Merge pull request #6 from ivov/shellcheck-backup-scripts

ci: Introduce `shellcheck`
ivov · Nov 23, 2024 · f5b2ff8 · f5b2ff8
2 parents 116c077 + e6dacbf
commit f5b2ff8
Show file tree

Hide file tree

Showing 8 changed files with 94 additions and 53 deletions.
diff --git a/.github/workflows/lint-test-vet.yml → .github/workflows/go-check.yml b/.github/workflows/lint-test-vet.yml → .github/workflows/go-check.yml
@@ -1,9 +1,25 @@
-name: Lint, test, vet
+name: Go check
 
 on: push
 
 jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      go_changed: ${{ steps.filter.outputs.any_changed }}
+    steps:
+      - uses: actions/[email protected]
+      - uses: tj-actions/changed-files@v43
+        id: filter
+        with:
+          files: |
+            **/*.go
+            go.mod
+            go.sum
+
   checks:
+    needs: changes
+    if: ${{ needs.changes.outputs.go_changed == 'true' }}
     timeout-minutes: 5
     runs-on: ubuntu-latest
     steps:

diff --git a/.github/workflows/shell-check.yml b/.github/workflows/shell-check.yml
@@ -0,0 +1,25 @@
+name: Shell check
+
+on: push
+
+jobs:
+  checks:
+    timeout-minutes: 1
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/[email protected]
+
+    - name: Get changed files
+      id: changed-files
+      uses: tj-actions/changed-files@v43
+      with:
+        files: infrastructure/02-configure/**/*.sh
+
+    - name: Shell check
+      uses: ludeeus/[email protected]
+      if: steps.changed-files.outputs.any_changed == 'true'
+      with:
+        version: v0.10.0
+        scandir: './infrastructure/02-configure'
+        severity: style # check all levels of issues
+        check_together: true # check all scripts in single run
diff --git a/README.md b/README.md
@@ -29,8 +29,9 @@ Deployment stack:
 
 ## Docs
 
-- [`provision.md`](docs/provision.md)
+- [`01-provision.md`](docs/01-provision.md)
+- [`02-configure.md`](docs/02-configure.md)
+- [`03-deploy.md`](docs/03-deploy.md)
 - [`develop.md`](docs/develop.md)
 - [`release.md`](docs/release.md)
-- [`deploy.md`](docs/deploy.md)
 - [`monitor.md`](docs/monitor.md) 
diff --git a/docs/03-deploy.md b/docs/03-deploy.md
@@ -30,3 +30,38 @@ deploy/scripts/start-services.sh
 
 Log in to `https://grafana.domain.com` and set a password for the Grafana admin user.
 
+
+## Old: Release
+
+Ensure local and remote `master` branches are in sync:
+
+```sh
+git fetch origin
+git status
+# -> Your branch is up to date with 'origin/master'.
+```
+
+Create tag (following semver) and push it:
+
+```sh
+git tag v1.0.0
+git push origin v1.0.0
+```
+
+Monitor the release on GitHub:
+
+- https://github.com/ivov/n8n-shortlink/actions/workflows/release-on-tag-push.yml
+
+On completion, this release is listed as `latest` on GHCR:
+
+- https://github.com/ivov/n8n-shortlink/pkgs/container/n8n-shortlink
+
+Deploy the release to production:
+
+```sh
+ssh shortlink_vps
+
+COMPOSE_PROJECT_NAME=n8n_shortlink docker-compose --file deploy/docker-compose.monitoring.yml down
+COMPOSE_PROJECT_NAME=n8n_shortlink docker-compose --file deploy/docker-compose.yml down
+deploy/scripts/start-services.sh
+```
diff --git a/docs/release.md b/docs/release.md
diff --git a/infrastructure/02-configure/backup-list.sh b/infrastructure/02-configure/backup-list.sh
@@ -22,16 +22,16 @@ human_readable_size() {
     ((unit++))
   done
 
-  printf "%.2f %s" $size "${units[$unit]}"
+  printf "%.2f %s" "$size" "${units[$unit]}"
 }
 
 aws s3 ls "s3://$BUCKET_NAME/" | sort -r | while read -r line; do
-  date=$(echo $line | awk '{print $1}')
-  time=$(echo $line | awk '{print $2}')
-  size=$(echo $line | awk '{print $3}')
-  filename=$(echo $line | awk '{print $4}')
+  date=$(echo "$line" | awk '{print $1}')
+  time=$(echo "$line" | awk '{print $2}')
+  size=$(echo "$line" | awk '{print $3}')
+  filename=$(echo "$line" | awk '{print $4}')
 
-  hr_size=$(human_readable_size $size)
+  hr_size=$(human_readable_size "$size")
 
   printf "%-12s %-12s %-12s %s\n" "$date" "$time" "$hr_size" "$filename"
 done
diff --git a/infrastructure/02-configure/backup-restore.sh b/infrastructure/02-configure/backup-restore.sh
@@ -13,7 +13,6 @@ fi
 APP_DIR="$HOME/.n8n-shortlink"
 BACKUP_DIR="$APP_DIR/backup"
 BACKUP_ENCRYPTION_KEY="$BACKUP_DIR/n8n-shortlink-backup-encryption.key"
-BACKUP_LOG_FILE="$BACKUP_DIR/backup.log"
 RESTORED_DB="$BACKUP_DIR/restored.sqlite"
 
 BUCKET_NAME=$(grep bucket_name ~/.aws/config | cut -d '=' -f2 | tr -d ' ')
@@ -28,18 +27,22 @@ BUCKET_URI="s3://$BUCKET_NAME/$BACKUP_NAME"
 bold='\033[1m'
 unbold='\033[0m'
 
-rm -f $RESTORED_DB
+rm -f "$RESTORED_DB"
 
 echo -e "Selected backup: ${bold}$BACKUP_NAME${unbold}"
 echo "Downloading backup..."
 aws s3 cp "$BUCKET_URI" "./$BACKUP_NAME" > /dev/null 2>&1
+
+# shellcheck disable=SC2181
 if [ $? -ne 0 ]; then
   echo "Failed to download backup from S3"
   exit 1
 fi
 
 echo "Decrypting and restoring backup..."
 openssl enc -d -aes-256-cbc -in "./$BACKUP_NAME" -pass "file:$BACKUP_ENCRYPTION_KEY" -pbkdf2 | gunzip | sqlite3 "$RESTORED_DB"
+
+# shellcheck disable=SC2181
 if [ $? -ne 0 ]; then
   echo "Failed to decrypt and restore backup"
   rm -f "./$BACKUP_NAME"

diff --git a/infrastructure/02-configure/backup-run.sh b/infrastructure/02-configure/backup-run.sh
@@ -41,15 +41,17 @@ log_message() {
 #        compress + encrypt
 # ==================================
 
-sqlite3 $APP_DB .dump | gzip > "$TEMP_DIR/$PLAINTEXT_BACKUP_NAME"
+sqlite3 "$APP_DB" .dump | gzip > "$TEMP_DIR/$PLAINTEXT_BACKUP_NAME"
 
+# shellcheck disable=SC2181
 if [ $? -ne 0 ]; then
   log_message "Failed to dump and compress database"
   exit 1
 fi
 
 openssl enc -aes-256-cbc -salt -in "$TEMP_DIR/$PLAINTEXT_BACKUP_NAME" -out "$TEMP_DIR/$ENCRYPTED_BACKUP_NAME" -pass "file:$BACKUP_ENCRYPTION_KEY" -pbkdf2
 
+# shellcheck disable=SC2181
 if [ $? -ne 0 ]; then
   log_message "Failed to encrypt backup"
   exit 1