Automatic Backups for Firestore via Github Actions

As of today, Firestore does not support automatic backups, but it DOES support exports via the gcloud CLI or REST API. Although not technically a backup in database jargon, an automatic export is valuable to have for disaster recovery because it can be re-imported to replace lost data.

The following snippet exports all Firestore data automatically every day at midnight using a scheduled Github Action.

Generate a Service Key on GCP

We need a service account to grant Github Actions permission to run the export command via the Google Cloud CLI.

Grant Permissions to the Service Account

Create a service account on GCP Console with the minimum permissions needed to run the export command.

Create a service account that has the Cloud Datastore Import Export Admin & Storage Admin permissions

Create a service account that has the Cloud Datastore Import Export Admin & Storage Admin permissions

Download the it to your local system

Download the it to your local system

Save it as a Secret on Github

We can share this data with Github as a secret environment variable. From your Github repo, go to settings > secrets and add a new secret.

command line
cat path-to-your-service-account.json | base64

Use the command above to convert the JSON service account to a base64 string.

Copy the base64 output as the value of the secret

Copy the base64 output as the value of the secret

Firestore Backup Github Action

Create the Github Action to run the export job on a schedule.

Workflow

The workflow below uses a cron schedule to run the export once per day at midnight. GCP has an official action that handles the setup for gcloud.

file_type_light_yaml .github/workflows/backup.yaml
name: Backup Firestore

on:
  schedule:
    - cron:  '0 0 * * *'

env:
  PROJECT_ID: YOUR-PROJECT
  BUCKET: gs://YOUR-BUCKET
  
jobs:
  backup:
    runs-on: ubuntu-latest
    steps:
    - uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
      with:
        service_account_key: ${{ secrets.GCP_SA_KEY }}
        export_default_credentials: true
    - run: gcloud info
    - run: gcloud config set project $PROJECT_ID
    - run: gcloud firestore export $BUCKET

Deploy

Deploy this workflow by simply committing it to the master branch on github.

command line
git add .
git commit -m "backup my firestore data"
git push origin master

When the schedule event fires, you should see a successful export job similar to the output below. The exported data will be available in your Firebase storage bucket.

Example of successful Firestore export job in Github Actions

Example of successful Firestore export job in Github Actions

Q&A Chat