ovh-dns-update/README.md

# OVH DNS Update

<!-- action-docs-description -->
## Description

Update a given DNS record using the OVH API.

**NOTE:** This action is written in Go. Please setup the Go environment before running this action or use a runner with Go environment installed.

<!-- action-docs-description -->
<!-- action-docs-inputs -->
## Inputs

| parameter | description | required | default |
| --- | --- | --- | --- |
| subdomain | The subdomain to update (e.g. _release) | `true` |  |
| domain | The domain (zoneName in the OVH API) | `true` |  |
| record-id | The ID of the record to update | `true` |  |
| value | The TXT value to set | `true` |  |
| ovh-endpoint | The OVH API endpoint | `false` | `ovh-eu` |
| ovh-app-key | The OVH API Application Key | `true` |  |
| ovh-app-secret | The OVH API Application Secret | `true` |  |
| ovh-consumer-key | The OVH API Consumer Key | `true` |  |
<!-- action-docs-inputs -->

## Create the OVH credentials and information

* https://api.ovh.com/console/#/domain/zone/%7BzoneName%7D/record~GET
* Authenticate
* Set zoneName (e.g `forgejo.org`)
* Set fieldType to `TXT`
* Set subDomain (e.g. `release`)
* Click `EXECUTE`
* The content of `RESPONSE` is the `record-id` (e.g. `5283602601`)
* Visit https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/{domain}/record/{record-id} (e.g. https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/forgejo.org/record/5283602601)
* Click create
* `Application key` is `ovh-app-key`
* `Application secret` is `ovh-app-secret`
* `Consumer Key` is `ovh-consumer-key`

## Security notice

**However be aware that the credentials can also update the subdmain!** This means that anyone with this credentials can publish a TXT record under any `subdomain` of the `domain` (for instance to get a signed certificate by completing the [DNS challenge of the ACME protocol](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge)).

To mitigate this issue, a dedicated `domain` can be used with only TXT records (and CNAME records on the main `domain`, which points to those TXT records).

## Example

```
on: [tag]
jobs:
  upload-release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: https://code.forgejo.org/actions/setup-go@v4
        with:
          go-version: ">=1.21"
          check-latest: true
      - uses: https://code.forgejo.org/forgejo/ovh-dns-update@v1.0.1
        with:
          subdomain: _release
          domain: example.org
          record-id: 12345
          value: v=${{ github.ref_name }}
          ovh-app-key: ${{ secrets.OVH_APP_KEY }}
          ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
          ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}
```

## Legacy

It was originally developed for use in the [Release Version Check Over DNS (RVCoDNS)](https://codeberg.org/forgejo-contrib/rvcodns).
add README 2023-08-20 14:30:48 -04:00			`# OVH DNS Update`

			`<!-- action-docs-description -->`
			`## Description`

chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00			`Update a given DNS record using the OVH API.`
README: add note about Go 2023-08-20 14:48:51 -04:00
chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00			`NOTE: This action is written in Go. Please setup the Go environment before running this action or use a runner with Go environment installed.`
README: add note about Go 2023-08-20 14:48:51 -04:00
add README 2023-08-20 14:30:48 -04:00			`<!-- action-docs-description -->`
			`<!-- action-docs-inputs -->`
			`## Inputs`

			`\| parameter \| description \| required \| default \|`
			`\| --- \| --- \| --- \| --- \|`
			\| subdomain \| The subdomain to update (e.g. _release) \| `true` \| \|
			\| domain \| The domain (zoneName in the OVH API) \| `true` \| \|
			\| record-id \| The ID of the record to update \| `true` \| \|
			\| value \| The TXT value to set \| `true` \| \|
			\| ovh-endpoint \| The OVH API endpoint \| `false` \| `ovh-eu` \|
			\| ovh-app-key \| The OVH API Application Key \| `true` \| \|
			\| ovh-app-secret \| The OVH API Application Secret \| `true` \| \|
			\| ovh-consumer-key \| The OVH API Consumer Key \| `true` \| \|
			`<!-- action-docs-inputs -->`

chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00			`## Create the OVH credentials and information`
add README 2023-08-20 14:30:48 -04:00
chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00			`* https://api.ovh.com/console/#/domain/zone/%7BzoneName%7D/record~GET`
			`* Authenticate`
			* Set zoneName (e.g `forgejo.org`)
			* Set fieldType to `TXT`
			* Set subDomain (e.g. `release`)
			* Click `EXECUTE`
			* The content of `RESPONSE` is the `record-id` (e.g. `5283602601`)
			`* Visit https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/{domain}/record/{record-id} (e.g. https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/forgejo.org/record/5283602601)`
			`* Click create`
			* `Application key` is `ovh-app-key`
			* `Application secret` is `ovh-app-secret`
			* `Consumer Key` is `ovh-consumer-key`
add README 2023-08-20 14:30:48 -04:00
chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00			`## Security notice`
add README 2023-08-20 14:30:48 -04:00
chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00			However be aware that the credentials can also update the subdmain! This means that anyone with this credentials can publish a TXT record under any `subdomain` of the `domain` (for instance to get a signed certificate by completing the [DNS challenge of the ACME protocol](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge)).
add README 2023-08-20 14:30:48 -04:00
chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00			To mitigate this issue, a dedicated `domain` can be used with only TXT records (and CNAME records on the main `domain`, which points to those TXT records).
add README 2023-08-20 14:30:48 -04:00
			`## Example`

			```
			`on: [tag]`
			`jobs:`
			`upload-release:`
			`runs-on: ubuntu-latest`
			`steps:`
chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00			`- uses: actions/checkout@v4`
add README 2023-08-20 14:30:48 -04:00			`- uses: https://code.forgejo.org/actions/setup-go@v4`
			`with:`
			`go-version: ">=1.21"`
			`check-latest: true`
chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00			`- uses: https://code.forgejo.org/forgejo/ovh-dns-update@v1.0.1`
add README 2023-08-20 14:30:48 -04:00			`with:`
			`subdomain: _release`
			`domain: example.org`
			`record-id: 12345`
			`value: v=${{ github.ref_name }}`
			`ovh-app-key: ${{ secrets.OVH_APP_KEY }}`
			`ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}`
			`ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}`
			```
chore(docs): detailed instructions to obtain the OVH credentials 2024-12-04 05:26:29 -05:00
			`## Legacy`

			`It was originally developed for use in the [Release Version Check Over DNS (RVCoDNS)](https://codeberg.org/forgejo-contrib/rvcodns).`