.forgejo/workflows/ci.yaml: WIP, preparing for nsupdate

This commit is contained in:
Adrien Bourmault 2024-08-20 15:16:28 +02:00
parent 4a9f1f7f6f
commit 055ae55744
Signed by: neox
GPG Key ID: 57BC26A3687116F6
1 changed files with 35 additions and 59 deletions

View File

@ -4,67 +4,43 @@ on:
- 'main' - 'main'
jobs: jobs:
sync: deploy_script:
runs-on: linux_amd64 runs-on: linux_amd64
steps:
- name: Retrieve and sync files
shell: bash
run: |
git clone ${{ gitea.server_url }}/${{ gitea.repository }} dns
echo "Cloned sucessfully from ${{ gitea.server_url }}/${{ gitea.repository }}"
cd dns
echo "" > /var/cache/bind/.modified
if [ -z $(git diff-tree --no-commit-id --name-only -r main | grep zone) ]; then
exit 0
fi
files=$(git diff-tree --no-commit-id --name-only -r main | grep zone)
for file in $files
do
domain=$(echo $file | sed "s/.zone//g")
/usr/bin/named-checkzone "$domain" "$file" || ( echo "Error on file $file" && continue; )
echo "$file" >> /var/cache/bind/.modified
rsync "./$file" /var/cache/bind/
echo "Move $file to /var/cache/bind"
done
sudo chown bind:bind /var/cache/bind/*.zone
sudo chmod g+rw /var/cache/bind/*.zone
echo "Synced sucessfully"
deploiement:
runs-on: linux_amd64
needs: sync
steps: steps:
- name: Reload bind - name: Reload bind
shell: bash shell: bash
environment:
TSIG_KEY: ${TSIG_KEY} # Clé TSIG stockée dans les secrets CI/CD
DNS_SERVER: ${DNS_SERVER} # Adresse du serveur DNS
run: | run: |
sudo systemctl reload bind9.service git diff HEAD^ HEAD > zone_diff.txt
- name: Check bind while IFS= read -r line; do
shell: bash case "$line" in
run: | "--- "*".zone")
echo Recherche de zones déployées CURRENT_ZONE=$(basename "$line" .zone | sed 's/--- //')
cd /var/cache/bind ;;
files=$(cat /var/cache/bind/.modified) "+++"*)
;;
if [ -z $files ]; then "-"* | "+"*)
echo Aucune zone déployée if [[ $line == -* ]]; then # Enregistrement supprimé
exit 0 RECORD=$(echo "$line" | sed 's/^-//')
echo - $RECORD
# echo nsupdate -k $TSIG_KEY <<EOF
# server $DNS_SERVER
# zone $CURRENT_ZONE
# update delete $RECORD
# send
# EOF
elif [[ $line == +* ]]; then # Enregistrement ajouté
RECORD=$(echo "$line" | sed 's/^+//')
echo + $RECORD
# nsupdate -k $TSIG_KEY <<EOF
# server $DNS_SERVER
# zone $CURRENT_ZONE
# update add $RECORD
# send
# EOF
fi fi
;;
for zone_name in $files; do esac
datetime=$(date --iso-8601=seconds) done < zone_diff.txt
echo "Vérification de la zone ${zone_name::-5}..."
if [[ $zone_name == *":"* ]]; then
echo On ne sait pas vérifier ce type de zone
else
echo Dernière minute...
sudo grep named /var/log/syslog | grep ${datetime::-10} | grep ${zone_name::-5}
sudo grep named /var/log/syslog | grep ${datetime::-9} | grep ${zone_name::-5} | grep loaded || exit 1
fi
done
echo "Déploiement terminé !"