koenrh / dnscontrol-action Goto Github PK

View Code? Open in Web Editor NEW

79.0 8.0 38.0 107 KB

Deploy your DNS configuration using GitHub Actions using DNSControl.

License: ISC License

Dockerfile 46.73% Shell 53.27%

github-action dns

dnscontrol-action's Introduction

DNSControl Action

Deploy your DNS configuration using GitHub Actions using DNSControl.

Usage

These are the three relevant sub commands to use with this action.

check

Run the action with the 'check' argument in order to check and validate the dnsconfig.js file. This action does not communicate with the DNS providers, hence does not require any secrets to be set.

name: Check

on: pull_request

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - name: DNSControl check
        uses: koenrh/dnscontrol-action@v3
        with:
          args: check

          # Optionally, if your DNSConfig files are in a non-default location,
          # you could specify the paths to the config and credentials file.
          config_file: 'dns/dnsconfig.js'

preview

Run the action with the 'preview' argument to check what changes need to be made. It prints out what DNS records are expected to be created, modified or deleted. This action requires the secrets for the specified DNS providers.

name: Preview

on: pull_request

jobs:
  preview:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: DNSControl preview
        uses: koenrh/dnscontrol-action@v3
        id: dnscontrol_preview
        env:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
        with:
          args: preview

          # Optionally, if your DNSConfig files are in a non-default location,
          # you could specify the paths to the config and credentials file.
          config_file: 'dns/dnscontrol.js'
          creds_file: 'dns/creds.json'

This is the action you probably want to run for each branch so that proposed changes could be verified before an authorized person merges these changes into the default branch.

Pull request comment

Optionally, you could configure your GitHub Action so that the output of the 'preview' command is published as a comment to the pull request for the branch containing the changes. This saves you several clicks through the menus to get to the output logs for the preview job.

 ******************** Domain: example.com
----- Getting nameservers from: cloudflare
----- DNS Provider: cloudflare...6 corrections
#1: CREATE record: @ TXT 1 v=spf1 include:_spf.google.com -all
#2: CREATE record: @ MX 1 1  aspmx.l.google.com.
#3: CREATE record: @ MX 1 5  alt1.aspmx.l.google.com.
#4: CREATE record: @ MX 1 5  alt2.aspmx.l.google.com.
#5: CREATE record: @ MX 1 10  alt3.aspmx.l.google.com.
#6: CREATE record: @ MX 1 10  alt4.aspmx.l.google.com.
----- Registrar: none...0 corrections
Done. 6 corrections.

Provided that your GitHub Action job for 'preview' has an id dnscontrol_preview, you could use the following snippet to enable pull request comments using Unsplash's comment-on-pr GitHub Action.

- name: Preview pull request comment
  uses: unsplash/[email protected]
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  with:
    msg: |
      ```
      ${{ steps.dnscontrol_preview.outputs.preview_comment }}
      ```
    check_for_duplicate_msg: true

push

Run the action with the 'push' argument to publish the changes to the specified DNS providers.

Running the action with the 'push' argument will publish the changes with the specified DNS providers. The example workflow depicted below contains a filtering pattern so that it only runs on the default branch.

name: Push

on:
  push:
    branches:
      - main

jobs:
  push:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: DNSControl push
        uses: koenrh/dnscontrol-action@v3
        env:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
        with:
          args: push

          # Optionally, if your DNSConfig files are in a non-default location,
          # you could specify the paths to the config and credentials file.
          config_file: 'dns/dnsconfig.js'
          creds_file: 'dns/creds.json'

Credentials

Depending on the DNS providers that are used, this action requires credentials to be set. These secrets can be configured through a file named creds.json. You should not add secrets as plaintext to this file, but use GitHub Actions encrypted secrets instead. These encrypted secrets are exposed at runtime as environment variables. See the DNSControl Service Providers documentation for details.

To follow the Cloudflare example, add an encrypted secret named CLOUDFLARE_API_TOKEN and then define the creds.json file as follows.

{
  "cloudflare":{
    "TYPE": "CLOUDFLAREAPI",
    "apitoken": "$CLOUDFLARE_API_TOKEN"
  }
}

Dependabot

Dependabot is a GitHub service that helps developers to automate dependency maintenance and keep dependencies updated to the latest versions. It has native support for GitHub Actions, which means you can use it in your GitHub repository to keep the DNSConrol Acion up-to-date.

To enable Dependabot in your GitHub repository, add a .github/dependabot.yml file with the following contents:

version: 2
updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"

dnscontrol-action's People

Contributors

Stargazers

Watchers

dnscontrol-action's Issues

executing /github/workspace/dnsconfig.js: A record name argument validation failed

ESLint config example

I'm currently trying to use your example GitHub actions flows and the ESLint is failing (because of "no ESLint config file being found").
Do you have an example on how to get ESLint running in a new repo that is used for dnscontrol?

So far from researching it seems that I would need to use npm to create a package.json in the repo that "points" to the correct folder.

The `set-output` command is deprecated and will be disabled soon.

Everything is working fine, but I'm getting the following warning:

The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Add Dependabot to keep the base image up-to-date

See Dependabot for Docker

Allow usage with native environment variable support

Hey, it was awesome to see this action exists.

I am not sure if you are aware, but dnscontrol supports environment variables natively in creds.json. It will already replace anything that looks like $SOME_VAR if it finds a matching env var.

Here is an example of how I set it up. For local dev I just have a .env file that I gitignore, and for CI I put the vars into secrets. I can check in the "template" creds.json, but still inject the values at runtime.

I could see this somewhat simplifying this action not needing to manage all possible env vars explicitly. But also breaking backward compatibility, since your current version will nuke anything in creds.json and people may be depending on how you set it up.

I've done that in my fork and it seems to work well.

Thoughts?

Document how to get this action to publish the output of the 'preview' command as a PR comment

See: #26

My specific usecase was that I want my own GitHub action to comment the diff of dnscontrol preview on the PR, instead of having to dig down into the "Checks" tab after every push. I'm open to other names than "output", but I wanted to keep it nice and generic, as "diff" wouldn't be suitable for commands like dnscontrol push or check.

Something along the lines of:

- name: Comment diff on PR
  uses: unsplash/comment-on-pr@master
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  with:
    msg: |
      ```
      ${{ steps.preview.outputs.output }}
      ```
    check_for_duplicate_msg: true

Missing v3 tag/branch or docs need update

The docs example for the action is koenrh/dnscontrol-action@v3 but the v3 tag/branch is missing

Fix docs to use full version e.g.: koenrh/[email protected]

dnscontrol-action v 3.31.4 outputs out-of-date warning about using -diff2

I am running dnscontrol-preview with v 3.31.4:

      - name: DNSControl preview
        uses: koenrh/[email protected]
        id: dnscontrol_preview

Running this, I get the following output:

"[INFO: Old diff algorithm in use. Please test dnscontrol --diff2 preview (or push) as it will be the default in releases after 2023-05-07."

diff2 has already been released to the DNSControl and has been a part of DNSControl by default (without specifying diff2) since May 2023.

In fact, when I run DNSControl (locally) with --diff2, I get this warning instead:

" [WARNING: Please remove obsolete --diff2 flag. This will be an error in v5 or later. See https://github.com/StackExchange/dnscontrol/issues/2262]"

I am using DNSControl 4.11

Should dnscontrol-action be updated to a more recent version?

Diactritics on Preview

Hello,

I am seeing unknown diacrtitics when it posts the preview text as GitHub comment. Any ideas on how to fix that?

******************** Domain: domain
1 correction
#1: 
�[31m- DELETE CNAME webhooks.domain domain. ttl=300�[0m

******************** Domain: domain2
1 correction
#1: 
�[31m- DELETE CNAME webhooks.domain domain. ttl=300�[0m

Update to DNSControl v3.15.0?

HI!

Thank you for your work.
An update to v3.15.0 would be great :)

Thanks!

Add instructions on keeping the DNSControl Action up to date with GitHub Dependabot

Update the README to add instructions on keeping the DNSControl Action up to date with GitHub Dependabot.

Keeping your actions up to date with GitHub Dependabot

Link to this on dnscontrol?

Hey this GHA is really neat!

Would you like to link to it from the DNSControl README or other docs?

Source for upstream container?

The ghcr.io/koenrh/dnscontrol:v3.13.0@sha256:2e0ff54e609f418d285b776f3bbceee35b73eac8637731395e1a001ad7c38898 upstream container used by the Dockerfile doesn't seem to have any public github repo or build chain.

It would be great to have one.

I have created https://github.com/Firefishy/dnscontrol-docker as an initial start (including github actions)

Filter the "Pull request comment" output

If you have many domains, the comment posted to the PR is very long. I've found it better if the GHA log shows all the output, but what gets posted as a comment is filtered heavily.

We use this script immediately after the echo "$OUTPUT" line.

(this is from memory)

OUTPUT=$(echo "$OUTPUT" | bin/filter-preview.sh)

Here's the filter-preview.sh script:

$ cat bin/filter-preview.sh
#!/bin/bash

grep -v -e '\.\.\.0 corrections$' |\
  grep -v -e '\.\.\. (skipping)' |\
  grep -v -e '----- Getting nameservers from:'

The multiple grep's can probably be combined
It probably doesn't need to be a separate script, but it is easier to debug that way. It also permits me to use the script on the command line when I'm making changes outside of GHA.

Update GitHub Actions workflow examples in README to new YAML syntax

https://help.github.com/en/articles/migrating-github-actions-from-hcl-syntax-to-yaml-syntax

Add tests for Bash scripts

See Bats

Update to 3.13.0

Hello,

We have a problem with a provider's TXT too long entries and we seen that the last dnscontrol release 3.13.0 corrected it. Is it possible to update your container ? Could we help you to do this ?

Best regards

Add GitHub Actions Job Summaries

https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/

filter-preview-output.sh no longer needed

filter-preview-output.sh is no longer needed.

As of StackExchange/dnscontrol#2203 the default output is filtered similar to how filter-preview-output.sh filters output. The --full flag gets the old format. As of now, I can't imagine filter-preview-output.sh is finding anything to filter.