Initial creation.

scottfridwin · scottfridwin · commit 1988ac25cece · 2025-09-08T03:02:03.000Z
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,24 @@
+version: 2
+updates:
+  # Keep Dockerfile base images up to date
+  - package-ecosystem: "docker"
+    directory: "/" # Path where your Dockerfile lives
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "docker"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "deps(docker)"
+
+  # Keep GitHub Actions up to date
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "deps(actions)"
diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
@@ -0,0 +1,21 @@
+name: Docker Build Check
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image
+        run: |
+          docker build . -t test-image:pr-${{ github.event.pull_request.number }}
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -0,0 +1,47 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*.*.*'        # Match tags like v1.0.0
+  workflow_dispatch:     # Allow manual trigger
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract version tag
+        id: version
+        run: |
+          if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
+            VERSION="${GITHUB_REF#refs/tags/}"
+          else
+            VERSION="latest"
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/postgres-backup:${{ env.VERSION }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/postgres-backup:latest
+          platforms: linux/amd64,linux/arm64
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,22 @@
+FROM alpine:3.20
+
+RUN apk add --no-cache \
+          postgresql15 \
+          rclone \
+          redis \
+          bash \
+          tzdata \
+          coreutils \
+          busybox-suid \
+          curl \
+          su-exec \
+          dcron \
+          gzip \
+    && mkdir -p /scripts /backups
+
+COPY backup_full.sh /scripts/backup_full.sh
+COPY backup_incremental.sh /scripts/backup_incremental.sh
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /scripts/*.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 Scott
+Copyright (c) 2025 Scott Fridlund
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/backup_full.sh b/backup_full.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+set -euo pipefail
+
+DATE=$(date +%F_%H-%M-%S)
+DEST_DIR="/backups/full/$DATE"
+mkdir -p "$DEST_DIR"
+
+export PGPASSWORD=$(cat $PGPASSWORD_FILE)
+
+echo "[$(date)] Performing full backup..."
+pg_dump -h "${POSTGRES_HOST}" \
+        -p "${POSTGRES_PORT}" \
+        -U "${POSTGRES_USER}" \
+        "${POSTGRES_DB}" | gzip > "$DEST_DIR/$BACKUP_NAME.gz"
+
+# Apply retention
+find /backups/full -type d -mtime +${RETENTION_FULL_DAYS} -exec rm -rf {} +
+
+echo "[$(date)] Full backup completed."
diff --git a/backup_incremental.sh b/backup_incremental.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+set -euo pipefail
+
+DATE=$(date +%F_%H-%M-%S)
+DEST_DIR="/backups/incremental/$DATE"
+mkdir -p "$DEST_DIR"
+
+echo "[$(date)] Performing incremental backup..."
+
+# Backup all WALs since last backup
+cp /wal_archive/* "$DEST_DIR/" || true
+
+# Apply retention on the incremental backups themselves
+find /backups/incremental -type d -mtime +${RETENTION_INC_DAYS} -exec rm -rf {} +
+
+# Clean up WAL files using pg_archivecleanup
+# Determine the last WAL file to keep
+LAST_WAL=$(ls -1 /wal_archive/* | sort | tail -n 1 || true)
+if [ -n "$LAST_WAL" ]; then
+    echo "[$(date)] Cleaning up WAL archive up to $LAST_WAL"
+    pg_archivecleanup /wal_archive "$LAST_WAL"
+fi
+
+echo "[$(date)] Incremental backup completed."
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+set -euo pipefail
+
+CRON_DIR=/tmp/cron
+mkdir -p "$CRON_DIR"
+
+ENABLE_INCREMENTAL="${ENABLE_INCREMENTAL:-true}"
+FULL_INTERVAL="${BACKUP_FULL_INTERVAL:-0 2 * * 0}"
+
+cat > "$CRON_DIR/backup" <<EOF
+$FULL_INTERVAL /scripts/backup_full.sh
+EOF
+
+if [[ "$ENABLE_INCREMENTAL" == "true" ]]; then
+    INC_INTERVAL="${BACKUP_INCREMENTAL_INTERVAL:-0 */6 * * *}"
+    echo "$INC_INTERVAL /scripts/backup_incremental.sh" >> "$CRON_DIR/backup"
+fi
+
+echo "Starting dcron with schedule:"
+cat "$CRON_DIR/backup"
+
+# Use busybox crond (non-root safe)
+exec busybox crond -f -l 8 -c "$CRON_DIR"
