-
Notifications
You must be signed in to change notification settings - Fork 126
130 lines (109 loc) · 4.33 KB
/
check_tlsa_integration_test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Update TLSA records in integration tests
# Our integration tests run against "_25._tcp.mail.ietf.org" which periodically changes its TLSA records.
# This action uses 'dig' to make a PR whenever the TLSA record is updated.
on:
schedule:
- cron: "0 12 * * *" # Runs daily at 12:00 UTC
workflow_dispatch: # Allows manual runs
jobs:
update-tlsa:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install required tools
run: sudo apt-get update && sudo apt-get install -y dnsutils jq
- name: Query TLSA record
id: fetch_tlsa
run: |
URL="_25._tcp.mail.ietf.org"
DIG_OUTPUT=$(dig -t TLSA "$URL" +short)
if [ -z "$DIG_OUTPUT" ]; then
echo "TLSA record not found."
exit 1
fi
# Start JSON array
echo "[" > tlsa.json
FIRST=true
# Parse dig output
echo "$DIG_OUTPUT" | while read -r line; do
CERT_USAGE=$(echo "$line" | awk '{print $1}')
SELECTOR=$(echo "$line" | awk '{print $2}')
MATCHING_TYPE=$(echo "$line" | awk '{print $3}')
CERT=$(echo "$line" | awk '{print $4 $5}' | tr '[:upper:]' '[:lower:]')
# Add a comma before each entry except the first
if [ "$FIRST" = true ]; then
FIRST=false
else
echo "," >> tlsa.json
fi
# Write JSON entry
echo "{" \
"\"type\": \"TLSA\"," \
"\"class\": \"IN\"," \
"\"name\": \"$URL\"," \
"\"cert_usage\": $CERT_USAGE," \
"\"selector\": $SELECTOR," \
"\"matching_type\": $MATCHING_TYPE," \
"\"certificate\": \"$CERT\"" \
"}" >> tlsa.json
done
echo "]" >> tlsa.json
echo "Parsed TLSA records:"
cat tlsa.json | jq .
- name: Update test file
id: update_test
run: |
TEST_FILE="testing/integration_tests.py"
# Pretty-format the JSON content
TLSA_ANSWERS=$(cat tlsa.json | jq .)
# Use `gawk` to preserve indentation in the Python file
gawk -v new_content="$TLSA_ANSWERS" '
BEGIN { RS = ""; ORS = "\n\n" }
/TLSA_ANSWERS = \[/ {
# Extract leading whitespace for indentation preservation
match($0, /^[[:space:]]*/)
indent = substr($0, RSTART, RLENGTH)
# Break JSON content into lines and add proper indentation
split(new_content, lines, "\n")
formatted_content = indent "TLSA_ANSWERS = ["
for (i = 2; i <= length(lines) - 1; i++) {
formatted_content = formatted_content "\n" indent " " lines[i]
}
formatted_content = formatted_content "\n" indent "]"
# Replace the matched block with the formatted JSON
$0 = formatted_content
}
1
' "$TEST_FILE" > temp_file && mv temp_file "$TEST_FILE"
# Re-format with `black` to ensure consistent style
pip3 install black
black "$TEST_FILE"
echo "Updated $TEST_FILE with properly indented TLSA records."
# Check if the file was updated
if ! git diff --exit-code "$TEST_FILE"; then
echo "File updated."
echo "file_updated=true" >> $GITHUB_ENV
else
echo "No changes detected."
fi
# Cleanup temp file
rm tlsa.json
- name: Commit and push changes
if: env.file_updated == 'true'
run: |
git diff
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git checkout -b update-tlsa-record-${{ github.run_id }}
git add testing/integration_tests.py
git commit -m "Update TLSA records"
git push -u origin update-tlsa-record-${{ github.run_id }}
- name: Create Pull Request
if: env.file_updated == 'true'
uses: peter-evans/create-pull-request@v5
with:
title: "Update TLSA records"
body: "This PR updates the TLSA records in the test file."
base: main
branch: update-tlsa-record-${{ github.run_id }}