Merge branch 'master' into docker-multi

Author: djdefi

.github/workflows/backup.yml

@@ -0,0 +1,118 @@
+name: Backup GHES instance and save to Azure
+run-name: "${{ github.actor }} - Backup GHES instance and save to Azure"
+
+on:
+  workflow_call:
+    inputs:
+      github-hostname:
+        description: GitHub Hostname to backup
+        required: true
+        type: string
+      backup-name:
+        description: The name of the backup to be saved in Azure storage
+        required: false
+        default: ""
+        type: string
+    secrets:
+      BACKUP_SSH_KEY:
+        description: SSH key to access the GitHub Enterprise instance
+        required: true
+      INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN:
+        description: Token for the internal actions dx bot account
+        required: true
+      AZURE_USERNAME:
+        description: Azure service principal username
+        required: false
+      AZURE_PASSWORD:
+        description: Azure service principal password
+        required: false
+      AZURE_TENANT_ID:
+        description: Azure tenant ID
+        required: false
+      AZURE_SUBSCRIPTION_ID:
+        description: Azure subscription ID
+        required: false
+      AZURE_ACCOUNT_NAME:
+        description: Azure storage account name
+        required: false
+      AZURE_CONTAINER_NAME:
+        description: Azure storage container name
+        required: false
+      CONNECTIONSTRING:
+        description: Azure storage connection string
+        required: false
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        repository: github/backup-utils-private
+        token: "${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}"
+    - run: docker build . --file Dockerfile --tag backup-utils
+    - run: docker save backup-utils -o backup-utils.tar
+    - uses: actions/upload-artifact@v3
+      with:
+        name: backup-utils
+        path: backup-utils.tar
+
+  backup-utils-backup:
+    needs: build
+    runs-on:
+      group: larger-hosted-public-runners
+      labels: ubuntu-latest-xl
+    env:
+        SSH_KEY: ${{ secrets.BACKUP_SSH_KEY }}
+    steps:
+    - uses: actions/download-artifact@v3
+      with:
+        name: backup-utils
+    - name: Load docker container
+      run: docker load -i backup-utils.tar
+    - uses: actions/checkout@v3
+    - name: Create backup directory
+      run: mkdir "$HOME/ghe-backup-data"
+    - name: set up ssh SSH_KEY
+      run: echo -e "${SSH_KEY}\n" > "$HOME/backup"
+    - name: set up ssh key permissions
+      run: chmod 0600 "$HOME/backup"
+    - name: change version
+      run: echo "3.8.0" > "$HOME/version"
+
+    - name: Perform backup
+      run: |
+        docker run -e "GHE_HOSTNAME=${{ inputs.github-hostname }}" \
+        -e "GHE_DATA_DIR=/data" \
+        -e "GHE_EXTRA_SSH_OPTS=-p 122 -i /ghe-ssh/id_rsa -o ServerAliveInterval=30 -o ServerAliveCountMax=12000 -o StrictHostKeyChecking=no" \
+        -e "GHE_NUM_SNAPSHOTS=15" \
+        -v "$HOME/ghe-backup-data:/data" \
+        -v "$HOME/backup:/ghe-ssh/id_rsa" \
+        -v "$HOME/version:/backup-utils/share/github-backup-utils/version" \
+        --rm \
+        backup-utils ghe-backup
+    - name: Check the backup file
+      run: |
+        current=$(readlink "$HOME/ghe-backup-data/current")
+        sudo tar -czvf "${{ inputs.backup-name }}.tar.gz" -C "$HOME/ghe-backup-data/$current" .
+
+    - name: Login to Azure
+      if: ${{ inputs.backup-name }} != ""
+      run: |
+        az login \
+          --service-principal \
+          -u "${{ secrets.AZURE_USERNAME }}" \
+          -p "${{ secrets.AZURE_PASSWORD }}" \
+          --tenant "${{ secrets.AZURE_TENANT_ID }}"
+        az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
+
+    - name: Upload backup to Azure
+      if: ${{ inputs.backup-name }} != ""
+      run: |
+        az storage blob upload \
+        --account-name "${{ secrets.AZURE_ACCOUNT_NAME }}" \
+        --container-name "${{ secrets.AZURE_CONTAINER_NAME }}" \
+        --name "${{ inputs.backup-name }}.tar.gz" \
+        --file "${{ inputs.backup-name }}.tar.gz" \
+        --connection-string "${{ secrets.CONNECTIONSTRING }}"

.github/workflows/lint.yml

@@ -17,7 +17,7 @@ jobs:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
       - name: Lint Code Base
-        uses: github/super-linter@v4
+        uses: github/super-linter@v5
         env:
           VALIDATE_ALL_CODEBASE: false
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/restore.yml

@@ -1,5 +1,5 @@
 name: Restore Dataset
-run-name: ${{ github.actor }} retrieving data-sets 
+run-name: ${{ github.actor }} retrieving data-sets
 on:
   workflow_dispatch:
     inputs:
@@ -19,32 +19,34 @@ on:
         required: false
         type: string
         default: 'master'
-      version: 
-        description: 'GHES Version of dataset'
+      version:
+        description: 'Version of the dataset to restore (3.8/3.9)'
         required: false
+        default: '3.8'
         type: string
-        default: "3.8.0"
+
   workflow_call:
     inputs:
-      size:
-        description: 'Size of the dataset to restore'
-        required: false
-        type: string
-        default: 'small'
       hostname:
         description: 'Hostname of the server'
         required: true
         type: string
+      size:
+        description: 'Size of the dataset to restore (small/medium)'
+        required: false
+        default: 'small'
+        type: string
+      version:
+        description: 'Version of the dataset to restore (3.8/3.9)'
+        required: false
+        default: '3.8'
+        type: string
       ref:
         description: 'Branch ref to use'
         required: false
         type: string
         default: 'master'
-      version: 
-        description: 'GHES Version of dataset'
-        required: false
-        type: string
-        default: "3.8.0"
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -53,30 +55,98 @@ jobs:
       with:
         repository: github/backup-utils-private
         ref: ${{ inputs.ref }}
-    - run: docker build . --file Dockerfile --tag backup-utils 
+        token: "${{ secrets.INTERNAL_ACTIONS_DX_BOT_ACCOUNT_TOKEN }}"
+
+    - run: docker build . --file Dockerfile --tag backup-utils
     - run: docker save backup-utils -o backup-utils.tar
+
     - uses: actions/upload-artifact@v3
       with:
         name: backup-utils
         path: backup-utils.tar
+
   restore:
     needs: build
-    runs-on: ubuntu-latest
+    runs-on:
+      group: larger-hosted-public-runners
+      labels: ubuntu-latest-xl
     env:
         SSH_KEY: ${{ secrets.BACKUP_SSH_KEY }}
     steps:
     - uses: actions/download-artifact@v3
       with:
         name: backup-utils
-    - name: Load docker container 
+
+    - name: Load docker container
       run: docker load -i backup-utils.tar
-    - uses: actions/checkout@v3
-      with:
-        repository: github/ghes-data
-        ref: main
-    - run: tar zxvf ghes-data/data/backup/${{ inputs.size }}/v3.8.0/${{ inputs.size }}-refined.tar.gz
-    - run: ls -al ghes-data/data/backup/${{ inputs.size }}
 
+    - name: Find backup file version
+      id: file
+      run: |
+        version="${{ inputs.version }}"
+        size="${{ inputs.size }}"
+        V3_6_COMPATIBLE="3.6 3.7"
+        V3_8_COMPATIBLE="3.8 3.9 3.10"
+        if echo "$V3_8_COMPATIBLE" | grep -q -w "$version"; then
+            echo "Version $version is acceptable by 3.8 backup"
+            file_version=3.8
+        elif echo "$V3_6_COMPATIBLE" | grep -q -w "$version"; then
+            echo "Version $version is acceptable by 3.6 backup"
+            file_version=3.6
+        else
+            echo "Version $version is not acceptable"
+            exit 1
+        fi
+
+        echo "version=$file_version" >> "$GITHUB_OUTPUT"
+        echo "name=v$file_version-$size.tar.gz" >> "$GITHUB_OUTPUT"
+
+    - name: Download from blob storage
+      run: |
+        mkdir ghes-data
+        az storage blob download \
+        --account-name ghesresults \
+        --container-name ghes-data \
+        --name "${{ steps.file.outputs.name }}" \
+        --file "ghes-data/${{ steps.file.outputs.name }}" \
+        --connection-string "${{ secrets.CONNECTIONSTRING }}"
+
+    - name: Unzip backup and setup symlink
+      run: |
+          mkdir "$HOME/ghe-backup-data"
+          dir_name=$(date +%s)
+          mkdir "$HOME/ghe-backup-data/$dir_name"
+
+          tar -xvf "ghes-data/${{ steps.file.outputs.name }}" -C "$HOME/ghe-backup-data/$dir_name"
+
+          ln -s "$dir_name" "$HOME/ghe-backup-data/current"
+
+    - name: set up ssh SSH_KEY
+      run: echo -e "${SSH_KEY}\n" > "$HOME/backup"
+
+    - name: set up ssh key permissions
+      run: chmod 0600 "$HOME/backup"
+
+    - name: change version
+      run: echo "${{ inputs.version }}.0" > "$HOME/version"
+
+    - name: Prepare for restore
+      run: ssh -p122 -i "$HOME/backup" -o StrictHostKeyChecking=no admin@${{ inputs.hostname }} "ghe-maintenance -s"
+
+    - name: Restore data to instance
+      run: |
+        docker run -e "GHE_HOSTNAME=${{ inputs.hostname }}" \
+        -e "GHE_DATA_DIR=/data" \
+        -e "GHE_EXTRA_SSH_OPTS=-p 122 -i /ghe-ssh/id_rsa -o ServerAliveInterval=30 -o ServerAliveCountMax=12000 -o StrictHostKeyChecking=no" \
+        -e "GHE_NUM_SNAPSHOTS=15" \
+        -v "$HOME/ghe-backup-data:/data" \
+        -v "$HOME/backup:/ghe-ssh/id_rsa" \
+        -v "$HOME/version:/backup-utils/share/github-backup-utils/version" \
+        --rm \
+        backup-utils ghe-restore ${{ inputs.hostname }}
+
+    - name: Reset maintenance mode after restore
+      run: ssh -p122 -i "$HOME/backup" -o StrictHostKeyChecking=no admin@${{ inputs.hostname }} "ghe-maintenance -u"
 
 
 

backup.config-example

@@ -95,3 +95,6 @@ GHE_NUM_SNAPSHOTS=10
 # When running an external mysql database, run this script to trigger a MySQL restore
 # rather than attempting to backup via backup-utils directly.
 #EXTERNAL_DATABASE_RESTORE_SCRIPT="/bin/false"
+
+# If set to 'yes', Pages data will be included in backup and restore. Defaults to 'yes'
+#GHE_BACKUP_PAGES=no

bin/ghe-backup

@@ -155,6 +155,30 @@ if [ -n "$GHE_ALLOW_REPLICA_BACKUP" ]; then
   echo "Warning: backing up a high availability replica may result in inconsistent or unreliable backups."
 fi
 
+# Output system information of the backup host
+
+# If /etc/issue.net exists, use it to get the OS version
+if [ -f /etc/issue.net ]; then
+  echo "Running on: $(cat /etc/issue.net)"
+else
+  echo "Running on: Unknown OS"
+fi
+
+# If nproc command exists, use it to get the number of CPUs
+if command -v nproc >/dev/null 2>&1; then
+  echo "CPUs: $(nproc)"
+else
+  echo "CPUs: Unknown"
+fi
+
+# If the free command exists, use it to get the memory details
+if command -v free >/dev/null 2>&1; then
+  echo "Memory $(free -m  | grep '^Mem:' | awk '{print "total/used/free+share/buff/cache: " $2 "/" $3 "/" $4 "+" $5 "/" $6 "/" $7}')"
+else
+  echo "Memory: Unknown"
+fi
+
+
 # Log backup start message in /var/log/syslog on remote instance
 ghe_remote_logger "Starting backup from $(hostname) with backup-utils v$BACKUP_UTILS_VERSION in snapshot $GHE_SNAPSHOT_TIMESTAMP ..."
 
@@ -214,10 +238,15 @@ commands+=("
 echo \"$cmd_title\"
 ghe-backup-repositories || printf %s \"repositories \" >> \"$failures_file\"")
 
-cmd_title=$(log_info "Backing up GitHub Pages artifacts ...")
-commands+=("
-echo \"$cmd_title\"
-ghe-backup-pages || printf %s \"pages \" >> \"$failures_file\"")
+# Pages backups are skipped only if GHE_BACKUP_PAGES is explicitly set to 'no' to guarantee backward compatibility.
+# If a customer upgrades backup-utils but keeps the config file from a previous version, Pages backups still work as expected.
+
+if [ "$GHE_BACKUP_PAGES" != "no" ]; then
+  cmd_title=$(log_info "Backing up GitHub Pages artifacts ...")
+  commands+=("
+  echo \"$cmd_title\"
+  ghe-backup-pages || printf %s \"pages \" >> \"$failures_file\"")
+fi
 
 cmd_title=$(log_info "Backing up storage data ...")
 commands+=("