Global Cheese Positioning System #189
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Global Cheese Positioning System | |
on: | |
push: | |
pull_request: | |
schedule: | |
- cron: "17 * * * *" | |
env: | |
# Arguments for checks should be set here and are public | |
NAMELIST: "gsa-0.gitlab-dedicated.us" | |
CERTLIST: "gsa-0.gitlab-dedicated.us" | |
# DNSSECLIST: "" | |
jobs: | |
runchecks: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Make temporary results dir | |
run: mkdir -p temp | |
- name: Setup Python 3 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.12 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
### START CHECKS | |
- name: Lookup DNS records | |
run: bin/namecheck.py ${NAMELIST} > temp/namecheck.json | |
#- name: Lookup DNSSEC Records | |
# run: bin/dnsseccheck.py ${DNSSECLIST} > temp/dnsseccheck.json | |
- name: Gather TLS certificate chains | |
run: bin/certcheck.py ${CERTLIST} > temp/certcheck.json | |
### END CHECKS | |
- name: Store current results | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cheeserun-results-${{github.run_id}} | |
path: temp/ | |
compare: | |
needs: runchecks | |
runs-on: ubuntu-latest | |
env: | |
CHANGED: 0 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.head_ref }} | |
- name: Restore Latest Results | |
uses: actions/download-artifact@v4 | |
with: | |
name: cheeserun-results-${{github.run_id}} | |
path: temp/ | |
- name: Overwrite saved results | |
run: | | |
rm -rf results/* | |
cp -r temp/* results/ | |
git add -A results | |
- name: Compare results | |
run: git diff --exit-code --staged results/ >> temp/changeset.diff || echo "CHANGED=1" >> $GITHUB_ENV | |
- name: Commit and Push Changes | |
if: env.CHANGED == 1 | |
uses: actions-x/commit@v6 | |
- name: Output Change Report | |
id: changeset | |
if: env.CHANGED == 1 | |
run: | | |
cat temp/changeset.diff | |
echo "COMMITID=$(git rev-parse HEAD)" >> $GITHUB_ENV | |
- name: Send alert to Slack on changes | |
# Requires a GitHub environment secret for SLACK_WEBHOOK_URL which should target a Workflow in Slack. | |
# See https://github.com/marketplace/actions/slack-send#technique-1-slack-workflow-builder | |
if: env.CHANGED == 1 && github.ref == 'refs/heads/main' | |
uses: slackapi/slack-github-action@v1 | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
with: | |
payload: | | |
{ | |
"message": "The cheese has moved! For the change see https://github.com/${{ github.repository }}/commit/${{ env.COMMITID }}" | |
} |