db-backup is docker container with a simple backup script for backing up all postgreSQL databases in the kubernetes cluster to a bucket.
- Service account with project viewer role
- JSON key created for the service account
- k8s secret with JSON key mounted into the container
The github action builds and pushes the docker image and then updates the navikt/nais-yaml repository.
The image is signed "keylessly" using Sigstore cosign. To verify its authenticity run
cosign verify \
--certificate-identity "https://github.com/nais/db-backup/.github/workflows/main.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/nais/db-backup/db-backup@sha256:<shasum>
The images are also attested with SBOMs in the CycloneDX format. You can verify these by running
cosign verify-attestation --type cyclonedx \
--certificate-identity "https://github.com/nais/db-backup/.github/workflows/main.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/nais/db-backup/db-backup@sha256:<shasum>