From d0d05a73887855caf7f2e023711d93515239dde9 Mon Sep 17 00:00:00 2001 From: benoit74 Date: Thu, 19 Feb 2026 06:07:59 +0000 Subject: [PATCH] Upgrade components - Upgrade to bookworm (not trixie because we need Python 3.11) - Isolate Python in a venv - Use Python 3.11 since our borgmatic version needs it - Upgrade to PostgreSQL 18 - Upgrade other dependencies - Do not upgrade borgmatic, not sure about how to do it correctly (might require Borg v2) --- .github/workflows/docker-upgrade.yml | 28 +++++++++++++++++++++++ .github/workflows/docker.yml | 7 ++++-- .github/workflows/test.yml | 17 ++++++++++++++ Dockerfile | 34 ++++++++++++++++------------ bin/backup | 2 +- bin/init_borgbase_repository.py | 4 ++-- bin/single-backup | 2 +- entrypoint.sh | 3 +++ 8 files changed, 76 insertions(+), 21 deletions(-) create mode 100644 .github/workflows/docker-upgrade.yml create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/docker-upgrade.yml b/.github/workflows/docker-upgrade.yml new file mode 100644 index 0000000..0926542 --- /dev/null +++ b/.github/workflows/docker-upgrade.yml @@ -0,0 +1,28 @@ +name: Docker + +on: + push: + branches: + - upgrade + +jobs: + build-and-push: + name: Deploy Docker Upgrade Image + permissions: + contents: read + packages: write + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v6 + - name: Build and push + uses: openzim/docker-publish-action@v10 + with: + restrict-to: kiwix/borg-backup + image-name: kiwix/borg-backup + manual-tag: upgrade + registries: ghcr.io + credentials: + GHCRIO_USERNAME=${{ secrets.GHCR_USERNAME }} + GHCRIO_TOKEN=${{ secrets.GHCR_TOKEN }} + repo_description: auto + repo_overview: auto diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d331f22..ee7a7c5 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -8,9 +8,12 @@ on: jobs: build-and-push: name: Deploy Docker Image - runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write + runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v3.4.0 + - uses: actions/checkout@v6 - name: Build and push uses: openzim/docker-publish-action@v10 with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..31600da --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,17 @@ +name: Docker + +on: + pull_request: + +jobs: + test-build: + name: Test Docker Image Build + permissions: + contents: read + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v6 + + - name: Build the Docker image + run: | + docker build -t local-borg-backup . diff --git a/Dockerfile b/Dockerfile index fe2e22d..15fbd3e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -FROM debian:bullseye-slim -LABEL org.opencontainers.image.source https://github.com/kiwix/borg-backup +FROM debian:bookworm-slim +LABEL org.opencontainers.image.source=https://github.com/kiwix/borg-backup # # Author : Florent Kaisser # @@ -31,37 +31,41 @@ ENV DATABASES_OPTIONS="" ENV MAX_BORGMATIC_RETRY="10" ENV WAIT_BEFORE_BORGMATIC_RETRY="30" # for k8s cluster data backup -ARG KUBECTL_VERSION="1.23.3" +ARG KUBECTL_VERSION="1.34.2" RUN apt-get update && \ apt-get install -y --no-install-recommends bash curl borgbackup vim \ python3 python3-pip python3-setuptools openssh-client unzip git cron \ - default-mysql-client \ - dnsutils bind9utils tar xz-utils gzip bzip2 coreutils grep lsb-release gnupg2 && \ - # install postgresql-18 \ - echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main 18" > /etc/apt/sources.list.d/pgdg.list && \ - curl -Ls https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \ + default-mysql-client ca-certificates \ + dnsutils bind9utils tar xz-utils gzip bzip2 coreutils grep lsb-release gnupg2 \ + python3.11-venv && \ + install -d /usr/share/postgresql-common/pgdg && \ + curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc && \ + . /etc/os-release && \ + sh -c "echo 'deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $VERSION_CODENAME-pgdg main' > /etc/apt/sources.list.d/pgdg.list" && \ apt-get update && \ apt-get install -y --no-install-recommends -y postgresql-client-18 && \ - curl -Ls https://fastdl.mongodb.org/tools/db/mongodb-database-tools-debian10-x86_64-100.5.2.deb -o mongo-tools.deb && \ + curl -Ls https://fastdl.mongodb.org/tools/db/mongodb-database-tools-debian12-x86_64-100.14.1.deb -o mongo-tools.deb && \ apt-get install -y --no-install-recommends -y ./mongo-tools.deb && \ rm -f ./mongo-tools.deb && \ apt-get clean -y && \ rm -rf /var/lib/apt/lists/* && \ - curl -Ls 'https://github.com/bitwarden/cli/releases/download/v1.19.1/bw-linux-1.19.1.zip' -o bitwarden.zip && \ + curl -Ls 'https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip' -o bitwarden.zip && \ unzip bitwarden.zip && rm -f bitwarden.zip && chmod +x bw && mv bw /usr/local/bin/ && \ + python3.11 -m venv /app/kiwix-python && \ + . /app/kiwix-python/bin/activate && \ git clone --depth=1 --branch=master https://github.com/borgbase/borgbase-api-client.git && \ - mv borgbase-api-client/borgbase_api_client/ /usr/lib/python3/dist-packages/ && \ + mv borgbase-api-client/borgbase_api_client/ /app/kiwix-python/lib/python3.11/site-packages/ && \ rm -rf borgbase-api-client && \ - pip3 install --no-cache-dir --upgrade requests==2.27.1 borgmatic==1.5.24 jsonschema==4.4.0 pyrsistent==0.18.1 && \ - curl -sLo /usr/bin/jq "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" && \ + pip3 install --no-cache-dir --upgrade requests==2.27.1 borgmatic==1.5.24 jsonschema==4.4.0 pyrsistent==0.18.1 && \ + curl -sLo /usr/bin/jq "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-linux64" && \ chmod +x /usr/bin/jq && \ - curl -sLo /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_linux_amd64" && \ + curl -sLo /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/v4.52.4/yq_linux_amd64" && \ chmod +x /usr/bin/yq && \ curl -sLo /usr/bin/kubectl \ "https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl" && \ chmod +x /usr/bin/kubectl && \ - curl -sLo /usr/bin/kube-dump "https://raw.githubusercontent.com/WoozyMasta/kube-dump/1.1.1/kube-dump" && \ + curl -sLo /usr/bin/kube-dump "https://raw.githubusercontent.com/WoozyMasta/kube-dump/1.1.2/kube-dump" && \ chmod +x /usr/bin/kube-dump # Entrypoint for k8s mode diff --git a/bin/backup b/bin/backup index 1d103b0..9c3b9fb 100755 --- a/bin/backup +++ b/bin/backup @@ -13,7 +13,7 @@ export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes function init_cron { BORGMATIC_CRON="/etc/crontab" BORGMATIC_CONFIG="/root/.config/borgmatic/config.yaml" - BORGMATIC_CMD="/usr/bin/flock -w 0 /dev/shm/cron.lock /usr/local/bin/borgmatic -c ${BORGMATIC_CONFIG} --verbosity 1 --files" + BORGMATIC_CMD="/usr/bin/flock -w 0 /dev/shm/cron.lock /app/kiwix-python/bin/borgmatic -c ${BORGMATIC_CONFIG} --verbosity 1 --files" BORGMATIC_LOG_FILE="/dev/shm/borgmatic.log" CRON_MONTH="*" diff --git a/bin/init_borgbase_repository.py b/bin/init_borgbase_repository.py index 95200dc..0b43cab 100755 --- a/bin/init_borgbase_repository.py +++ b/bin/init_borgbase_repository.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3 +#!/app/kiwix-python/bin/python # # Author : Florent Kaisser # @@ -264,7 +264,7 @@ def main( time.sleep(delay) ret = subprocess.call( [ - "/usr/local/bin/borgmatic", + "/app/kiwix-python/bin/borgmatic", "-c", BORGMATIC_CONFIG, "-v", diff --git a/bin/single-backup b/bin/single-backup index 29bd2bb..090019e 100644 --- a/bin/single-backup +++ b/bin/single-backup @@ -23,7 +23,7 @@ function main { echo "Initialization complete, running borgmatic ..." - /usr/local/bin/borgmatic -c /root/.config/borgmatic/config.yaml --verbosity 1 --files + /app/kiwix-python/bin/borgmatic -c /root/.config/borgmatic/config.yaml --verbosity 1 --files } function usage { diff --git a/entrypoint.sh b/entrypoint.sh index 438109a..62dab38 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,9 @@ #!/bin/sh set -e +# activate Python venv +. /app/kiwix-python/bin/activate + mkdir -p /storage if [ ! -z "${CLI_MODE}" ] ; then