-
Notifications
You must be signed in to change notification settings - Fork 38
86 lines (72 loc) · 2.91 KB
/
certbot-schedule.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# This is a basic workflow to help you get started with Actions
name: Update site certificate
# Controls when the workflow will run
on:
schedule:
# Runs At 03:29 on day-of-month 12.
# https://crontab.guru/#29_3_12_*_*
- cron: '29 3 12 * *'
# Or manually trigger this
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
certbot:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
- name: Install IBM Cloud CLI
run: |
curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
ibmcloud plugin install -f code-engine
ibmcloud -v
- name: Login to IBM Cloud
env:
IBMCLOUD_API_KEY: ${{ secrets.BLUE_IBM_CLOUD_API_KEY }}
IBM_CLOUD_GROUP: ${{ secrets.BLUE_RESOURCE_GROUP }}
run: |
ibmcloud login -g ${IBM_CLOUD_GROUP} -r us-south
ibmcloud ce project select --name fivefifthsvoter
- name: Prepare CloudFlare & certbot
env:
CERTBOT_API_TOKEN: ${{ secrets.CERTBOT_API_TOKEN }}
run: |
echo "dns_cloudflare_api_token = ${CERTBOT_API_TOKEN}">cloudflare.ini
mkdir -p certbot-config/live/fivefifthsvoter.com
mkdir -p certbot-config/archive/fivefifthsvoter.com
mkdir -p certbot-config/accounts
id
- name: Create certificate with CloudFlare hook
uses: docker://certbot/dns-cloudflare
with:
args: >-
certonly
--non-interactive
--config-dir /github/workspace/certbot-config
--work-dir /github/workspace/certbot-work
--logs-dir /github/workspace/certbot-logs
--agree-tos
-m ${{ secrets.CERTBOT_EMAIL_ADDRESS }}
--dns-cloudflare
--dns-cloudflare-credentials=/github/workspace/cloudflare.ini
--domain "*.fivefifthsvoter.com"
- name: Fix file permissions
uses: docker://certbot/dns-cloudflare
with:
entrypoint: /bin/sh
args: -c "chmod -R o+rw /github/workspace/certbot-config"
- name: debug
run: |
find certbot-config/live -ls
find certbot-config/archive -ls
- name: Install certificate
run: >-
ibmcloud ce secret update
--name www.fivefifthsvoter.com-tls-1668394118316
--cert-chain-file certbot-config/archive/fivefifthsvoter.com/fullchain1.pem
--private-key-file certbot-config/archive/fivefifthsvoter.com/privkey1.pem
- name: Shred certificates
run: shred -u certbot-config/archive/fivefifthsvoter.com/*.pem