Using git to deploy DNS changes and treating DNS like code (Part 2: Using CI/CD to deploy)
-
If you haven't already read and gotten started with the original post. You should go and do that before continuing with this post, you can't do anything here until you've done so.
Note, that all of these configs are using the docker container, because of this MS
Gitlab CI/CD
The DNSControl team has already published an amazing piece of documentation on setting up Gitlab to deploy DNS via CI/CD in their documentation so I won't try to replicate it or copy it here.
Github Actions
Make sure you have a
.github
folder with aworkflows
subdirectory in it prior to continuing.
From here create atest.yml
file. We'll use this to test PRs and validate them.name: test on: pull_request: branches: [main] jobs: test-dnscontrol: runs-on: ubuntu-latest env: CF_APITOKEN: ${{ secrets.CF_APITOKEN }} CF_ACCOUNTID: ${{ secrets.CF_ACCOUNTID }} steps: - uses: actions/[email protected] with: fetch-depth: 0 - name: Get DNSControl run: | curl -L -o dnscontrol.deb https://github.com/StackExchange/dnscontrol/releases/download/v4.1.1/dnscontrol-4.1.1.amd64.deb dpkg -i dnscontrol.deb - name: Test and preview DNS config run: | dnscontrol check dnscontrol preview
Cool, we now have an action that verifies that the PR is good and doesn't break anything, and no one forgot the extra period at the end of the CNAME records.
Now let's create another action file called
publish.yml
and put in the following content:name: publish on: push: branches: - 'main' jobs: publish-dnscontrol: runs-on: ubuntu-latest env: CF_APITOKEN: ${{ secrets.CF_APITOKEN }} CF_ACCOUNTID: ${{ secrets.CF_ACCOUNTID }} steps: - uses: actions/[email protected] with: fetch-depth: 0 - name: Get DNSControl run: | curl -L -o dnscontrol.deb https://github.com/StackExchange/dnscontrol/releases/download/v4.1.1/dnscontrol-4.1.1.amd64.deb dpkg -i dnscontrol.deb - name: Publish DNS config run: | dnscontrol check dnscontrol push
Note: For this work properly you need to write protect the main branch to prevent direct pushes and force PRs
You'll also need to create some secrets in Github that correspond to your providers credentials as you named them in part 1 of the guide and pass those through under the
env
section of the YAML.Once your secrets are setup, and your YAML files created, you can push the code, and you should see the magic working.
Azure DevOps Pipelines
For Azure DevOps Pipelines you can copy the YAML below into a
azure-pipelines.yml
file at the root of your repo.pool: vmImage: ubuntu-latest steps: - script: | curl -L -o dnscontrol.deb https://github.com/StackExchange/dnscontrol/releases/download/v4.1.1/dnscontrol-4.1.1.amd64.deb sudo dpkg -i dnscontrol.deb displayName: 'Download DNSControl' - script: | dnscontrol check dnscontrol preview displayName: 'Check and Preview changes' env: CF_ACCOUNTID: $(CF_ACCOUNTID) CF_APITOKEN: $(CF_APIKEY) - script: | dnscontrol push displayName: 'Publish Changes' condition: eq(variables['Build.SourceBranch'], 'refs/heads/main') env: CF_ACCOUNTID: $(CF_ACCOUNTID) CF_APITOKEN: $(CF_APIKEY)
Note, you should pass in your environment variables for your provider to each step. For some reason this is a requirement for this to all work correctly.
What's up next?
There is one more guide to be published as part of this series of guides. And that's using the advanced functionality of DNSControl to clean up DNS records and make management a lot easier.
Part 3 is now live
-
-
-
I have updated the original post to fix the Github workflows, they were previously extremely broken.
-
tankerkiller125 “extremely broken”