koenrh/dnscontrol-action
1
1
Fork 0
mirror of https://github.com/koenrh/dnscontrol-action.git synced 2025-02-24 23:13:24 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #5 from koenrh/koenrh/add-all-providers

Browse source 
Add all providers
This commit is contained in:
Koen Rouwhorst 2019-01-05 15:38:40 +01:00 committed by GitHub
commit ec8e8a39a2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 218 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

174
README.md
View file

@ -3,32 +3,158 @@
Deploy your DNS configuration using [GitHub Actions](https://github.com/actions) Deploy your DNS configuration using [GitHub Actions](https://github.com/actions)
using [DNSControl](https://github.com/StackExchange/dnscontrol/). using [DNSControl](https://github.com/StackExchange/dnscontrol/).
## Supported providers
Not all [providers](https://stackexchange.github.io/dnscontrol/provider-list) are
supported yet.
- [ ] Active Directory PowerShell
- [ ] BIND
- [x] Cloudflare
- [x] DigitalOcean
- [x] DNSimple
- [ ] Gandi
- [ ] Google Cloud DNS
- [ ] HEXONET
- [x] Linode
- [ ] Name.com
- [ ] Namecheap
- [x] NS1
- [ ] OVH
- [x] Route 53
- [ ] SoftLayer DNS
- [ ] Vultr
## Usage ## Usage
TODO These are the three relevant sub commands to use with this action.
### check
Run the action with the 'check' argument in order to check and validate the `dnscontrol.js`
file. This action does not communicate with the DNS providers, hence does not require
any secrets to be set.
```workflow
action "DNSControl check" {
uses = "koenrh/dnscontrol-action@master"
args = "check"
}
```
### preview
Run the action with the 'preview' argument to check what changes need to be made.
It prints out what DNS records are expected to be created, modified or deleted.
This action requires the secrets for the specified DNS providers.
```workflow
action "DNSControl preview" {
uses = "koenrh/dnscontrol-action@master"
args = "preview"
secrets = ["CLOUDFLARE_API_USER", "CLOUDFLARE_API_KEY"]
}
```
This is the action you probably want to run for each branch so that proposed changes
could be verified before an authorized person merges these changes into `master`.
### push
Run the action with the 'push' arugment to publish the changes to the specified
DNS providers.
Running the action with the 'push' argument will publish the changes with the
specified DNS providers. You should probably only use this command combined with
the GitHub [Filters action](https://github.com/actions/bin/tree/master/filter#filters-for-github-actions)
to make sure that only changes in the `master` branch are deployed to production.
```workflow
action "DNSControl push" {
uses = "koenrh/dnscontrol-action@master"
args = "push"
secrets = ["CLOUDFLARE_API_KEY", "CLOUDFLARE_API_USER"]
}
```
You should probably only use this command combined with the GitHub [Filters action](https://github.com/actions/bin/tree/master/filter#filters-for-github-actions)
to make sure that only changes in the `master` branch are deployed to production.
## Secrets ## Secrets
TODO Depending on the DNS providers that are used, this action requires secrets to be
set.
### Cloudflare
[Documentation](https://stackexchange.github.io/dnscontrol/providers/cloudflare)
- `CLOUDFLARE_API_USER`
- `CLOUDFLARE_API_KEY`
- `CLOUDFLARE_ACCOUNT_ID` (optional)
- `CLOUDFLARE_ACCOUNT_NAME` (optional)
### DigitalOcean
[Documentation](https://stackexchange.github.io/dnscontrol/providers/digitalocean)
- `DIGITALOCEAN_OAUTH_TOKEN`
### DNSimple
[Documentation](https://stackexchange.github.io/dnscontrol/providers/dnsimple)
- `DNSIMPLE_ACCOUNT_ACCESS_TOKEN`
### Gandi
[Documentation](https://stackexchange.github.io/dnscontrol/providers/gandi)
- `GANDI_API_KEY`
### Google CLOUD DNS
[Documentation](https://stackexchange.github.io/dnscontrol/providers/gcloud)
- `GOOGLE_CLOUD_PROJECT_ID`
- `GOOGLE_CLOUD_PRIVATE_KEY_ID`
- `GOOGLE_CLOUD_PRIVATE_KEY`
- `GOOGLE_CLOUD_CLIENT_EMAIL`
- `GOOGLE_CLOUD_CLIENT_ID`
- `GOOGLE_CLOUD_CLIENT_X509_CERT_URL`
### Linode
[Documentation](https://stackexchange.github.io/dnscontrol/providers/linode)
- `LINODE_ACCESS_TOKEN`
### Name.com
[Documentation](https://stackexchange.github.io/dnscontrol/providers/name.com)
- `NAME_COM_API_USER`
- `NAME_COM_API_KEY`
- `NAME_COM_API_URL` (optional)
### Namecheap
[Documentation](https://stackexchange.github.io/dnscontrol/providers/namecheap)
- `NAMECHEAP_API_USER`
- `NAMECHEAP_API_KEY`
- `NAMECHEAP_BASE_URL` (optional)
### NS1
[Documentation](https://stackexchange.github.io/dnscontrol/providers/ns1)
- `NSONE_API_KEY`
### OVH
[Documentation](https://stackexchange.github.io/dnscontrol/providers/ovh)
- `OVH_APP_KEY`
- `OVH_APP_SECRET_KEY`
- `OVH_CONSUMER_KEY`
### Amazon Route 53
[Documentation](https://stackexchange.github.io/dnscontrol/providers/route53)
- `AWS_ACCESS_KEY_ID`
- `AWS_SECRET_ACCESS_KEY`
- `AWS_SESSION_TOKEN` (optional)
### SoftLayer
[Documentation](https://stackexchange.github.io/dnscontrol/providers/softlayer)
- `SOFTLAYER_USERNAME`
- `SOFTLAYER_API_KEY`
### Vultr
[Documentation](https://stackexchange.github.io/dnscontrol/providers/vultr)
- `VULTR_TOKEN`

69
entrypoint.sh
View file

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -eo pipefail
# NOTE: DNSControl requires a credentials file on disk. See: https://git.io/fhIb3 # NOTE: DNSControl requires a credentials file on disk. See: https://git.io/fhIb3
echo "{}" > creds.json echo "{}" > creds.json
@ -16,6 +16,12 @@ then
add_key ".cloudflare.apiuser" "\$CLOUDFLARE_API_USER" add_key ".cloudflare.apiuser" "\$CLOUDFLARE_API_USER"
add_key ".cloudflare.apikey" "\$CLOUDFLARE_API_KEY" add_key ".cloudflare.apikey" "\$CLOUDFLARE_API_KEY"
if [[ -n "$CLOUDFLARE_ACCOUNT_ID" && -n "$CLOUDFLARE_ACCOUNT_NAME" ]]
then
add_key ".cloudflare.accountid" "\$CLOUDFLARE_ACCOUNT_ID"
add_key ".cloudflare.accountname" "\$CLOUDFLARE_ACCOUNT_NAME"
fi
elif [[ -n "$DIGITALOCEAN_OAUTH_TOKEN" ]] elif [[ -n "$DIGITALOCEAN_OAUTH_TOKEN" ]]
then then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/digitalocean # NOTE: https://stackexchange.github.io/dnscontrol/providers/digitalocean
@ -26,16 +32,66 @@ then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/dnsimple # NOTE: https://stackexchange.github.io/dnscontrol/providers/dnsimple
add_key ".dnsimple.token" "\$DNSIMPLE_ACCOUNT_ACCESS_TOKEN" add_key ".dnsimple.token" "\$DNSIMPLE_ACCOUNT_ACCESS_TOKEN"
elif [[ -n "$GANDI_API_KEY" ]]
then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/gandi
add_key ".gandi.apikey" "\$GANDI_API_KEY"
elif [[ -n "$GOOGLE_CLOUD_PROJECT_ID" && -n "$GOOGLE_CLOUD_PRIVATE_KEY_ID"
&& -n "$GOOGLE_CLOUD_PRIVATE_KEY" && -n "$GOOGLE_CLOUD_CLIENT_EMAIL"
&& -n "$GOOGLE_CLOUD_CLIENT_ID" && -n "$GOOGLE_CLOUD_CLIENT_X509_CERT_URL" ]]
then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/gcloud
add_key ".gcloud.type" "service_account"
add_key "gcloud.project_id": "\$GOOGLE_CLOUD_PROJECT_ID",
add_key "gcloud.private_key_id": "\$GOOGLE_CLOUD_PRIVATE_KEY_ID",
add_key "gcloud.private_key": "\$GOOGLE_CLOUD_PRIVATE_KEY",
add_key "gcloud.client_email": "\$GOOGLE_CLOUD_CLIENT_EMAIL",
add_key "gcloud.client_id": "\$GOOGLE_CLOUD_CLIENT_ID",
add_key "gcloud.auth_uri": "https://accounts.google.com/o/oauth2/auth",
add_key "gcloud.token_uri": "https://accounts.google.com/o/oauth2/token",
add_key "gcloud.auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
add_key "gcloud.client_x509_cert_url": "\$GOOGLE_CLOUD_CLIENT_X509_CERT_URL"
elif [[ -n "$LINODE_ACCESS_TOKEN" ]] elif [[ -n "$LINODE_ACCESS_TOKEN" ]]
then then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/linode # NOTE: https://stackexchange.github.io/dnscontrol/providers/linode
add_key ".linode.token" "\$LINODE_ACCESS_TOKEN" add_key ".linode.token" "\$LINODE_ACCESS_TOKEN"
elif [[ -n "$NAME_COM_API_USER" && -n "$NAME_COM_API_KEY" ]]
then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/name.com<Paste>
add_key ".[\"name.com\"].apiuser" "\$NAME_COM_API_USER"
add_key ".[\"name.com\"].apikey" "\$NAME_COM_API_KEY"
if [[ -n "$NAME_COM_API_URL" ]]
then
add_key ".[\"name.com\"].apiurl" "\$NAME_COM_API_URL"
fi
elif [[ -n "$NAMECHEAP_API_USER" && -n "$NAMECHEAP_API_KEY" ]]
then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/namecheap
add_key ".namecheap.apiuser" "\$NAMECHEAP_API_USER"
add_key ".namecheap.apikey" "\$NAMECHEAP_API_KEY"
if [[ -n "$NAMECHEAP_BASE_URL" ]]
then
add_key ".namecheap.BaseURL" "\$NAMECHEAP_BASE_URL"
fi
elif [[ -n "$NSONE_API_KEY" ]] elif [[ -n "$NSONE_API_KEY" ]]
then then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/ns1 # NOTE: https://stackexchange.github.io/dnscontrol/providers/ns1
add_key ".ns1.api_token" "\$NSONE_API_KEY" add_key ".ns1.api_token" "\$NSONE_API_KEY"
elif [[ -n "$OVH_APP_KEY" && -n "$OVH_APP_SECRET_KEY" && -n "$OVH_CONSUMER_KEY" ]]
then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/ovh
add_key ".ovh.app-key" "\$OVH_APP_KEY"
add_key ".ovh.app-seret-key" "\$OVH_APP_SECRET_KEY"
add_key ".ovh.consumer-key" "\$OVH_CONSUMER_KEY"
elif [[ -n "$AWS_ACCESS_KEY_ID" && -n "$AWS_SECRET_ACCESS_KEY" ]] elif [[ -n "$AWS_ACCESS_KEY_ID" && -n "$AWS_SECRET_ACCESS_KEY" ]]
then then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/route53 # NOTE: https://stackexchange.github.io/dnscontrol/providers/route53
@ -46,6 +102,17 @@ then
then then
add_key ".r53.Token" "\$AWS_SESSION_TOKEN" add_key ".r53.Token" "\$AWS_SESSION_TOKEN"
fi fi
elif [[ -n "$SOFTLAYER_USERNAME" && -n "$SOFTLAYER_API_KEY" ]]
then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/softlayer
add_key ".softlayer.username" "\$SOFTLAYER_USERNAME"
add_key ".softlayer.api_key" "\$SOFTLAYER_API_KEY"
elif [[ -n "$VULTR_TOKEN" ]]
then
# NOTE: https://stackexchange.github.io/dnscontrol/providers/vultr
add_key ".vultr.token" "\$VULTR_TOKEN"
fi fi
sh -c "dnscontrol $*" sh -c "dnscontrol $*"