.forgejo/workflows/ci.yaml: WIP, preparing for nsupdate
This commit is contained in:
parent
4a9f1f7f6f
commit
055ae55744
|
@ -4,67 +4,43 @@ on:
|
||||||
- 'main'
|
- 'main'
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
sync:
|
deploy_script:
|
||||||
runs-on: linux_amd64
|
runs-on: linux_amd64
|
||||||
steps:
|
|
||||||
- name: Retrieve and sync files
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
git clone ${{ gitea.server_url }}/${{ gitea.repository }} dns
|
|
||||||
echo "Cloned sucessfully from ${{ gitea.server_url }}/${{ gitea.repository }}"
|
|
||||||
cd dns
|
|
||||||
echo "" > /var/cache/bind/.modified
|
|
||||||
|
|
||||||
if [ -z $(git diff-tree --no-commit-id --name-only -r main | grep zone) ]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
files=$(git diff-tree --no-commit-id --name-only -r main | grep zone)
|
|
||||||
|
|
||||||
for file in $files
|
|
||||||
do
|
|
||||||
domain=$(echo $file | sed "s/.zone//g")
|
|
||||||
/usr/bin/named-checkzone "$domain" "$file" || ( echo "Error on file $file" && continue; )
|
|
||||||
echo "$file" >> /var/cache/bind/.modified
|
|
||||||
rsync "./$file" /var/cache/bind/
|
|
||||||
echo "Move $file to /var/cache/bind"
|
|
||||||
done
|
|
||||||
sudo chown bind:bind /var/cache/bind/*.zone
|
|
||||||
sudo chmod g+rw /var/cache/bind/*.zone
|
|
||||||
echo "Synced sucessfully"
|
|
||||||
|
|
||||||
|
|
||||||
deploiement:
|
|
||||||
runs-on: linux_amd64
|
|
||||||
needs: sync
|
|
||||||
steps:
|
steps:
|
||||||
- name: Reload bind
|
- name: Reload bind
|
||||||
shell: bash
|
shell: bash
|
||||||
|
environment:
|
||||||
|
TSIG_KEY: ${TSIG_KEY} # Clé TSIG stockée dans les secrets CI/CD
|
||||||
|
DNS_SERVER: ${DNS_SERVER} # Adresse du serveur DNS
|
||||||
run: |
|
run: |
|
||||||
sudo systemctl reload bind9.service
|
git diff HEAD^ HEAD > zone_diff.txt
|
||||||
- name: Check bind
|
while IFS= read -r line; do
|
||||||
shell: bash
|
case "$line" in
|
||||||
run: |
|
"--- "*".zone")
|
||||||
echo Recherche de zones déployées
|
CURRENT_ZONE=$(basename "$line" .zone | sed 's/--- //')
|
||||||
cd /var/cache/bind
|
;;
|
||||||
files=$(cat /var/cache/bind/.modified)
|
"+++"*)
|
||||||
|
;;
|
||||||
if [ -z $files ]; then
|
"-"* | "+"*)
|
||||||
echo Aucune zone déployée
|
if [[ $line == -* ]]; then # Enregistrement supprimé
|
||||||
exit 0
|
RECORD=$(echo "$line" | sed 's/^-//')
|
||||||
fi
|
echo - $RECORD
|
||||||
|
# echo nsupdate -k $TSIG_KEY <<EOF
|
||||||
for zone_name in $files; do
|
# server $DNS_SERVER
|
||||||
datetime=$(date --iso-8601=seconds)
|
# zone $CURRENT_ZONE
|
||||||
echo "Vérification de la zone ${zone_name::-5}..."
|
# update delete $RECORD
|
||||||
|
# send
|
||||||
if [[ $zone_name == *":"* ]]; then
|
# EOF
|
||||||
echo On ne sait pas vérifier ce type de zone
|
elif [[ $line == +* ]]; then # Enregistrement ajouté
|
||||||
else
|
RECORD=$(echo "$line" | sed 's/^+//')
|
||||||
echo Dernière minute...
|
echo + $RECORD
|
||||||
sudo grep named /var/log/syslog | grep ${datetime::-10} | grep ${zone_name::-5}
|
# nsupdate -k $TSIG_KEY <<EOF
|
||||||
sudo grep named /var/log/syslog | grep ${datetime::-9} | grep ${zone_name::-5} | grep loaded || exit 1
|
# server $DNS_SERVER
|
||||||
fi
|
# zone $CURRENT_ZONE
|
||||||
done
|
# update add $RECORD
|
||||||
|
# send
|
||||||
echo "Déploiement terminé !"
|
# EOF
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done < zone_diff.txt
|
Loading…
Reference in New Issue