Trez/tar-valon-terraform
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Activity

Auto Merge of PR 8 - cloudflare-cname-cleanup_2025-11-03T17-03-21
Renovate / renovate (push) Successful in 6m25s
Details

Browse Source 
Merged by Trez.One
This commit was merged in pull request #8.
This commit is contained in:
gitea-sonarqube-bot
2025-11-25 12:43:10 -05:00
parent 6f7a3062d2 01fde1f436
commit 420277fb77
2 changed files with 172 additions and 306 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/cloudflare-auto-pr-tofu-pipeline.yml
+172 -72
View File
@@ -19,6 +19,10 @@ jobs:
name: Check and Create PR
outputs:
pr_number: ${{ steps.pr-check-create.outputs.pr_number }}
pr_url: ${{ steps.pr-check-create.outputs.pr_url }}
pr_comments_url: ${{ steps.pr-check-create.outputs.pr_comments_url }}
pr_comment_id: ${{ steps.pr-check-create.outputs.pr_comment_id }}
pr_comment_uri: ${{ steps.pr-check-create.outputs.pr_comment_uri }}
runs-on: ubuntu-latest
steps:
- name: Checkout Code
@@ -30,7 +34,7 @@ jobs:
run: echo "VAULT_TOKEN=${{ secrets.VAULT_GITEA_TOKEN }}" >> $GITHUB_ENV
- name: Gotify Notification - Start
uses: eikendev/gotify-action@master
uses: eikendev/gotify-action@0.0.3
with:
gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }}
gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }}
@@ -47,7 +51,7 @@ jobs:
assignee: ${{ github.actor }}
- name: Gotify Notification - Done
uses: eikendev/gotify-action@master
uses: eikendev/gotify-action@0.0.3
with:
gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }}
gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }}
@@ -55,14 +59,19 @@ jobs:
notification_message: "PR Check done 🎟️"
plan-approval:
name: OpenTofu Plan
name: OpenTofu Plan and Approval
needs: check-and-create-pr
runs-on: ubuntu-latest
env:
PR_NUMBER: ${{ needs.check-and-create-pr.outputs.pr_number }}
PR_URL: ${{ needs.check-and-create-pr.outputs.pr_url }}
PR_COMMENTS_URL: ${{ needs.check-and-create-pr.outputs.pr_comments_url }}
PR_COMMENT_ID: ${{ needs.check-and-create-pr.outputs.pr_comment_id }}
PR_COMMENT_URI: ${{ needs.check-and-create-pr.outputs.pr_comment_uri }}
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
outputs:
tofu-cloudflare-plan: ${{ steps.tofu_plan.outputs.plan-output }}
approval_status: ${{ steps.tf-plan-approval.outputs.approval_status }}
steps:
- name: Checkout
uses: actions/checkout@v4
@@ -99,13 +108,35 @@ jobs:
echo "repo_name=$repo_name" >> "$GITHUB_OUTPUT"
- name: Run tofu init
id: tofu-init
uses: dnogu/tofu-init@v1
with:
working-directory: .
chdir: cloudflare
- name: Strip ANSI codes
id: plain-tofu-init
uses: marcransome/remove-ansi-colors@v1.7.56
with:
colored: ${{ steps.tofu-init.outputs.init-output }}
- name: Tofu PR Commenter
uses: https://git.trez.wtf/Trez/tf-pr-commenter@main
env:
GITEA_API_URL: ${{ gitea.api_url }}
GITEA_REPOSITORY: ${{ github.repository }}
GITEA_PULL_REQUEST_ID: ${{ github.event.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }}
with:
commenter_type: init
commenter_input: ${{ steps.plain-tofu-init.outputs.uncolored }}
commenter_exitcode: ${{ steps.tofu-init.outputs.exitcode }}
git_token: ${{ secrets.BOT_GITEA_TOKEN }}
pr_comments_url: ${{ env.PR_COMMENTS_URL }}
working_directory: cloudflare
- name: Tofu Plan
id: tofu_plan
id: tofu-plan
continue-on-error: true
uses: dnogu/tofu-plan@v1
with:
@@ -113,76 +144,145 @@ jobs:
chdir: cloudflare
out: cloudflare.tfplan
- name: Build Markdown PR comment from plan file
run: |
mkdir -p tmp
{
echo "## 🧩 OpenTofu Plan — Cloudflare"
echo "**Branch:** \`${{ github.ref_name }}\`"
echo "**Exit Code:** \`${{ steps.tofu_plan.outputs.exitcode }}\`"
echo "**Working Directory:** \`cloudflare\`"
echo ""
echo "<details><summary>🪶 Click to expand full plan output</summary>"
echo ""
echo '```hcl'
cat ${GITHUB_WORKSPACE}/cloudflare/cloudflare.tfplan # <-- read file directly, ACT-safe
echo '```'
echo ""
echo "</details>"
echo ""
echo "*(This plan was automatically generated by the workflow.)*"
} > tmp/tofu-plan.md
echo "Markdown PR comment built: tmp/tofu-plan.md"
- run: pwd
- name: Comment full Tofu Plan on PR (Gitea safe)
uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
- name: Upload Tofu Plan as artifact
uses: actions/upload-artifact@v4
with:
platform: gitea
api_url: https://git.trez.wtf/api/v1
token: ${{ secrets.BOT_GITEA_TOKEN }}
pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
repo_owner: ${{ github.repository_owner }}
repo_name: ${{ steps.env-vault-vars.outputs.repo_name }}
comment_template_path: tmp/tofu-plan.md
name: cloudflare-tfplan
path: cloudflare.tfplan
- name: Strip ANSI codes
id: plain-tofu-plan
uses: marcransome/remove-ansi-colors@v1.7.56
with:
colored: ${{ steps.tofu-plan.outputs.plan-output }}
- name: Tofu PR Commenter
uses: https://git.trez.wtf/Trez/tf-pr-commenter@main
env:
GITEA_API_URL: ${{ gitea.api_url }}
GITEA_REPOSITORY: ${{ github.repository }}
GITEA_PULL_REQUEST_ID: ${{ github.event.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }}
with:
commenter_type: plan
commenter_input: |
<details><summary>Tofu Plan (click to expand)</summary>
```terraform
${{ steps.plain-tofu-plan.outputs.uncolored }}
```
</details>
commenter_exitcode: ${{ steps.tofu-plan.outputs.exitcode }}
git_token: ${{ secrets.BOT_GITEA_TOKEN }}
pr_comments_url: ${{ env.PR_COMMENTS_URL }}
working_directory: cloudflare
- name: Wait for manual approval
uses: trstringer/manual-approval@v1
id: tf-plan-approval
uses: https://git.trez.wtf/Trez/gitea-manual-approval@main
with:
secret: ${{ secrets.BOT_GITEA_TOKEN }}
approvers: WTF
minimum-approvals: 1
issue-title: "Tofu Plan for ${{ needs.check-and-create-pr.outputs.pr_number }}"
issue-body: "Please approve or deny the deployment of the below Tofu plan"
issue-body-file-path: cloudflare/cloudflare.tfplan
exclude-workflow-initiator-as-approver: false
fail-on-denial: true
token: ${{ secrets.BOT_GITEA_TOKEN }}
api_url: ${{ gitea.api_url }}
repo_owner: ${{ github.repository_owner }}
repo_name: ${{ github.event.repository.name }}
reminder_interval: 120
approvers: "Trez.One,gitea-sonarqube-bot"
apprise_api_url: ${{ secrets.APPRISE_URL }}
initial_comment: |
<details><summary>Tofu Plan (click to expand)</summary>
# apply:
# name: Apply Tofu Plan
# needs: plan-approval
# runs-on: ubuntu-latest
# if: ${{ needs.plan-approval.result == 'success' }}
# env:
# VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
# steps:
# - name: Checkout
# uses: actions/checkout@v4
#
# - name: Setup OpenTofu
# uses: opentofu/setup-opentofu@v1.0.6
# with:
# version: ${{ env.OPENTOFU_VERSION }}
# tofu_wrapper: true
#
# - name: Export env from Vault
# run: |
# set -a
# source cloudflare/.env
# set +a
#
# - name: Run Tofu Apply
# uses: dnogu/tofu-apply@v1
# with:
# working-directory: .
# chdir: cloudflare
# plan: cloudflare.tfplan
```terraform
${{ steps.plain-tofu-plan.outputs.uncolored }}
```
</details>
pr-merge:
name: PR Merge
needs: [check-and-create-pr, plan-approval]
env:
pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
if: github.ref != 'refs/heads/main' && ${{ needs.plan-approval.outputs.approval_status == 'approved' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Install tea
uses: supplypike/setup-bin@8e3f88b4f143d9b5c3497f0fc12d45c83c123787 # v4.0.1
with:
uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
name: tea
version: ${{ env.TEA_VERSION }}
- name: PR Merge
id: pr_merge
run: |
tea login add \
--name gitea-rinoa \
--url "${{ secrets.TREZ_GITEA_URL }}" \
--user gitea-sonarqube-bot \
--password "${{ secrets.BOT_GITEA_PASSWORD }}" \
--token ${{ secrets.BOT_GITEA_TOKEN }}
tea login default gitea-rinoa
echo "Merging PR..."
tea pr m \
--repo ${{ github.repository }} \
--title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" \
--message "Merged by ${{ github.actor }}" ${pr_index}
echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: PR Merge Successful"
notification_message: "PR #${{ steps.pr_merge.outputs.pr_index }} merged."
apply:
name: Apply Tofu Plan
needs: [plan-approval,pr-merge]
runs-on: ubuntu-latest
if: ${{ needs.plan-approval.outputs.approval_status == 'approved' }}
env:
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download Tofu Plan
uses: actions/download-artifact@v3
with:
name: cloudflare-tfplan
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1.0.6
with:
version: ${{ env.OPENTOFU_VERSION }}
tofu_wrapper: true
- name: Export env vars from Vault .env
id: env-vault-vars
run: |
sed -i 's/[\"'\'']//g' cloudflare/.env
set -a
source cloudflare/.env
set +a
while IFS='=' read -r key value; do
if [[ -n "$key" ]]; then
echo "$key=$value" >> $GITHUB_ENV
fi
done < cloudflare/.env
# - name: Run Tofu Apply
# uses: dnogu/tofu-apply@v1
# with:
# working-directory: .
# chdir: cloudflare
# plan: cloudflare.tfplan
cloudflare/cloudflare_resource_gen.tf
-234
View File
@@ -118,19 +118,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_7de07ff813f4bccc666
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_3dc156fc1047fe07dcea08cfac326eb8_9" {
content = "trez.wtf"
name = "ansible.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_4724ef076d56cec92de82f149b019a65_10" {
content = "trez.wtf"
name = "apc.trez.wtf"
@@ -170,19 +157,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_de6fbdc83515827fad6
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_c7647ea568d3ef44e93596eddc023c98_13" {
content = "trez.wtf"
name = "appt.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_f29aed046c0fb5e05a9b1974f119eeaf_14" {
content = "trez.wtf"
name = "archive.trez.wtf"
@@ -196,19 +170,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_f29aed046c0fb5e05a9
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_4774c5893f3cb0a20ea79250bf014ece_15" {
content = "trez.wtf"
name = "argus.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_ba773b8688e2366a2acc654f794bdb85_16" {
content = "trez.wtf"
name = "asciinema.trez.wtf"
@@ -339,32 +300,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_e4d7085f7185601969b
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_008596b917dabf5c4ce07b770f081c89_26" {
content = "trez.wtf"
name = "btmag.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_f7a17f97074e9739cc8761271edd73b0_27" {
content = "trez.wtf"
name = "bunker.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_95df59d673ce44b3cbe71487220d6a27_28" {
content = "trez.wtf"
name = "cchef.trez.wtf"
@@ -521,19 +456,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_f68d0f0ff21ede0a63d
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_4f43fc65db56a4a4d02d1de664e1ec46_40" {
content = "trez.wtf"
name = "deluge.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_2b1a8ace156657ee52656fba1c49ade3_41" {
content = "trez.wtf"
name = "devops.trez.wtf"
@@ -950,19 +872,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_a70c09e3b78c1728261
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_6a92807e52e038c26af268c4597ebc1f_73" {
content = "trez.wtf"
name = "matrix.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_39fa401a6d962e2983b565afa9b342dc_74" {
content = "trez.wtf"
name = "meet-admin.trez.wtf"
@@ -1002,32 +911,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_73ef2be84ef9350b31c
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_fe64d5437e9a3dfde9c6dae4f38e4da5_77" {
content = "trez.wtf"
name = "mesh.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_b16d12c0494e7f4919227be13849b32a_78" {
content = "trez.wtf"
name = "mimir.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_7c5ed631e6ce51c04ea3bf5b4eef6f08_79" {
content = "trez.wtf"
name = "mon.trez.wtf"
@@ -1093,19 +976,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_bf9e99fb61f7e290dc5
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_2378be8a63c169da5e33c50f83862828_84" {
content = "trez.wtf"
name = "netdata.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_9a5e88bf84f980cc1ad2a3234353bb2b_85" {
content = "9ef0e85a-d2f5-45e0-9a26-06c0da483fef.cfargotunnel.com"
name = "net.trez.wtf"
@@ -1145,19 +1015,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_57e3006530bfe01e39e
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_e1083efed3200637e26faee90fee0f4b_88" {
content = "trez.wtf"
name = "ntfy.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_0134cf3059dd98efb64a3da16d49e42f_89" {
content = "trez.wtf"
name = "ombi.trez.wtf"
@@ -1184,19 +1041,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_c55083c8f8b2f79c035
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_7c1f042774795cb5b5b34d13fc76da46_91" {
content = "trez.wtf"
name = "patch.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_e7a6f3d25a3bdcc8a9c220ae70746e92_92" {
content = "trez.wtf"
name = "pdf.trez.wtf"
@@ -1210,19 +1054,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_e7a6f3d25a3bdcc8a9c
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_64528783fef4d97972834ac5271f7647_93" {
content = "trez.wtf"
name = "penpot.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_1322fe40ad6a7371919c8a4704e938ee_94" {
content = "trez.wtf"
name = "pg.trez.wtf"
@@ -1587,19 +1418,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_3eb975ffec1d3cddafc
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_f92aee107ba57417d368f034c5db5170_122" {
content = "trez.wtf"
name = "rustdesk.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_d8099b3c4bc3e1f9ce7eb12c7ef2f74f_123" {
content = "trez.wtf"
name = "s3.trez.wtf"
@@ -1717,19 +1535,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_b24c55a07140cc138c9
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_55d6697514f334297cf8233850027c82_132" {
content = "trez.wtf"
name = "slurpit.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_694583ecf71a69b5ae319b06ea589b77_133" {
content = "9ef0e85a-d2f5-45e0-9a26-06c0da483fef.cfargotunnel.com"
name = "smartd.trez.wtf"
@@ -1847,19 +1652,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_e63b9b49dbcc759d60f
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_99187472f49f77031d99574fe7056405_142" {
content = "trez.wtf"
name = "store.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_fb897f9cbbb989e78ec0ea35e74ae2fa_143" {
content = "trez.wtf"
name = "subs.trez.wtf"
@@ -1977,19 +1769,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_ec3211a1a01ce020d2b
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_4c56f52a908d6972d68d3e34019bb82b_152" {
content = "trez.wtf"
name = "wallabag.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_6a7baf229fae585a31b885bac3438655_153" {
content = "trez.wtf"
name = "webhook.trez.wtf"
@@ -2029,19 +1808,6 @@ resource "cloudflare_dns_record" "terraform_managed_resource_655f25482677e805e2c
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_f9728b02a0472264d585182edfc4001e_156" {
content = "trez.wtf"
name = "yacht.trez.wtf"
proxied = true
tags = []
ttl = 1
type = "CNAME"
zone_id = "17dbb71212204583b777783d25eb6738"
settings = {
flatten_cname = false
}
}
resource "cloudflare_dns_record" "terraform_managed_resource_2ed464f16e38f4a7d3b5b6b57818a2e7_157" {
content = "trez.wtf"
name = "ytdl.trez.wtf"