Skip to content

Global Cheese Positioning System #55

Global Cheese Positioning System

Global Cheese Positioning System #55

Workflow file for this run

---
name: Global Cheese Positioning System
on:
push:
pull_request:
schedule:
- cron: "17 * * * *"
env:
# Arguments for checks should be set here and are public
NAMELIST: "gsa-0.gitlab-dedicated.us"
CERTLIST: "gsa-0.gitlab-dedicated.us"
# DNSSECLIST: ""
jobs:
runchecks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Make temporary results dir
run: mkdir -p temp
- name: Setup Python 3
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
### START CHECKS
- name: Lookup DNS records
run: bin/namecheck.py ${NAMELIST} > temp/namecheck.json
#- name: Lookup DNSSEC Records
# run: bin/dnsseccheck.py ${DNSSECLIST} > temp/dnsseccheck.json
- name: Gather TLS certificate chains
run: bin/certcheck.py ${CERTLIST} > temp/certcheck.json
### END CHECKS
- name: Store current results
uses: actions/upload-artifact@v4
with:
name: cheeserun-results-${{github.run_id}}
path: temp/
compare:
needs: runchecks
runs-on: ubuntu-latest
env:
CHANGED: 0
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- name: Restore Latest Results
uses: actions/download-artifact@v4
with:
name: cheeserun-results-${{github.run_id}}
path: temp/
- name: Overwrite saved results
run: |
rm -rf results/*
cp -r temp/* results/
git add -A results
- name: Compare results
run: git diff --exit-code --staged results/ >> temp/changeset.diff || echo "CHANGED=1" >> $GITHUB_ENV
- name: Commit and Push Changes
if: env.CHANGED == 1
uses: actions-x/commit@v6
- name: Output Change Report
id: changeset
if: env.CHANGED == 1
run: |
cat temp/changeset.diff
echo "COMMITID=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Send alert to Slack on changes
# Requires a GitHub environment secret for SLACK_WEBHOOK_URL which should target a Workflow in Slack.
# See https://github.com/marketplace/actions/slack-send#technique-1-slack-workflow-builder
if: env.CHANGED == 1 && github.ref == 'refs/heads/main'
uses: slackapi/slack-github-action@v1
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
payload: |
{
"message": "The cheese has moved! For the change see https://github.com/${{ github.repository }}/commit/${{ env.COMMITID }}"
}