diff --git a/.gitea/workflows/dag-config-check.yml b/.gitea/workflows/dag-config-check.yml new file mode 100644 index 0000000..48980ae --- /dev/null +++ b/.gitea/workflows/dag-config-check.yml @@ -0,0 +1,67 @@ +# .github/workflows/validate-dags.yml +name: Validate DAGs + +on: + workflow_dispatch: + push: + paths: ['./app-configs/rinoa/dagu/dags/**'] + branches-ignore: + - main + +env: + DAGS_PATH: "./app-configs/rinoa/dagu/dags" + VAULT_ADDR: ${{ secrets.VAULT_ADDR }} + VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }} + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Ansible + uses: alex-oleshkevich/setup-ansible@v1.0.1 + with: + version: "11.4.0" + + - name: Set up Vault CLI + uses: hashicorp/setup-vault@v2 + with: + version: 1.18.0 + + - name: Install hvac (Vault Python SDK) + run: pip install hvac + + - name: Render .yaml.j2 templates + uses: dawidd6/action-ansible-playbook@v2 + with: + directory: . + vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} + requirements: collections/requirements.yml + playbook: | + - hosts: localhost + gather_facts: false + vars: + vault_addr: ${{ env.VAULT_ADDR }} + vault_token: ${{ env.VAULT_TOKEN }} + dags_path: ${{ env.DAGS_PATH }} + tasks: + - name: Render DAG templates + template: + src: "{{ item }}" + dest: "{{ item | regex_replace('\\.j2$', '') }}" + loop: "{{ lookup('fileglob', dags_path ~ '/*.yaml.j2', wantlist=True) }}" + + - name: Install dagu + uses: jaxxstorm/action-install-gh-release@v1 + with: + repo: dagu-org/dagu + platform: linux + arch: amd64 + + - name: Validate DAGs + run: | + for dag in $(find ${DAGS_PATH} -type f -name "*.yaml" -a ! -name "*example*"); do + echo "Validating $dag" + dagu dry "$dag" + done diff --git a/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml b/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml index 95483bc..05e3b58 100644 --- a/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml +++ b/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml @@ -3,7 +3,7 @@ name: Gitea Branch PR & Ansible Deployment on: workflow_dispatch: workflow_run: - workflows: ["Home Assistant Config Check"] + workflows: [Home Assistant Config Check, Validate DAs] types: - completed branches: main diff --git a/app-configs/rinoa/dagu/dags/mariadb-backups.yaml.j2 b/app-configs/rinoa/dagu/dags/mariadb-backups.yaml.j2 new file mode 100644 index 0000000..87c5666 --- /dev/null +++ b/app-configs/rinoa/dagu/dags/mariadb-backups.yaml.j2 @@ -0,0 +1,33 @@ +name: mariadb-backup +description: "Backup of all databases from MariaDB container" +schedule: "30 23 * * *" + +env: + MARIADB_ROOT_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD'] }} + +steps: + - name: list-all-databases + shell: nix-shell + shellPackages: [mariadb] + command: | + mariadb -h mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -Nse "SHOW DATABASES;" | egrep -v '(information|performance)_schema|mysql|sys' + output: RINOA_MADB_LIST + + - name: db-folder-check-creation-backup + depends: list-all-databases + shell: nix-shell + shellPackages: [mariadb] + workingDir: /backups/dbs/mariadb + script: | + for mdatabase in $(echo ${RINOA_MADB_LIST}) ; do + mkdir -p ${mdatabase} + mariadb_dump --user=root --password"${MARIADB_ROOT_PASSWORD}" --databases ${madb} > ${mdatabase}/${mdatabase}_$(date +%Y-%m-%dT%H-%M-%S).sql + done + + - name: db-backup-cleanup + depends: + - list-all-databases + - db-folder-check-creation-backup + workingDir: /backups/dbs/mariadb + command: > + find $(pwd) -type f -name "*.sql" -ctime +7 | xargs rm -fv \ No newline at end of file