mirror of
https://code.forgejo.org/actions/ovh-dns-update.git
synced 2024-11-21 22:40:57 -05:00
add README
This commit is contained in:
parent
86ff171ddd
commit
6e7d008923
2 changed files with 55 additions and 1 deletions
54
README.md
Normal file
54
README.md
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
# OVH DNS Update
|
||||||
|
|
||||||
|
<!-- action-docs-description -->
|
||||||
|
## Description
|
||||||
|
|
||||||
|
Update a given DNS record using the OVH API.
|
||||||
|
<!-- action-docs-description -->
|
||||||
|
<!-- action-docs-inputs -->
|
||||||
|
## Inputs
|
||||||
|
|
||||||
|
| parameter | description | required | default |
|
||||||
|
| --- | --- | --- | --- |
|
||||||
|
| subdomain | The subdomain to update (e.g. _release) | `true` | |
|
||||||
|
| domain | The domain (zoneName in the OVH API) | `true` | |
|
||||||
|
| record-id | The ID of the record to update | `true` | |
|
||||||
|
| value | The TXT value to set | `true` | |
|
||||||
|
| ovh-endpoint | The OVH API endpoint | `false` | `ovh-eu` |
|
||||||
|
| ovh-app-key | The OVH API Application Key | `true` | |
|
||||||
|
| ovh-app-secret | The OVH API Application Secret | `true` | |
|
||||||
|
| ovh-consumer-key | The OVH API Consumer Key | `true` | |
|
||||||
|
<!-- action-docs-inputs -->
|
||||||
|
|
||||||
|
## Security notice
|
||||||
|
|
||||||
|
You should create restricted credentials for only the specific record you want to update. See https://api.ovh.com/console/#/domain/zone/%7BzoneName%7D/record~GET to retrieve its `record-id` and then visit https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/{domain}/record/{record-id} (replacing the placeholders) to create dedicated credentials.
|
||||||
|
|
||||||
|
**However be aware that the credentials can also update the subdmain!** This means that anyone with this credentials can publish a TXT record under any `subdomain` of the `domain` (for instance to get a signed certificate by completing the [DNS challenge of the ACME protocol](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge)).
|
||||||
|
|
||||||
|
To mitigate this issue, [forgejo.org decided to use a dedicated `domain`](https://codeberg.org/forgejo/infrastructure-as-code/issues/5) with only TXT records (and CNAME records on the main `domain`, which points to those TXT records).
|
||||||
|
|
||||||
|
|
||||||
|
## Example
|
||||||
|
|
||||||
|
```
|
||||||
|
on: [tag]
|
||||||
|
jobs:
|
||||||
|
upload-release:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- uses: https://code.forgejo.org/actions/setup-go@v4
|
||||||
|
with:
|
||||||
|
go-version: ">=1.21"
|
||||||
|
check-latest: true
|
||||||
|
- uses: actions/forgejo-release@v1
|
||||||
|
with:
|
||||||
|
subdomain: _release
|
||||||
|
domain: example.org
|
||||||
|
record-id: 12345
|
||||||
|
value: v=${{ github.ref_name }}
|
||||||
|
ovh-app-key: ${{ secrets.OVH_APP_KEY }}
|
||||||
|
ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
|
||||||
|
ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}
|
||||||
|
```
|
|
@ -1,6 +1,6 @@
|
||||||
# SPDX-FileCopyrightText: 2023 Olivier Charvin <git@olivier.pfad.fr>
|
# SPDX-FileCopyrightText: 2023 Olivier Charvin <git@olivier.pfad.fr>
|
||||||
# SPDX-License-Identifier: CC0-1.0
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
name: 'OVH DNS TXT Update'
|
name: 'OVH DNS Update'
|
||||||
description: 'Update a DNS TXT record using the OVH API'
|
description: 'Update a DNS TXT record using the OVH API'
|
||||||
inputs:
|
inputs:
|
||||||
subdomain:
|
subdomain:
|
||||||
|
|
Loading…
Reference in a new issue