102 lines
3.1 KiB
Bash
Executable File
102 lines
3.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
|
||
# 从“私有数据仓库”(Gitea)拉取最新加密快照并导入到本地数据库。
|
||
#
|
||
# 用法:
|
||
# export SAASSHOP_DB_SNAPSHOT_KEY='你的强密码'
|
||
# export SAASSHOP_DATA_REPO_SSH='git@git.xxx:owner/saasshop-data(.wiki).git'
|
||
# bash scripts/db_snapshot_import.sh
|
||
|
||
REPO_DIR=$(cd "$(dirname "$0")/.." && pwd)
|
||
cd "$REPO_DIR"
|
||
|
||
DATA_REPO_SSH=${SAASSHOP_DATA_REPO_SSH:-""}
|
||
if [[ "$DATA_REPO_SSH" == "" && -f /app/working.secret/saasshop_data_repo_ssh ]]; then
|
||
DATA_REPO_SSH=$(cat /app/working.secret/saasshop_data_repo_ssh)
|
||
fi
|
||
|
||
if [[ "$DATA_REPO_SSH" == "" ]]; then
|
||
echo "缺少数据仓库地址:"
|
||
echo "- 请设置环境变量 SAASSHOP_DATA_REPO_SSH"
|
||
echo "- 或创建文件 /app/working.secret/saasshop_data_repo_ssh(内容为 ssh 地址)"
|
||
exit 21
|
||
fi
|
||
|
||
if [[ "${SAASSHOP_DB_SNAPSHOT_KEY:-}" == "" ]]; then
|
||
echo "缺少解密密钥:请先 export SAASSHOP_DB_SNAPSHOT_KEY='...'"
|
||
exit 22
|
||
fi
|
||
|
||
ENV_FILE="$REPO_DIR/.env"
|
||
if [[ ! -f "$ENV_FILE" && -f /app/working.secret/laravel.env.snapshot ]]; then
|
||
ENV_FILE="/app/working.secret/laravel.env.snapshot"
|
||
fi
|
||
|
||
if [[ ! -f "$ENV_FILE" ]]; then
|
||
echo "找不到 .env 或 /app/working.secret/laravel.env.snapshot,无法确定 DB 配置"
|
||
exit 23
|
||
fi
|
||
|
||
# shellcheck disable=SC1090
|
||
set -a
|
||
source "$ENV_FILE"
|
||
set +a
|
||
|
||
DB_HOST=${DB_HOST:-127.0.0.1}
|
||
DB_PORT=${DB_PORT:-3306}
|
||
DB_DATABASE=${DB_DATABASE:-}
|
||
DB_USERNAME=${DB_USERNAME:-}
|
||
DB_PASSWORD=${DB_PASSWORD:-}
|
||
|
||
if [[ "$DB_DATABASE" == "" || "$DB_USERNAME" == "" ]]; then
|
||
echo "DB 配置不完整:DB_DATABASE/DB_USERNAME 不能为空"
|
||
exit 24
|
||
fi
|
||
|
||
# 数据仓工作区:固定目录,但每次都会强制将 remote 指向当前 DATA_REPO_SSH,避免曾经 clone 过其它仓(如 .wiki.git)导致拉错。
|
||
WORK_DIR="/tmp/saasshop-data-repo"
|
||
if [[ -d "$WORK_DIR/.git" ]]; then
|
||
echo "[data-repo] updating existing clone: $WORK_DIR"
|
||
git -C "$WORK_DIR" remote set-url origin "$DATA_REPO_SSH"
|
||
git -C "$WORK_DIR" fetch origin
|
||
git -C "$WORK_DIR" checkout main || git -C "$WORK_DIR" checkout -b main
|
||
git -C "$WORK_DIR" pull --rebase origin main || true
|
||
else
|
||
rm -rf "$WORK_DIR" || true
|
||
echo "[data-repo] cloning: $DATA_REPO_SSH -> $WORK_DIR"
|
||
git clone "$DATA_REPO_SSH" "$WORK_DIR"
|
||
git -C "$WORK_DIR" checkout main || git -C "$WORK_DIR" checkout -b main
|
||
fi
|
||
|
||
ENC_FILE="$WORK_DIR/snapshots/latest.sql.gz.enc"
|
||
MANIFEST="$WORK_DIR/snapshots/manifest.json"
|
||
|
||
if [[ ! -f "$ENC_FILE" ]]; then
|
||
echo "数据仓未找到快照:$ENC_FILE"
|
||
exit 25
|
||
fi
|
||
|
||
TMP_DIR=$(mktemp -d)
|
||
trap 'rm -rf "$TMP_DIR" || true' EXIT
|
||
|
||
SQL_GZ="$TMP_DIR/latest.sql.gz"
|
||
|
||
echo "[snapshot] decrypting ..."
|
||
openssl enc -d -aes-256-cbc -pbkdf2 \
|
||
-pass env:SAASSHOP_DB_SNAPSHOT_KEY \
|
||
-in "$ENC_FILE" -out "$SQL_GZ"
|
||
|
||
echo "[snapshot] importing into mysql ($DB_DATABASE) ..."
|
||
# 注意:快照里使用了 --databases,会包含 CREATE DATABASE/USE
|
||
# 这里直接交给 mysql 执行。
|
||
gzip -dc "$SQL_GZ" | mysql \
|
||
--host="$DB_HOST" --port="$DB_PORT" \
|
||
--user="$DB_USERNAME" --password="$DB_PASSWORD"
|
||
|
||
echo "[done] imported snapshot"
|
||
if [[ -f "$MANIFEST" ]]; then
|
||
echo "[info] manifest:"
|
||
cat "$MANIFEST"
|
||
fi
|