Add postgres-backup docker image

Author: mythz

.github/workflows/docker-build.yml

@@ -0,0 +1,62 @@
+name: Build and Publish Docker Image
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'Dockerfile'
+      - 'backup-script.sh'
+      - '.github/workflows/docker-build.yml'
+  release:
+    types: [published]
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.gitignore

@@ -0,0 +1 @@
+.env

Dockerfile

@@ -0,0 +1,83 @@
+# Use Ubuntu as base image for better package management
+FROM ubuntu:24.04
+
+# Metadata labels for the image
+LABEL org.opencontainers.image.title="PostgreSQL Backup Service"
+LABEL org.opencontainers.image.description="Automated PostgreSQL backup service with S3/R2 sync and retention policies"
+LABEL org.opencontainers.image.vendor="ServiceStack"
+LABEL org.opencontainers.image.licenses="MIT"
+LABEL org.opencontainers.image.source="https://github.com/ServiceStack/backup-postgres"
+LABEL org.opencontainers.image.documentation="https://github.com/ServiceStack/backup-postgres#readme"
+
+# Avoid interactive prompts during package installation
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Add PostgreSQL official APT repository for latest version
+RUN apt-get update && apt-get install -y \
+    curl \
+    ca-certificates \
+    gnupg \
+    lsb-release \
+    && curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg \
+    && echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list
+
+# Update package list and install required packages
+RUN apt-get update && apt-get install -y \
+    # PostgreSQL client tools (latest version)
+    postgresql-client-17 \
+    # AWS CLI dependencies
+    unzip \
+    python3 \
+    python3-pip \
+    # Utilities
+    cron \
+    bash \
+    findutils \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install AWS CLI v2
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
+    && unzip awscliv2.zip \
+    && ./aws/install \
+    && rm -rf awscliv2.zip aws/
+
+# Configure AWS CLI for R2 compatibility
+RUN mkdir -p /root/.aws \
+    && echo '[default]' > /root/.aws/config \
+    && echo 's3 =' >> /root/.aws/config \
+    && echo '    signature_version = s3v4' >> /root/.aws/config \
+    && echo '    addressing_style = path' >> /root/.aws/config \
+    && echo '    multipart_threshold = 1GB' >> /root/.aws/config \
+    && echo '    multipart_chunksize = 64MB' >> /root/.aws/config
+
+# Create backup directory
+RUN mkdir -p /backups
+
+# Create backup script
+COPY backup-script.sh /usr/local/bin/backup-script.sh
+RUN chmod +x /usr/local/bin/backup-script.sh
+
+# Set working directory
+WORKDIR /backups
+
+# Environment variables documentation
+ENV BACKUP_INTERVAL=86400 \
+    RETENTION_DAYS=7 \
+    S3_BUCKET="" \
+    S3_PREFIX="db-backups" \
+    S3_RETENTION_DAYS="" \
+    POSTGRES_HOST="" \
+    POSTGRES_USER="" \
+    POSTGRES_PASSWORD="" \
+    POSTGRES_DB="" \
+    AWS_ACCESS_KEY_ID="" \
+    AWS_SECRET_ACCESS_KEY="" \
+    AWS_DEFAULT_REGION="" \
+    AWS_ENDPOINT_URL=""
+
+# Health check to verify the service is running
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD pgrep -f backup-script.sh > /dev/null || exit 1
+
+# Default command
+CMD ["/usr/local/bin/backup-script.sh"]

README.md

@@ -0,0 +1,187 @@
+# PostgreSQL Backup Service
+
+A containerized PostgreSQL backup service that automatically creates database backups with configurable retention policies and optional S3/R2 cloud storage sync.
+
+## Features
+
+- 🔄 **Automated Backups**: Configurable backup intervals (default: 24 hours)
+- 🗂️ **Retention Policies**: Automatic cleanup of old backups (local and cloud)
+- ☁️ **Cloud Storage**: Support for AWS S3 and Cloudflare R2
+- 🐳 **Container Ready**: Works with Docker Compose and Kamal accessories
+- 📊 **Health Checks**: Built-in health monitoring
+- 🔒 **Secure**: Uses environment variables for credentials
+
+## Quick Start
+
+### Using Docker Compose
+
+1. Create a `.env` file with your database credentials:
+
+```env
+POSTGRES_USER=myuser
+POSTGRES_PASSWORD=mypassword
+POSTGRES_DB=mydatabase
+
+# Optional: S3/R2 configuration
+S3_BUCKET=my-backup-bucket
+S3_PREFIX=db-backups
+AWS_ACCESS_KEY_ID=your-access-key
+AWS_SECRET_ACCESS_KEY=your-secret-key
+AWS_DEFAULT_REGION=us-east-1
+
+# For Cloudflare R2, also set:
+AWS_ENDPOINT_URL=https://your-account-id.r2.cloudflarestorage.com
+```
+
+2. Use the provided `compose.yml`:
+
+```bash
+docker compose up -d
+```
+
+### Using Kamal Accessory
+
+Add to your `config/deploy.yml`:
+
+```yaml
+accessories:
+  postgres-backup:
+    image: ghcr.io/servicestack/backup-postgres:latest
+    host: your-server
+    env:
+      clear:
+        POSTGRES_HOST: postgres
+        BACKUP_INTERVAL: "86400"  # 24 hours
+        RETENTION_DAYS: "7"
+        S3_BUCKET: "your-backup-bucket"
+        S3_PREFIX: "db-backups"
+        S3_RETENTION_DAYS: "30"
+      secret:
+        - POSTGRES_USER
+        - POSTGRES_PASSWORD
+        - POSTGRES_DB
+        - AWS_ACCESS_KEY_ID
+        - AWS_SECRET_ACCESS_KEY
+        - AWS_DEFAULT_REGION
+        - AWS_ENDPOINT_URL  # For R2
+    volumes:
+      - "/opt/backups:/backups"
+    depends_on:
+      - postgres
+```
+
+## Configuration
+
+### Environment Variables
+
+| Variable | Required | Default | Description |
+|----------|----------|---------|-------------|
+| `POSTGRES_HOST` | ✅ | - | PostgreSQL server hostname |
+| `POSTGRES_USER` | ✅ | - | Database username |
+| `POSTGRES_PASSWORD` | ✅ | - | Database password |
+| `POSTGRES_DB` | ✅ | - | Database name |
+| `BACKUP_INTERVAL` | ❌ | `86400` | Backup interval in seconds |
+| `RETENTION_DAYS` | ❌ | `7` | Local backup retention in days |
+| `S3_BUCKET` | ❌ | - | S3/R2 bucket name |
+| `S3_PREFIX` | ❌ | `db-backups` | S3/R2 prefix/folder |
+| `S3_RETENTION_DAYS` | ❌ | - | Cloud backup retention in days |
+| `AWS_ACCESS_KEY_ID` | ❌ | - | AWS/R2 access key |
+| `AWS_SECRET_ACCESS_KEY` | ❌ | - | AWS/R2 secret key |
+| `AWS_DEFAULT_REGION` | ❌ | - | AWS region |
+| `AWS_ENDPOINT_URL` | ❌ | - | Custom endpoint (for R2) |
+
+### Backup Schedule
+
+- **Default**: Every 24 hours (`BACKUP_INTERVAL=86400`)
+- **Custom**: Set `BACKUP_INTERVAL` to any value in seconds
+- **Examples**:
+  - Every 6 hours: `BACKUP_INTERVAL=21600`
+  - Every 12 hours: `BACKUP_INTERVAL=43200`
+  - Every hour: `BACKUP_INTERVAL=3600`
+
+### Retention Policies
+
+- **Local**: Controlled by `RETENTION_DAYS` (default: 7 days)
+- **Cloud**: Controlled by `S3_RETENTION_DAYS` (optional)
+- Cleanup runs after each backup
+
+## Storage Options
+
+### Local Storage Only
+
+Set only the PostgreSQL connection variables. Backups will be stored locally with the configured retention policy.
+
+### AWS S3
+
+```env
+S3_BUCKET=my-backup-bucket
+AWS_ACCESS_KEY_ID=your-access-key
+AWS_SECRET_ACCESS_KEY=your-secret-key
+AWS_DEFAULT_REGION=us-east-1
+```
+
+### Cloudflare R2
+
+```env
+S3_BUCKET=my-backup-bucket
+AWS_ACCESS_KEY_ID=your-r2-access-key
+AWS_SECRET_ACCESS_KEY=your-r2-secret-key
+AWS_ENDPOINT_URL=https://your-account-id.r2.cloudflarestorage.com
+```
+
+## Development
+
+### Local Development
+
+Use the development compose file:
+
+```bash
+docker compose -f compose.dev.yml up -d
+```
+
+This builds the image locally instead of pulling from the registry.
+
+### Building the Image
+
+```bash
+docker build -t backup-postgres .
+```
+
+## Monitoring
+
+### Health Checks
+
+The container includes health checks that verify the backup service is running:
+
+```bash
+docker ps  # Check health status
+docker logs postgres_backup  # View logs
+```
+
+### Logs
+
+The service provides detailed logging with timestamps:
+
+```bash
+docker compose logs -f postgres_backup
+```
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Connection Failed**: Verify PostgreSQL credentials and network connectivity
+2. **S3 Upload Failed**: Check AWS credentials and bucket permissions
+3. **Permission Denied**: Ensure backup volume has proper write permissions
+
+### Debug Mode
+
+Add verbose logging by checking container logs:
+
+```bash
+docker compose logs postgres_backup
+```
+
+## License
+
+MIT License - see LICENSE file for details.