Preperations for registry backup.

I only have off-site backups for host01. In case I need to rebuild ns4 or rebuild shore.co.il infrastructure I need those images (although I can probably build them locally and push them, it's probably easier and faster to restore from backups). So this commit includes: - Empty Python script. - pre-commit hooks for Python. - Dockerfile for the image (with the requirements and script). - GitLab CI job for backup on host01 (bind mount the dockerd socket and /var/backups) and a notification job in case the backup fails. All that's left is to write the backup script.

Preperations for registry backup.
be50d792 · nimrod · cb333674 · be50d792 · be50d792 · be50d792
Commit be50d792 authored 3 years ago by nimrod
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,6 +4,8 @@ include:
    file: templates/pre-commit.yml
  - project: shore/ci-templates
    file: templates/docker.yml
+  - project: shore/ci-templates
+    file: templates/notify.yml

 stages:
  - test
@@ -13,11 +15,41 @@ stages:
 build:
  extends: .compose-build
  tags: &tags [ns4.shore.co.il]
+  rules:
+    - if: $CI_PIPELINE_SOURCE != "schedule"

 pull:
  extends: .compose-pull
  tags: *tags
+  rules:
+    - if: $CI_PIPELINE_SOURCE != "schedule"

 run:
+  rules:
+    - if: $CI_PIPELINE_SOURCE != "schedule"
+      when: manual
  extends: .compose-run
  tags: *tags
+
+
+backup:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+  stage: deploy
+  tags: [host01.shore.co.il]
+  image: docker.io/library/docker:20.10
+  before_script:
+    - >-
+      docker build
+      --tag registry.shore.co.il/registry-backup
+      --pull
+      backup
+  script:
+    - >-
+      docker run
+      --volume /var/backups/registry:/var/backups/registry
+      --volume /run/docker.sock:/run/docker.sock
+      registry.shore.co.il/registry-backup
+      backup registry.shore.co.il /var/backups/registry
+  after_script:
+    - docker image prune -f
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -54,3 +54,53 @@ repos:
    rev: v2.7.0
    hooks:
      - id: hadolint
+
+  - repo: https://github.com/ambv/black
+    rev: 21.9b0
+    hooks:
+      - id: black
+        args:
+          - |
+              --line-length=79
+
+  - repo: https://github.com/PyCQA/prospector
+    rev: 1.5.1
+    hooks:
+      - id: prospector
+        args:
+          - |-
+            --max-line-length=79
+          - |-
+            --with-tool=pyroma
+          - |-
+            --with-tool=bandit
+          - |-
+            --without-tool=pep257
+          - |-
+            --doc-warnings
+          - |-
+            --test-warnings
+          - |-
+            --full-pep8
+          - |-
+            --strictness=high
+          - |-
+            --no-autodetect
+        additional_dependencies:
+          - bandit
+          - pyroma
+
+  - repo: https://gitlab.com/pycqa/flake8.git
+    rev: 3.9.2
+    hooks:
+      - id: flake8
+        args:
+          - |-
+            --doctests
+        additional_dependencies:
+          - flake8-bugbear
+
+  - repo: https://github.com/codespell-project/codespell.git
+    rev: v2.1.0
+    hooks:
+      - id: codespell
--- a/backup/.dockerignore
+++ b/backup/.dockerignore
+*
+!backup
--- a/backup/Dockerfile
+++ b/backup/Dockerfile
+FROM docker.io/library/alpine:3.14
+# hadolint ignore=DL3018
+RUN apk add --update --no-cache docker-py
+COPY --chown=root:root backup /usr/local/bin/backup
--- a/backup/backup
+++ b/backup/backup
+#!/usr/bin/env python3
+"""Backup a container image registry."""