-
-
Notifications
You must be signed in to change notification settings - Fork 5
110 lines (102 loc) · 3.46 KB
/
e2e.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: Obtain Certificate
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
schedule:
- cron: '37 13 19 * *' # on the 19th of every month at 13:37
jobs:
build:
runs-on: ubuntu-latest
environment: desec-test-account
strategy:
# You can use PyPy versions in python-version.
# For example, pypy2 and pypy3
matrix:
python-version: [
'3.7',
'3.8',
'3.9',
'3.10',
'3.11',
]
certbot-version: [
# TODO at the time of writing, versions earlier than 1.14, including '0.40.0', the latest version for Ubuntu
# 20.04, are broken because ImportError: cannot import name 'IO' from 'acme.magic_typing'
# (venv/lib/python3.8/site-packages/acme/magic_typing.py)
'1.14.0',
'1.32.0',
'2.0.0',
]
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: Install
run: |
sudo apt-get install -y dnsutils
pip3 install .
if [[ $CERTBOT_VERSION != "latest" ]]
then
pip3 install --upgrade certbot~=$CERTBOT_VERSION
pip3 install --upgrade acme~=$CERTBOT_VERSION
fi
env:
CERTBOT_VERSION: ${{ matrix.certbot-version }}
- name: Create domain
shell: bash
run: |
PYTHON=$(echo $PYTHON | sed "s/\./-/g")
CERTBOT=$(echo $CERTBOT | sed "s/\./-/g")
curl -X POST https://desec.io/api/v1/domains/ \
--header "Authorization: Token $TOKEN" \
--header "Content-Type: application/json" --data @- <<< \
"{\"name\": \"certbot-$CERTBOT-python-$PYTHON-$DOMAIN\"}"
sleep 80 # wait for deSEC to propagate changes
env:
DOMAIN: ${{secrets.DESEC_DOMAIN}}
CERTBOT: ${{matrix.certbot-version}}
PYTHON: ${{matrix.python-version}}
TOKEN: ${{secrets.DESEC_TOKEN}}
- name: Setup Credentials
run: 'echo "dns_desec_token = $TOKEN" > desec-secret.ini'
shell: bash
env:
TOKEN: ${{secrets.DESEC_TOKEN}}
- name: Get Cert
run: |
PYTHON=$(echo $PYTHON | sed "s/\./-/g")
CERTBOT=$(echo $CERTBOT | sed "s/\./-/g")
certbot certonly \
--config-dir tmp/certbot/config \
--logs-dir tmp/certbot/logs \
--work-dir tmp/certbot/work \
--authenticator dns-desec \
--email $EMAIL \
--dns-desec-credentials desec-secret.ini \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--dry-run \
-d "certbot-$CERTBOT-python-$PYTHON-$DOMAIN" \
-d "*.certbot-$CERTBOT-python-$PYTHON-$DOMAIN"
shell: bash
env:
DOMAIN: ${{secrets.DESEC_DOMAIN}}
EMAIL: ${{secrets.DESEC_EMAIL}}
CERTBOT: ${{matrix.certbot-version}}
PYTHON: ${{matrix.python-version}}
- name: Query TXT record and show log
if: ${{ failure() }}
run: |
PYTHON=$(echo $PYTHON | sed "s/\./-/g")
CERTBOT=$(echo $CERTBOT | sed "s/\./-/g")
dig @ns1.desec.io TXT _acme-challenge.certbot-$CERTBOT-python-$PYTHON-$DOMAIN
dig @ns2.desec.org TXT _acme-challenge.certbot-$CERTBOT-python-$PYTHON-$DOMAIN
cat tmp/certbot/logs/letsencrypt.log
env:
DOMAIN: ${{secrets.DESEC_DOMAIN}}
CERTBOT: ${{matrix.certbot-version}}
PYTHON: ${{matrix.python-version}}