Using git to deploy DNS changes and treating DNS like code (Part 2: Using CI/CD to deploy)
-
If you haven't already read and gotten started with the original post. You should go and do that before continuing with this post, you can't do anything here until you've done so.
Note, that all of these configs are using the docker container, because of this MS
Gitlab CI/CD
The DNSControl team has already published an amazing piece of documentation on setting up Gitlab to deploy DNS via CI/CD in their documentation so I won't try to replicate it or copy it here.
Github Actions
Make sure you have a
.githubfolder with aworkflowssubdirectory in it prior to continuing.
From here create atest.ymlfile. We'll use this to test PRs and validate them.name: test on: pull_request: branches: [main] jobs: test-dnscontrol: runs-on: ubuntu-latest env: CF_APITOKEN: ${{ secrets.CF_APITOKEN }} CF_ACCOUNTID: ${{ secrets.CF_ACCOUNTID }} steps: - uses: actions/[email protected] with: fetch-depth: 0 - name: Get DNSControl run: | curl -L -o dnscontrol.deb https://github.com/StackExchange/dnscontrol/releases/download/v4.1.1/dnscontrol-4.1.1.amd64.deb dpkg -i dnscontrol.deb - name: Test and preview DNS config run: | dnscontrol check dnscontrol previewCool, we now have an action that verifies that the PR is good and doesn't break anything, and no one forgot the extra period at the end of the CNAME records.
Now let's create another action file called
publish.ymland put in the following content:name: publish on: push: branches: - 'main' jobs: publish-dnscontrol: runs-on: ubuntu-latest env: CF_APITOKEN: ${{ secrets.CF_APITOKEN }} CF_ACCOUNTID: ${{ secrets.CF_ACCOUNTID }} steps: - uses: actions/[email protected] with: fetch-depth: 0 - name: Get DNSControl run: | curl -L -o dnscontrol.deb https://github.com/StackExchange/dnscontrol/releases/download/v4.1.1/dnscontrol-4.1.1.amd64.deb dpkg -i dnscontrol.deb - name: Publish DNS config run: | dnscontrol check dnscontrol pushNote: For this work properly you need to write protect the main branch to prevent direct pushes and force PRs
You'll also need to create some secrets in Github that correspond to your providers credentials as you named them in part 1 of the guide and pass those through under the
envsection of the YAML.Once your secrets are setup, and your YAML files created, you can push the code, and you should see the magic working.
Azure DevOps Pipelines
For Azure DevOps Pipelines you can copy the YAML below into a
azure-pipelines.ymlfile at the root of your repo.pool: vmImage: ubuntu-latest steps: - script: | curl -L -o dnscontrol.deb https://github.com/StackExchange/dnscontrol/releases/download/v4.1.1/dnscontrol-4.1.1.amd64.deb sudo dpkg -i dnscontrol.deb displayName: 'Download DNSControl' - script: | dnscontrol check dnscontrol preview displayName: 'Check and Preview changes' env: CF_ACCOUNTID: $(CF_ACCOUNTID) CF_APITOKEN: $(CF_APIKEY) - script: | dnscontrol push displayName: 'Publish Changes' condition: eq(variables['Build.SourceBranch'], 'refs/heads/main') env: CF_ACCOUNTID: $(CF_ACCOUNTID) CF_APITOKEN: $(CF_APIKEY)Note, you should pass in your environment variables for your provider to each step. For some reason this is a requirement for this to all work correctly.
What's up next?
There is one more guide to be published as part of this series of guides. And that's using the advanced functionality of DNSControl to clean up DNS records and make management a lot easier.
Part 3 is now live
-
T tankerkiller125 referenced this topic on
-
-
I have updated the original post to fix the Github workflows, they were previously extremely broken.
-
tankerkiller125 “extremely broken”
