@highstate/restic 0.7.1 → 0.7.3

package/dist/repo/index.js

@@ -1,9 +1,11 @@
-import { restic } from '@highstate/library';
-import { forUnit, getOrCreateSecret } from '@highstate/pulumi';
-import { generatePassword } from '@highstate/common';
+import "../chunk-G3PMV62Z.js";
 
-const { args, secrets, outputs } = forUnit(restic.repo);
-const remoteName = secrets.rcloneConfig.apply((config) => {
+// src/repo/index.ts
+import { restic } from "@highstate/library";
+import { forUnit, getOrCreateSecret } from "@highstate/pulumi";
+import { generatePassword } from "@highstate/common";
+var { args, secrets, outputs } = forUnit(restic.repo);
+var remoteName = secrets.rcloneConfig.apply((config) => {
   const remoteNames = Array.from(config.matchAll(/(?<=\[).+?(?=\])/g));
   if (remoteNames.length === 0) {
     throw new Error("No remotes found in rclone config");
@@ -13,9 +15,9 @@ const remoteName = secrets.rcloneConfig.apply((config) => {
   }
   return remoteNames[0][0];
 });
-const password = getOrCreateSecret(secrets, "password", generatePassword);
-const basePath = args.basePath?.replace(/\/$/, "") ?? "backups";
-var index = outputs({
+var password = getOrCreateSecret(secrets, "password", generatePassword);
+var basePath = args.basePath?.replace(/\/$/, "") ?? "backups";
+var repo_default = outputs({
   repo: {
     password,
     type: "rclone",
@@ -29,5 +31,7 @@ var index = outputs({
     basePath
   }
 });
-
-export { index as default };
+export {
+  repo_default as default
+};
+//# sourceMappingURL=index.js.map

package/dist/repo/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/repo/index.ts"],"sourcesContent":["import { restic } from \"@highstate/library\"\nimport { forUnit, getOrCreateSecret } from \"@highstate/pulumi\"\nimport { generatePassword } from \"@highstate/common\"\n\nconst { args, secrets, outputs } = forUnit(restic.repo)\n\nconst remoteName = secrets.rcloneConfig.apply(config => {\n  const remoteNames = Array.from(config.matchAll(/(?<=\\[).+?(?=\\])/g))\n\n  if (remoteNames.length === 0) {\n    throw new Error(\"No remotes found in rclone config\")\n  }\n\n  if (remoteNames.length > 1) {\n    throw new Error(\"Multiple remotes found in rclone config\")\n  }\n\n  return remoteNames[0][0]\n})\n\nconst password = getOrCreateSecret(secrets, \"password\", generatePassword)\nconst basePath = args.basePath?.replace(/\\/$/, \"\") ?? \"backups\"\n\nexport default outputs({\n  repo: {\n    password,\n    type: \"rclone\",\n    rcloneConfig: secrets.rcloneConfig,\n    remoteName,\n    remoteDomains: args.remoteDomains ?? [],\n    basePath,\n  },\n  $status: {\n    remoteName,\n    basePath,\n  },\n})\n"],"mappings":";;;AAAA,SAAS,cAAc;AACvB,SAAS,SAAS,yBAAyB;AAC3C,SAAS,wBAAwB;AAEjC,IAAM,EAAE,MAAM,SAAS,QAAQ,IAAI,QAAQ,OAAO,IAAI;AAEtD,IAAM,aAAa,QAAQ,aAAa,MAAM,YAAU;AACtD,QAAM,cAAc,MAAM,KAAK,OAAO,SAAS,mBAAmB,CAAC;AAEnE,MAAI,YAAY,WAAW,GAAG;AAC5B,UAAM,IAAI,MAAM,mCAAmC;AAAA,EACrD;AAEA,MAAI,YAAY,SAAS,GAAG;AAC1B,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AAEA,SAAO,YAAY,CAAC,EAAE,CAAC;AACzB,CAAC;AAED,IAAM,WAAW,kBAAkB,SAAS,YAAY,gBAAgB;AACxE,IAAM,WAAW,KAAK,UAAU,QAAQ,OAAO,EAAE,KAAK;AAEtD,IAAO,eAAQ,QAAQ;AAAA,EACrB,MAAM;AAAA,IACJ;AAAA,IACA,MAAM;AAAA,IACN,cAAc,QAAQ;AAAA,IACtB;AAAA,IACA,eAAe,KAAK,iBAAiB,CAAC;AAAA,IACtC;AAAA,EACF;AAAA,EACA,SAAS;AAAA,IACP;AAAA,IACA;AAAA,EACF;AACF,CAAC;","names":[]}

package/package.json

@@ -1,15 +1,15 @@
 {
   "name": "@highstate/restic",
-  "version": "0.7.1",
+  "version": "0.7.3",
   "type": "module",
   "files": [
-    "assets",
-    "dist"
+    "dist",
+    "src"
   ],
   "exports": {
     ".": {
-      "default": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "types": "./src/index.ts",
+      "default": "./dist/index.js"
     },
     "./repo": {
       "default": "./dist/repo/index.js"
@@ -19,19 +19,19 @@
     "access": "public"
   },
   "scripts": {
-    "build": "pkgroll --tsconfig=tsconfig.build.json"
+    "build": "highstate build"
   },
   "dependencies": {
-    "@highstate/common": "^0.7.1",
-    "@highstate/k8s": "^0.7.1",
-    "@highstate/pulumi": "^0.7.1",
+    "@highstate/common": "^0.7.3",
+    "@highstate/k8s": "^0.7.3",
+    "@highstate/pulumi": "^0.7.3",
     "@pulumi/kubernetes": "^4.18.0"
   },
   "peerDependencies": {
     "@highstate/library": "workspace:^0.4.4"
   },
   "devDependencies": {
-    "pkgroll": "^2.5.1"
+    "@highstate/cli": "^0.7.3"
   },
-  "gitHead": "76c38ce5dbf7a710cf0e6339f52e86358537a99a"
+  "gitHead": "5cf7cec27262c8fa1d96f6478833b94841459d64"
 }

package/src/index.ts

@@ -0,0 +1 @@
+export { BackupJobPair, type BackupJobPairArgs } from "./job-pair"

package/src/job-pair.ts

@@ -0,0 +1,288 @@
+import type { k8s, restic } from "@highstate/library"
+import { batch, core } from "@pulumi/kubernetes"
+import {
+  createScriptContainer,
+  CronJob,
+  Job,
+  mapMetadata,
+  ScriptBundle,
+  type CommonArgs,
+  type Container,
+  type ScriptDistribution,
+  type ScriptEnvironment,
+  type WorkloadVolume,
+} from "@highstate/k8s"
+import {
+  ComponentResource,
+  normalize,
+  output,
+  Output,
+  type ComponentResourceOptions,
+  type Input,
+  type InputArray,
+  type InstanceTrigger,
+  type InstanceTriggerInvocation,
+} from "@highstate/pulumi"
+import { text } from "@highstate/contract"
+import { backupEnvironment } from "./scripts"
+
+export type BackupJobPairArgs = CommonArgs & {
+  /**
+   * The k8s cluster to calculate the repository path.
+   */
+  k8sCluster: Input<k8s.Cluster>
+
+  /**
+   * The repository to backup/restore to/from.
+   */
+  resticRepo: Input<restic.Repo>
+
+  /**
+   * The extra script environment to pass to the backup and restore scripts.
+   */
+  environment?: Input<ScriptEnvironment>
+
+  /**
+   * The extra script environments to pass to the backup and restore scripts.
+   */
+  environments?: InputArray<ScriptEnvironment>
+
+  /**
+   * The volume to backup.
+   */
+  volume?: Input<WorkloadVolume>
+
+  /**
+   * The sup path of the volume to restore/backup.
+   */
+  subPath?: Input<string>
+
+  /**
+   * The schedule for the backup job.
+   *
+   * By default, the backup job runs every day at midnight.
+   */
+  schedule?: Input<string>
+
+  /**
+   * The extra options to pass to the backup script.
+   */
+  backupOptions?: InputArray<string>
+
+  /**
+   * The extra options for the backup container.
+   */
+  backupContainer?: Input<Container>
+
+  /**
+   * The extra options for the restore container.
+   */
+  restoreContainer?: Input<Container>
+
+  /**
+   * The distribution to use for the scripts.
+   *
+   * By default, the distribution is `alpine`.
+   *
+   * You can also use `ubuntu` if you need to install packages that are not available (or working) in Alpine.
+   */
+  distribution?: ScriptDistribution
+}
+
+export class BackupJobPair extends ComponentResource {
+  /**
+   * The credentials used to access the repository and encrypt the backups.
+   */
+  readonly credentials: Output<core.v1.Secret>
+
+  /**
+   * The script bundle used by the backup and restore jobs.
+   */
+  readonly scriptBundle: Output<ScriptBundle>
+
+  /**
+   * The job resource which restores the volume from the backup before creating an application.
+   */
+  readonly restoreJob: Output<Job>
+
+  /**
+   * The cron job resource which backups the volume regularly.
+   */
+  readonly backupJob: Output<CronJob>
+
+  constructor(
+    private readonly name: string,
+    args: BackupJobPairArgs,
+    private readonly opts?: ComponentResourceOptions,
+  ) {
+    super("highstate:restic:BackupJobPair", name, args, opts)
+
+    this.credentials = output(args).apply(args => {
+      return new core.v1.Secret(
+        `${name}-backup-credentials`,
+        {
+          metadata: mapMetadata(args, `${name}-backup-credentials`),
+
+          stringData: {
+            password: args.resticRepo.password,
+            "rclone.conf": args.resticRepo.rcloneConfig,
+          },
+        },
+        { parent: this, ...opts },
+      )
+    })
+
+    const environment = output(args).apply(args => {
+      return {
+        alpine: {
+          packages: ["rclone"],
+        },
+
+        ubuntu: {
+          preInstallPackages: ["curl", "unzip"],
+
+          preInstallScripts: {
+            "rclone.sh": text`
+              #!/bin/sh
+              set -e
+
+              curl https://rclone.org/install.sh | bash
+            `,
+          },
+        },
+
+        environment: {
+          RESTIC_REPOSITORY: `rclone:${args.resticRepo.remoteName}:${args.resticRepo.basePath}/${args.k8sCluster.info.name}/${name}`,
+          RESTIC_PASSWORD_FILE: "/credentials/password",
+          RESTIC_HOSTNAME: "default",
+          RCLONE_CONFIG: "/credentials/rclone.conf",
+          EXTRA_BACKUP_OPTIONS: args.backupOptions?.join(" "),
+        },
+
+        volumes: [this.credentials, ...(args.volume ? [args.volume] : [])],
+
+        volumeMounts: [
+          {
+            volume: this.credentials,
+            mountPath: "/credentials",
+            readOnly: true,
+          },
+          ...(args.volume
+            ? [
+                {
+                  volume: args.volume,
+                  mountPath: "/data",
+                  subPath: args.subPath,
+                },
+              ]
+            : []),
+        ],
+      } satisfies ScriptEnvironment
+    })
+
+    this.scriptBundle = output(args).apply(args => {
+      return new ScriptBundle(
+        `${name}-backup-scripts`,
+        {
+          namespace: args.namespace,
+          distribution: args.distribution ?? "alpine",
+
+          environments: [
+            backupEnvironment,
+            environment,
+            ...normalize(args.environment, args.environments),
+          ],
+        },
+        { parent: this, ...opts },
+      )
+    })
+
+    this.restoreJob = output(args).apply(args => {
+      return new Job(
+        `${name}-restore`,
+        {
+          namespace: args.namespace,
+
+          container: createScriptContainer({
+            ...args.restoreContainer,
+
+            main: "restore.sh",
+            bundle: this.scriptBundle,
+          }),
+        },
+        { parent: this, ...opts },
+      )
+    })
+
+    this.backupJob = output(args).apply(args => {
+      return new CronJob(
+        `${name}-backup`,
+        {
+          namespace: args.namespace,
+
+          container: createScriptContainer({
+            ...args.backupContainer,
+
+            main: "backup.sh",
+            bundle: this.scriptBundle,
+          }),
+
+          schedule: args.schedule ?? "0 0 * * *",
+          concurrencyPolicy: "Forbid",
+
+          jobTemplate: {
+            spec: {
+              backoffLimit: 1,
+              template: {
+                spec: {
+                  restartPolicy: "Never",
+                },
+              },
+            },
+          },
+        },
+        { parent: this, ...opts },
+      )
+    })
+
+    this.registerOutputs({
+      credentials: this.credentials,
+      scriptBundle: this.scriptBundle,
+      restoreJob: this.restoreJob,
+      backupJob: this.backupJob,
+    })
+  }
+
+  handleTrigger(triggers: InstanceTriggerInvocation[]): InstanceTrigger | undefined {
+    const triggerName = `restic.backup-on-destroy.${this.name}`
+    const invokedTrigger = triggers.find(trigger => trigger.name === triggerName)
+
+    if (invokedTrigger) {
+      this.createBackupOnDestroyJob()
+      return
+    }
+
+    return {
+      name: triggerName,
+      title: "Backup on Destroy",
+      description: `Backup the "${this.name}" before destroying.`,
+      spec: {
+        type: "before-destroy",
+      },
+    }
+  }
+
+  private createBackupOnDestroyJob(): void {
+    new batch.v1.Job(
+      `${this.name}-backup-on-destroy`,
+      {
+        metadata: {
+          name: `${this.name}-backup-on-destroy`,
+          namespace: this.backupJob.cronJob.metadata.namespace,
+        },
+        spec: this.backupJob.cronJob.spec.jobTemplate.spec,
+      },
+      { parent: this, ...this.opts },
+    )
+  }
+}

package/src/repo/index.ts

@@ -0,0 +1,37 @@
+import { restic } from "@highstate/library"
+import { forUnit, getOrCreateSecret } from "@highstate/pulumi"
+import { generatePassword } from "@highstate/common"
+
+const { args, secrets, outputs } = forUnit(restic.repo)
+
+const remoteName = secrets.rcloneConfig.apply(config => {
+  const remoteNames = Array.from(config.matchAll(/(?<=\[).+?(?=\])/g))
+
+  if (remoteNames.length === 0) {
+    throw new Error("No remotes found in rclone config")
+  }
+
+  if (remoteNames.length > 1) {
+    throw new Error("Multiple remotes found in rclone config")
+  }
+
+  return remoteNames[0][0]
+})
+
+const password = getOrCreateSecret(secrets, "password", generatePassword)
+const basePath = args.basePath?.replace(/\/$/, "") ?? "backups"
+
+export default outputs({
+  repo: {
+    password,
+    type: "rclone",
+    rcloneConfig: secrets.rcloneConfig,
+    remoteName,
+    remoteDomains: args.remoteDomains ?? [],
+    basePath,
+  },
+  $status: {
+    remoteName,
+    basePath,
+  },
+})

package/src/scripts.ts

@@ -0,0 +1,86 @@
+import type { ScriptEnvironment } from "@highstate/k8s"
+import { text } from "@highstate/contract"
+
+export const backupEnvironment: ScriptEnvironment = {
+  alpine: {
+    packages: ["restic"],
+  },
+
+  ubuntu: {
+    packages: ["restic"],
+  },
+
+  scripts: {
+    "backup.sh": text`
+      #!/bin/sh
+      set -e
+
+      # Init the repo if it doesn't exist
+      echo "| Checking the repository"
+      if restic snapshots > /dev/null 2>&1; then
+        echo "| Repository is ready"
+      else
+        echo "| Initializing new repository"
+        restic init
+      fi
+
+      # Execute lock script if it exists
+      if [ -f /scripts/lock.sh ]; then
+        /scripts/lock.sh || (echo "| error: lock script failed" && exit 1)
+      fi
+
+      # Unlock the data source on exit
+      if [ -f /scripts/unlock.sh ]; then
+        trap "echo '/scripts/unlock.sh || (echo '| error: unlock script failed' && exit 1)" EXIT
+      fi
+
+      # Perform online backup if the corresponding script exists
+      if [ -f /scripts/online-backup.sh ]; then
+        /scripts/online-backup.sh || (echo "| error: online backup script failed" && exit 1)
+      fi
+
+      # Backup the volume
+      echo "| Backing up /data"
+      restic backup -H "$RESTIC_HOSTNAME" /data $EXTRA_BACKUP_OPTIONS
+
+      # Forget old snapshots
+      echo "| Forgetting old snapshots"
+      restic forget --host "$RESTIC_HOSTNAME" --keep-daily 7 --keep-weekly 4 --keep-monthly 6
+      echo "| Backup complete"
+    `,
+
+    "restore.sh": text`
+      #!/bin/sh
+      set -e
+
+      # Check if /data is empty
+      echo "| Checking if volume is empty"
+      if [ "$(find /data -type f -print -quit 2>/dev/null)" ]; then
+        echo "| Volume is not empty. Skipping restore."
+        exit 0
+      fi
+
+      # Check if at least one snapshot exists
+      echo "| Checking for snapshots"
+      if ! result=$(restic list snapshots); then
+        echo "| No snapshots found. Skipping restore."
+        exit 0
+      fi
+
+      if [ -z "$result" ]; then
+        echo "| No snapshots found. Skipping restore."
+        exit 0
+      fi
+
+      # Restore the volume
+      echo "| Restoring /data"
+      restic restore -H "$RESTIC_HOSTNAME" latest --target /
+      echo "| Volume restored."
+
+      # Post-restore script
+      if [ -f /scripts/post-restore.sh ]; then
+        /scripts/post-restore.sh || (echo "| error: post-restore script failed" && exit 1)
+      fi
+    `,
+  },
+}

package/dist/index.d.ts

@@ -1,82 +0,0 @@
-import { k8s, restic } from '@highstate/library';
-import { core } from '@pulumi/kubernetes';
-import { ScriptBundle, Job, CronJob, CommonArgs, ScriptEnvironment, WorkloadVolume, Container, ScriptDistribution } from '@highstate/k8s';
-import { ComponentResource, Output, Input, InputArray, ComponentResourceOptions, InstanceTriggerInvocation, InstanceTrigger } from '@highstate/pulumi';
-
-type BackupJobPairArgs = CommonArgs & {
-    /**
-     * The k8s cluster to calculate the repository path.
-     */
-    k8sCluster: Input<k8s.Cluster>;
-    /**
-     * The repository to backup/restore to/from.
-     */
-    resticRepo: Input<restic.Repo>;
-    /**
-     * The extra script environment to pass to the backup and restore scripts.
-     */
-    environment?: Input<ScriptEnvironment>;
-    /**
-     * The extra script environments to pass to the backup and restore scripts.
-     */
-    environments?: InputArray<ScriptEnvironment>;
-    /**
-     * The volume to backup.
-     */
-    volume?: Input<WorkloadVolume>;
-    /**
-     * The sup path of the volume to restore/backup.
-     */
-    subPath?: Input<string>;
-    /**
-     * The schedule for the backup job.
-     *
-     * By default, the backup job runs every day at midnight.
-     */
-    schedule?: Input<string>;
-    /**
-     * The extra options to pass to the backup script.
-     */
-    backupOptions?: InputArray<string>;
-    /**
-     * The extra options for the backup container.
-     */
-    backupContainer?: Input<Container>;
-    /**
-     * The extra options for the restore container.
-     */
-    restoreContainer?: Input<Container>;
-    /**
-     * The distribution to use for the scripts.
-     *
-     * By default, the distribution is `alpine`.
-     *
-     * You can also use `ubuntu` if you need to install packages that are not available (or working) in Alpine.
-     */
-    distribution?: ScriptDistribution;
-};
-declare class BackupJobPair extends ComponentResource {
-    private readonly name;
-    private readonly opts?;
-    /**
-     * The credentials used to access the repository and encrypt the backups.
-     */
-    readonly credentials: Output<core.v1.Secret>;
-    /**
-     * The script bundle used by the backup and restore jobs.
-     */
-    readonly scriptBundle: Output<ScriptBundle>;
-    /**
-     * The job resource which restores the volume from the backup before creating an application.
-     */
-    readonly restoreJob: Output<Job>;
-    /**
-     * The cron job resource which backups the volume regularly.
-     */
-    readonly backupJob: Output<CronJob>;
-    constructor(name: string, args: BackupJobPairArgs, opts?: ComponentResourceOptions | undefined);
-    handleTrigger(triggers: InstanceTriggerInvocation[]): InstanceTrigger | undefined;
-    private createBackupOnDestroyJob;
-}
-
-export { BackupJobPair, type BackupJobPairArgs };