label to hold stale off permanently, or do nothing. If you do nothing this issue will be closed eventually by the stale bot."
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:buster-slim
+FROM ubuntu:focal
 
 RUN apt-get -q -y update && \
     apt-get install -y --no-install-recommends \
diff --git a/share/github-backup-utils/ghe-backup-settings b/share/github-backup-utils/ghe-backup-settings
@@ -78,6 +78,7 @@ backup-secret "management console password" "manage-password" "secrets.manage"
 backup-secret "management console argon2 secret" "manage-argon-secret" "secrets.manage-auth.argon-secret"
 backup-secret "password pepper" "password-pepper" "secrets.github.user-password-secrets"
 backup-secret "kredz.credz HMAC key" "kredz-credz-hmac" "secrets.kredz.credz-hmac-secret"
+backup-secret "kredz.varz HMAC key" "kredz-varz-hmac" "secrets.kredz.varz-hmac-secret"
 
 # Backup external MySQL password if running external MySQL DB.
 if is_service_external 'mysql'; then
diff --git a/share/github-backup-utils/ghe-restore-settings b/share/github-backup-utils/ghe-restore-settings
@@ -50,6 +50,9 @@ restore-secret "management console argon2 secret" "manage-argon-secret" "secrets
 # Restore kredz.credz HMAC key if present.
 restore-secret "kredz.credz HMAC key" "kredz-credz-hmac" "secrets.kredz.credz-hmac-secret"
 
+# Restore kredz.varz HMAC key if present.
+restore-secret "kredz.varz HMAC key" "kredz-varz-hmac" "secrets.kredz.varz-hmac-secret"
+
 # Restore SAML keys if present.
 if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/saml-keys.tar" ]; then
   echo "Restoring SAML keys ..."
diff --git a/test/test-ghe-backup.sh b/test/test-ghe-backup.sh
@@ -506,6 +506,31 @@ begin_test "ghe-backup takes backup of Kredz settings"
 )
 end_test
 
+begin_test "ghe-backup takes backup of kredz-varz settings"
+(
+  set -e
+
+  required_secrets=(
+    "secrets.kredz.varz-hmac-secret"
+  )
+
+  for secret in "${required_secrets[@]}"; do
+    ghe-ssh "$GHE_HOSTNAME" -- ghe-config "$secret" "foo"
+  done
+
+  ghe-backup
+
+  required_files=(
+    "kredz-varz-hmac"
+  )
+
+  for file in "${required_files[@]}"; do
+    [ "$(cat "$GHE_DATA_DIR/current/$file")" = "foo" ]
+  done
+
+)
+end_test
+
 begin_test "ghe-backup takes backup of Actions settings"
 (
   set -e
diff --git a/test/test-ghe-restore.sh b/test/test-ghe-restore.sh
@@ -336,6 +336,32 @@ begin_test "ghe-restore with Kredz settings"
 )
 end_test
 
+begin_test "ghe-restore with kredz-varz settings"
+(
+  set -e
+  rm -rf "$GHE_REMOTE_ROOT_DIR"
+  setup_remote_metadata
+  enable_actions
+
+  required_files=(
+    "kredz-varz-hmac"
+  )
+
+  for file in "${required_files[@]}"; do
+    echo "foo" > "$GHE_DATA_DIR/current/$file"
+  done
+
+  ghe-restore -v -f localhost
+  required_secrets=(
+    "secrets.kredz.varz-hmac-secret"
+  )
+  
+  for secret in "${required_secrets[@]}"; do
+    [ "$(ghe-ssh "$GHE_HOSTNAME" -- ghe-config "$secret")" = "foo" ]
+  done
+)
+end_test
+
 begin_test "ghe-restore with Actions settings"
 (
   set -e

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM debian:buster-slim`
	`1`	`+FROM ubuntu:focal`
`2`	`2`
`3`	`3`	`RUN apt-get -q -y update && \`
`4`	`4`	`apt-get install -y --no-install-recommends \`