pipeline

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2026 License: AGPL-3.0 Imports: 24 Imported by: 0

Documentation

Overview

Package pipeline orchestrates a backup run: WORM check -> enumerate -> per repo (clone --mirror, bundle, checksum, immutable upload) -> signed run-manifest. A repo failure makes the run fail and the manifest records it.

Index

Constants

View Source
const (
	StatusSuccess = "success"
	StatusFailed  = "failed"
	StatusSkipped = "skipped" // already backed up for the run date (resume)
)

Status values used in the manifest.

View Source
const ManifestSchema = "gitdr.manifest/v2"

ManifestSchema is the versioned identifier of the run-manifest contract. The manifest schema and the --output json shape are a STABLE PUBLIC CONTRACT: changing them requires a version bump and a note in SPEC.md.

Variables

This section is empty.

Functions

This section is empty.

Types

type ArtifactInfo

type ArtifactInfo struct {
	Kind        string    `json:"kind"` // bundle | meta | sha256
	Key         string    `json:"key"`
	Size        int64     `json:"size"`
	SHA256      string    `json:"sha256"`
	RetainUntil time.Time `json:"retainUntil"`
}

ArtifactInfo is one stored object with its integrity data.

type BackupDeps

type BackupDeps struct {
	Config        *config.Config
	Source        source.Source
	Dest          dest.Destination
	Git           *gitexec.Git
	SigningKey    ed25519.PrivateKey
	EncryptionKey []byte // optional client-side envelope key; nil = off
	ToolVersion   string
	Logger        *slog.Logger
	Now           func() time.Time
	RequireWORM   bool // --require-worm / worm.require: fail closed if not immutable
}

BackupDeps are the inputs to a backup run.

type BackupResult

type BackupResult struct {
	Manifest    *Manifest
	ManifestKey string
}

BackupResult carries the run-manifest and where it was stored. It is returned even when the run fails, so callers can surface the recorded failure.

func Backup

func Backup(ctx context.Context, d BackupDeps) (*BackupResult, error)

Backup runs one backup. It returns a non-nil error on any failure (fail-closed); a BackupResult may still be returned to report what happened.

type DestInfo

type DestInfo struct {
	Type          string `json:"type"`
	Bucket        string `json:"bucket"`
	WormMode      string `json:"wormMode,omitempty"`    // configured retention mode
	WormImmutable bool   `json:"wormImmutable"`         // WORM check confirmed immutable
	WormDetails   string `json:"wormDetails,omitempty"` // observed immutability detail
}

DestInfo identifies where the data went and the immutability observed at write time. wormImmutable records whether the WORM check confirmed the destination immutable, the signed, tamper-evident answer to "was this backup on WORM storage?" (v2).

type Manifest

type Manifest struct {
	Schema      string      `json:"schema"`
	RunID       string      `json:"runId"`
	Tool        ToolInfo    `json:"tool"`
	Source      SourceInfo  `json:"source"`
	Destination DestInfo    `json:"destination"`
	StartedAt   time.Time   `json:"startedAt"`
	FinishedAt  time.Time   `json:"finishedAt"`
	Status      string      `json:"status"` // success | failed
	Repos       []RepoEntry `json:"repos"`
}

Manifest is the signed record of one backup run.

func (*Manifest) Canonical

func (m *Manifest) Canonical() ([]byte, error)

Canonical returns the deterministic bytes that get signed and stored. Struct field order makes encoding/json output stable, so the stored bytes are the signed bytes. Keep the schema map-free, map key order would break verification.

type RepoEntry

type RepoEntry struct {
	Slug      string         `json:"slug"`
	Status    string         `json:"status"` // success | failed
	Error     string         `json:"error,omitempty"`
	Artifacts []ArtifactInfo `json:"artifacts,omitempty"`
}

RepoEntry is the per-repository outcome.

type RestoreDeps

type RestoreDeps struct {
	Dest          dest.Destination
	Git           *gitexec.Git
	EncryptionKey []byte // optional; must match the backup's key
	Logger        *slog.Logger
}

RestoreDeps are the inputs to a restore.

type RestoreRequest

type RestoreRequest struct {
	Host   string // e.g. github.com
	Owner  string
	Name   string
	Date   string // YYYY-MM-DD
	OutDir string
}

RestoreRequest selects which dated bundle to restore and where to put it.

type RestoreResult

type RestoreResult struct {
	BundleKey string `json:"bundleKey"`
	SHA256    string `json:"sha256"`
	OutDir    string `json:"outDir"`
	Verified  bool   `json:"verified"`
}

RestoreResult reports what was restored.

func Restore

Restore fetches a bundle, verifies its checksum against the stored sidecar, checks the bundle, and clones it into OutDir. Read-only against the destination.

type SourceInfo

type SourceInfo struct {
	Type string `json:"type"`
	Host string `json:"host"`
}

SourceInfo identifies where the data came from.

type ToolInfo

type ToolInfo struct {
	Name    string `json:"name"`
	Version string `json:"version"`
}

ToolInfo identifies the producer.

type VerifyDeps

type VerifyDeps struct {
	Dest      dest.Destination
	PublicKey ed25519.PublicKey
	Logger    *slog.Logger
}

VerifyDeps are the inputs to a verify.

type VerifyResult

type VerifyResult struct {
	ManifestKey      string   `json:"manifestKey"`
	SignatureValid   bool     `json:"signatureValid"`
	ArtifactsChecked int      `json:"artifactsChecked"`
	ArtifactsOK      int      `json:"artifactsOk"`
	Failures         []string `json:"failures,omitempty"`
}

VerifyResult reports signature and per-artifact checksum results.

func Verify

func Verify(ctx context.Context, d VerifyDeps, manifestKey string) (*VerifyResult, error)

Verify checks the manifest's Ed25519 signature, then re-reads every referenced artifact and recomputes its SHA-256 against the manifest. Read-only.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL