WIP

.github/workflows/ci.yaml

@@ -101,3 +101,64 @@ jobs:
             -e volume_device="${{ steps.volume-device.outputs.uri }}" \
             --inventory inventories/ci \
             site.yml
+
+  ansible-restore:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Ansible
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install --upgrade ansible
+          ansible-galaxy collection install --force ansible.posix
+          ansible-galaxy collection install --force community.postgresql
+
+      - name: Remove pre-baked PostgreSQL
+        run:
+          # Existing pre-baked PostgreSQL installation may conflict with the
+          # PostgreSQL installed by our playbook. We better remove it for a
+          # greater good.
+          sudo apt purge 'postgresql-*'
+
+      - name: Create block storage device (volume)
+        run: |
+          VOLUME_DEVICE="$(losetup -f)"
+          VOLUME_IMAGE="${{ runner.temp }}/diskimage"
+
+          dd if=/dev/zero of=$VOLUME_IMAGE bs=1M count=1024
+          sudo losetup $VOLUME_DEVICE $VOLUME_IMAGE
+
+          echo "uri=$VOLUME_DEVICE" >> $GITHUB_OUTPUT
+        id: volume-device
+
+      - name: Add server names to /etc/hosts
+        run: |
+          echo "127.0.0.1 xsnippet.local" | sudo tee -a /etc/hosts
+          echo "127.0.0.1 api.xsnippet.local" | sudo tee -a /etc/hosts
+
+      - name: Run the playbook
+        run: |
+          read -r -d '' extra_vars << 'EOF' || true
+          {
+            "volume_device": "${{ steps.volume-device.outputs.uri }}",
+            "postgres_users": [
+              {
+                "database": "{{ xsnippet_api_user }}",
+                "username": "{{ xsnippet_api_user }}",
+                "backup_schedule": "*-*-* 3:00:00",
+                "backup_restore": "testdata/xsnippet-api_20241003-030004.pgc"
+              }
+            ]
+          }
+          EOF
+
+          ansible-playbook \
+            -vvv \
+            -e "${extra_vars}" \
+            --inventory inventories/ci \
+            site.yml
+
+      - name: Verify that the database backup has been restored correctly
+        run: |
+          test "$(curl http://127.0.0.1:8080/v1/snippets | jq length)" "20"

roles/postgres/meta/main.yml

@@ -28,6 +28,11 @@ argument_specs:
             description: |
               The time of when database backups should be triggered. Uses the systemd calendar event expression syntax (see man 7 systemd.time).
               If not set, backups will not be created.
+          backup_restore:
+            type: str
+            required: false
+            description: |
+              Path to a database backup to be restored.
         default: []
         description: |
           The list of database/username pairs to create.

roles/postgres/tasks/main.yml

@@ -57,6 +57,35 @@
   become: true
   become_user: postgres
 
+- name: Create a temporary backup directory
+  ansible.builtin.tempfile:
+    state: directory
+    suffix: backup
+  register: backup_tmp_dir
+  become: true
+  become_user: postgres
+
+- name: Copy the database backup
+  ansible.builtin.copy:
+    src: "{{ item.backup_restore }}"
+    dest: "{{ [backup_tmp_dir.path, item.backup_restore | basename] | path_join }}"
+    mode: 'u=rw,g=r,o='
+  with_items: "{{ postgres_users }}"
+  when: item.backup_restore is defined and item.backup_restore
+  become: true
+  become_user: postgres
+
+- name: Restore the database backup
+  community.postgresql.postgresql_db:
+    name: "{{ item.database }}"
+    state: "restore"
+    target: "{{ [backup_tmp_dir.path, item.backup_restore | basename] | path_join }}"
+    target_opts: "--single-transaction --exit-on-error"
+  with_items: "{{ postgres_users }}"
+  when: item.backup_restore is defined and item.backup_restore
+  become: true
+  become_user: postgres
+
 - name: Install the script for backup rotation
   ansible.builtin.copy:
     src: 'rotate.py'