Joders/SkyMoney
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: change expected host for deploy 2
All checks were successful
Deploy / deploy (push) Successful in 56s
Details
Security Tests / security-non-db (push) Successful in 18s
Details
Security Tests / security-db (push) Successful in 23s
Details

Browse Source
This commit is contained in:
Ricearoni1245
2026-03-02 11:26:01 -06:00
parent 45a496505e
commit 1d95056e23
4 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.env
View File

@@ -43,4 +43,6 @@ PASSWORD_RESET_TTL_MINUTES=30
PASSWORD_RESET_RATE_LIMIT_PER_MINUTE=5
PASSWORD_RESET_CONFIRM_RATE_LIMIT_PER_MINUTE=10
EXPECTED_PROD_DB_HOST=postgres
EXPECTED_PROD_DB_NAME=skymoney
EXPECTED_PROD_DB_NAME=skymoney
EXPECTED_BACKUP_DB_HOST=127.0.0.1
EXPECTED_BACKUP_DB_NAME=skymoney

2
.env.example
View File

@@ -21,6 +21,8 @@ RESTORE_DATABASE_URL=postgres://skymoney_app:change-me@127.0.0.1:5432/skymoney_r
ADMIN_DATABASE_URL=postgres://postgres:change-me@127.0.0.1:5432/postgres
EXPECTED_PROD_DB_HOST=postgres
EXPECTED_PROD_DB_NAME=skymoney
EXPECTED_BACKUP_DB_HOST=127.0.0.1
EXPECTED_BACKUP_DB_NAME=skymoney
# Auth secrets (min 32 chars)
JWT_SECRET=replace-with-32+-chars

5
.gitea/workflows/deploy.yml
View File

@@ -63,9 +63,10 @@ jobs:
# Mandatory pre-migration backup
export EXPECTED_BACKUP_DB_HOST="${EXPECTED_BACKUP_DB_HOST:-127.0.0.1}"
export EXPECTED_BACKUP_DB_NAME="${EXPECTED_BACKUP_DB_NAME:-skymoney}"
BACKUP_ENFORCE_TARGET_CHECK=1 \
EXPECTED_PROD_DB_HOST="$EXPECTED_BACKUP_DB_HOST" \
EXPECTED_PROD_DB_NAME="$EXPECTED_PROD_DB_NAME" \
EXPECTED_BACKUP_DB_HOST="$EXPECTED_BACKUP_DB_HOST" \
EXPECTED_BACKUP_DB_NAME="$EXPECTED_BACKUP_DB_NAME" \
BACKUP_DIR=/opt/skymoney/backups \
bash ./scripts/backup.sh

15
scripts/backup.sh
View File

@@ -27,8 +27,11 @@ extract_db() {
}
if [[ "${BACKUP_ENFORCE_TARGET_CHECK:-0}" == "1" ]]; then
if [[ -z "${EXPECTED_PROD_DB_HOST:-}" || -z "${EXPECTED_PROD_DB_NAME:-}" ]]; then
echo "BACKUP_ENFORCE_TARGET_CHECK=1 requires EXPECTED_PROD_DB_HOST and EXPECTED_PROD_DB_NAME."
BACKUP_EXPECTED_HOST="${EXPECTED_BACKUP_DB_HOST:-${EXPECTED_PROD_DB_HOST:-}}"
BACKUP_EXPECTED_NAME="${EXPECTED_BACKUP_DB_NAME:-${EXPECTED_PROD_DB_NAME:-}}"
if [[ -z "$BACKUP_EXPECTED_HOST" || -z "$BACKUP_EXPECTED_NAME" ]]; then
echo "BACKUP_ENFORCE_TARGET_CHECK=1 requires EXPECTED_BACKUP_DB_HOST/NAME (or EXPECTED_PROD_DB_HOST/NAME)."
exit 1
fi
@@ -40,13 +43,13 @@ if [[ "${BACKUP_ENFORCE_TARGET_CHECK:-0}" == "1" ]]; then
exit 1
fi
if [[ "$ACTUAL_HOST" != "$EXPECTED_PROD_DB_HOST" ]]; then
echo "Backup target host mismatch. expected=$EXPECTED_PROD_DB_HOST actual=$ACTUAL_HOST"
if [[ "$ACTUAL_HOST" != "$BACKUP_EXPECTED_HOST" ]]; then
echo "Backup target host mismatch. expected=$BACKUP_EXPECTED_HOST actual=$ACTUAL_HOST"
exit 1
fi
if [[ "$ACTUAL_DB" != "$EXPECTED_PROD_DB_NAME" ]]; then
echo "Backup target db mismatch. expected=$EXPECTED_PROD_DB_NAME actual=$ACTUAL_DB"
if [[ "$ACTUAL_DB" != "$BACKUP_EXPECTED_NAME" ]]; then
echo "Backup target db mismatch. expected=$BACKUP_EXPECTED_NAME actual=$ACTUAL_DB"
exit 1
fi
fi