UUXO/dbbackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 28 Wiki Activity

chore: Prepare for public release

Browse Source 
Public Release Preparation:
- Added CONTRIBUTING.md with contribution guidelines
- Added SECURITY.md with vulnerability reporting process
- Updated README.md with badges and public repository links
- Cleaned internal references (genericized production examples)
- Updated all repository links to PlusOne/dbbackup
- Updated Docker registry to git.uuxo.net/PlusOne/dbbackup

Documentation:
- Contribution guidelines (code style, PR process, testing)
- Security policy (supported versions, disclosure process)
- Community support (issues, discussions, security contact)

Repository Links Updated:
- All git.uuxo.net/uuxo/dbbackup → git.uuxo.net/PlusOne/dbbackup
- Download links, Docker registry, clone URLs updated
- Issue tracker and documentation links updated

Ready for public release! 🚀
This commit is contained in:
Renz
2025-11-26 15:44:34 +00:00
parent b27960db8d
commit 24635796ba
5 changed files with 560 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -106,7 +106,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Better error messages for PITR operations
### Production
- **Deployed at uuxoi.local**: 2 production hosts
- **Production Validated**: 2 production hosts
- **Databases backed up**: 8 databases nightly
- **Retention policy**: 30-day retention with minimum 5 backups
- **Backup volume**: ~10MB/night

296
CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,296 @@
# Contributing to dbbackup
Thank you for your interest in contributing to dbbackup! This document provides guidelines and instructions for contributing.
## Code of Conduct
Be respectful, constructive, and professional in all interactions. We're building enterprise software together.
## How to Contribute
### Reporting Bugs
**Before submitting a bug report:**
- Check existing issues to avoid duplicates
- Verify you're using the latest version
- Collect relevant information (version, OS, database type, error messages)
**Bug Report Template:**
```
**Version:** dbbackup v3.1.0
**OS:** Linux/macOS/BSD
**Database:** PostgreSQL 14 / MySQL 8.0 / MariaDB 10.6
**Command:** The exact command that failed
**Error:** Full error message and stack trace
**Expected:** What you expected to happen
**Actual:** What actually happened
```
### Feature Requests
We welcome feature requests! Please include:
- **Use Case:** Why is this feature needed?
- **Description:** What should the feature do?
- **Examples:** How would it be used?
- **Alternatives:** What workarounds exist today?
### Pull Requests
**Before starting work:**
1. Open an issue to discuss the change
2. Wait for maintainer feedback
3. Fork the repository
4. Create a feature branch
**PR Requirements:**
- ✅ All tests pass (`go test -v ./...`)
- ✅ New tests added for new features
- ✅ Documentation updated (README.md, comments)
- ✅ Code follows project style
- ✅ Commit messages are clear and descriptive
- ✅ No breaking changes without discussion
## Development Setup
### Prerequisites
```bash
# Required
- Go 1.21 or later
- PostgreSQL 9.5+ (for testing)
- MySQL 5.7+ or MariaDB 10.3+ (for testing)
- Docker (optional, for integration tests)
# Install development dependencies
go mod download
```
### Building
```bash
# Build binary
go build -o dbbackup
# Build all platforms
./build_all.sh
# Build Docker image
docker build -t dbbackup:dev .
```
### Testing
```bash
# Run all tests
go test -v ./...
# Run specific test suite
go test -v ./tests/pitr_complete_test.go
# Run with coverage
go test -cover ./...
# Run integration tests (requires databases)
./run_integration_tests.sh
```
### Code Style
**Follow Go best practices:**
- Use `gofmt` for formatting
- Use `go vet` for static analysis
- Follow [Effective Go](https://golang.org/doc/effective_go.html)
- Write clear, self-documenting code
- Add comments for complex logic
**Project conventions:**
- Package names: lowercase, single word
- Function names: CamelCase, descriptive
- Variables: camelCase, meaningful names
- Constants: UPPER_SNAKE_CASE
- Errors: Wrap with context using `fmt.Errorf`
**Example:**
```go
// Good
func BackupDatabase(ctx context.Context, config *Config) error {
if err := validateConfig(config); err != nil {
return fmt.Errorf("invalid config: %w", err)
}
// ...
}
// Avoid
func backup(c *Config) error {
// No context, unclear name, no error wrapping
}
```
## Project Structure
```
dbbackup/
├── cmd/ # CLI commands (Cobra)
├── internal/ # Internal packages
│ ├── backup/ # Backup engine
│ ├── restore/ # Restore engine
│ ├── pitr/ # Point-in-Time Recovery
│ ├── cloud/ # Cloud storage backends
│ ├── crypto/ # Encryption
│ └── config/ # Configuration
├── tests/ # Test suites
├── bin/ # Compiled binaries
├── main.go # Entry point
└── README.md # Documentation
```
## Testing Guidelines
**Unit Tests:**
- Test public APIs
- Mock external dependencies
- Use table-driven tests
- Test error cases
**Integration Tests:**
- Test real database operations
- Use Docker containers for isolation
- Clean up resources after tests
- Test all supported database versions
**Example Test:**
```go
func TestBackupRestore(t *testing.T) {
tests := []struct {
name string
dbType string
size int64
expected error
}{
{"PostgreSQL small", "postgres", 1024, nil},
{"MySQL large", "mysql", 1024*1024, nil},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Test implementation
})
}
}
```
## Documentation
**Update documentation when:**
- Adding new features
- Changing CLI flags
- Modifying configuration options
- Updating dependencies
**Documentation locations:**
- `README.md` - Main documentation
- `PITR.md` - PITR guide
- `DOCKER.md` - Docker usage
- Code comments - Complex logic
- `CHANGELOG.md` - Version history
## Commit Guidelines
**Commit Message Format:**
```
<type>: <subject>
<body>
<footer>
```
**Types:**
- `feat:` New feature
- `fix:` Bug fix
- `docs:` Documentation only
- `style:` Code style changes (formatting)
- `refactor:` Code refactoring
- `test:` Adding or updating tests
- `chore:` Maintenance tasks
**Examples:**
```
feat: Add Azure Blob Storage backend
Implements Azure Blob Storage backend for cloud backups.
Includes streaming upload/download and metadata preservation.
Closes #42
---
fix: Handle MySQL connection timeout gracefully
Adds retry logic for transient connection failures.
Improves error messages for timeout scenarios.
Fixes #56
```
## Pull Request Process
1. **Create Feature Branch**
```bash
git checkout -b feature/my-feature
```
2. **Make Changes**
- Write code
- Add tests
- Update documentation
3. **Commit Changes**
```bash
git add -A
git commit -m "feat: Add my feature"
```
4. **Push to Fork**
```bash
git push origin feature/my-feature
```
5. **Open Pull Request**
- Clear title and description
- Reference related issues
- Wait for review
6. **Address Feedback**
- Make requested changes
- Push updates to same branch
- Respond to comments
7. **Merge**
- Maintainer will merge when approved
- Squash commits if requested
## Release Process (Maintainers)
1. Update version in `main.go`
2. Update `CHANGELOG.md`
3. Create release notes (`RELEASE_NOTES_vX.Y.Z.md`)
4. Commit: `git commit -m "Release vX.Y.Z"`
5. Tag: `git tag -a vX.Y.Z -m "Release vX.Y.Z"`
6. Push: `git push origin main vX.Y.Z`
7. Build binaries: `./build_all.sh`
8. Create GitHub Release with binaries
## Questions?
- **Issues:** https://git.uuxo.net/PlusOne/dbbackup/issues
- **Discussions:** Use issue tracker for now
- **Email:** See SECURITY.md for contact
## License
By contributing, you agree that your contributions will be licensed under the Apache License 2.0.
---
**Thank you for contributing to dbbackup!** 🎉

70
README.md
View File

@@ -3,9 +3,14 @@
![dbbackup](dbbackup.png)
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Go Version](https://img.shields.io/badge/Go-1.21+-00ADD8?logo=go)](https://golang.org/)
[![Tests](https://img.shields.io/badge/Tests-Passing-success)](https://git.uuxo.net/PlusOne/dbbackup)
[![Release](https://img.shields.io/badge/Release-v3.1.0-blue)](https://git.uuxo.net/PlusOne/dbbackup/releases)
Professional database backup and restore utility for PostgreSQL, MySQL, and MariaDB.
**🎯 Production-Ready** | **🔒 Encrypted Backups** | **☁️ Cloud Storage** | **🔄 Point-in-Time Recovery**
## Key Features
- Multi-database support: PostgreSQL, MySQL, MariaDB
@@ -25,7 +30,7 @@ Professional database backup and restore utility for PostgreSQL, MySQL, and Mari
**Pull from registry:**
```bash
docker pull git.uuxo.net/uuxo/dbbackup:latest
docker pull git.uuxo.net/PlusOne/dbbackup:latest
```
**Quick start:**
@@ -36,47 +41,47 @@ docker run --rm \
-e PGHOST=your-host \
-e PGUSER=postgres \
-e PGPASSWORD=secret \
git.uuxo.net/uuxo/dbbackup:latest backup single mydb
git.uuxo.net/PlusOne/dbbackup:latest backup single mydb
# Interactive mode
docker run --rm -it \
-v $(pwd)/backups:/backups \
git.uuxo.net/uuxo/dbbackup:latest interactive
git.uuxo.net/PlusOne/dbbackup:latest interactive
```
See [DOCKER.md](DOCKER.md) for complete Docker documentation.
### Download Pre-compiled Binary
Linux x86_64:
**Linux x86_64:**
```bash
curl -L https://git.uuxo.net/uuxo/dbbackup/raw/branch/main/bin/dbbackup_linux_amd64 -o dbbackup
chmod +x dbbackup
wget https://git.uuxo.net/PlusOne/dbbackup/releases/download/v3.1.0/dbbackup-linux-amd64
chmod +x dbbackup-linux-amd64
sudo mv dbbackup-linux-amd64 /usr/local/bin/dbbackup
```
Linux ARM64:
**Linux ARM64:**
```bash
curl -L https://git.uuxo.net/uuxo/dbbackup/raw/branch/main/bin/dbbackup_linux_arm64 -o dbbackup
chmod +x dbbackup
wget https://git.uuxo.net/PlusOne/dbbackup/releases/download/v3.1.0/dbbackup-linux-arm64
chmod +x dbbackup-linux-arm64
sudo mv dbbackup-linux-arm64 /usr/local/bin/dbbackup
```
macOS Intel:
**macOS Intel:**
```bash
curl -L https://git.uuxo.net/uuxo/dbbackup/raw/branch/main/bin/dbbackup_darwin_amd64 -o dbbackup
chmod +x dbbackup
wget https://git.uuxo.net/PlusOne/dbbackup/releases/download/v3.1.0/dbbackup-darwin-amd64
chmod +x dbbackup-darwin-amd64
sudo mv dbbackup-darwin-amd64 /usr/local/bin/dbbackup
```
macOS Apple Silicon:
**macOS Apple Silicon:**
```bash
curl -L https://git.uuxo.net/uuxo/dbbackup/raw/branch/main/bin/dbbackup_darwin_arm64 -o dbbackup
chmod +x dbbackup
wget https://git.uuxo.net/PlusOne/dbbackup/releases/download/v3.1.0/dbbackup-darwin-arm64
chmod +x dbbackup-darwin-arm64
sudo mv dbbackup-darwin-arm64 /usr/local/bin/dbbackup
```
Other platforms available in `bin/` directory: FreeBSD, OpenBSD, NetBSD.
**Other platforms:** FreeBSD, OpenBSD, NetBSD binaries available in [releases](https://git.uuxo.net/PlusOne/dbbackup/releases).
### Build from Source
@@ -1433,6 +1438,31 @@ The test suite validates:
dbbackup is production-ready for backup and disaster recovery operations on PostgreSQL, MySQL, and MariaDB databases. Successfully tested with 42GB databases containing 35,000 large objects.
## Contributing
We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
**Ways to contribute:**
- 🐛 Report bugs and issues
- 💡 Suggest new features
- 📝 Improve documentation
- 🔧 Submit pull requests
- ⭐ Star the project!
## Support
**Issues & Bug Reports:** https://git.uuxo.net/PlusOne/dbbackup/issues
**Security Issues:** See [SECURITY.md](SECURITY.md) for responsible disclosure
**Documentation:**
- [README.md](README.md) - Main documentation
- [PITR.md](PITR.md) - Point-in-Time Recovery guide
- [DOCKER.md](DOCKER.md) - Docker usage
- [CONTRIBUTING.md](CONTRIBUTING.md) - Contribution guidelines
## License
This project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.
Copyright 2025 dbbackup Project

24
RELEASE_NOTES_v3.1.md
View File

@@ -95,7 +95,7 @@ Production-ready backup operations:
## ✅ Production Validated
**Real-World Deployment:**
- ✅ 2 production hosts at uuxoi.local
- ✅ 2 production hosts in production environment
- ✅ 8 databases backed up nightly
- ✅ 30-day retention with minimum 5 backups
- ✅ ~10MB/night backup volume
@@ -125,28 +125,28 @@ Production-ready backup operations:
**Linux (x86_64):**
```bash
wget https://git.uuxo.net/uuxo/dbbackup/releases/download/v3.1.0/dbbackup-linux-amd64
wget https://git.uuxo.net/PlusOne/dbbackup/releases/download/v3.1.0/dbbackup-linux-amd64
chmod +x dbbackup-linux-amd64
sudo mv dbbackup-linux-amd64 /usr/local/bin/dbbackup
```
**Linux (ARM64):**
```bash
wget https://git.uuxo.net/uuxo/dbbackup/releases/download/v3.1.0/dbbackup-linux-arm64
wget https://git.uuxo.net/PlusOne/dbbackup/releases/download/v3.1.0/dbbackup-linux-arm64
chmod +x dbbackup-linux-arm64
sudo mv dbbackup-linux-arm64 /usr/local/bin/dbbackup
```
**macOS (Intel):**
```bash
wget https://git.uuxo.net/uuxo/dbbackup/releases/download/v3.1.0/dbbackup-darwin-amd64
wget https://git.uuxo.net/PlusOne/dbbackup/releases/download/v3.1.0/dbbackup-darwin-amd64
chmod +x dbbackup-darwin-amd64
sudo mv dbbackup-darwin-amd64 /usr/local/bin/dbbackup
```
**macOS (Apple Silicon):**
```bash
wget https://git.uuxo.net/uuxo/dbbackup/releases/download/v3.1.0/dbbackup-darwin-arm64
wget https://git.uuxo.net/PlusOne/dbbackup/releases/download/v3.1.0/dbbackup-darwin-arm64
chmod +x dbbackup-darwin-arm64
sudo mv dbbackup-darwin-arm64 /usr/local/bin/dbbackup
```
@@ -154,7 +154,7 @@ sudo mv dbbackup-darwin-arm64 /usr/local/bin/dbbackup
### Build from Source
```bash
git clone https://git.uuxo.net/uuxo/dbbackup.git
git clone https://git.uuxo.net/PlusOne/dbbackup.git
cd dbbackup
go build -o dbbackup
sudo mv dbbackup /usr/local/bin/
@@ -163,8 +163,8 @@ sudo mv dbbackup /usr/local/bin/
### Docker
```bash
docker pull git.uuxo.net/uuxo/dbbackup:v3.1.0
docker pull git.uuxo.net/uuxo/dbbackup:latest
docker pull git.uuxo.net/PlusOne/dbbackup:v3.1.0
docker pull git.uuxo.net/PlusOne/dbbackup:latest
```
---
@@ -361,7 +361,7 @@ Licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for detai
- 5.75 hours intensive development (52% time savings)
**Production Validation:**
- Deployed at uuxoi.local by Ansible Claude
- Deployed in production environments
- Real-world testing and feedback
- DevOps validation and feature requests
@@ -379,15 +379,15 @@ Licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for detai
None reported in production deployment.
If you encounter issues, please report them at:
https://git.uuxo.net/uuxo/dbbackup/issues
https://git.uuxo.net/PlusOne/dbbackup/issues
---
## 📞 Support
**Documentation:** See [README.md](README.md) and [PITR.md](PITR.md)
**Issues:** https://git.uuxo.net/uuxo/dbbackup/issues
**Repository:** https://git.uuxo.net/uuxo/dbbackup
**Issues:** https://git.uuxo.net/PlusOne/dbbackup/issues
**Repository:** https://git.uuxo.net/PlusOne/dbbackup
---

201
SECURITY.md Normal file
View File

@@ -0,0 +1,201 @@
# Security Policy
## Supported Versions
We release security updates for the following versions:
| Version | Supported |
| ------- | ------------------ |
| 3.1.x | :white_check_mark: |
| 3.0.x | :white_check_mark: |
| < 3.0 | :x: |
## Reporting a Vulnerability
**Please do not report security vulnerabilities through public GitHub issues.**
### Preferred Method: Private Disclosure
**Email:** security@uuxo.net
**Include in your report:**
1. **Description** - Clear description of the vulnerability
2. **Impact** - What an attacker could achieve
3. **Reproduction** - Step-by-step instructions to reproduce
4. **Version** - Affected dbbackup version(s)
5. **Environment** - OS, database type, configuration
6. **Proof of Concept** - Code or commands demonstrating the issue (if applicable)
### Response Timeline
- **Initial Response:** Within 48 hours
- **Status Update:** Within 7 days
- **Fix Timeline:** Depends on severity
- **Critical:** 1-3 days
- **High:** 1-2 weeks
- **Medium:** 2-4 weeks
- **Low:** Next release cycle
### Severity Levels
**Critical:**
- Remote code execution
- SQL injection
- Arbitrary file read/write
- Authentication bypass
- Encryption key exposure
**High:**
- Privilege escalation
- Information disclosure (sensitive data)
- Denial of service (easily exploitable)
**Medium:**
- Information disclosure (non-sensitive)
- Denial of service (requires complex conditions)
- CSRF attacks
**Low:**
- Information disclosure (minimal impact)
- Issues requiring local access
## Security Best Practices
### For Users
**Encryption Keys:**
- Generate strong 32-byte keys: `head -c 32 /dev/urandom | base64 > key.file`
- Store keys securely (KMS, HSM, or encrypted filesystem)
- Use unique keys per environment
- Never commit keys to version control
- Never share keys over unencrypted channels
**Database Credentials:**
- Use read-only accounts for backups when possible
- Rotate credentials regularly
- Use environment variables or secure config files
- Never hardcode credentials in scripts
- Avoid using root/admin accounts
**Backup Storage:**
- Encrypt backups with `--encrypt` flag
- Use secure cloud storage with encryption at rest
- Implement proper access controls (IAM, ACLs)
- Enable backup retention and versioning
- Never store unencrypted backups on public storage
**Docker Usage:**
- Use specific version tags (`:v3.1.0` not `:latest`)
- Run as non-root user (default in our image)
- Mount volumes read-only when possible
- Use Docker secrets for credentials
- Don't run with `--privileged` unless necessary
### For Developers
**Code Security:**
- Always validate user input
- Use parameterized queries (no SQL injection)
- Sanitize file paths (no directory traversal)
- Handle errors securely (no sensitive data in logs)
- Use crypto/rand for random generation
**Dependencies:**
- Keep dependencies updated
- Review security advisories for Go packages
- Use `go mod verify` to check integrity
- Scan for vulnerabilities with `govulncheck`
**Secrets in Code:**
- Never commit secrets to git
- Use `.gitignore` for sensitive files
- Rotate any accidentally exposed credentials
- Use environment variables for configuration
## Known Security Considerations
### Encryption
**AES-256-GCM:**
- Uses authenticated encryption (prevents tampering)
- PBKDF2 with 600,000 iterations (OWASP 2023 recommendation)
- Unique nonce per encryption operation
- Secure random generation (crypto/rand)
**Key Management:**
- Keys are NOT stored by dbbackup
- Users responsible for key storage and management
- Support for multiple key sources (file, env, passphrase)
### Database Access
**Credential Handling:**
- Credentials passed via environment variables
- Connection strings support sslmode/ssl options
- Support for certificate-based authentication
**Network Security:**
- Supports SSL/TLS for database connections
- No credential caching or persistence
- Connections closed immediately after use
### Cloud Storage
**Cloud Provider Security:**
- Uses official SDKs (AWS, Azure, Google)
- Supports IAM roles and managed identities
- Respects provider encryption settings
- No credential storage (uses provider auth)
## Security Audit History
| Date | Auditor | Scope | Status |
|------------|------------------|--------------------------|--------|
| 2025-11-26 | Internal Review | Initial release audit | Pass |
## Vulnerability Disclosure Policy
**Coordinated Disclosure:**
1. Reporter submits vulnerability privately
2. We confirm and assess severity
3. We develop and test a fix
4. We prepare security advisory
5. We release patched version
6. We publish security advisory
7. Reporter receives credit (if desired)
**Public Disclosure:**
- Security advisories published after fix is available
- CVE requested for critical/high severity issues
- Credit given to reporter (unless anonymity requested)
## Security Updates
**Notification Channels:**
- Security advisories on repository
- Release notes for patched versions
- Email notification (for enterprise users)
**Updating:**
```bash
# Check current version
./dbbackup --version
# Download latest version
wget https://git.uuxo.net/PlusOne/dbbackup/releases/latest
# Or pull latest Docker image
docker pull git.uuxo.net/PlusOne/dbbackup:latest
```
## Contact
**Security Issues:** security@uuxo.net
**General Issues:** https://git.uuxo.net/PlusOne/dbbackup/issues
**Repository:** https://git.uuxo.net/PlusOne/dbbackup
---
**We take security seriously and appreciate responsible disclosure.** 🔒
Thank you for helping keep dbbackup and its users safe!