Initial commit

Author: JamesHemery

.gitignore

@@ -0,0 +1,3 @@
+node_modules
+.serverless
+serverless.yml

README.md

@@ -0,0 +1,21 @@
+# github-backup-aws
+
+🛟 Easily backup all your Github repositories to AWS S3
+
+Use AWS S3 and a scheduled Lambda.
+
+## Usage
+
+1. Copy `.serverless.example` and rename it `.serverless` and fill the config variables.
+
+2. Install [Serverless Framework](https://github.com/serverless/serverless)
+```
+npm install -g serverless
+```
+
+3Deploy to AWS
+```
+serverless deploy
+```
+
+4. Enjoy 🥳

handler.js

@@ -0,0 +1,55 @@
+'use strict';
+
+import { Octokit } from 'octokit';
+import { simpleGit } from 'simple-git';
+import tar from 'tar'
+import fs from 'fs';
+import AWS from 'aws-sdk';
+import rmfr from 'rmfr';
+
+export const backup = async (event, context, callback) => {
+    const directory = `/tmp/${Date.now()}`;
+
+    try {
+        const octokit = new Octokit({
+            auth: process.env.GH_TOKEN
+        });
+
+        const res = await octokit.request('GET /orgs/{org}/repos{?type,sort,direction,per_page,page}', {
+            org: process.env.GH_ORGANIZATION,
+            type: process.env.GH_VISIBILITY
+        });
+
+        fs.mkdirSync(`/${directory}/repositories`, { recursive: true });
+
+        await Promise.all(res.data.map((item) => simpleGit().clone(
+            `https://${process.env.GH_TOKEN}@github.com/${item.full_name}`,
+            `/${directory}/repositories/${item.name}`,
+            ['--bare']
+        )));
+
+        const filename = [
+            (new Date()).toISOString().slice(0, 10),
+            Date.now()
+        ].join('-') + '.tgz';
+
+        await tar.create(
+            {gzip: true, file: `/${directory}/${filename}`},
+            [`/${directory}/repositories`]
+        );
+
+        const S3 = new AWS.S3({ region: process.env.REGION });
+
+        await S3.upload({
+            Bucket: process.env.BUCKET,
+            Body: fs.createReadStream(`/${directory}/${filename}`),
+            Key: filename
+        }).promise();
+
+        if (process.env.SUCCESS_PING_URL !== undefined && process.env.SUCCESS_PING_URL.trim().length > 0) {
+            await fetch(process.env.SUCCESS_PING_URL);
+        }
+    } finally {
+        await rmfr(directory);
+    }
+};

package.json

@@ -0,0 +1,14 @@
+{
+  "name": "github-backup-aws",
+  "type": "module",
+  "repository": "https://github.com/YieldStudio/github-backup-aws.git",
+  "author": "James Hemery <[email protected]>",
+  "license": "MIT",
+  "dependencies": {
+    "aws-sdk": "^2.1299.0",
+    "octokit": "^2.0.13",
+    "rmfr": "^2.0.0",
+    "simple-git": "^3.16.0",
+    "tar": "^6.1.13"
+  }
+}

serverless.example

@@ -0,0 +1,62 @@
+service: github-backup-aws
+
+frameworkVersion: '3'
+
+custom:
+  bucket: "" # AWS Bucket name
+  expirationInDays: 90 # Delay in days before delete old backups
+  ghToken: "" # Github Personal Access Token (classic token, with repo and read:org scopes).
+  ghOrganization: "" # Organization name
+  ghVisibility: "all" # private, public or all
+  region: eu-west-3 # AWS Region
+  successPingUrl: "" # URL to ping after backup
+
+provider:
+  name: aws
+  runtime: nodejs18.x
+  region: ${self:custom.region}
+  iam:
+    role:
+      statements:
+        - Effect: Allow
+          Action:
+            - 's3:PutObject'
+          Resource:
+            - arn:aws:s3:::${self:custom.bucket}/*
+
+functions:
+  githubBackup:
+    handler: handler.backup
+    timeout: 300
+    environment:
+      REGION: ${self:custom.region}
+      BUCKET: ${self:custom.bucket}
+      GH_TOKEN: ${self:custom.ghToken}
+      GH_ORGANIZATION: ${self:custom.ghOrganization}
+      GH_VISIBILITY: ${self:custom.ghVisibility}
+      SUCCESS_PING_URL: ${self:custom.successPingUrl}
+    ephemeralStorageSize: 2048
+    events:
+      - schedule: cron(0 2 * * ? *)
+    layers:
+      - arn:aws:lambda:eu-west-3:553035198032:layer:git-lambda2:8
+
+resources:
+  Resources:
+    Bucket:
+      Type: AWS::S3::Bucket
+      Properties:
+        BucketName: ${self:custom.bucket}
+        OwnershipControls:
+          Rules:
+            - ObjectOwnership: BucketOwnerEnforced
+        PublicAccessBlockConfiguration:
+          BlockPublicAcls: true
+          BlockPublicPolicy: true
+          IgnorePublicAcls: true
+          RestrictPublicBuckets: true
+        LifecycleConfiguration:
+          Rules:
+            - Id: RemoveOlderBackup
+              Status: Enabled
+              ExpirationInDays: ${self:custom.expirationInDays}