Repository Backup #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Repository Backup | |
| on: | |
| schedule: | |
| # Run weekly on Sunday at 2 AM UTC | |
| - cron: '0 2 * * 0' | |
| workflow_dispatch: | |
| inputs: | |
| organization: | |
| description: 'GitHub organization to backup' | |
| required: false | |
| default: 'quantecon' | |
| force: | |
| description: 'Force backup even if already exists today' | |
| required: false | |
| default: false | |
| type: boolean | |
| jobs: | |
| backup: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # Required for OIDC authentication | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| # Recommended: Use OIDC authentication (no long-lived credentials) | |
| # Requires AWS IAM Identity Provider and Role configured for GitHub Actions | |
| # See README.md for setup instructions | |
| - name: Configure AWS credentials (OIDC) | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| aws-region: ${{ vars.AWS_REGION || 'us-east-1' }} | |
| - name: Run backup | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.REPO_BACKUP_TOKEN || secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [ "${{ github.event.inputs.force }}" = "true" ]; then | |
| python -m src.main --config config.yml --task backup --force | |
| else | |
| python -m src.main --config config.yml --task backup | |
| fi | |
| - name: Generate backup report | |
| if: always() | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.REPO_BACKUP_TOKEN || secrets.GITHUB_TOKEN }} | |
| run: | | |
| python -m src.main --config config.yml --task report | |
| - name: Upload logs as artifact | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: backup-logs-${{ github.run_number }} | |
| path: | | |
| *.log | |
| retention-days: 30 |