fix: Handle restricted B2 keys and safe JSON parsing in restore step
This commit is contained in:
@@ -335,20 +335,34 @@ jobs:
|
||||
B2_ACCOUNT_ID: ${{ secrets.B2_ACCOUNT_ID }}
|
||||
B2_APPLICATION_KEY: ${{ secrets.B2_APPLICATION_KEY }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
echo "Finding latest backup in B2..."
|
||||
|
||||
CREDS=$(echo -n "${B2_ACCOUNT_ID}:${B2_APPLICATION_KEY}" | base64)
|
||||
AUTH_RESP=$(curl -sS -H "Authorization: Basic ${CREDS}" https://api.backblazeb2.com/b2api/v2/b2_authorize_account)
|
||||
API_URL=$(echo "$AUTH_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin)['apiUrl'])")
|
||||
AUTH_TOKEN=$(echo "$AUTH_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin)['authorizationToken'])")
|
||||
BUCKET_ID=$(echo "$AUTH_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin)['allowed']['bucketId'])")
|
||||
BUCKET_ID=$(echo "$AUTH_RESP" | python3 -c "
|
||||
import json,sys
|
||||
resp = json.load(sys.stdin)
|
||||
bid = resp.get('allowed', {}).get('bucketId')
|
||||
if bid:
|
||||
print(bid)
|
||||
else:
|
||||
print('')
|
||||
")
|
||||
|
||||
if [ -z "$BUCKET_ID" ]; then
|
||||
echo "Restricted B2 key - resolving bucket ID by name..."
|
||||
BUCKET_ID=$(curl -sS -H "Authorization: Bearer ${AUTH_TOKEN}" \
|
||||
"${API_URL}/b2api/v2/b2_list_buckets?accountId=${B2_ACCOUNT_ID}&bucketName=HetznerTerra" \
|
||||
| python3 -c "import json,sys; buckets=json.load(sys.stdin).get('buckets',[]); print(buckets[0]['bucketId'] if buckets else '')")
|
||||
fi
|
||||
|
||||
LATEST=$(curl -sS -H "Authorization: Bearer ${AUTH_TOKEN}" \
|
||||
"${API_URL}/b2api/v2/b2_list_file_names?bucketId=${BUCKET_ID}&prefix=rancher-backups/&maxFileCount=100" \
|
||||
| python3 -c "
|
||||
import json,sys
|
||||
files = json.load(sys.stdin)['files']
|
||||
files = json.load(sys.stdin).get('files', [])
|
||||
tars = [f['fileName'] for f in files if f['fileName'].endswith('.tar.gz')]
|
||||
if not tars:
|
||||
print('NONE')
|
||||
|
||||
Reference in New Issue
Block a user