TourmalineCore · Yam1x · Mar 14, 2026 · Dec 6, 2025 · Dec 6, 2025 · Dec 6, 2025
diff --git a/.github/workflows/s3-backupper-docker-build-and-push.yml b/.github/workflows/s3-backupper-docker-build-and-push.yml
@@ -0,0 +1,18 @@
+name: Publish S3 Backupper Docker Image
+
+on:
+  push:
+    branches:
+      - feature/**
+    paths:
+      - 's3-backupper/**'
+  workflow_call:
+
+jobs:
+  push_to_registry:
+    uses: ./.github/workflows/.reusable-docker-build-and-push.yml
+    with:
+      context: ./s3-backupper
+      image-name: home-s3-backupper
+    # without this it cannot login to the registry
+    secrets: inherit
diff --git a/s3-backupper/.devcontainer/devcontainer.json b/s3-backupper/.devcontainer/devcontainer.json
@@ -0,0 +1,26 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-dockerfile
+{
+	"name": "Helm",
+	"image": "mcr.microsoft.com/devcontainers/base:bullseye",
+	"features": {
+		"ghcr.io/devcontainers/features/docker-outside-of-docker:1.6.5": {
+			"version": "28.5.1",
+			"enableNonRootDocker": "true",
+			"moby": "true"
+		},
+		"ghcr.io/devcontainers/features/kubectl-helm-minikube:1.1.9": {
+			"version": "none",
+			"helm": "3.14.4",
+			"minikube": "none"
+		}
+	},
+	"runArgs": [
+		"--network=host"
+	],
+	"remoteEnv": {
+		// https://stackoverflow.com/q/65343518
+		// the original host directory which is needed for volume mount commands from inside the container (Docker in Docker)
+		"LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
+	}
+}
diff --git a/s3-backupper/Dockerfile b/s3-backupper/Dockerfile
@@ -0,0 +1,14 @@
+FROM python:3.9-alpine
+
+WORKDIR /app
+COPY s3-backup.py .
+
+RUN apk --update add \
+    python3 \
+    py3-pip \
+    curl \
+    && pip3 install --upgrade pip \
+    && pip3 install awscli \
+    && pip install boto3==1.35.41
+
+CMD ["python", "s3-backup.py"]
diff --git a/s3-backupper/LICENSE b/s3-backupper/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 TourmalineCore
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/s3-backupper/ci/.helmignore b/s3-backupper/ci/.helmignore
@@ -0,0 +1,4 @@
+.helmignore
+
+# we don't need values.yaml in the chart which is for local/prod deployment
+values.yaml
diff --git a/s3-backupper/ci/Chart.yaml b/s3-backupper/ci/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+name: home-s3-backupper
+description: Chart that allows you to set up backups for s3 storage
+
+type: application
+
+version: "0.0.1"
+
+appVersion: "0.0.1"
diff --git a/s3-backupper/ci/templates/cronjob.yaml b/s3-backupper/ci/templates/cronjob.yaml
@@ -0,0 +1,55 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  schedule: "{{ .Values.extraConfigMapEnvVars.BACKUPS_SCHEDULE }}"
+  # How many completed jobs should be kept
+  successfulJobsHistoryLimit: 1
+  # We use concurrencyPolicy: Forbid to make sure that a new cronjob doesn't kill a previously started cronjob before it's completed
+  # Here you can read about concurrencyPolicy: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#concurrency-policy
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+            - name: {{ .Release.Name }}
+              # The "InvalidImageName" error occurs when trying to deploy a locally built docker image with an empty (local) registry. 
+              # If we leave registry empty, then there will be an excess slash(/) in front of the repository
+              {{- if .Values.image.registry }}
+              image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
+              {{- else }}
+              image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+              {{- end }}
+              resources:
+                limits:
+                  cpu: {{ .Values.resources.limits.cpu }}
+                  memory: {{ .Values.resources.limits.memory }}
+                requests:
+                  cpu: {{ .Values.resources.requests.cpu }}
+                  memory: {{ .Values.resources.requests.memory }}
+              env:
+                  - name: S3_BACKUPS_FILENAME_PREFIX
+                    value: {{ .Values.extraConfigMapEnvVars.S3_BACKUPS_FILENAME_PREFIX }}
+                  - name: SOURCE_S3_AWS_ENDPOINT
+                    value: {{ .Values.extraConfigMapEnvVars.SOURCE_S3_AWS_ENDPOINT }}
+                  - name: SOURCE_S3_AWS_ACCESS_KEY_ID
+                    value: {{ .Values.extraConfigMapEnvVars.SOURCE_S3_AWS_ACCESS_KEY_ID }}
+                  - name: SOURCE_S3_AWS_SECRET_ACCESS_KEY
+                    value: {{ .Values.extraConfigMapEnvVars.SOURCE_S3_AWS_SECRET_ACCESS_KEY }}
+                  - name: SOURCE_S3_AWS_BUCKET_NAME
+                    value: {{ .Values.extraConfigMapEnvVars.SOURCE_S3_AWS_BUCKET_NAME }}
+                  - name: SOURCE_S3_AWS_BUCKET_SUBFOLDER_NAME
+                    value: {{ .Values.extraConfigMapEnvVars.SOURCE_S3_AWS_BUCKET_SUBFOLDER_NAME }}
+                  - name: DESTINATION_S3_AWS_ENDPOINT
+                    value: {{ .Values.extraConfigMapEnvVars.DESTINATION_S3_AWS_ENDPOINT }}
+                  - name: DESTINATION_S3_AWS_ACCESS_KEY_ID
+                    value: {{ .Values.extraConfigMapEnvVars.DESTINATION_S3_AWS_ACCESS_KEY_ID }}
+                  - name: DESTINATION_S3_AWS_SECRET_ACCESS_KEY
+                    value: {{ .Values.extraConfigMapEnvVars.DESTINATION_S3_AWS_SECRET_ACCESS_KEY }}
+                  - name: DESTINATION_S3_AWS_BUCKET_NAME
+                    value: {{ .Values.extraConfigMapEnvVars.DESTINATION_S3_AWS_BUCKET_NAME }}
+              imagePullPolicy: {{ .Values.image.pullPolicy }}
diff --git a/s3-backupper/ci/values.yaml b/s3-backupper/ci/values.yaml
@@ -0,0 +1,14 @@
+image:
+  registry: ghcr.io
+  repository: tourmalinecore/home-s3-backupper
+  pullPolicy: Always
+
+resources:
+  limits:
+    cpu: 200m
+    memory: 512Mi
+  requests:
+    cpu: 1m
+    memory: 256Mi
+
+extraConfigMapEnvVars:
diff --git a/s3-backupper/s3-backup.py b/s3-backupper/s3-backup.py
@@ -0,0 +1,88 @@
+import boto3
+import os
+import shutil
+from datetime import datetime
+
+
+def main():
+    temp_directory_for_files_from_source = "/tmp/backup"
+    bucket_subfolder_name = os.getenv('SOURCE_S3_AWS_BUCKET_SUBFOLDER_NAME')
+
+    archive_name = os.getenv('S3_BACKUPS_FILENAME_PREFIX') + '-' + datetime.strftime(datetime.utcnow(), "%Y-%m-%dT%H-%M-%S") + '.backup'
+
+    source_s3 = boto3.client(
+        's3',
+        aws_access_key_id=os.getenv('SOURCE_S3_AWS_ACCESS_KEY_ID'),
+        aws_secret_access_key=os.getenv('SOURCE_S3_AWS_SECRET_ACCESS_KEY'),
+        endpoint_url=os.getenv('SOURCE_S3_AWS_ENDPOINT'),
+    )
+
+    destination_s3 = boto3.client(
+        's3',
+        aws_access_key_id=os.getenv('DESTINATION_S3_AWS_ACCESS_KEY_ID'),
+        aws_secret_access_key=os.getenv('DESTINATION_S3_AWS_SECRET_ACCESS_KEY'),
+        endpoint_url=os.getenv('DESTINATION_S3_AWS_ENDPOINT'),
+    )
+
+    source_bucket_name = os.getenv('SOURCE_S3_AWS_BUCKET_NAME')
+    destination_bucket_name = os.getenv('DESTINATION_S3_AWS_BUCKET_NAME')
+
+    if not os.path.exists(temp_directory_for_files_from_source):
+        os.mkdir(temp_directory_for_files_from_source)
+
+    download_dir(temp_directory_for_files_from_source, source_bucket_name, source_s3, bucket_subfolder_name)
+
+    if not len(os.listdir(temp_directory_for_files_from_source)) == 0:
+        shutil.make_archive(archive_name, 'zip', temp_directory_for_files_from_source + "/" + bucket_subfolder_name)
+
+        upload_to_s3(archive_name + ".zip", destination_s3, destination_bucket_name)
+
+    else:
+        print(f"Bucket {source_bucket_name} is empty. Backup will not be created.")
+
+
+
+# Reference: https://stackoverflow.com/a/56267603
+def download_dir(local, bucket, client, bucket_subfolder_name):
+    """
+    params:
+    - local: local path to folder in which to place files
+    - bucket: s3 bucket with target contents
+    - bucket_subfolder_name: s3 bucket subfolder (if exists)
+    - client: initialized s3 client object
+    """
+    keys = []
+    dirs = []
+    base_kwargs = {
+        'Bucket': bucket,
+        'Prefix': bucket_subfolder_name
+    }
+
+    kwargs = base_kwargs.copy()
+    results = client.list_objects_v2(**kwargs)
+
+    contents = results.get('Contents')
+
+    if contents is not None:
+        for i in contents:
+            k = i.get('Key')
+            if k[-1] != '/':
+                keys.append(k)
+
+    for k in keys:
+        dest_pathname = os.path.join(local, k)      
+        if not os.path.exists(os.path.dirname(dest_pathname)):
+            os.makedirs(os.path.dirname(dest_pathname))
+
+        client.download_file(bucket, k, dest_pathname)
+
+
+
+def upload_to_s3(path, s3, bucket):
+    with open(path, "rb") as data:
+        s3.upload_fileobj(data, bucket, path)
+
+
+if __name__ == '__main__':
+
+    main()