Restore

At present, Forgejo doesn’t provide a restore command (such as forgejo restore).
Based on Giteas restore docs, one can restore a Forgejo instance as such:

Acquiring backup

The basis of a restore is a tar archive generated by forgejo dump, though it needs to be downloaded first.
The following script mounts a properly configured restic client pod in the forgejo instance namespace through which the backup gets downloaded:

NAMESPACE=<forgejo-namespace>

# First, take note of the ID of a snapshot whose backup needs to be restored
kubectl -n $NAMESPACE get snapshot
SNAPSHOT_ID=<SNAPSHOT_ID>

echo "Preparing backup download..."
YAML=$(kubectl -n $NAMESPACE get schedule forgejo-schedule -o yaml | yq .spec.backend)
ENDPOINT=$(echo "$YAML" | yq .s3.endpoint -r)
BUCKET_NAME=$(echo "$YAML" | yq .s3.bucket -r)
BUCKET_CREDS_SECRET=$(echo "$YAML" | yq .s3.accessKeyIDSecretRef.name -r)
REPO_CREDS_SECRET=$(echo "$YAML" | yq .repoPasswordSecretRef.name -r)

RESTIC_REPOSITORY="s3:$ENDPOINT/$BUCKET_NAME"
RESTIC_PASSWORD=$(kubectl -n $NAMESPACE get secret $REPO_CREDS_SECRET -o yaml | yq .data.password -r | base64 -d)
AWS_ACCESS_KEY_ID=$(kubectl -n $NAMESPACE get secret $BUCKET_CREDS_SECRET -o yaml | yq .data.AWS_ACCESS_KEY_ID -r | base64 -d)
AWS_SECRET_ACCESS_KEY=$(kubectl -n $NAMESPACE get secret $BUCKET_CREDS_SECRET -o yaml | yq .data.AWS_SECRET_ACCESS_KEY -r | base64 -d)

echo "Downloading backup..."
kubectl -n $NAMESPACE run restic-client \
    --image restic/restic:latest \
    --env "RESTIC_REPOSITORY=$RESTIC_REPOSITORY" \
    --env "RESTIC_PASSWORD=$RESTIC_PASSWORD" \
    --env "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" \
    --env "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" \
    --command -- /bin/sh -c "restic restore $SNAPSHOT_ID --target /var/tmp/restore; sleep 5m"
kubectl -n $NAMESPACE wait --for=condition=ready pod/restic-client --timeout=60s

sleep 5
BACKUP_FILE=/var/tmp/restore/$(kubectl -n $NAMESPACE get snapshot $SNAPSHOT_ID -o jsonpath='{.spec.paths[0]}' | sed 's/\///')
kubectl -n $NAMESPACE cp restic-client:$BACKUP_FILE ./backup.tar
kubectl -n $NAMESPACE delete po restic-client --force

Restoring forgejo dump

Once the backup tar has been acquired, it’s time to restore its contents.

This will cause downtime as the instance needs to be scaled down briefly.

DEPLOY=$(kubectl -n $NAMESPACE get deploy -l app=forgejo -o name)
kubectl -n $NAMESPACE scale $DEPLOY --replicas=0

POD_NAME=restore
cat <<EOF | kubectl -n $NAMESPACE apply -f-
apiVersion: v1
kind: Pod
metadata:
  name: $POD_NAME
spec:
  containers:
    - name: restore
      image: busybox
      command: ["sleep", "5m"]
      volumeMounts:
        - name: gitlab-storage
          mountPath: /opt
  volumes:
    - name: gitlab-storage
      persistentVolumeClaim:
        claimName: gitea-shared-storage
EOF
kubectl -n $NAMESPACE wait --for=condition=ready pod/$POD_NAME --timeout=60s

kubectl -n $NAMESPACE cp ./backup.tar $POD_NAME:/tmp/backup.tar
kubectl -n $NAMESPACE exec $POD_NAME -- /bin/sh -c 'O_GID=$(stat -c %g /opt); mkdir -p /tmp/restore; tar -xvpf /tmp/backup.tar -C /tmp/restore && cp -rf /tmp/restore/data/* /opt && chown -R $O_GID:$O_GID /opt'
kubectl -n $NAMESPACE delete pod/$POD_NAME --force

kubectl -n $NAMESPACE scale $DEPLOY --replicas=1