Merge branch 'master' into NS-3390

.github/workflows/auto-codespell.yml

@@ -23,11 +23,11 @@ jobs:
     name: PreCommit
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/[email protected].0
-    - uses: DeterminateSystems/nix-installer-action@v10
+    - uses: actions/[email protected].1
+    - uses: DeterminateSystems/nix-installer-action@v13
       with:
         diagnostic-endpoint: ""
-    - uses: DeterminateSystems/magic-nix-cache-action@v4
+    - uses: DeterminateSystems/magic-nix-cache-action@v7
       with:
         diagnostic-endpoint: ""
     - name: Checkout

.github/workflows/auto-gen-docs.yaml

@@ -33,10 +33,10 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'pull_request' || (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
     steps:
-      - uses: DeterminateSystems/nix-installer-action@v10
+      - uses: DeterminateSystems/nix-installer-action@v13
         with:
           diagnostic-endpoint: ""
-      - uses: DeterminateSystems/magic-nix-cache-action@v4
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
         with:
           diagnostic-endpoint: ""
       - name: Checkout code
@@ -68,10 +68,10 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'pull_request' || (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
     steps:
-      - uses: DeterminateSystems/nix-installer-action@v10
+      - uses: DeterminateSystems/nix-installer-action@v13
         with:
           diagnostic-endpoint: ""
-      - uses: DeterminateSystems/magic-nix-cache-action@v4
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
         with:
           diagnostic-endpoint: ""
       - name: Checkout code

.github/workflows/release.yaml

@@ -16,7 +16,7 @@ jobs:
       - name: Set up env vars
         run: |
           echo "GO111MODULE=on" >> $GITHUB_ENV
-          echo "GO_VERSION=v$(sed -n 's/GO_VERSION=//p' config.base.env)" >> $GITHUB_ENV
+          echo "GO_VERSION=v$(sed -n 's/GO_VERSION=//p' config.base.env | tr -d '\n' | tr -d '"')" >> $GITHUB_ENV
           echo "GOPATH=/home/runner/go" >> $GITHUB_ENV
 
       - name: Prepare go environment

Makefile

@@ -89,11 +89,18 @@ test: ## Runs the go tests
 	@RUNNING_TESTS=1 go test -tags "$(BUILDTAGS) cgo" $(PACKAGES_FOR_UNIT_TESTS)
 
 .PHONY: e2e
-e2e: deepcopy-gen manifests ## Runs e2e tests, you can use EXTRA_ARGS
+e2e: deepcopy-gen manifests backup-kind-load ## Runs e2e tests, you can use EXTRA_ARGS
 	@echo "+ $@"
 	RUNNING_TESTS=1 go test -parallel=1 "./test/e2e/" -ginkgo.v -tags "$(BUILDTAGS) cgo" -v -timeout 60m -run "$(E2E_TEST_SELECTOR)" \
 		-jenkins-api-hostname=$(JENKINS_API_HOSTNAME) -jenkins-api-port=$(JENKINS_API_PORT) -jenkins-api-use-nodeport=$(JENKINS_API_USE_NODEPORT) $(E2E_TEST_ARGS)
 
+## Backup Section
+
+.PHONY: backup-kind-load
+backup-kind-load: ## Load latest backup image in the cluster
+	@echo "+ $@"
+	make -C backup/pvc backup-kind-load
+
 ## HELM Section
 
 .PHONY: helm
@@ -127,7 +134,7 @@ helm-release-latest: helm
 .PHONY: helm-e2e
 IMAGE_NAME := quay.io/$(QUAY_ORGANIZATION)/$(QUAY_REGISTRY):$(GITCOMMIT)-amd64
 
-helm-e2e: helm container-runtime-build-amd64 ## Runs helm e2e tests, you can use EXTRA_ARGS
+helm-e2e: helm container-runtime-build-amd64 backup-kind-load ## Runs helm e2e tests, you can use EXTRA_ARGS
 	kind load docker-image ${IMAGE_NAME} --name $(KIND_CLUSTER_NAME)
 	@echo "+ $@"
 	RUNNING_TESTS=1 go test -parallel=1 "./test/helm/" -ginkgo.v -tags "$(BUILDTAGS) cgo" -v -timeout 60m -run "$(E2E_TEST_SELECTOR)" -image-name=$(IMAGE_NAME) $(E2E_TEST_ARGS)
@@ -374,12 +381,12 @@ kind-clean: ## Delete kind cluster
 IMAGE_NAME := quay.io/$(QUAY_ORGANIZATION)/$(QUAY_REGISTRY):$(GITCOMMIT)-amd64
 BUILD_PRESENT := $(shell docker images |grep -q ${IMAGE_NAME})
 ifndef BUILD_PRESENT
-bats-tests: container-runtime-build-amd64 ## Run bats tests
+bats-tests: backup-kind-load container-runtime-build-amd64 ## Run bats tests
 	@echo "+ $@"
 	kind load docker-image ${IMAGE_NAME} --name $(KIND_CLUSTER_NAME)
 	OPERATOR_IMAGE="${IMAGE_NAME}" TERM=xterm bats -T -p test/bats
 else
-bats-tests: ## Run bats tests
+bats-tests: backup-kind-load
 	@echo "+ $@"
 	OPERATOR_IMAGE="${IMAGE_NAME}" TERM=xterm bats -T -p test/bats
 endif

VERSION.txt

@@ -1 +1 @@
-v0.8.0
+v0.8.1

backup/pvc/Makefile

@@ -118,6 +118,12 @@ docker-release-latest: docker-build ## Release image with latest tags (in additi
 docker-release: docker-release-version docker-release-latest ## Release image with version and latest tags (in addition to build tag)
 	@echo "+ $@"
 
+.PHONY: backup-kind-load
+backup-kind-load: docker-build ## Build and load backup img in kind with e2e-test tag
+	@echo "+ $@"
+	docker tag quay.io/$(QUAY_ORGANIZATION)/$(QUAY_REGISTRY)-$(NAME):$(GITCOMMIT) quay.io/$(QUAY_ORGANIZATION)/$(QUAY_REGISTRY)-$(NAME):e2e-test
+	kind load docker-image quay.io/$(QUAY_ORGANIZATION)/$(QUAY_REGISTRY)-$(NAME):e2e-test --name $(KIND_CLUSTER_NAME)
+
 # if this session isn't interactive, then we don't want to allocate a
 # TTY, which would fail, but if it is interactive, we do want to attach
 # so that the user can send e.g. ^C through.
@@ -127,7 +133,7 @@ ifeq ($(INTERACTIVE), 1)
 endif
 
 .PHONY: docker-run
-docker-run: docker-build ## Run the container in docker, you can use EXTRA_ARGS
+docker-run: docker-build
 	@echo "+ $@"
 	docker run --rm -i $(DOCKER_FLAGS) \
 		quay.io/$(QUAY_ORGANIZATION)/$(QUAY_REGISTRY)-$(NAME):$(GITCOMMIT) $(ARGS)

backup/pvc/VERSION.txt

@@ -1 +1 @@
-v0.2.5
+v0.4.0

backup/pvc/bin/backup.sh

@@ -1,39 +1,63 @@
 #!/usr/bin/env bash
 
 set -eo pipefail
+source "$(dirname "$0")/utils.sh"
+
+[[ ! $# -eq 1 ]] && _log "ERROR" "Usage: $0 BACKUP_NUMBER" && exit 1
+[[ -z "${BACKUP_DIR}" ]] && _log "ERROR" "Required 'BACKUP_DIR' env not set" && exit 1
+[[ -z "${JENKINS_HOME}" ]] && _log "ERROR" "Required 'JENKINS_HOME' env not set" && exit 1
+BACKUP_RETRY_COUNT=${BACKUP_RETRY_COUNT:-3}
+BACKUP_RETRY_INTERVAL=${BACKUP_RETRY_INTERVAL:-60}
+BACKUP_NUMBER=$1
+TRAP_FILE="/tmp/_backup_${BACKUP_NUMBER}_is_running"
+
+# --> Check if another backup process is running (operator restart/crash)
+for ((i=0; i<BACKUP_RETRY_COUNT; i++)); do
+    [[ ! -f "${TRAP_FILE}" ]] && _log "INFO" "[backup] no other backup process are running" && break
+    _log "INFO" "[backup] backup is already running. Waiting for ${BACKUP_RETRY_INTERVAL} seconds..."
+    sleep "${BACKUP_RETRY_INTERVAL}"
+done
+[[ -f "${TRAP_FILE}" ]] && { _log "ERROR" "[backup] backup is still running after waiting ${BACKUP_RETRY_COUNT} time ${BACKUP_RETRY_INTERVAL}s. Exiting."; exit 1; }
+# --< Done
+
+_log "INFO" "[backup] running backup ${BACKUP_NUMBER}"
+touch "${TRAP_FILE}"
+# create temp dir on the same filesystem with a BACKUP_DIR to be able use atomic mv enstead of copy
+BACKUP_TMP_DIR=$(mktemp -d --tmpdir="${BACKUP_DIR}")
 
-[[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1;
-[[ -z "${BACKUP_DIR}" ]] && echo "Required 'BACKUP_DIR' env not set" && exit 1;
-[[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
+_clean(){
+    test -d "${BACKUP_TMP_DIR}" && rm -fr "${BACKUP_TMP_DIR}"
+    test -f "${TRAP_FILE}" && rm -f "${TRAP_FILE}"
+}
 
-# create temp dir on the same filesystem with a BACKUP_DIR to be able use atomic mv enstead of copy
-BACKUP_TMP_DIR=$(mktemp -d --tmpdir=${BACKUP_DIR})
-trap "test -d "${BACKUP_TMP_DIR}" && rm -fr "${BACKUP_TMP_DIR}"" EXIT SIGINT SIGTERM
+_trap(){
+    _clean
+    _log "ERROR" "[backup] something wrong happened, check the logs"
+}
 
-backup_number=$1
-echo "Running backup"
+trap '_trap' SIGQUIT SIGINT SIGTERM
 
 # config.xml in a job directory is a config file that shouldn't be backed up
 # config.xml in child directories is state that should. For example-
 # branches/myorg/branches/myrepo/branches/master/config.xml should be retained while
 # branches/myorg/config.xml should not
-tar --zstd -C "${JENKINS_HOME}" -cf "${BACKUP_TMP_DIR}/${backup_number}.tar.zstd" \
+tar --zstd -C "${JENKINS_HOME}" -cf "${BACKUP_TMP_DIR}/${BACKUP_NUMBER}.tar.zstd" \
     --exclude jobs/*/workspace* \
     --no-wildcards-match-slash --anchored \
     --ignore-failed-read \
     --exclude jobs/*/config.xml -c jobs || ret=$?
 
 if [[ "$ret" -eq 0 ]]; then
-  echo "Backup was completed without warnings"
+  _log "INFO" "[backup] backup ${BACKUP_NUMBER} was completed without warnings"
 elif [[ "$ret" -eq 1 ]]; then
-  echo "Backup was completed with some warnings"
+  _log "INFO" "[backup] backup ${BACKUP_NUMBER} was completed with some warnings"
 fi
 
-# atomically create a backup file
-mv "${BACKUP_TMP_DIR}/${backup_number}.tar.zstd" "${BACKUP_DIR}/${backup_number}.tar.zstd"
+mv "${BACKUP_TMP_DIR}/${BACKUP_NUMBER}.tar.zstd" "${BACKUP_DIR}/${BACKUP_NUMBER}.tar.zstd"
 
-rm -rf "${BACKUP_TMP_DIR}"
-[[ ! -s ${BACKUP_DIR}/${backup_number}.tar.zstd ]] && echo "backup file '${BACKUP_DIR}/${backup_number}.tar.zstd' is empty" && exit 1;
+_log "INFO" "[backup] cleaning ${BACKUP_TMP_DIR} and trap file ${TRAP_FILE}"
+_clean
+[[ ! -s ${BACKUP_DIR}/${BACKUP_NUMBER}.tar.zstd ]] && _log "ERROR" "[backup] file '${BACKUP_DIR}/${BACKUP_NUMBER}.tar.zstd' is empty" && exit 1
 
-echo Done
+_log "INFO" "[backup] ${BACKUP_NUMBER} done"
 exit 0

backup/pvc/bin/get-latest.sh

@@ -1,10 +1,35 @@
 #!/usr/bin/env bash
 
 set -eo pipefail
+source "$(dirname "$0")/utils.sh"
+
+is_backup_not_exist() {
+    local backup_dir="$1"
+    # Save the current value of 'set -e'
+    local previous_e
+    previous_e=$(set +e; :; echo $?)
+    # Temporarily turn off 'set -e'
+    set +e
+    # Run ls command to check if any files matching the pattern exist
+    ls "${backup_dir}"/*.tar.* 1> /dev/null 2>&1
+    # Store the exit status of the ls command
+    local ls_exit_status=$?
+    # Restore the previous value of 'set -e'
+    [ "$previous_e" = "0" ] && set -e
+    # Return true if ls command succeeded (no files found), otherwise return false
+    [ $ls_exit_status -ne 0 ]
+}
+
+[[ -z "${BACKUP_DIR}" ]] && { _log "ERROR" "Required 'BACKUP_DIR' env not set"; exit 1; }
+
+# Check if we have any backup
+if is_backup_not_exist "${BACKUP_DIR}"; then
+  echo "-1"
+  exit 0
+fi
 
-[[ -z "${BACKUP_DIR}" ]] && echo "Required 'BACKUP_DIR' env not set" && exit 1
 # Search for all the tar.* inside the backup dir to support the migration between gzip vs zstd
-latest=$(find ${BACKUP_DIR} -name '*.tar.*' -exec basename {} \; | sort -g | tail -n 1)
+latest=$(find "${BACKUP_DIR}"/*.tar.* -maxdepth 0 -exec basename {} \; | sort -g | tail -n 1)
 
 if [[ "${latest}" == "" ]]; then
   echo "-1"

backup/pvc/bin/restore.sh

@@ -1,29 +1,47 @@
 #!/usr/bin/env bash
 
 set -eo pipefail
+source "$(dirname "$0")/utils.sh"
 
-[[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1
-[[ -z "${BACKUP_DIR}" ]] && echo "Required 'BACKUP_DIR' env not set" && exit 1;
-[[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
+[[ ! $# -eq 1 ]] && _log "ERROR" "Usage: $0 <backup number>" && exit 1
+[[ -z "${BACKUP_DIR}" ]] && _log "ERROR" "Required 'BACKUP_DIR' env not set" && exit 1
+[[ -z "${JENKINS_HOME}" ]] && _log "ERROR" "Required 'JENKINS_HOME' env not set" && exit 1
+BACKUP_NUMBER=$1
+RESTORE_RETRY_COUNT=${RESTORE_RETRY_COUNT:-10}
+RESTORE_RETRY_INTERVAL=${RESTORE_RETRY_INTERVAL:-10}
 
-backup_number=$1
-backup_file="${BACKUP_DIR}/${backup_number}"
-echo "Running restore backup with backup number #${backup_number}"
+# --> Check if another restore process is running (operator restart/crash)
+TRAP_FILE="/tmp/_restore_${BACKUP_NUMBER}_is_running"
+trap "rm -f ${TRAP_FILE}" SIGINT SIGTERM
 
-if [[ -f "$backup_file.tar.gz" ]]; then
-    echo "Old format tar.gz found, restoring it"
+for ((i=0; i<RESTORE_RETRY_COUNT; i++)); do
+    [[ ! -f "${TRAP_FILE}" ]] && _log "INFO" "[restore] no other process are running, restoring" && break
+    _log "INFO" "[restore] is already running. Waiting for ${RESTORE_RETRY_INTERVAL} seconds..."
+    sleep "${RESTORE_RETRY_INTERVAL}"
+done
+[[ -f "${TRAP_FILE}" ]] && { _log "ERROR" "[restore] is still running after waiting ${RESTORE_RETRY_COUNT} time ${RESTORE_RETRY_INTERVAL}s. Exiting."; exit 1; }
+# --< Done
+
+_log "INFO" "[restore] restore backup with backup number #${BACKUP_NUMBER}"
+touch "${TRAP_FILE}"
+BACKUP_FILE="${BACKUP_DIR}/${BACKUP_NUMBER}"
+
+if [[ -f "$BACKUP_FILE.tar.gz" ]]; then
+    _log "INFO" "[restore] old format tar.gz found, restoring it"
     OPTS=""
     EXT="tar.gz"
-elif [[ -f "$backup_file.tar.zstd" ]]; then
-    echo "Backup file found, proceeding"
+elif [[ -f "$BACKUP_FILE.tar.zstd" ]]; then
+    _log "INFO" "[restore] Backup file found, proceeding"
     OPTS="--zstd"
     EXT="tar.zstd"
 else
-  echo "ERR: Backup file not found: $backup_file"
+  _log "ERROR" "[restore] backup file not found: $BACKUP_FILE"
   exit 1
 fi
 
-tar $OPTS -C "${JENKINS_HOME}" -xf "${BACKUP_DIR}/${backup_number}.${EXT}"
+tar $OPTS -C "${JENKINS_HOME}" -xf "${BACKUP_DIR}/${BACKUP_NUMBER}.${EXT}"
 
-echo Done
+_log "INFO" "[restore] deleting lock file ${TRAP_FILE}"
+test -f "${TRAP_FILE}" && rm -f "${TRAP_FILE}"
+_log "INFO" "[restore] restoring ${BACKUP_NUMBER} Done"
 exit 0

backup/pvc/bin/run.sh

@@ -1,16 +1,72 @@
 #!/usr/bin/env bash
 
 set -eo pipefail
+source "$(dirname "$0")/utils.sh"
 
-[[ -z "${BACKUP_DIR}" ]] && echo "Required 'BACKUP_DIR' env not set" && exit 1;
-[[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1;
+# Use 60 as default in case BACKUP_CLEANUP_INTERVAL did not set
+BACKUP_CLEANUP_INTERVAL=${BACKUP_CLEANUP_INTERVAL:=60}
+
+# Ensure required environment variables are set
+check_env_var() {
+    if [[ -z "${!1}" ]]; then
+        _log "ERROR" "Required '$1' environment variable is not set"
+        exit 1
+    fi
+}
+
+is_backup_not_exist() {
+    local backup_dir="$1"
+    # Save the current value of 'set -e'
+    local previous_e
+    previous_e=$(set +e; :; echo $?)
+
+    # Temporarily turn off 'set -e'
+    set +e
+
+    # Run ls command to check if any files matching the pattern exist
+    ls "${backup_dir}"/*.tar.* 1> /dev/null 2>&1
+
+    # Store the exit status of the ls command
+    local ls_exit_status=$?
+
+    # Restore the previous value of 'set -e'
+    [ "$previous_e" = "0" ] && set -e
+
+    # Return true if ls command succeeded (no files found), otherwise return false
+    [ $ls_exit_status -ne 0 ]
+}
+
+# Function to find exceeding backups
+find_exceeding_backups() {
+    local backup_dir="$1"
+    local backup_count="$2"
+    # Check if we have any backup
+    if is_backup_not_exist "${backup_dir}"; then
+        _log "ERROR" "[run] backups not found in ${backup_dir}"
+        return
+    fi
+    find "${backup_dir}"/*.tar.zstd -maxdepth 0 -exec basename {} \; | sort -gr | tail -n +$((backup_count +1))
+}
+
+check_env_var "BACKUP_DIR"
+check_env_var "JENKINS_HOME"
+
+if [[ -z "${BACKUP_COUNT}" ]]; then
+    _log "WARNING" "[run] no BACKUP_COUNT set, it means you MUST delete old backups manually or by custom script"
+else
+    _log "INFO" "[run] retaining only the ${BACKUP_COUNT} most recent backups, cleanup occurs every ${BACKUP_CLEANUP_INTERVAL} seconds"
+fi
 
 while true;
 do
-    sleep 10
-    if [[ ! -z "${BACKUP_COUNT}" ]]; then
-        echo "Trimming to only ${BACKUP_COUNT} recent backups in preparation for new backup"
-        #TODO: add the list of exceeding backup before delete
-        find ${BACKUP_DIR} -maxdepth 1 -name '*.tar.zstd' -exec basename {} \; | sort -gr | tail -n +$((BACKUP_COUNT +1)) | xargs -I '{}' rm ${BACKUP_DIR}/'{}'
+    sleep "$BACKUP_CLEANUP_INTERVAL"
+    if [[ -n "${BACKUP_COUNT}" ]]; then
+        exceeding_backups=$(find_exceeding_backups "${BACKUP_DIR}" "${BACKUP_COUNT}")
+        if [[ -n "$exceeding_backups" ]]; then
+            _log "INFO" "[run] removing backups: $(echo "$exceeding_backups" | tr '\n' ', ' | sed 's/,$//')"
+            echo "$exceeding_backups" | while read -r file; do
+                rm "${BACKUP_DIR}/${file}"
+            done
+        fi
     fi
 done

backup/pvc/bin/utils.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# Common utils
+
+_log() {
+    local level="$1"
+    local message="$2"
+    local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
+    if [[ "$level" =~ ^(ERROR|ERR|error|err)$ ]]; then
+        echo "${timestamp} - ${level} - ${message}" > /proc/1/fd/2
+    else
+        echo "${timestamp} - ${level} - ${message}" > /proc/1/fd/1
+        echo "${timestamp} - ${level} - ${message}" >&2
+    fi
+}