Mongo backup #7577
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Mongo backup | |
| on: | |
| schedule: | |
| - cron: "*/15 * * * *" # Every 15 minutes | |
| workflow_dispatch: | |
| jobs: | |
| backup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Install Dependencies | |
| run: | | |
| # Install MongoDB tools for mongodump | |
| wget -qO - https://www.mongodb.org/static/pgp/server-7.0.asc | sudo apt-key add - | |
| echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list | |
| sudo apt-get update | |
| sudo apt-get install -y mongodb-database-tools age | |
| shell: bash | |
| - name: Create MongoDB Backup | |
| run: | | |
| # Create backup directory | |
| mkdir -p backup | |
| # Get current timestamp for backup name | |
| TIMESTAMP=$(date +"%Y%m%d_%H%M%S") | |
| BACKUP_NAME="mongo_backup_${TIMESTAMP}" | |
| echo "π§ Starting MongoDB backup..." | |
| echo "π Backup timestamp: $TIMESTAMP" | |
| # Create MongoDB dump | |
| echo "ποΈ Creating MongoDB dump..." | |
| mongodump --uri="${{ secrets.MONGO_URL }}" --out=backup/mongodb_dump | |
| echo "β MongoDB dump completed" | |
| # Create metadata file | |
| echo "backup_timestamp=${TIMESTAMP}" > backup/metadata.txt | |
| echo "backup_type=mongodb" >> backup/metadata.txt | |
| echo "environment=prod" >> backup/metadata.txt | |
| echo "created_at=$(date -u +"%Y-%m-%d %H:%M:%S UTC")" >> backup/metadata.txt | |
| # Compress backup | |
| echo "ποΈ Compressing backup..." | |
| tar -czf "${BACKUP_NAME}.tar.gz" backup/ | |
| # Set output for artifact name | |
| echo "BACKUP_NAME=${BACKUP_NAME}" >> $GITHUB_ENV | |
| echo "β Backup compressed and ready for encryption" | |
| shell: bash | |
| - name: Encrypt Backup | |
| run: | | |
| echo "π Encrypting backup artifact..." | |
| # Make script executable | |
| chmod +x .github/scripts/encrypt-backup.sh | |
| # Encrypt the backup | |
| ./.github/scripts/encrypt-backup.sh \ | |
| "${BACKUP_NAME}.tar.gz" \ | |
| "${BACKUP_NAME}.tar.gz.age" \ | |
| "${{ secrets.AGE_PUBLIC_KEY }}" | |
| # Remove unencrypted file for security | |
| rm -f "${BACKUP_NAME}.tar.gz" | |
| echo "β Backup encrypted and ready for upload" | |
| shell: bash | |
| - name: Upload Backup Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.BACKUP_NAME }} | |
| path: ${{ env.BACKUP_NAME }}.tar.gz.age | |
| retention-days: 14 |