GitHub Action for backing up DB & Directories.
First of all, Thanks π to @appleboy for drone-ssh & ssh-action to make this happen.
This action backups the things and store it to /github/workspace/backups
folder inside the container. You can attach several actions available at the Marketplace and store this backup to your choice of location.
- SSH Key Access to Remote Server. How to setup?
name: backup db
on:
schedule:
- cron: "0 10 * * 1" # Every Monday at 10 AM UTC
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Backup MySQL DB
uses: valerianpereira/backup-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
port: ${{ secrets.PORT }}
key: ${{ secrets.DEPLOY_KEY }}
type: db
db_type: mysql
db_user: ${{ secrets.MYSQL_USER }}
db_pass: ${{ secrets.MYSQL_PASS }}
db_port: 3306
db_name: world
output:
DB type: mysql
πββοΈ Running commands over ssh...
======CMD======
mysqldump -q -u *** -P 3306 -p'***' world | gzip -9 > mysql-world.1109201613.sql.gz
======END======
err: mysqldump: [Warning] Using a password on the command line interface can be insecure.
==============================================
β
Successfully executed commands to all host.
==============================================
π Loading the deploy key...
Done!! π»
π Sync the mysql backups... π
Warning: Permanently added '***' (ECDSA) to the list of known hosts.
receiving incremental file list
mysql-world.1109201613.sql.gz
0 0% 0.00kB/s 0:00:00
623.78K 18% 605.53kB/s 0:00:04
3.45M 100% 2.32MB/s 0:00:01 (xfr#1, to-chk=0/1)
sent 51 bytes received 3.46M bytes 628.39K bytes/sec
total size is 3.45M speedup is 1.00
π€ Whats the location of backups...
/github/workspace/backups
π Show me backups... π
total 3M
-rw-r--r-- 1 *** *** 3.3M Sep 11 16:14 mysql-world.1109201613.sql.gz
- Backup & Push to S3
- Backup & Push to Server via Rsync
- Backup & Push to Server via SCP
- Backup & Push to Artifacts
- Backup & Push to Github
- You can refer to ci.yml for more understanding.
- To backup all DB's of mysql pass
db_name: --all-databases
.
See action.yml for more detailed information.
- host - ssh host
- port - ssh port, default is
22
- username - ssh username
- password - ssh password
- passphrase - the passphrase is usually to encrypt the private key
- sync - synchronous execution if multiple hosts, default is false
- timeout - timeout for ssh to remote host, default is
30s
- command_timeout - timeout for ssh command, default is
10m
- key - content of ssh private key. ex raw content of ~/.ssh/id_rsa (private key)
- key_path - path of ssh private key
- fingerprint - fingerprint SHA256 of the host public key, default is to skip verification
- script - execute commands
- script_stop - stop script after first failure
- envs - pass environment variable to shell script
- debug - enable debug mode
- use_insecure_cipher - include more ciphers with use_insecure_cipher (see #56)
- cipher - the allowed cipher algorithms. If unspecified then a sensible
Backup Config:
- type: type of backup to be triggered (directory or db)
required
- db_type: type of database
eg: mongo / postgres / mysql
- db_user: database username
required
- db_pass: database password
(optional)
- db_name: database name
required
- db_host: database host
default: localhost
- db_port: database port
- auth_db: authenticationDatabase Required for Mongo DB v4.4.0
default: admin
- args: additional arguments with backup command if you want to pass
optional
- dirpath: directory path to be backuped
required when type is set to directory
SSH Proxy Setting:
- proxy_host - proxy host
- proxy_port - proxy port, default is
22
- proxy_username - proxy username
- proxy_password - proxy password
- proxy_passphrase - the passphrase is usually to encrypt the private key
- proxy_timeout - timeout for ssh to proxy host, default is
30s
- proxy_key - content of ssh proxy private key.
- proxy_key_path - path of ssh proxy private key
- proxy_fingerprint - fingerprint SHA256 of the proxy host public key, default is to skip verification
- proxy_use_insecure_cipher - include more ciphers with use_insecure_cipher (see #56)
- proxy_cipher - the allowed cipher algorithms. If unspecified then a sensible
Login to Remote Server
Make sure to follow the below steps while creating SSH Keys and using them. Login with username specified in Github Secrets. Generate a RSA Key-Pair:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Add newly generated key into Authorized keys. Read more about authorized keys here.
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Copy Private Key content and paste in Github Secrets.
clip < ~/.ssh/id_rsa
See the detail information about SSH login without password
- Check your keys.
- Check your custom scripts properly.
- Pass all credentials from Github Secrets.
- Pass DB Credentials with Read-only access to database.
- Use it at your own risk! π
- Add Backup & Restore Commands Explanations to Readme
- Features to generate Backup Reports and Store it in txt file.
If you've ever wanted to contribute to open source, and a great cause, now is your chance!
Suggestions, Feedbacks, Improvements & Fixes are most welcome. π