Automatically delete database backups if automatic restore is successful.

Operational experience with the server has shown that leaving the backup in place is not helpful. The near-automatic choice is to immediately delete it, and the server won't start until it has been deleted. If the backup restore succeeded, then we know the user has a copy of their database, since the sqlite3 online backups API promises to make the target database bitwise-identical to the source database, so there's little chance the user will need a duplicate.

1 files changed, 7 insertions, 1 deletions

diff --git a/src/db/mod.rs b/src/db/mod.rs
index bbaec7d..b9c59ef 100644
--- a/src/db/mod.rs
+++ b/src/db/mod.rs
@@ -28,6 +28,8 @@ pub async fn prepare(url: &str, backup_url: &str) -> Result<SqlitePool, Error> {
     if let Err(migrate_error) = sqlx::migrate!().run(&pool).await {
         if let Err(restore_error) = backup::Backup::from(&backup_pool).to(&pool).backup().await {
             Err(Error::Restore(restore_error, migrate_error))?;
+        } else if let Err(drop_error) = Sqlite::drop_database(backup_url).await {
+            Err(Error::Drop(drop_error, migrate_error))?;
         } else {
             Err(migrate_error)?;
         };
@@ -77,8 +79,12 @@ pub enum Error {
     /// Failure due to a database backup error. See [`backup::Error`].
     #[error(transparent)]
     Backup(#[from] backup::Error),
-    #[error("backing out failed migration also failed: {0} ({1})")]
+    #[error("migration failed: {1}\nrestoring backup failed: {0}")]
     Restore(backup::Error, sqlx::migrate::MigrateError),
+    #[error(
+        "migration failed: {1}\nrestoring from backup succeeded, but deleting backup failed: {0}"
+    )]
+    Drop(sqlx::Error, sqlx::migrate::MigrateError),
     /// Failure due to a database migration error. See
     /// [`sqlx::migrate::MigrateError`].
     #[error(transparent)]