forked from forgejo/next-instance
Forgejo Action to manage v*.next.forgejo.org Forgejo instances
- Shell 100%
| Filename | Latest commit message | Latest commit date |
|---|---|---|
Earl Warren
03211d7ab2
Reviewed-on: forgejo/next-instance#17 Co-authored-by: Earl Warren <contact@earl-warren.org> Co-committed-by: Earl Warren <contact@earl-warren.org> |
||
| .forgejo/workflows | ||
| .editorconfig | ||
| .gitignore | ||
| action.yml | ||
| LICENSE | ||
| next-instance.sh | ||
| README.md | ||
next-instance
Description
An Action to manage v*.next.forgejo.org Forgejo instances
Inputs
| parameter | description | required | default |
|---|---|---|---|
| forgejo-host | hostname of the Forgejo instance (e.g. code.forgejo.org) | true |
|
| forgejo-repository | repository of the k8s configuration (e.g. infrastructure/k8s-cluster) | true |
|
| forgejo-token | token with repository and issues write permissions on {forgejo-host} repositories | true |
|
| ovh-domain | domain under which the v*.next subdomains exist (e.g. forgejo.org) | true |
|
| ovh-client-id | service account client id (see README.md for how to get it) | true |
|
| ovh-client-secret | service account client secret (see README.md for how to get it) | true |
|
| today | todays date as YYYY-MM-DD | false |
today |
| dry-run | set to echo to display commands instead of carrying them out | false |
false |
| verbose | increase the verbosity level | false |
false |
Outputs
| parameter | description |
|---|---|
| success | true if v*.next instances are up to date, false otherwise |
| explain | human readable description of what was done |
| dns-added | the whitespace separated list of major for which a v*.next DNS entry was created (e.g '7 9') |
| added | the whitespace separated list of major for which an instance was created (e.g '7 9') |
| archived | the whitespace separated list of major for which an instance was archived (e.g '7 9') |
ovh-client-id and ovh-client-secret
The purpose is to manage the DNS records via the OVH API.
- https://eu.api.ovh.com/console/?section=%2Fme&branch=v1#post-/me/api/oauth2/client
- Authenticate
- Fill the example with
{ "callbackUrls": [], "description": "To allow order", "flow": "CLIENT_CREDENTIALS", "name": "oauth-order-user" } - Click
Execute{ "clientId": "1324", "clientSecret": "456" } clientIdis the value for theovh-client-idinputclientSecretis the value for theovh-client-secretinput- https://eu.api.ovh.com/console/?section=%2Fme&branch=v1#get-/me/api/oauth2/client/-clientId-
- Set
clientIdto the aboveclientId - Click
Execute{ "clientId": "1324", "createdAt": "2024-12-21T12:52:02.217Z", "name": "oauth-order-user", "description": "To allow order", "callbackUrls": [], "flow": "CLIENT_CREDENTIALS", "identity": "urn:v1:eu:identity:credential:co195585-ovh/oauth2-1324" } - https://eu.api.ovh.com/console/?section=%2Fiam&branch=v2#post-/iam/policy
- Fill the example to create a policy re-using the
identityabove (e.g.urn:v1:eu:identity:credential:co195585-ovh/oauth2-1324){ "description": "Delegate DNS zone management next-instance service account", "identities": [ "urn:v1:eu:identity:credential:co195585-ovh/oauth2-1324" ], "name": "next-instance-dns-delegation", "permissions": { "allow": [ { "action": "dnsZone:apiovh:get" }, { "action": "dnsZone:apiovh:record/*" } ], "except": [ { "action": "dnsZone:apiovh:record/delete" } ] }, "resources": [ { "urn": "urn:v1:eu:resource:dnsZone:forgejo.org" } ] } - https://www.ovh.com/manager/#/iam/dashboard/policies to verify and modify the policy. It is more convenient to use the web interface to do that. Associating the service account with a newly created policy is however not possible using the web interface.
Update the README from action.yml
Using action-docs:
# Edit the action.yml file and run:
action-docs --update-readme