From c5c063661f787bf2ce550c8dc075f571f89257fa Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 13:25:13 -0700 Subject: [PATCH 01/16] init base files --- .github/CODEOWNERS | 1 + .gitignore | 1 + production.yaml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ requirements.txt | 2 ++ 4 files changed, 50 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .gitignore create mode 100644 production.yaml create mode 100644 requirements.txt diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..9310936 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @GrantBirki diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3fec32c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +tmp/ diff --git a/production.yaml b/production.yaml new file mode 100644 index 0000000..3fd98d2 --- /dev/null +++ b/production.yaml @@ -0,0 +1,46 @@ +--- +providers: + config: + class: octodns.provider.yaml.YamlProvider + directory: ./config + default_ttl: 3600 + enforce_order: True + + cloudflare: + class: octodns_cloudflare.CloudflareProvider + # Required permissions for API Tokens are Zone:Read, DNS:Read and DNS:Edit. + # Page Rules:Edit is required for managing Page Rules (URLFWD) records. + token: env/CLOUDFLARE_TOKEN + # Optional. Filter by account ID in environments where a token has access + # across more than the permitted number of accounts allowed by Cloudflare. + account_id: env/CLOUDFLARE_ACCOUNT_ID + # Manage Page Rules (URLFWD) records + pagerules: false # disabled for now by me + # Optional. Default: 4. Number of times to retry if a 429 response + # is received. + retry_count: 10 + # Optional. Default: 300. Number of seconds to wait before retrying. + retry_period: 300 + # Optional. Default: 50. Number of zones per page. + zones_per_page: 50 + # Optional. Default: 100. Number of dns records per page. + records_per_page: 100 + # Optional. Default: 120. Lowest TTL allowed to be set. + # A different limit for (non-)enterprise zone applies. + # See: https://developers.cloudflare.com/dns/manage-dns-records/reference/ttl + min_ttl: 120 + +manager: + plan_outputs: + html: + class: octodns.provider.plan.PlanHtml + +zones: + # This is a dynamic zone config. The source(s), here `config`, will be + # queried for a list of zone names and each will dynamically be set up to + # match the dynamic entry. + "*": + sources: + - config + targets: + - cloudflare diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..be0c638 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +octodns==1.5.1 +octodns-cloudflare==0.0.4 From a384b6b74d5c981bdd5c3e7d09987d8a33308e84 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 13:42:12 -0700 Subject: [PATCH 02/16] add base config for testing --- config/ghtrending.io.yaml | 44 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 config/ghtrending.io.yaml diff --git a/config/ghtrending.io.yaml b/config/ghtrending.io.yaml new file mode 100644 index 0000000..9ffa7a7 --- /dev/null +++ b/config/ghtrending.io.yaml @@ -0,0 +1,44 @@ +--- +? '' +: - octodns: + cloudflare: + proxied: true + auto-ttl: true + type: CNAME + value: ghtrending.pages.dev + - octodns: + cloudflare: + proxied: false + auto-ttl: true + type: MX + values: + - exchange: route3.mx.cloudflare.net + preference: 5 + - exchange: route2.mx.cloudflare.net + preference: 82 + - exchange: route1.mx.cloudflare.net + preference: 95 + - octodns: + cloudflare: + proxied: false + auto-ttl: true + type: TXT + values: + - v=spf1 include:_spf.mx.cloudflare.net ~all + - google-site-verification=MDJ0aMnhpJc7hbCnUs8z0jbizoNXorxW7Q13FenzOpU + +ingest: + octodns: + cloudflare: + proxied: false + auto-ttl: true + type: A + value: 20.172.212.22 + +data: + octodns: + cloudflare: + proxied: true + auto-ttl: true + type: CNAME + value: data.ghtrending.io.s3-website-us-east-1.amazonaws.com From e84d2ea87d828e9f2b915ff450a4f56eaba61002 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 13:42:17 -0700 Subject: [PATCH 03/16] add validate workflow --- .github/workflows/json-yaml-validate.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/json-yaml-validate.yml diff --git a/.github/workflows/json-yaml-validate.yml b/.github/workflows/json-yaml-validate.yml new file mode 100644 index 0000000..b883ed4 --- /dev/null +++ b/.github/workflows/json-yaml-validate.yml @@ -0,0 +1,23 @@ +name: json-yaml-validate +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +permissions: + contents: read + pull-requests: write # enable write permissions for pull request comments + +jobs: + json-yaml-validate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: json-yaml-validate + id: json-yaml-validate + uses: GrantBirki/json-yaml-validate@v2 + with: + comment: "true" # enable comment mode From 22823c51cda75e68df1739b631d19cdcfbb8b44e Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 14:01:56 -0700 Subject: [PATCH 04/16] dont enforce order --- production.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/production.yaml b/production.yaml index 3fd98d2..ad66b4e 100644 --- a/production.yaml +++ b/production.yaml @@ -4,7 +4,7 @@ providers: class: octodns.provider.yaml.YamlProvider directory: ./config default_ttl: 3600 - enforce_order: True + enforce_order: false cloudflare: class: octodns_cloudflare.CloudflareProvider From 35d467c33d94c2a95f0993c85cf65361ec1a955c Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 14:02:43 -0700 Subject: [PATCH 05/16] add trailing `.` --- config/ghtrending.io.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/config/ghtrending.io.yaml b/config/ghtrending.io.yaml index 9ffa7a7..ee3e5ef 100644 --- a/config/ghtrending.io.yaml +++ b/config/ghtrending.io.yaml @@ -5,18 +5,18 @@ proxied: true auto-ttl: true type: CNAME - value: ghtrending.pages.dev + value: ghtrending.pages.dev. - octodns: cloudflare: proxied: false auto-ttl: true type: MX values: - - exchange: route3.mx.cloudflare.net + - exchange: route3.mx.cloudflare.net. preference: 5 - - exchange: route2.mx.cloudflare.net + - exchange: route2.mx.cloudflare.net. preference: 82 - - exchange: route1.mx.cloudflare.net + - exchange: route1.mx.cloudflare.net. preference: 95 - octodns: cloudflare: @@ -41,4 +41,4 @@ data: proxied: true auto-ttl: true type: CNAME - value: data.ghtrending.io.s3-website-us-east-1.amazonaws.com + value: data.ghtrending.io.s3-website-us-east-1.amazonaws.com. From affb738a7592f3bb86e3386ae8411626b7e53168 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 14:06:38 -0700 Subject: [PATCH 06/16] try with alias --- config/ghtrending.io.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/ghtrending.io.yaml b/config/ghtrending.io.yaml index ee3e5ef..acc2a86 100644 --- a/config/ghtrending.io.yaml +++ b/config/ghtrending.io.yaml @@ -4,7 +4,7 @@ cloudflare: proxied: true auto-ttl: true - type: CNAME + type: ALIAS value: ghtrending.pages.dev. - octodns: cloudflare: From 408ff9ce410c0054afea6e4ea19f14e593b5fe92 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 14:08:11 -0700 Subject: [PATCH 07/16] add permissions --- .github/workflows/noop.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/noop.yml b/.github/workflows/noop.yml index 74baeaa..ad6cdce 100644 --- a/.github/workflows/noop.yml +++ b/.github/workflows/noop.yml @@ -4,6 +4,10 @@ on: pull_request: workflow_dispatch: +permissions: + contents: read + pull-requests: write # enable write permissions for pull request comments + jobs: noop: name: noop From 41ebc45d08e954dc5da07dbaa70dce07f1ea4db8 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 14:09:28 -0700 Subject: [PATCH 08/16] test --- config/ghtrending.io.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/ghtrending.io.yaml b/config/ghtrending.io.yaml index acc2a86..9d5eee6 100644 --- a/config/ghtrending.io.yaml +++ b/config/ghtrending.io.yaml @@ -26,6 +26,7 @@ values: - v=spf1 include:_spf.mx.cloudflare.net ~all - google-site-verification=MDJ0aMnhpJc7hbCnUs8z0jbizoNXorxW7Q13FenzOpU + - test ingest: octodns: From 59ff1432fe491ab2a63084b2fa454393ecdaa321 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 14:09:39 -0700 Subject: [PATCH 09/16] revert test --- config/ghtrending.io.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/config/ghtrending.io.yaml b/config/ghtrending.io.yaml index 9d5eee6..acc2a86 100644 --- a/config/ghtrending.io.yaml +++ b/config/ghtrending.io.yaml @@ -26,7 +26,6 @@ values: - v=spf1 include:_spf.mx.cloudflare.net ~all - google-site-verification=MDJ0aMnhpJc7hbCnUs8z0jbizoNXorxW7Q13FenzOpU - - test ingest: octodns: From 351e17bc4fa02a9dd448b3363686c6778132f0cf Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 14:12:31 -0700 Subject: [PATCH 10/16] re-order --- config/ghtrending.io.yaml | 46 ++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/config/ghtrending.io.yaml b/config/ghtrending.io.yaml index acc2a86..f90c7f5 100644 --- a/config/ghtrending.io.yaml +++ b/config/ghtrending.io.yaml @@ -1,16 +1,13 @@ --- ? '' -: - octodns: - cloudflare: - proxied: true - auto-ttl: true - type: ALIAS +: - type: ALIAS value: ghtrending.pages.dev. - - octodns: + octodns: cloudflare: - proxied: false + proxied: true auto-ttl: true - type: MX + + - type: MX values: - exchange: route3.mx.cloudflare.net. preference: 5 @@ -18,27 +15,32 @@ preference: 82 - exchange: route1.mx.cloudflare.net. preference: 95 - - octodns: + octodns: cloudflare: proxied: false auto-ttl: true - type: TXT + + - type: TXT values: - v=spf1 include:_spf.mx.cloudflare.net ~all - google-site-verification=MDJ0aMnhpJc7hbCnUs8z0jbizoNXorxW7Q13FenzOpU + octodns: + cloudflare: + proxied: false + auto-ttl: true ingest: - octodns: - cloudflare: - proxied: false - auto-ttl: true - type: A - value: 20.172.212.22 + - type: A + value: 20.172.212.22 + octodns: + cloudflare: + proxied: false + auto-ttl: true data: - octodns: - cloudflare: - proxied: true - auto-ttl: true - type: CNAME - value: data.ghtrending.io.s3-website-us-east-1.amazonaws.com. + - type: CNAME + value: data.ghtrending.io.s3-website-us-east-1.amazonaws.com. + octodns: + cloudflare: + proxied: true + auto-ttl: true From c9023167a0f79810964e10d8f28de9ba8c17123c Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 14:51:23 -0700 Subject: [PATCH 11/16] add unlock on merge workflow --- .github/workflows/unlock-on-merge.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/unlock-on-merge.yml diff --git a/.github/workflows/unlock-on-merge.yml b/.github/workflows/unlock-on-merge.yml new file mode 100644 index 0000000..1b8e2ab --- /dev/null +++ b/.github/workflows/unlock-on-merge.yml @@ -0,0 +1,21 @@ +name: Unlock On Merge + +on: + pull_request: + types: [closed] + +permissions: + contents: write + +jobs: + unlock-on-merge: + runs-on: ubuntu-latest + if: github.event.pull_request.merged == true + + steps: + - name: unlock on merge + uses: github/branch-deploy@v9 + id: unlock-on-merge + with: + unlock_on_merge_mode: "true" # <-- indicates that this is the "Unlock on Merge Mode" workflow + environment_targets: production From d49af153b89bb5c161ae09a8e49d1a8d57830830 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 15:50:28 -0700 Subject: [PATCH 12/16] test --- config/ghtrending.io.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/ghtrending.io.yaml b/config/ghtrending.io.yaml index f90c7f5..e8845c5 100644 --- a/config/ghtrending.io.yaml +++ b/config/ghtrending.io.yaml @@ -24,6 +24,7 @@ values: - v=spf1 include:_spf.mx.cloudflare.net ~all - google-site-verification=MDJ0aMnhpJc7hbCnUs8z0jbizoNXorxW7Q13FenzOpU + - test octodns: cloudflare: proxied: false From e7c0809e5328aaf885cdac80640d394802c5680b Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 15:53:34 -0700 Subject: [PATCH 13/16] fmt --- config/ghtrending.io.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/ghtrending.io.yaml b/config/ghtrending.io.yaml index e8845c5..33e7e88 100644 --- a/config/ghtrending.io.yaml +++ b/config/ghtrending.io.yaml @@ -1,6 +1,6 @@ --- -? '' -: - type: ALIAS +"": + - type: ALIAS value: ghtrending.pages.dev. octodns: cloudflare: @@ -19,7 +19,7 @@ cloudflare: proxied: false auto-ttl: true - + - type: TXT values: - v=spf1 include:_spf.mx.cloudflare.net ~all From c09509b8c13c1b76b039c6dfd56f8980aedc4e1d Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 15:56:28 -0700 Subject: [PATCH 14/16] remove test record --- config/ghtrending.io.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/config/ghtrending.io.yaml b/config/ghtrending.io.yaml index 33e7e88..ead33ef 100644 --- a/config/ghtrending.io.yaml +++ b/config/ghtrending.io.yaml @@ -24,7 +24,6 @@ values: - v=spf1 include:_spf.mx.cloudflare.net ~all - google-site-verification=MDJ0aMnhpJc7hbCnUs8z0jbizoNXorxW7Q13FenzOpU - - test octodns: cloudflare: proxied: false From 5d078ce45f791228612ad705789a4561a8819fd6 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 15:59:27 -0700 Subject: [PATCH 15/16] add deploy workflow --- .github/workflows/deploy.yml | 51 ++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..7c48312 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,51 @@ +name: deploy + +on: + push: + branches: + - main + +permissions: + contents: read + +jobs: + deployment-check: + runs-on: ubuntu-latest + outputs: # set outputs for use in downstream jobs + continue: ${{ steps.deployment-check.outputs.continue }} + + steps: + # https://github.com/github/branch-deploy/blob/d3c24bd92505e623615b75ffdfac5ed5259adbdb/docs/merge-commit-strategy.md + - name: deployment check + uses: github/branch-deploy@v9 + id: deployment-check + with: + merge_deploy_mode: "true" + environment: production + + deploy: + if: ${{ needs.deployment-check.outputs.continue == 'true' && github.event_name == 'push' }} + needs: deployment-check + environment: production + runs-on: ubuntu-latest + + steps: + - name: checkout + uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: '3.10' + cache: 'pip' + + - name: install requirements + run: pip install -r requirements.txt + + - uses: grantbirki/octodns-action@v1 + id: octodns + with: + config_path: production.yaml + doit: '--doit' + env: + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} + CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }} From 57e2b420bd7ca82d263dc758c658def6d94e925a Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Sat, 9 Mar 2024 16:00:53 -0700 Subject: [PATCH 16/16] add new pr workflow --- .github/new-pr-comment.md | 12 ++++++++++++ .github/workflows/new-pr.yml | 24 ++++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 .github/new-pr-comment.md create mode 100644 .github/workflows/new-pr.yml diff --git a/.github/new-pr-comment.md b/.github/new-pr-comment.md new file mode 100644 index 0000000..0179d46 --- /dev/null +++ b/.github/new-pr-comment.md @@ -0,0 +1,12 @@ +### ๐Ÿ‘‹ Thanks for opening a pull request! + +Here is a trimmed down summary of the deployment process: + +1. ๐Ÿงช Run a noop deployment with `.noop` as a comment on this PR +1. ๐Ÿ‘€ Observe the CI and `noop` output on this pull request to ensure it is passing and doing what it is supposed to do +1. โœ”๏ธ Obtain an approval/review on this pull request +1. ๐Ÿš€ Branch deploy your pull request to production with `.deploy` + + > If anything goes wrong, rollback with `.deploy main` + +1. ๐ŸŽ‰ Merge! diff --git a/.github/workflows/new-pr.yml b/.github/workflows/new-pr.yml new file mode 100644 index 0000000..2af5436 --- /dev/null +++ b/.github/workflows/new-pr.yml @@ -0,0 +1,24 @@ +name: new pull request + +on: + pull_request: + branches: + - main + +permissions: + pull-requests: write + contents: read + +jobs: + new-pr: + if: github.event_name == 'pull_request' && github.event.action == 'opened' + runs-on: ubuntu-latest + + steps: + # Comment on new PR requests with deployment instructions + - uses: actions/checkout@v4 + - name: comment + uses: GrantBirki/comment@v2 + continue-on-error: true + with: + file: .github/new-pr-comment.md