PVV-DNS/.gitea/workflows/build-test-deploy.yaml at 460cf1cd71c875178925b89d0fd06d5a473bfc93

Drift/PVV-DNS

Fork 1

Files

Felix Albrigtsen 460cf1cd71

Build and test / build (push) Successful in 1m14s

Details

Build and test / test (push) Successful in 20s

Details

Build and test / deploy (push) Failing after 21s

Details

Add serial generation. Add deploy action

2026-02-07 22:44:30 +01:00

158 lines

4.5 KiB

YAML

Raw Blame History

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

 name: Build and test
 run-name: Build ${{ gitea.repository }} @ ${{ gitea.sha }} by ${{ gitea.actor }}
 on:
   push:
     branches:
       - '**'
   pull_request:
     branches:
       - '**'
 jobs:
   build:
     runs-on: debian-latest
     steps:
       - name: Debug output
         run: |
           echo "PVV-DNS build triggered by a ${{ gitea.event_name }} event"
           echo "Building ${{ gitea.repository }} on ref ${{ gitea.ref }}"
       - name: Install sudo
         run: apt-get install --update --assume-yes sudo
       - name: Install nix
         uses: https://github.com/cachix/install-nix-action@v31
         with:
           extra_nix_config: |
             experimental-features = nix-command flakes
       - name: Checkout repository
         uses: actions/checkout@v6
       - name: Build zonefiles
         run: nix build .#zoneFiles
       - name: Build nsd-config
         run: nix build .#nsdConfig
       - name: Build default
         run: nix build --out-link /tmp/result .#
       - name: Upload artifact
         uses: actions/upload-artifact@v3
         with:
           name: build-output
           path: /tmp/result
           if-no-files-found: error
   test:
     runs-on: debian-latest
     needs: build
     steps:
       - name: Download artifact
         uses: actions/download-artifact@v3
         with:
           name: build-output
           path: /tmp/result
       - name: Install nsd
         run: apt-get install --update --assume-yes nsd
       - name: Check configuration file
         run: |
           echo "Checking nsd configuration file"
           nsd-checkconf /tmp/result/etc/nsd/nsd.conf && echo "/tmp/result/etc/nsd/nsd.conf is ok"
       - name: Check zonefiles
         run: |
           declare -a domains=(
             "128-255.210.241.129.in-addr.arpa"
             "210.241.129.in-addr.arpa"
             "9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa"
             "nucc.org"
             "pvv.no"
             "pvv.ntnu.no"
             "pvv.org"
           )
           for domain in "${domains[@]}"
           do
             echo "Checking domain '$domain'"
             nsd-checkzone "$domain" "/tmp/result/zones/${domain}.zone"
           done
   deploy:
     runs-on: debian-latest
     needs: [build, test]
     if: github.ref == 'refs/heads/main'
     steps:
       - name: Download artifact
         uses: actions/download-artifact@v3
         with:
           name: build-output
           path: /tmp/result
       - name: Install required tools
         run: apt-get install --update --assume-yes dnsutils rsync
       - name: Replace placeholder serial
         run: |
           SERIAL_OLD="$(dig +short SOA pvv.ntnu.no | cut -d" " -f3)"
           if [[ -z "$SERIAL_OLD" || ! "$SERIAL_OLD" =~ ^[0-9]+$ || $SERIAL_OLD -lt 1970010101 || $SERIAL_OLD -gt 3000000000 ]]; then
             echo "Error: SERIAL_OLD='$SERIAL_OLD' does not look reasonable"
             exit 1
           fi
           DATE="$(date "+%Y%m%d")"
           if [[ "$SERIAL_OLD" == "$DATE*" ]]
           then
             SERIAL_NEW="$((SERIAL+1))"
           else
             SERIAL_NEW="${DATE}01"
           fi
           SERIAL_PLACEHOLDER=1970010101
           echo "Replacing existing zone serial $SERIAL_OLD with new serial $SERIAL_NEW"
           find /tmp/result/zones -type f -name "*.zone" -exec sed -i "s/$SERIAL_PLACEHOLDER/$SERIAL_NEW/" {} \;
       - name: Prepare SSH for deployment
         run: |
           mkdir -p ~/.ssh
           chmod 700 ~/.ssh
           echo "${{ vars.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
           echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
           cat <<EOF > ~/.ssh/config
           Host targethost
             User ${{ vars.SSH_USER }}
             Hostname ${{ vars.SSH_HOST }}
             IdentityFile ~/.ssh/deploy_key
             ForwardAgent no
             ForwardX11 no
             PasswordAuthentication no
             StrictHostKeyChecking yes
           EOF
           echo "Configured SSH to ${{ vars.SSH_USER }}@${{ vars.SSH_HOST }}"
       - name: Deploy files to host
         run: |
           echo "Deploying zonefiles"
           rsync -avz --delete /tmp/result/zones/ targethost:/var/nsd/zones
           echo "Deploying nsd config"
           rsync -avz /tmp/result/etc/nsd/nsd.conf targethost:/var/nsd/etc/nsd/nsd.conf
           echo "Reloading config file"
           ssh targethost "doas /usr/sbin/nsd-control reconfig"
           echo "Reloading zone files"
           ssh targethost "doas /usr/sbin/nsd-control reload"
       - name: Verifying operation
         run: dig "@${{ vars.SSH_HOST }}" SOA pvv.ntnu.no

158 lines 4.5 KiB YAML Raw Blame History Unescape Escape

158 lines

4.5 KiB

YAML

Raw Blame History