Skip to content
/ s3-backup Public

A GitHub action to mirror a repository to S3 compatible object storage

License

MIT license
66 stars 26 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

peter-evans/s3-backup

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.github
.github
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

S3 Backup

GitHub Marketplace

A GitHub action to mirror a repository to S3 compatible object storage.

Usage

This example will mirror your repository to an S3 bucket called repo-backup-bucket and at the optional key /at/some/path. Objects at the target will be overwritten, and extraneous objects will be removed. This default usage keeps your S3 backup in sync with GitHub.

action "S3 Backup" {
  uses = "peter-evans/[email protected]"
  secrets = ["ACCESS_KEY_ID", "SECRET_ACCESS_KEY"]
  env = {
    MIRROR_TARGET = "repo-backup-bucket/at/some/path"
  }
  args = "--overwrite --remove"
}

S3 Backup uses the mirror command of MinIO Client. Additional arguments may be passed to the action via the args parameter.

Secrets and environment variables

The secrets ACCESS_KEY_ID and SECRET_ACCESS_KEY are required and the associated IAM user should have s3:* policy access.

  • MIRROR_TARGET (required) - The target bucket, and optionally, the key within the bucket.
  • MIRROR_SOURCE - The source defaults to the repository root. If required a path relative to the root can be set.
  • STORAGE_SERVICE_URL - The URL to the object storage service. Defaults to https://s3.amazonaws.com for Amazon S3.
  • STORAGE_SERVICE_ALIAS - Defaults to s3. See MinIO Client for other options such as S3 compatible minio, and gcs for Google Cloud Storage.

Restricted IAM policy

IAM users need full S3 access. However, you can create a policy to restrict access to specific resources if required. This policy grants the user access to the bucket my-restricted-bucket and its contents.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowBucketStat",
            "Effect": "Allow",
            "Action": [
                "s3:HeadBucket"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowThisBucketOnly",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::my-restricted-bucket/*",
                "arn:aws:s3:::my-restricted-bucket"
            ]
        }
    ]
}

Complete workflow example

The workflow below filters push events for the master branch before mirroring to S3.

workflow "Mirror repo to S3" {
  resolves = ["S3 Backup"]
  on = "push"
}

action "Filter master branch" {
  uses = "actions/bin/filter@master"
  args = "branch master"
}

action "S3 Backup" {
  needs = ["Filter master branch"]
  uses = "peter-evans/[email protected]"
  secrets = ["ACCESS_KEY_ID", "SECRET_ACCESS_KEY"]
  env = {
    MIRROR_TARGET = "my-repo-backup"
  }
  args = "--overwrite --remove"
}

License

MIT License - see the LICENSE file for details

About

A GitHub action to mirror a repository to S3 compatible object storage

Topics

s3-storage backup-utility github-action

Resources

Readme

License

MIT license
Activity

Stars

66 stars

Watchers

5 watching

Forks

26 forks
Report repository

Releases 5

S3 Backup v1.1.1 Latest
Oct 20, 2022
+ 4 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 5

Languages