james/baktainer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Easily backup your docker databases
23 commits 1 branch 1 tag 319 KiB
Find a file
James Paterni 5dcdc28356
Some checks failed
Build and Push Docker Image / test (push) Failing after 0s
Details
Run Tests / test (push) Failing after 1s
Details
Build and Push Docker Image / build (push) Has been skipped
Details
Build Docker Image / build (push) Failing after 22s
Details
Build Docker Image / notify (push) Failing after 0s
Details
CI Pipeline / test (push) Failing after 2m13s
Details
CI Pipeline / build (push) Has been skipped
Details
CI Pipeline / notify (push) Successful in 1s
Details
Add Forgejo Actions workflows for CI/CD 
## Forgejo Actions Setup

### Directory Structure
- `.forgejo/workflows/` - Forgejo Actions workflows directory
- `ci.yml` - Main CI pipeline (test + build + notify)
- `test.yml` - Test-only workflow for development
- `build.yml` - Build-only workflow for releases
- `docker.yml` - Advanced Docker workflow with caching
- `README.md` - Comprehensive documentation

### Key Features

#### 1. Main CI Pipeline (ci.yml)
- Runs RSpec tests in Ruby 3.3 Alpine container
- Builds and pushes Docker images to Docker Hub
- Supports version tagging and latest tags
- Provides pipeline status notifications

#### 2. Test Workflow (test.yml)
- Dedicated testing workflow for PRs
- Runs unit and integration tests separately
- Generates coverage reports
- Uploads test artifacts

#### 3. Build Workflow (build.yml)
- Standalone Docker build workflow
- Triggers on main branch and version tags
- Includes build status notifications

#### 4. Advanced Docker Workflow (docker.yml)
- Uses Docker Buildx for advanced builds
- Implements Docker layer caching
- Automatic metadata extraction and tagging

### Forgejo vs GitHub Actions Differences

#### Technical Adaptations
- **Directory**: `.forgejo/workflows/` vs `.github/workflows/`
- **Runners**: `runs-on: docker` with container specification
- **Dependencies**: Explicit Alpine package installation
- **Caching**: Adapted for Forgejo environment
- **Execution**: Optimized for Docker container runtime

#### Compatibility
- Uses same action references (`actions/checkout@v4`, etc.)
- Same secret management (`${{ secrets.* }}`)
- Same environment variables (`${{ github.* }}`)
- Maintains workflow syntax compatibility

### Required Configuration
- Enable Repository Actions in Forgejo settings
- Configure Docker Hub secrets (DOCKER_USERNAME, DOCKER_PASSWORD, DOCKER_IMAGE_NAME)
- Ensure Forgejo Runner is installed and configured
- Set up action repository sources

### Benefits
- **Dual CI/CD**: Can run alongside GitHub Actions
- **Self-hosted**: Full control over CI/CD infrastructure
- **Docker-native**: Optimized for containerized workflows
- **Feature parity**: Maintains same functionality as GitHub Actions

This enables Baktainer to run on Forgejo instances with full CI/CD
capabilities while maintaining compatibility with existing GitHub Actions.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-15 11:02:58 -04:00
.forgejo Add Forgejo Actions workflows for CI/CD 2025-07-15 11:02:58 -04:00
.github/workflows Add comprehensive RSpec testing infrastructure and enhance CI/CD pipeline 2025-07-13 23:12:59 -04:00
app Enhance dashboard with next backup time, reorganized layout, and pagination 2025-07-15 10:31:09 -04:00
.dockerignore Initial Commit 2025-04-14 09:39:37 -04:00
.gitignore Major architectural overhaul: dependency injection, monitoring, and operational improvements 2025-07-14 22:58:26 -04:00
.tool-versions Initial Commit 2025-04-14 09:39:37 -04:00
API_DOCUMENTATION.md Major architectural overhaul: dependency injection, monitoring, and operational improvements 2025-07-14 22:58:26 -04:00
CLAUDE.md Implement comprehensive security fixes and enhancements 2025-07-14 10:19:18 -04:00
docker-compose.yml Fix health check server by using Puma with Rack directly 2025-07-14 23:15:26 -04:00
Dockerfile Initial Commit 2025-04-14 09:39:37 -04:00
entrypoint.sh Initial Commit 2025-04-14 09:39:37 -04:00
LICENSE Initial commit 2025-04-05 13:58:02 +00:00
README.md Comprehensively update README.md with all implemented features 2025-07-15 08:09:02 -04:00
SECURITY.md Implement comprehensive security fixes and enhancements 2025-07-14 10:19:18 -04:00
TODO.md Major architectural overhaul: dependency injection, monitoring, and operational improvements 2025-07-14 22:58:26 -04:00

README.md

baktainer

Easily backup databases running in docker containers.

Features

  • Database Support: MySQL, PostgreSQL, MongoDB, and SQLite databases
  • Scheduled Backups: Run on a schedule using cron expressions
  • Container Discovery: Define which databases to backup using docker labels
  • Health Monitoring: Web dashboard and REST API for monitoring backup status
  • Notifications: Multi-channel notifications (Slack, Discord, Teams, Email, Webhooks)
  • Backup Rotation: Automatic cleanup based on age, count, or disk space
  • Encryption: AES-256-GCM encryption for backup files
  • Compression: Gzip compression to reduce backup file sizes
  • Performance Monitoring: Real-time metrics and performance alerts
  • Label Validation: Schema-based validation with helpful error messages
  • SSL/TLS Support: Secure Docker API connections
  • High Performance: Multi-threaded backups with dynamic scaling

Installation

⚠️ Security Notice: Baktainer requires Docker socket access which grants significant privileges. Please review SECURITY.md for important security considerations and recommended mitigations.

services:
  baktainer:
    image: jamez001/baktainer:latest
    container_name: baktainer
    restart: unless-stopped
    ports:
      - "8080:8080"  # Health check dashboard
    volumes:
      - ./backups:/backups
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - BT_CRON="0 0 * * *" # Backup every day at midnight
      - BT_DOCKER_URL=unix:///var/run/docker.sock
      - BT_THREADS=4
      - BT_LOG_LEVEL=info
      - BT_HEALTH_SERVER_ENABLED=true  # Enable health check server
      - BT_COMPRESS=true               # Enable compression
      - BT_ROTATION_ENABLED=true       # Enable backup rotation
      - BT_RETENTION_DAYS=30          # Keep backups for 30 days
      # SSL Configuration (if using remote Docker API)
      #- BT_SSL=true
      #- BT_CA=/path/to/ca.pem
      #- BT_CERT=/path/to/cert.pem
      #- BT_KEY=/path/to/key.pem
      # Notification Configuration
      #- BT_NOTIFICATION_CHANNELS=slack,log
      #- BT_SLACK_WEBHOOK_URL=https://hooks.slack.com/...
      #- BT_NOTIFY_FAILURES=true
      # Encryption Configuration
      #- BT_ENCRYPTION_ENABLED=true
      #- BT_ENCRYPTION_KEY=your-hex-key

For enhanced security, consider using a Docker socket proxy. See SECURITY.md for detailed security recommendations.

Environment Variables

Core Configuration

Variable Description Default
BT_CRON Cron expression for scheduling backups 0 0 * * *
BT_THREADS Number of threads to use for backups 4
BT_LOG_LEVEL Log level (debug, info, warn, error) info
BT_DOCKER_URL Docker API URL unix:///var/run/docker.sock
BT_BACKUP_DIR Directory to store backups /backups

Backup Options

Variable Description Default
BT_COMPRESS Enable gzip compression for backups true
BT_ROTATION_ENABLED Enable automatic backup rotation true
BT_RETENTION_DAYS Days to keep backups (0 = unlimited) 30
BT_RETENTION_COUNT Max backups per container (0 = unlimited) 0
BT_MIN_FREE_SPACE_GB Minimum free space in GB 10

Health Monitoring

Variable Description Default
BT_HEALTH_SERVER_ENABLED Enable health check server false
BT_HEALTH_PORT Port for health check server 8080
BT_HEALTH_BIND Bind address for health server 0.0.0.0

SSL/TLS Configuration

Variable Description Default
BT_SSL Enable SSL for Docker connection false
BT_CA Path to CA certificate or certificate data none
BT_CERT Path to client certificate or certificate data none
BT_KEY Path to client key or key data none

Encryption

Variable Description Default
BT_ENCRYPTION_ENABLED Enable AES-256-GCM encryption false
BT_ENCRYPTION_KEY Encryption key (hex or base64) none
BT_ENCRYPTION_KEY_FILE Path to encryption key file none
BT_ENCRYPTION_PASSPHRASE Passphrase for key derivation none

Notifications

Variable Description Default
BT_NOTIFICATION_CHANNELS Comma-separated list of channels log
BT_NOTIFY_SUCCESS Notify on successful backups false
BT_NOTIFY_FAILURES Notify on backup failures true
BT_NOTIFY_WARNINGS Notify on warnings true
BT_NOTIFY_HEALTH Notify on health issues true
BT_SLACK_WEBHOOK_URL Slack webhook URL none
BT_DISCORD_WEBHOOK_URL Discord webhook URL none
BT_TEAMS_WEBHOOK_URL Microsoft Teams webhook URL none
BT_WEBHOOK_URL Generic webhook URL none

Usage

Add labels to your docker containers to specify which databases to backup.

services:
  db:
    image: postgres:17
    container_name: my-db
    restart: unless-stopped
    volumes:
    - db:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: "${DB_BASE:-database}"
      POSTGRES_USER: "${DB_USER:-user}"
      POSTGRES_PASSWORD: "${DB_PASSWORD:-StrongPassword}"
    labels:
      - baktainer.backup=true
      - baktainer.db.engine=postgres
      - baktainer.db.name=my-db
      - baktainer.db.user=user
      - baktainer.db.password=StrongPassword
      - baktainer.name="MyApp"

Docker Labels for Container Configuration

Required Labels

Label Description Required For
baktainer.backup Set to true to enable backup for this container All
baktainer.db.engine Database engine: mysql, postgres, mongodb, sqlite All
baktainer.db.name Name of the database to backup All
baktainer.db.user Username for the database MySQL, PostgreSQL, MongoDB
baktainer.db.password Password for the database MySQL, PostgreSQL, MongoDB

Optional Labels

Label Description Default
baktainer.name Application name for backup files Database name
baktainer.compress Enable compression for this container (true/false) BT_COMPRESS value
baktainer.encrypt Enable encryption for this container (true/false) BT_ENCRYPTION_ENABLED value
baktainer.backup.priority Backup priority: low, normal, high, critical normal
baktainer.backup.retention.days Days to keep backups for this container BT_RETENTION_DAYS value
baktainer.backup.retention.count Max backups to keep for this container BT_RETENTION_COUNT value

Backup Files

The backup files will be stored in the directory specified by the BT_BACKUP_DIR environment variable. The files will be named according to the following format:

/backups/<date>/<db_name>-<timestamp>.sql.gz

Where <date> is the date of the backup ('YY-MM-DD' format) <db_name> is the name provided by baktainer.name, or the name of the database, <timestamp> is the unix timestamp of the backup.

By default, backups are compressed with gzip. To disable compression, set BT_COMPRESS=false or add baktainer.compress=false label to specific containers.

Health Monitoring & Dashboard

Baktainer includes a comprehensive health monitoring system with a web dashboard and REST API.

Accessing the Dashboard

When BT_HEALTH_SERVER_ENABLED=true, visit http://localhost:8080 for:

  • Real-time backup status and metrics
  • Container discovery and configuration
  • Performance monitoring with auto-refresh
  • System health checks and alerts

Health Check Endpoints

Endpoint Description
GET / Interactive monitoring dashboard
GET /health Health check (200 = healthy, 503 = unhealthy)
GET /status Detailed system status and metrics
GET /backups Backup history and statistics
GET /containers Discovered containers with backup labels
GET /config Configuration (credentials sanitized)
GET /metrics Prometheus-format metrics

Prometheus Integration

Use the /metrics endpoint to integrate with monitoring systems:

# Prometheus scrape config
scrape_configs:
  - job_name: 'baktainer'
    static_configs:
      - targets: ['baktainer:8080']
    metrics_path: '/metrics'
    scrape_interval: 30s

Notifications

Configure multi-channel notifications for backup events:

Supported Channels

  • Slack: Set BT_SLACK_WEBHOOK_URL
  • Discord: Set BT_DISCORD_WEBHOOK_URL
  • Microsoft Teams: Set BT_TEAMS_WEBHOOK_URL
  • Generic Webhook: Set BT_WEBHOOK_URL
  • Logs: Always available

Example Configuration

environment:
  - BT_NOTIFICATION_CHANNELS=slack,log
  - BT_SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL
  - BT_NOTIFY_FAILURES=true
  - BT_NOTIFY_SUCCESS=false
  - BT_NOTIFY_WARNINGS=true

Backup Encryption

Secure your backups with AES-256-GCM encryption:

environment:
  - BT_ENCRYPTION_ENABLED=true
  - BT_ENCRYPTION_KEY=your-256-bit-hex-key
  # Or use a key file:
  # - BT_ENCRYPTION_KEY_FILE=/path/to/keyfile
  # Or derive from passphrase:
  # - BT_ENCRYPTION_PASSPHRASE=your-secure-passphrase

Encrypted files use .enc extension and include authentication data for integrity verification.

Backup Rotation & Cleanup

Automatic backup cleanup keeps your storage manageable:

Configuration Options

environment:
  - BT_ROTATION_ENABLED=true      # Enable automatic cleanup
  - BT_RETENTION_DAYS=30          # Keep backups for 30 days
  - BT_RETENTION_COUNT=0          # Max backups per container (0 = unlimited)
  - BT_MIN_FREE_SPACE_GB=10       # Trigger cleanup when free space < 10GB

Per-Container Overrides

labels:
  - baktainer.backup.retention.days=7    # Keep this container's backups for 7 days
  - baktainer.backup.retention.count=5   # Keep max 5 backups for this container

Cleanup Behavior

  • Time-based: Remove backups older than specified days
  • Count-based: Keep only N most recent backups per container
  • Space-based: Automatic cleanup when disk space is low
  • Smart cleanup: Removes empty date directories after cleanup

Testing

The project includes comprehensive test coverage with both unit and integration tests.

Running Tests

# Run all tests
cd app && bundle exec rspec

# Run tests with coverage report
cd app && COVERAGE=true bundle exec rspec

# Run only unit tests
cd app && bundle exec rspec spec/unit/

# Run only integration tests (requires Docker)
cd app && bundle exec rspec spec/integration/

Test Coverage

  • Line Coverage: 94.94% (150/158 lines)
  • Branch Coverage: 71.11% (32/45 branches)
  • Tests cover all database engines, container discovery, error handling, and backup workflows
  • Integration tests validate full backup operations with real Docker containers

Test Commands

# Quick unit tests
bin/test

# All tests with coverage
bin/test --all --coverage

# Integration tests with setup/cleanup
bin/test --integration --setup --cleanup

Development Roadmap

Completed Features

  • Database Support: MySQL, PostgreSQL, MongoDB, and SQLite backups
  • Scheduling: Cron-based backup scheduling
  • Container Discovery: Docker label-based configuration
  • Docker Integration: Support for socket, TCP, SSL/TLS connections
  • Compression: Gzip compression for backup files
  • Health Monitoring: Web dashboard and REST API monitoring
  • Notifications: Multi-channel notifications (Slack, Discord, Teams, Webhooks)
  • Backup Rotation: Automatic cleanup based on age, count, and disk space
  • Encryption: AES-256-GCM encryption for backup files
  • Performance Monitoring: Real-time metrics and alerts
  • Label Validation: Schema-based validation with helpful error messages
  • High Performance: Multi-threaded backups with dynamic scaling
  • Comprehensive Testing: 94.94% line coverage with unit and integration tests

🔄 In Progress

  • Backup streaming for large databases
  • Advanced retry strategies with exponential backoff

📋 Future Enhancements

  • Individual hooks for completed backups
  • Hooks for fully completed backup cycles
  • Configurable timeout limits for each backup
  • Database-specific optimization settings
  • Backup verification and integrity checking
  • Multi-region backup replication
  • Advanced alerting rules and thresholds