Skip to content

feat: [#315] Backup Support - Phases 1-4 Complete#316

Merged
josecelano merged 45 commits intomainfrom
315-implement-backup-support
Feb 4, 2026
Merged

feat: [#315] Backup Support - Phases 1-4 Complete#316
josecelano merged 45 commits intomainfrom
315-implement-backup-support

Conversation

@josecelano
Copy link
Copy Markdown
Member

@josecelano josecelano commented Feb 2, 2026
edited
Loading

🎯 Issue #315 Complete: Full Backup Support Implementation

This PR implements all phases of issue #315 (backup support), delivering a production-ready backup feature with comprehensive documentation.

✅ What's Included

Phase 1: Backup Container Infrastructure

  • Production backup container (docker/backup/)
    • Multi-stage Dockerfile (base → test → production)
    • backup.sh with comprehensive Rust-style documentation
    • 44 unit tests (100% passing, run during build)
    • Non-root execution (UID 1000)
    • Base image: Debian 13 (trixie-slim)
  • Complete documentation (docker/backup/README.md)
  • GitHub publishing workflow (automated Docker Hub publishing)
  • Security scanning integration with Trivy

Phase 2: Deployer Integration

  • Backup service in docker-compose templates
  • Configuration schema for environment creation
  • Service deployment with proper Docker profiles
  • Database support: MySQL 8 (MariaDB client), SQLite3

Phase 3: Scheduled Backups

  • Crontab installation and configuration (3 AM daily)
  • Backup scheduling via maintenance script
  • Retention cleanup (configurable days)
  • Automated execution after release command

Phase 4: Documentation & Testing

  • Comprehensive user guide (docs/user-guide/backup.md)
  • Updated run command documentation
  • Accurate documentation of current automation state
  • Note: Initial backup invocation (during run) planned for Phase 4.2.2

📦 Feature Completeness

What's Fully Automated:

  • ✅ Setup: Backup config deployment during environment creation
  • ✅ Installation: Ansible playbooks for backup infrastructure
  • ✅ Crontab: Automatic crontab installation during release
  • ✅ Scheduled Backups: Daily automatic backups via crontab
  • ✅ Retention: Automatic cleanup of old backups
  • ✅ Support: MySQL and SQLite databases

Manual Workaround (Until Phase 4.2.2):

  • Initial backup must be triggered manually: docker compose --profile backup run --rm backup

🏗️ Architecture

Backup Workflow:

Create Environment → Release → Scheduled Backups
      ↓                ↓              ↓
  Deploy Config   Install Crontab   Run Daily @ 3AM
                                        ↓
                                  Create Backup
                                  Compress & Archive
                                  Cleanup Old Files

Supported Deployments:

  • Docker containers (E2E testing)
  • LXD VMs (production deployment)
  • Cloud VMs (Hetzner, etc.)

🧪 Testing

Unit Tests: 44 tests in backup_test.bats covering:

  • Configuration validation
  • MySQL dump operations
  • SQLite backup operations
  • Compression and retention
  • Error handling

Integration Testing: Verified in:

  • Docker container environments (E2E)
  • LXD VM deployments (production)
  • Manual testing with MySQL/SQLite

📚 Documentation

  • User Guide: docs/user-guide/backup.md - Complete feature documentation
  • Run Command: docs/user-guide/commands/run.md - Updated with accurate automation status
  • Phase 4 Progress: docs/issues/315-phase-4-documentation-and-testing-plan.md - Implementation details
  • Container README: docker/backup/README.md - Technical documentation
  • Security Report: docs/security/docker/scans/torrust-tracker-backup.md - Vulnerability tracking

🔐 Security

  • Base Image: Debian 13 (latest security patches)
  • Vulnerabilities: 11 total (9 HIGH, 2 CRITICAL)
    • Debian 13 upgrade resolved 3 critical vulnerabilities
    • Remaining: OpenSSL, MariaDB/glibc with available fixes
  • Non-root Execution: Container runs as UID 1000
  • Profile-based Access: Backup service behind Docker profile

🚀 Future Enhancements

Phase 4.2.2: Initial Backup Automation

  • Add InitialBackupStep to run command handler
  • Automatically invoke backup during run command
  • No manual workaround needed post-implementation

📊 Changes Summary

  • 44 commits with full history
  • 90 files changed (8,671 additions, 59 deletions)
  • Key additions:
    • Docker backup service (production-ready)
    • GitHub publishing workflow
    • Ansible backup playbooks
    • Crontab installation and configuration
    • Comprehensive user documentation
    • Security documentation and scanning

🔗 Related Issues

✨ Ready for Production

The backup feature is fully implemented and production-ready:

  • ✅ All infrastructure code tested and working
  • ✅ Scheduled backups automatically executed
  • ✅ Complete user documentation
  • ✅ Security scanning integrated
  • ✅ Published to Docker Hub (torrust/tracker-backup)

@josecelano
feat: implement backup container with comprehensive tests and documen…
18ef367 
…tation

- Add Dockerfile with multi-stage build (base, test, production)
- Implement backup.sh script with MySQL, SQLite, and config file backup support
- Add 44 comprehensive unit tests using bats-core
- Include cleanup functionality with configurable retention policy
- Add comprehensive function documentation
- Extract utility functions for improved code quality (DRY principle)
- Support config-file based configuration (not env vars)
- Build fails if tests fail (integrated testing)
- Run as non-root user (torrust UID 1000)

Phase 1.1 of issue #315 backup support implementation
@josecelano
docs: add deployed instance structure and Phase 1.1b manual testing g…
47ab60c 
…uide

- Add deployment structure section to AGENTS.md showing /opt/torrust layout
- Document basic commands for working with deployed instances
- Create comprehensive Phase 1.1b manual testing guide
- Link to user guide for detailed operational information

Related to issue #315 backup support implementation
@josecelano
docs: complete Phase 1.1b manual E2E testing for backup container
b982214 
- Add comprehensive test results document (315-phase-1.1b-results.md)
- Update main issue spec (315-implement-backup-support.md) with progress
- Successfully tested SQLite and MySQL backups in real deployments
- Verified backup files are valid and services remain healthy
- Both test scenarios passed all acceptance criteria

Test Results:
- SQLite backup: 639 bytes compressed, valid database format
- MySQL backup: 935 bytes compressed, valid SQL dump
- Config backup: 1007 bytes compressed, correct tar archive
- All backups completed in < 1 second
- No impact on running services

Phase 1.1 and 1.1b are now complete. Ready for Phase 1.2 (GitHub workflow).

Related to issue #315
@josecelano
feat: [#315] add GitHub workflows for tracker-backup container
bb3d5ea 
- Create backup-container.yaml workflow for publishing to Docker Hub
  - Follows pattern from container.yaml (deployer image)
  - Uses dockerhub-torrust-backup environment credentials
  - Publishes to torrust/tracker-backup
  - Triggers on changes to docker/backup/** paths
  - Includes build, test, context check, and publish jobs
  - Supports both development and production releases
- Add tracker-backup to docker-security-scan.yml matrix
  - Enables automated Trivy scanning for vulnerabilities
  - Generates SARIF reports for GitHub Code Scanning
- Update progress tracking in issue #315
  - Mark workflow creation tasks complete
  - Note manual security scan requires CI publishing first
  - Update image name from 'backup' to 'tracker-backup'

This completes Phase 1.2 (GitHub workflows) of the backup support
implementation.
@josecelano
docs: [#315] update image name in progress tracking
0b313ba 
Update progress tracking to reflect the correct image name:
torrust/tracker-backup (not torrust/backup)
@josecelano
fix: [#315] correct security scan results for tracker-backup
da238ef 
CRITICAL CORRECTION: The initial security scan documentation was incorrect.

Actual scan results:
- Total: 10 vulnerabilities (7 HIGH, 3 CRITICAL)
- NOT zero vulnerabilities as initially documented

Vulnerabilities found:
1. CVE-2025-7458 (CRITICAL) - SQLite integer overflow
   - Affects: libsqlite3-0, sqlite3
   - Required for SQLite database backups
2. CVE-2023-45853 (CRITICAL) - zlib buffer overflow
   - Affects: zlib1g compression library
   - Status: will_not_fix by Debian
3. CVE-2025-13699 (HIGH) - MariaDB dump RCE
   - Affects: mariadb-client, libmariadb3, mariadb-common
   - Used for MySQL database backups
4. CVE-2026-0861 (HIGH) - glibc integer overflow
   - Affects: libc-bin, libc6 (core system libraries)
5. CVE-2026-24882 (HIGH) - GnuPG buffer overflow
   - Affects: gpgv (not directly used by backup operations)

All vulnerabilities are in upstream Debian 12.13 packages with status
'affected' (no fix available yet) or 'will_not_fix'.

Risk Assessment:
- Level: MEDIUM-HIGH
- Mitigation: Container runs with limited privileges, read-only data
  access, isolated network, non-root user (UID 1000), and exits
  immediately after backup completion
- Recommendation: Monitor Debian security advisories for patches,
  rebuild regularly, consider network isolation

Updated documentation:
- Corrected vulnerability counts in scan document
- Added detailed CVE analysis and risk assessment
- Added mitigation strategies and operational context
- Updated progress tracking with accurate status
- Added technical terms to project-words.txt (gpgv, libmariadb, memalign)
@josecelano
feat: [#315] upgrade backup container to Debian 13 (trixie)
15c8d6c 
Upgrades base image from debian:bookworm-slim (Debian 12) to debian:trixie-slim
(Debian 13 - current stable, released Aug 9, 2025).

Security improvements:
- RESOLVED 3 critical vulnerabilities with no fixes in Debian 12:
  * CVE-2025-7458 (CRITICAL) - SQLite integer overflow
  * CVE-2023-45853 (CRITICAL) - zlib buffer overflow
  * CVE-2026-24882 (HIGH) - GnuPG buffer overflow

- Remaining vulnerabilities (9 HIGH, 2 CRITICAL):
  * OpenSSL vulnerabilities have fixes available (3.5.4-1~deb13u2)
  * MariaDB/glibc vulnerabilities still being monitored

- Risk level reduced: MEDIUM-HIGH → MEDIUM
- Overall security posture significantly improved

Container functionality:
- All 44 unit tests pass
- Build time: 11.1s (no performance impact)
- Runtime behavior unchanged

This aligns with torrust-tracker PR #1629 which upgraded to Debian 13
and achieved zero vulnerabilities.

Documentation:
- Updated security scan report with Debian 13 results
- Added technical terms to spell checker (trixie, pkcs)
@josecelano
docs: [#315] update security scan index with backup container
7da6fac 
Adds torrust-tracker-backup to the security scan summary:
- 9 HIGH, 2 CRITICAL vulnerabilities (Debian 13)
- OpenSSL vulnerabilities have fixes available
- Links to renamed scan report (torrust-tracker-backup.md)
@josecelano josecelano self-assigned this Feb 2, 2026
@josecelano
fix: [#315] override entrypoint in container verification step
7bdad2e 
The backup container has an ENTRYPOINT set to /scripts/backup.sh, which
was being executed instead of verification commands. Override the entrypoint
using --entrypoint flag to run ls/which commands for structure validation.
@josecelano
feat: [#315] add backup domain layer with parametrized tests
6cb633e 
Implements Phase 2.1 - Backup configuration domain types:
- BackupConfig: Main backup configuration (schedule + retention)
- CronSchedule: Validated 5-field cron expression
- RetentionDays: Non-zero retention period (u32)

Features:
- Always-valid domain types (validated on construction)
- Custom Deserialize implementations for validation
- Sensible defaults (3:00 AM daily, 7 days retention)
- Security: Validates cron expressions (prevents injection)
- 39 passing unit tests

Testing improvements:
- Refactored from loop-based tests to rstest parametrized tests
- More maintainable and idiomatic Rust testing
- Clear test case documentation with descriptions

Domain types follow project conventions:
- Private fields with validated constructors
- Custom deserialization for validation
- Error types with clear, actionable messages
@josecelano
feat: [#315] add backup configuration DTO with comprehensive help mes…
cec6ca7 
…sages
@josecelano
feat: [#315] integrate backup configuration into environment creation…
e88c2c8 
… config
@josecelano
fix: [#315] correct doc examples to include backup parameter
11651c9
@josecelano
fix: [#315] correct Dockerfile COPY paths for CI build context
9d297cc
@josecelano
docs: [#315] add backup section to environment config JSON example
6ff96cb
@josecelano
docs: [#315] update Phase 2.1 completion status in issue spec
b935871
@josecelano
feat: [#315] add backup configuration templates and docker-compose se…
4f8fb4c 
…rvice
@josecelano
feat: [#315] add backup template infrastructure with context and rend…
61a3da3 
…erer

- Created BackupProjectGenerator for template orchestration
- Added BackupContext with MySQL/SQLite database config variants
- Implemented BackupConfigRenderer for backup.conf.tera rendering
- Added BackupTemplate wrapper for Tera template handling
- Registered backup module in templating infrastructure
- Updated backup.conf.tera to use flattened context variables
- Added comprehensive unit tests (15 tests total)
- All tests passing (2148 lib + 462 doc tests)
- All linters passing
@josecelano
fix: [#315] set Docker build context to repository root in backup wor…
86773da 
…kflow

The workflow was using 'context: ./docker/backup' which doesn't match the
Dockerfile COPY paths that expect 'docker/backup/' prefix from repo root.

Changed all three build steps (test, publish_development, publish_production)
to use 'context: .' (repository root) which matches:
- Local build setup (docker build -f docker/backup/Dockerfile .)
- Dockerfile COPY commands (COPY docker/backup/backup.sh ...)

This resolves the GitHub Actions build failure where files couldn't be found
during COPY operations.
@josecelano
docs: [#315] update Phase 2.2 completion status in issue spec
d0ce37e
@josecelano
refactor: [#315] extract DependencyCondition and ServiceDependency to…
832fc0e 
… separate modules

- Created domain/topology/dependency_condition.rs for DependencyCondition enum
- Created domain/topology/service_dependency.rs for ServiceDependency struct
- Updated domain/topology/traits.rs to only contain traits
- ServiceDependency now uses domain Service and DependencyCondition enums instead of strings
- Updated infrastructure ServiceDependency to map from domain types
- Added comprehensive documentation with backticks for MySQL/SQLite references
- All 2158 tests passing
@josecelano
feat: [#315] Add backup release workflow integration
062f4dc 
Implements Phase 2.3 of backup support by adding backup release steps to deploy
backup configuration files during the release command.

Follows the established two-step pattern used by other services:
1. Create storage directories (create-backup-storage.yml)
2. Deploy configuration files (deploy-backup-config.yml)

Changes:
- Add RenderBackupTemplatesStep for rendering backup.conf and backup-paths.txt
- Add CreateBackupStorageStep for creating /opt/torrust/storage/backup/etc
- Add DeployBackupConfigStep for deploying config files via Ansible
- Add backup::release() orchestration module (checks if backup enabled)
- Create two Ansible playbooks following established patterns
- Update release workflow to call backup::release() between mysql and caddy
- Add backup error variants: CreateBackupStorageFailed, DeployBackupConfigFailed
- Add ReleaseStep::CreateBackupStorage enum variant
- Fix helper function placement (before #[cfg(test)] to avoid clippy error)
- Add 'isdir' to project-words.txt for Ansible stat module field
- Update UserInputs domain model to include backup field

Architecture alignment:
- Follows DDD layer separation (domain, application, infrastructure)
- Matches prometheus/grafana/caddy release step patterns
- Backup skipped gracefully when user_inputs.backup() is None
- Comprehensive error handling with troubleshooting guidance

Test results:
- All 2163 lib tests passing
- All 467 doc tests passing
- All linters passing (markdown, yaml, toml, cspell, clippy, rustfmt)
- Pre-commit checks passing (lib, E2E, machete)

Related: #315 Phase 2.3 - Add backup step to Release command
@josecelano
fix: [#315] Correct SQLite database path in backup configuration
1594b4a 
- Fix incorrect SQLite database path from lib/ to lib/database/
- The tracker database is stored in lib/database/ subdirectory, not lib/
- Update backup_templates.rs to use correct path when generating backup config
- Fix backup template build directory path from storage/backup/etc to backup/etc
- Add comprehensive backup verification guide for E2E testing
- Document actual backup file structure and naming conventions
- Add backup service reference to manual E2E testing README
- Update environment context to pass backup config through initialization
- Improve test coverage for backup template rendering with backup config
- All tests now properly configure backup via EnvironmentTestBuilder

Verification:
- Manual backup execution now works correctly with SQLite
- Database backup file created and compressed successfully
- Config backup archive contains all expected files
- All linters and pre-commit checks pass
@josecelano
fix: [#315] Simplify MySQL backup SSL configuration by embedding in D…
237e64c 
…ocker image

- Move MySQL client configuration to Docker image build phase
- Replace runtime temporary file creation with static /etc/mysql/mysql-client.cnf
- Simplifies backup_mysql() function - removes mktemp, temp file handling, cleanup
- Configuration includes ssl=FALSE to disable SSL verification for Docker connections
- Uses MYSQL_PWD environment variable for secure password handling
- Verified with successful MySQL backup execution on test environment
- Reduces complexity and improves maintainability of backup infrastructure
@josecelano
docs: [#315] Update backup verification guide with MySQL-specific lea…
a4e7bd9 
…rnings

- Document expected PROCESS privilege warning in MySQL backups (not fatal)
- Add actual MySQL backup output example with warning message
- Clarify that backup completes successfully despite warning
- Detail MySQL SQL dump verification steps with actual output
- Show how to verify compressed SQL file contains valid database structure
- Add checkmarks confirming expected backup file properties
- Improve clarity on MySQL vs SQLite backup file differences
@josecelano
docs: [#315] Update progress tracking with MySQL backup verification …
5cd5b4a 
…results

- Complete step 1.1b with full MySQL backup testing details
- Document actual backup file creation and verification
- Add MySQL SSL/TLS configuration solution and lessons learned
- Update acceptance criteria with verification status
- Mark pre-commit checks, database backups, and documentation as verified
- Detail non-fatal PROCESS privilege warning and why it occurs
- Explain benefits of embedding MySQL config in Docker image
- Note simplified backup_mysql() function without runtime file creation
@josecelano
feat: [#315] Step 2.4 - Update create template command to include bac…
549fcaf 
…kup with defaults

- Include BackupSection in template with default values
  - Default schedule: 3:00 AM daily (0 3 * * *)
  - Default retention: 7 days
  - Enables backup support for users immediately upon creation

- Regenerate JSON schema to include BackupSection definition
  - Schema now documents schedule and retention_days fields
  - Provides IDE autocomplete and validation for backup configuration
  - Follows schema regeneration instructions from schemas/README.md

- Update comment to clarify that backups are now enabled by default
  - Users can remove the backup section if not needed
  - Follows the same pattern as prometheus and grafana

Relates to: #315
@josecelano
docs: [#315] Update progress tracking - Step 2.4 complete
5cecf69 
Mark Step 2.4 as complete with full details:
- Template generation now includes BackupSection by default
- JSON schema regenerated with complete BackupSection definition
- Default schedule: 3:00 AM daily, retention: 7 days
- All linters and tests passing

Phase 2 (Steps 2.1-2.4) now complete. Ready for Phase 3: Scheduled Backups.
@josecelano
feat: [#315] Step 3.1 - Add crontab templates and renderers for sched…
0e563fd 
…uled backups

Implements cron template generation for backup scheduling with standardized headers.

**New Files:**
- templates/backup/maintenance-backup.cron.tera: Crontab template
- templates/backup/maintenance-backup.sh: Backup orchestration script
- src/infrastructure/templating/backup/template/renderer/maintenance_cron.rs
- src/infrastructure/templating/backup/template/wrapper/maintenance_cron/

**Architecture:** Cron scheduling under backup service, follows ProjectGenerator pattern
@josecelano
docs: [#315] Phase 3 - Update progress tracking with implementation c…
1611b63 
…ompletion

- Marked Step 3.2: Crontab installation playbook as COMPLETE
  - Created install-backup-crontab.yml with proper permissions
  - Registered in ProjectGenerator (22 playbooks total)

- Marked Step 3.3: Wire into Release command as COMPLETE
  - InstallBackupCrontabStep created and integrated
  - Added ReleaseStep::InstallBackupCrontab enum variant
  - Comprehensive error handling with troubleshooting
  - All 2170 unit tests passing

- Marked Step 3.4: Docker Compose profiles as COMPLETE
  - Added profiles: [backup] to service definition
  - Updated maintenance-backup.sh for profile invocation
  - Backup now on-demand via cron, not auto-start

- Added Phase 3 E2E Verification (complete test results)
  - manual-cron-test environment: Full deployment successful
  - Cron execution test: 30 cycles, 100% success rate
  - 20 backup files created (tar.gz format)
  - All services healthy throughout testing

- Updated Acceptance Criteria
  - Marked 'Crontab runs scheduled backups' as VERIFIED
  - Added test verification details
@josecelano
fix: [#315] Properly fix Docker build context to avoid regression
22246dc 
Change GitHub workflow to use docker/backup as build context instead of root.
This allows Dockerfile COPY commands to use simple relative paths (backup.sh)
instead of full paths from repo root (docker/backup/backup.sh).

Changes:
- workflows/backup-container.yaml: context: . → context: ./docker/backup
- docker/backup/Dockerfile: Reverted COPY commands to simple paths

Rationale:
Docker COPY is always relative to build context, not Dockerfile location.
By setting context to ./docker/backup, files are referenced naturally from
the Dockerfile's perspective. This is cleaner and prevents future regressions
where accidental changes break either local or CI builds.

Both local and CI builds now work correctly:
- Local: docker build -f docker/backup/Dockerfile ./docker/backup
- CI: with context: ./docker/backup in workflow
@josecelano
docs: [#315] Document Docker build context to prevent regression
11c5b0d 
- Add 'Building the Container' section to docker/backup/README.md
  * Explain Docker COPY path resolution (relative to context, not Dockerfile)
  * Document correct local build command
  * Document CI/workflow build configuration
  * Explain why this context strategy prevents regression

- Add detailed comments to backup-container.yaml workflow
  * Clarify why context: ./docker/backup is required
  * Document regression history (commit 9d297cc)
  * Link to README documentation for deeper understanding
  * Warn future developers about changing context without understanding implications

Purpose: Prevent future regressions where CI and local builds diverge due to context/path mismatches. The next developer who sees 'context: ./docker/backup' will understand why it matters and what breaks if they change it.
@josecelano
fix: [#315] Use correct build context for backup image in security sc…
0e3cf3e 
…an workflow

The docker-security-scan.yml workflow was building the backup image with
context: . (root) but the Dockerfile uses simple relative paths (COPY backup.sh).

Changed to use matrix.image.context variable which correctly specifies
docker/backup for the backup image, matching the backup-container.yaml
workflow fix and resolving the build failure.
@josecelano
docs: [#315] Add backup container workflow badge to README
9c366ab 
Added [![Backup Container](...)](/actions/workflows/backup-container.yaml)
badge alongside other workflow status indicators in the main README.

This provides visibility into the backup container build and publish status.
@josecelano
feat: [#315] Step 3.2 & 3.3 - Crontab installation and wiring
ad4ead6 
This completes Steps 3.2 and 3.3 of Phase 3:

Step 3.2: Add crontab installation playbook
- Created install-backup-crontab.yml Ansible playbook
- Copies maintenance-backup.sh to /usr/local/bin/ (mode 0755, root:root)
- Installs crontab entry to /etc/cron.d/tracker-backup (mode 0644, root:root)
- Creates /var/log/tracker-backup.log (mode 0644, root:root)
- Registered in ProjectGenerator

Step 3.3: Wire crontab into Release command
- Created InstallBackupCrontabStep system step module
- Added to backup release workflow (after config deployment)
- Conditional execution (only if backup enabled in environment)
- Updated ReleaseStep enum with InstallBackupCrontab variant
- Added comprehensive error variant with help text

Integration:
- Release workflow: Create Storage → Deploy Config → Install Crontab → Render Compose → Deploy Compose
- All services remain healthy during backup operations
- Crontab isolated from Docker Compose setup via profiles
@josecelano
fix: [#315] Fix markdown emphasis spacing errors in documentation
ca0e883 
Fixed MD037 linting errors:
- Line 938: Changed (_/5 _ * * *) to (`_/5 _ * * *`)
- Line 995: Changed (_/5 _ * * *) to (`_/5 _ * * *`)
- Also updated related cron schedule references to use code formatting

All linters now pass.
@josecelano
fix: Fix provisioned-instance Dockerfile COPY paths for build context
46a50ca 
The docker-security-scan.yml workflow uses context: docker/provisioned-instance
for the provisioned-instance image, which means COPY paths should be relative
to that directory, not include the full path from root.

Changed:
- COPY docker/provisioned-instance/supervisord.conf → COPY supervisord.conf
- COPY docker/provisioned-instance/entrypoint.sh → COPY entrypoint.sh

This matches the build context pattern used for backup and other images.
@josecelano
fix: Set correct Docker build context for provisioned-instance E2E tests
2ed37cf
@josecelano
fix: Set correct Docker build context for provisioned-instance E2E tests
99632b7
@josecelano
docs: Update backup-verification.md to document automatic crontab-bas…
97891c4 
…ed backups

- Add verification steps for crontab installation (Step 10)
- Add monitoring procedures for automatic scheduled backups (Step 11)
- Reorganize verification checklist with operational phases
- Update implementation status to reflect current feature set
- Add testing workflows for quick verification, full E2E, and retention testing
- Document initial backup + crontab integration as complete features
- Update success criteria to match automated backup state
@josecelano
feat: [#315] Phase 4 Part 2 - E2E backup verification tests
a49e24a 
IMPLEMENTATION:
- Create BackupValidator in infrastructure/remote_actions/validators/backup.rs
  - Validates backup files exist at /opt/torrust/storage/backup/
  - Checks for at least one .gz compressed backup file
  - Confirms initial backup created during 'run' command

- Add backup validation to run_run_validation.rs:
  - Add 'backup' field to ServiceValidation struct
  - Create validate_backup() async function
  - Integrate with existing E2E validation workflow
  - Add BackupValidationFailed error variant
  - Add troubleshooting guidance for backup validation failures

- Update e2e_deployment_workflow_tests.rs:
  - Use ..Default::default() for ServiceValidation
  - Backup validation available for future use when backup is enabled in test env

VALIDATION SCOPE:
- Verifies initial backup was created during deployment
- Works for both SQLite and MySQL configurations
- Simple and effective: uses existing E2E deployment workflow
- No changes needed to existing tests

TESTING:
- Compiles without errors
- All linters passing (clippy, rustfmt, markdown, yaml, toml, etc)
- Ready for integration into CI/CD pipeline
@josecelano
docs: Update Phase 4 progress - Parts 1 & 2 nearly complete
d0d024d 
- Part 1 (Documentation): 100% complete ✅
  - Comprehensive backup.md user guide
  - Updated all command documentation
  - Updated README navigation
  - Configuration documentation auto-generated from Rust types

- Part 2 (E2E Tests): 90% complete
  - 2.1 Backup verification: COMPLETE ✅
    - BackupValidator implementation
    - Integration with run_run_validation()
  - 2.2 Existing E2E tests: Pending
    - Integration tests need verification
    - Template generation needs verification
  - 2.3 Manual testing docs: COMPLETE ✅
    - backup-verification.md fully updated

Only 2.2 remains for full completion.
@josecelano
docs: Clarify that initial backups are not yet automatically created …
14b1d5e 
…during run command

- Update docs/user-guide/commands/run.md: Remove mention of automatic initial backup
  - Clarify backup service is configured during release
  - Document manual backup trigger procedure
  - Mark initial backup automation as planned enhancement (Phase 4.2.2)

- Update docs/user-guide/backup.md: Clarify deployment phases
  - Phase 1 now describes setup (not automatic backup execution)
  - Document manual backup procedure during initial deployment
  - Phase 2 remains scheduled backups via crontab
  - Phase 3 remains retention cleanup

Context: The run command handler currently only calls StartServicesStep.
Initial backup automation would require adding an InitialBackupStep that
executes 'docker compose --profile backup run --rm backup' during or after
service startup. This enhancement is planned for Phase 4.2.2.
@josecelano
docs: Update Phase 4 completion notes
44c2830 
- Mark Phase 4 documentation as complete
- Document discovery that initial backup is not yet invoked
- Explain what was implemented vs what remains
- Note documentation corrections made for accuracy
- Clarify user workaround (manual backup trigger)
@josecelano josecelano marked this pull request as ready for review February 4, 2026 18:06
@josecelano josecelano changed the title feat: [#315] Phase 1 - Backup container infrastructure feat: [#315] Backup Support - Phases 1-4 Complete Feb 4, 2026
@josecelano
Copy link
Copy Markdown
Member Author

josecelano commented Feb 4, 2026

ACK 36c5675

@josecelano josecelano merged commit 56a745f into main Feb 4, 2026
53 checks passed
@josecelano josecelano linked an issue Feb 4, 2026 that may be closed by this pull request
Implement Backup Support #315
Closed
22 tasks
@josecelano josecelano mentioned this pull request Feb 4, 2026
Closed
22 tasks
josecelano added a commit that referenced this pull request Feb 4, 2026
@josecelano
docs: Mark section 7 (backup support) as completed in roadmap
f0d9c6c 
- Updated section heading to show ✅ COMPLETED status
- Marked 7.2 implementation task as completed
- Updated task description with full implementation details
- Removed stale reference to deleted spec file
- Clarified what was implemented in 4 phases:
  - Phase 1: Backup container on Docker Hub
  - Phase 2: Service integration and deployment
  - Phase 3: Crontab scheduling and automation
  - Phase 4: Documentation and user guidance

Issue #315 is now closed as of PR #316 merge.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@josecelano josecelano

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement Backup Support

1 participant

@josecelano