Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workflows improvements #1

Open
fabriziosalmi opened this issue Dec 6, 2024 · 0 comments
Open

Workflows improvements #1

fabriziosalmi opened this issue Dec 6, 2024 · 0 comments
Assignees
@fabriziosalmi
Labels
enhancement New feature or request

Comments

@fabriziosalmi
Copy link
Owner

fabriziosalmi commented Dec 6, 2024
edited
Loading

update.yml

name: Update DNS Configuration

on:
  push:
    branches:
      - main
    paths:
      - 'dnsconfig.js'
      - '.github/workflows/dns.yml'  # Include workflow file changes
  workflow_dispatch:
    inputs:
      environment:
        description: 'Environment to deploy to'
        required: true
        default: 'production'
        type: choice
        options:
          - production
          - staging

permissions:
  contents: read  # Minimal required permissions

env:
  DNSCONTROL_VERSION: '3.33.0'  # Pin to specific version for stability

jobs:
  preview:
    name: Preview DNS Changes
    runs-on: ubuntu-latest
    timeout-minutes: 10  # Add timeout for safety

    steps:
      - name: Checkout code
        uses: actions/checkout@v4  # Update to latest version
        with:
          fetch-depth: 1  # Shallow clone for efficiency

      - name: Cache dnscontrol
        id: cache-dnscontrol
        uses: actions/cache@v3
        with:
          path: dnscontrol
          key: ${{ runner.os }}-dnscontrol-${{ env.DNSCONTROL_VERSION }}
          restore-keys: |
            ${{ runner.os }}-dnscontrol-

      - name: Install dnscontrol
        if: steps.cache-dnscontrol.outputs.cache-hit != 'true'
        run: |
          wget -q https://github.com/StackExchange/dnscontrol/releases/download/v${{ env.DNSCONTROL_VERSION }}/dnscontrol-Linux -O dnscontrol
          chmod +x dnscontrol
          ./dnscontrol version  # Verify installation

      - name: Preview DNS changes
        id: preview
        run: |
          ./dnscontrol check  # Validate configuration
          ./dnscontrol preview
        continue-on-error: false

  push:
    name: Push DNS Changes
    runs-on: ubuntu-latest
    needs: preview
    environment: ${{ github.event.inputs.environment || 'production' }}
    timeout-minutes: 15
    
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: false  # Don't cancel existing DNS updates
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - name: Cache dnscontrol
        id: cache-dnscontrol
        uses: actions/cache@v3
        with:
          path: dnscontrol
          key: ${{ runner.os }}-dnscontrol-${{ env.DNSCONTROL_VERSION }}
          restore-keys: |
            ${{ runner.os }}-dnscontrol-

      - name: Install dnscontrol
        if: steps.cache-dnscontrol.outputs.cache-hit != 'true'
        run: |
          wget -q https://github.com/StackExchange/dnscontrol/releases/download/v${{ env.DNSCONTROL_VERSION }}/dnscontrol-Linux -O dnscontrol
          chmod +x dnscontrol
          ./dnscontrol version

      - name: Push DNS changes
        if: github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main'
        run: |
          echo "Pushing DNS changes to ${{ github.event.inputs.environment || 'production' }}"
          ./dnscontrol push

rollback-latest.yml

name: Rollback DNS Configuration

on:
  workflow_dispatch:
    inputs:
      commit_hash:
        description: 'Commit hash to rollback to (leave empty for last commit)'
        required: false
        type: string
      confirm_rollback:
        description: 'Type "CONFIRM" to proceed with rollback'
        required: true
        type: string
      notify:
        description: 'Send notification after rollback'
        required: false
        type: boolean
        default: true

permissions:
  contents: write  # Needed for git push
  pull-requests: write  # Optional: if you want to create rollback PRs

env:
  DNSCONTROL_VERSION: '3.33.0'  # Pin to specific version
  GIT_AUTHOR_NAME: 'GitHub Actions'
  GIT_AUTHOR_EMAIL: '[email protected]'
  GIT_COMMITTER_NAME: 'GitHub Actions'
  GIT_COMMITTER_EMAIL: '[email protected]'

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - name: Check confirmation
        if: inputs.confirm_rollback != 'CONFIRM'
        run: |
          echo "Error: Please confirm the rollback by setting confirm_rollback to 'CONFIRM'"
          exit 1

  rollback:
    needs: validate
    runs-on: ubuntu-latest
    timeout-minutes: 15
    
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: false  # Don't cancel ongoing rollbacks
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Full history needed for rollback
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Setup Git Config
        run: |
          git config user.name "${{ env.GIT_AUTHOR_NAME }}"
          git config user.email "${{ env.GIT_AUTHOR_EMAIL }}"

      - name: Backup current configuration
        run: |
          cp dnsconfig.js dnsconfig.js.backup
          git log -n 5 --pretty=format:"%H %s" > dns_changes.log
          echo "Last 5 DNS changes:"
          cat dns_changes.log

      - name: Perform rollback
        id: rollback
        run: |
          if [ -n "${{ inputs.commit_hash }}" ]; then
            echo "Rolling back to specific commit: ${{ inputs.commit_hash }}"
            git checkout ${{ inputs.commit_hash }} dnsconfig.js
          else
            echo "Rolling back to previous commit"
            git checkout HEAD~1 dnsconfig.js
          fi
          
          # Create a branch for the rollback
          BRANCH_NAME="dns-rollback-$(date +%Y%m%d-%H%M%S)"
          git checkout -b $BRANCH_NAME
          
          # Stage and commit
          git add dnsconfig.js
          git commit -m "🔄 Rollback DNS configuration
          
          Rolled back by: @${{ github.actor }}
          Previous config backed up"
          
          # Push changes
          git push origin $BRANCH_NAME
          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT

      - name: Cache dnscontrol
        id: cache-dnscontrol
        uses: actions/cache@v3
        with:
          path: dnscontrol
          key: ${{ runner.os }}-dnscontrol-${{ env.DNSCONTROL_VERSION }}
          restore-keys: |
            ${{ runner.os }}-dnscontrol-

      - name: Install dnscontrol
        if: steps.cache-dnscontrol.outputs.cache-hit != 'true'
        run: |
          wget -q https://github.com/StackExchange/dnscontrol/releases/download/v${{ env.DNSCONTROL_VERSION }}/dnscontrol-Linux -O dnscontrol
          chmod +x dnscontrol
          ./dnscontrol version

      - name: Preview DNS changes
        run: ./dnscontrol preview

      - name: Push DNS changes
        run: |
          echo "Applying DNS rollback..."
          ./dnscontrol push

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v5
        with:
          title: '🔄 DNS Configuration Rollback'
          body: |
            This PR contains DNS configuration rollback changes.
            
            * Initiated by: @${{ github.actor }}
            * Rollback branch: ${{ steps.rollback.outputs.branch_name }}
            * Previous configuration backed up
            
            Please review the changes carefully before merging.
          branch: ${{ steps.rollback.outputs.branch_name }}
          base: main
          labels: dns, rollback
          draft: false

      - name: Send Notification
        if: inputs.notify == true
        uses: appleboy/telegram-action@master
        with:
          to: ${{ secrets.TELEGRAM_TO }}
          token: ${{ secrets.TELEGRAM_TOKEN }}
          message: |
            🔄 DNS Rollback Executed
            
            Status: ${{ job.status }}
            Executed by: @${{ github.actor }}
            Branch: ${{ steps.rollback.outputs.branch_name }}
            
            Please check the changes in the created PR.

      - name: Upload backup
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: dns-backup
          path: |
            dnsconfig.js.backup
            dns_changes.log
          retention-days: 30

  verify:
    needs: rollback
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Verify DNS propagation
        run: |
          echo "Waiting for DNS propagation..."
          sleep 300  # Wait 5 minutes
          # Add your DNS verification commands here
          # For example: dig, host, or custom health checks

      - name: Create Incident Record
        if: always()
        run: |
          echo "Creating incident record..."
          echo "Rollback executed at $(date -u) by ${{ github.actor }}" >> rollback_history.txt
          echo "Status: ${{ job.status }}" >> rollback_history.txt
@fabriziosalmi fabriziosalmi added the enhancement New feature or request label Dec 6, 2024
@fabriziosalmi fabriziosalmi self-assigned this Dec 6, 2024
@fabriziosalmi fabriziosalmi changed the title Workflow improvement proposal Workflows improvement proposal Dec 6, 2024
@fabriziosalmi fabriziosalmi changed the title Workflows improvement proposal Workflows improvements Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fabriziosalmi fabriziosalmi

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fabriziosalmi