PVV-DNS/.gitea/workflows/build-test-deploy.yaml at b351e8603bd171807337e3635e09f0f7ed8e2ebd

Drift/PVV-DNS

Fork 1

Files

Felix Albrigtsen b351e8603b

Build and test / build (push) Successful in 1m23s

Details

Build and test / test (push) Successful in 20s

Details

Build and test / deploy (push) Successful in 22s

Details

Fix missing nuccc.org

2026-02-10 00:18:43 +01:00

167 lines

5.0 KiB

YAML

Raw Blame History

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

 name: Build and test
 run-name: Build ${{ gitea.repository }} @ ${{ gitea.sha }} by ${{ gitea.actor }}
 on:
   push:
     branches:
       - '**'
   pull_request:
     branches:
       - '**'
 jobs:
   build:
     runs-on: debian-latest
     steps:
       - name: Debug output
         run: |
           echo "PVV-DNS build triggered by a ${{ gitea.event_name }} event"
           echo "Building ${{ gitea.repository }} on ref ${{ gitea.ref }}"
       - name: Install sudo
         run: apt-get install --update --assume-yes sudo
       - name: Install nix
         uses: https://github.com/cachix/install-nix-action@v31
         with:
           extra_nix_config: |
             experimental-features = nix-command flakes
       - name: Checkout repository
         uses: actions/checkout@v6
       - name: Build zonefiles
         run: nix build .#zoneFiles
       - name: Build nsd-config
         run: nix build .#nsdConfig
       - name: Build default
         run: nix build --out-link /tmp/result .#
       - name: Upload artifact
         uses: actions/upload-artifact@v3
         with:
           name: build-output
           path: /tmp/result
           if-no-files-found: error
   test:
     runs-on: debian-latest
     needs: build
     steps:
       - name: Download artifact
         uses: actions/download-artifact@v3
         with:
           name: build-output
           path: /tmp/result
       - name: Install nsd
         run: apt-get install --update --assume-yes nsd
       - name: Check configuration file
         run: |
           echo "Checking nsd configuration file"
           nsd-checkconf /tmp/result/etc/nsd/nsd.conf && echo "/tmp/result/etc/nsd/nsd.conf is ok"
       - name: Check zonefiles
         run: |
           declare -a domains=(
             "128-255.210.241.129.in-addr.arpa"
             "210.241.129.in-addr.arpa"
             "9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa"
             "nuccc.org"
             "pvv.no"
             "pvv.ntnu.no"
             "pvv.org"
           )
           for domain in "${domains[@]}"
           do
             echo "Checking domain '$domain'"
             nsd-checkzone "$domain" "/tmp/result/zones/${domain}.zone"
           done
   deploy:
     runs-on: debian-latest
     needs: [build, test]
     if: github.ref == 'refs/heads/main'
     steps:
       - name: Download artifact
         uses: actions/download-artifact@v3
         with:
           name: build-output
           path: /tmp/result
       - name: Install required tools
         run: apt-get install --update --assume-yes dnsutils rsync
       - name: Replace placeholder serial
         run: |
           SERIAL_OLD="$(dig +short "@${{ vars.SSH_HOST }}" SOA pvv.ntnu.no | cut -d" " -f3)"
           if [[ -z "$SERIAL_OLD" || ! "$SERIAL_OLD" =~ ^[0-9]+$ || $SERIAL_OLD -lt 1970010101 || $SERIAL_OLD -gt 3000000000 ]]; then
             echo "Error: SERIAL_OLD='$SERIAL_OLD' does not look reasonable"
             exit 1
           fi
           DATE="$(date "+%Y%m%d")"
           if [[ "$SERIAL_OLD" -lt "${DATE}01" ]]
           then
             SERIAL_NEW="${DATE}01"
           else
             SERIAL_NEW="$((SERIAL_OLD+1))"
           fi
           echo "$SERIAL_NEW" > /tmp/serial_new
           SERIAL_PLACEHOLDER=1970010101
           echo "Replacing existing zone serial $SERIAL_OLD with new serial $SERIAL_NEW"
           find /tmp/result/zones -type f -name "*.zone" -exec sed -i "s/$SERIAL_PLACEHOLDER/$SERIAL_NEW/" {} \;
       - name: Prepare SSH for deployment
         run: |
           mkdir -p ~/.ssh
           chmod 700 ~/.ssh
           echo "${{ vars.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
           echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
           cat <<EOF > ~/.ssh/config
           Host targethost
             User ${{ vars.SSH_USER }}
             Hostname ${{ vars.SSH_HOST }}
             IdentityFile ~/.ssh/deploy_key
             ForwardAgent no
             ForwardX11 no
             PasswordAuthentication no
             StrictHostKeyChecking yes
           EOF
           echo "Configured SSH to ${{ vars.SSH_USER }}@${{ vars.SSH_HOST }}"
       - name: Deploy files to host
         run: |
           echo "Deploying zonefiles"
           rsync --verbose --recursive --delete /tmp/result/zones/ targethost:/var/nsd/zones
           echo "Deploying nsd config"
           rsync --verbose /tmp/result/etc/nsd/nsd.conf targethost:/var/nsd/etc/nsd.conf
           echo "Reloading config file"
           ssh targethost "doas /usr/sbin/nsd-control reconfig"
           echo "Reloading zone files"
           ssh targethost "doas /usr/sbin/nsd-control reload"
       - name: Verifying operation
         run: |
           SERIAL_ACTIVE="$(dig +short "@${{ vars.SSH_HOST }}" SOA pvv.ntnu.no | cut -d" " -f3)"
           if [[ "$(cat /tmp/serial_new)" == "$SERIAL_ACTIVE" ]]
           then
             echo "Update successful, server reports new active serial number '$SERIAL_ACTIVE'"
           else
             echo "Update failed, server reports serial '$SERIAL_ACTIVE' instead of new serial '$(cat /tmp/serial_new)'"
             exit 1
           fi

167 lines 5.0 KiB YAML Raw Blame History Unescape Escape

167 lines

5.0 KiB

YAML

Raw Blame History