#!/usr/bin/env bash set -euo pipefail # 从“私有数据仓库”(Gitea)拉取最新加密快照并导入到本地数据库。 # # 用法: # export SAASSHOP_DB_SNAPSHOT_KEY='你的强密码' # export SAASSHOP_DATA_REPO_SSH='git@git.xxx:owner/saasshop-data(.wiki).git' # bash scripts/db_snapshot_import.sh REPO_DIR=$(cd "$(dirname "$0")/.." && pwd) cd "$REPO_DIR" DATA_REPO_SSH=${SAASSHOP_DATA_REPO_SSH:-""} if [[ "$DATA_REPO_SSH" == "" && -f /app/working.secret/saasshop_data_repo_ssh ]]; then DATA_REPO_SSH=$(cat /app/working.secret/saasshop_data_repo_ssh) fi if [[ "$DATA_REPO_SSH" == "" ]]; then echo "缺少数据仓库地址:" echo "- 请设置环境变量 SAASSHOP_DATA_REPO_SSH" echo "- 或创建文件 /app/working.secret/saasshop_data_repo_ssh(内容为 ssh 地址)" exit 21 fi if [[ "${SAASSHOP_DB_SNAPSHOT_KEY:-}" == "" ]]; then echo "缺少解密密钥:请先 export SAASSHOP_DB_SNAPSHOT_KEY='...'" exit 22 fi ENV_FILE="$REPO_DIR/.env" if [[ ! -f "$ENV_FILE" && -f /app/working.secret/laravel.env.snapshot ]]; then ENV_FILE="/app/working.secret/laravel.env.snapshot" fi if [[ ! -f "$ENV_FILE" ]]; then echo "找不到 .env 或 /app/working.secret/laravel.env.snapshot,无法确定 DB 配置" exit 23 fi # shellcheck disable=SC1090 set -a source "$ENV_FILE" set +a DB_HOST=${DB_HOST:-127.0.0.1} DB_PORT=${DB_PORT:-3306} DB_DATABASE=${DB_DATABASE:-} DB_USERNAME=${DB_USERNAME:-} DB_PASSWORD=${DB_PASSWORD:-} if [[ "$DB_DATABASE" == "" || "$DB_USERNAME" == "" ]]; then echo "DB 配置不完整:DB_DATABASE/DB_USERNAME 不能为空" exit 24 fi # 数据仓工作区:固定目录,但每次都会强制将 remote 指向当前 DATA_REPO_SSH,避免曾经 clone 过其它仓(如 .wiki.git)导致拉错。 WORK_DIR="/tmp/saasshop-data-repo" if [[ -d "$WORK_DIR/.git" ]]; then echo "[data-repo] updating existing clone: $WORK_DIR" git -C "$WORK_DIR" remote set-url origin "$DATA_REPO_SSH" git -C "$WORK_DIR" fetch origin git -C "$WORK_DIR" checkout main || git -C "$WORK_DIR" checkout -b main git -C "$WORK_DIR" pull --rebase origin main || true else rm -rf "$WORK_DIR" || true echo "[data-repo] cloning: $DATA_REPO_SSH -> $WORK_DIR" git clone "$DATA_REPO_SSH" "$WORK_DIR" git -C "$WORK_DIR" checkout main || git -C "$WORK_DIR" checkout -b main fi ENC_FILE="$WORK_DIR/snapshots/latest.sql.gz.enc" MANIFEST="$WORK_DIR/snapshots/manifest.json" if [[ ! -f "$ENC_FILE" ]]; then echo "数据仓未找到快照:$ENC_FILE" exit 25 fi TMP_DIR=$(mktemp -d) trap 'rm -rf "$TMP_DIR" || true' EXIT SQL_GZ="$TMP_DIR/latest.sql.gz" echo "[snapshot] decrypting ..." openssl enc -d -aes-256-cbc -pbkdf2 \ -pass env:SAASSHOP_DB_SNAPSHOT_KEY \ -in "$ENC_FILE" -out "$SQL_GZ" echo "[snapshot] importing into mysql ($DB_DATABASE) ..." # 注意:快照里使用了 --databases,会包含 CREATE DATABASE/USE # 这里直接交给 mysql 执行。 gzip -dc "$SQL_GZ" | mysql \ --host="$DB_HOST" --port="$DB_PORT" \ --user="$DB_USERNAME" --password="$DB_PASSWORD" echo "[done] imported snapshot" if [[ -f "$MANIFEST" ]]; then echo "[info] manifest:" cat "$MANIFEST" fi