generated from solvaholic/template
-
Notifications
You must be signed in to change notification settings - Fork 1
134 lines (123 loc) · 4.41 KB
/
octodns-validate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: octodns-sync
on:
# Run when changes are pushed to any pull request
pull_request_target:
paths:
- '*.yaml'
# Note: Running workflows on pull_request_target can be dangerous!
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# Run when manually triggered
workflow_dispatch:
permissions:
actions: read
checks: write
contents: read
deployments: write
issues: write
packages: read
pull-requests: write
repository-projects: read
security-events: read
statuses: write
defaults:
run:
shell: bash
env:
CONFIG_TO_USE: public.yaml
jobs:
meta:
name: Parse event data into outputs
runs-on: ubuntu-20.04
outputs:
config: ${{ steps.which-config.outputs.config }}
ref: ${{ steps.get-ref.outputs.ref }}
sha: ${{ steps.get-sha.outputs.sha }}
steps:
- name: Checkout ${{ github.repository }}:${{ github.ref }}
uses: actions/checkout@v2
- name: 'which-config: Which config file to run?'
id: which-config
run: |
_config="${{ env.CONFIG_TO_USE }}"
echo "::set-output name=config::${_config}"
- name: 'ref: The Git ref to read config from'
id: get-ref
run: |
case "${{ github.event_name }}" in
"pull_request_target")
_ref=refs/pull/${{ github.event.pull_request.number }}/merge ;;
"issue_comment")
_ref=refs/pull/${{ github.event.issue.number }}/merge ;;
*)
_ref=${{ github.ref }}
esac
echo "::set-output name=ref::${_ref}"
- name: 'sha: A short SHA of the commit to read config from'
id: get-sha
run: |
git fetch origin ${{ steps.get-ref.outputs.ref }}
_sha=$(cut -c 1-8 .git/FETCH_HEAD)
echo "::set-output name=sha::${_sha}"
validate:
name: Validate ${{ needs.meta.outputs.config }}, plan for changes
needs: meta
environment: test
runs-on: ubuntu-20.04
outputs:
plan: ${{ steps.octodns-sync.outputs.plan }}
steps:
- name: Checkout ${{ github.repository }}:${{ github.ref }}
uses: actions/checkout@v2
- name: Checkout config files from ${{ needs.meta.outputs.ref }}
if: ${{ github.ref != needs.meta.outputs.ref }}
run: |
# Fetch ref
_ref=${{ needs.meta.outputs.ref }}
git fetch origin ${_ref}
# List changed config files in ref
if _files="$(git diff --name-only HEAD FETCH_HEAD | \
grep "\.yaml$" | \
grep -v "^.github/")"; then
# Checkout config files from ref
git checkout FETCH_HEAD -- $_files
else
echo "SKIP: No config files changed, in ${_ref}."
fi
- name: Run `octodns-sync` with ${{ needs.meta.outputs.config }}
id: octodns-sync
uses: solvaholic/octodns-sync@main
# TODO: When no changes, skip the rest of this workflow?
with:
config_path: ${{ needs.meta.outputs.config }}
octodns_ref: v0.9.14
env:
AWS_ACCESS_KEY_ID: ${{ secrets.route53_aws_key_id }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.route53_aws_secret_access_key }}
AZURE_APPLICATION_ID: ${{ secrets.azure_application_id }}
AZURE_AUTHENTICATION_KEY: ${{ secrets.azure_authentication_key }}
AZURE_DIRECTORY_ID: ${{ secrets.azure_directory_id }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }}
comment:
name: Add ${{ needs.meta.outputs.config }} plan to PR comment
needs: [meta, validate]
if: ${{ github.event_name == 'pull_request_target' }}
runs-on: ubuntu-20.04
steps:
- name: Find previous comment, if present
uses: peter-evans/find-comment@v1.3.0
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: github-actions[bot]
body-includes: Automatically generated by octodns-sync
- name: Create or update comment
id: prcomment
uses: peter-evans/create-or-update-comment@v1.4.5
with:
issue-number: ${{ github.event.pull_request.number }}
comment-id: ${{ steps.fc.outputs.comment-id }}
body: |
## OctoDNS Plan for `${{ needs.meta.outputs.sha }}`
${{ needs.validate.outputs.plan }}
Automatically generated by octodns-sync
edit-mode: replace