.forgejo/workflows | ||
LICENSES | ||
action.yml | ||
go.mod | ||
go.sum | ||
go.sum.license | ||
main.go | ||
main_test.go | ||
README.md |
OVH DNS Update
Description
Update a given DNS record using the OVH API.
Inputs
parameter | description | required | default |
---|---|---|---|
subdomain | The subdomain to update (e.g. _release) | true |
|
domain | The domain (zoneName in the OVH API) | true |
|
record-id | The ID of the record to update | true |
|
value | The TXT value to set | true |
|
ovh-endpoint | The OVH API endpoint | false |
ovh-eu |
ovh-app-key | The OVH API Application Key | true |
|
ovh-app-secret | The OVH API Application Secret | true |
|
ovh-consumer-key | The OVH API Consumer Key | true |
Security notice
You should create restricted credentials for only the specific record you want to update. See https://api.ovh.com/console/#/domain/zone/%7BzoneName%7D/record~GET to retrieve its record-id
and then visit https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/{domain}/record/{record-id} (replacing the placeholders) to create dedicated credentials.
However be aware that the credentials can also update the subdmain! This means that anyone with this credentials can publish a TXT record under any subdomain
of the domain
(for instance to get a signed certificate by completing the DNS challenge of the ACME protocol).
To mitigate this issue, forgejo.org decided to use a dedicated domain
with only TXT records (and CNAME records on the main domain
, which points to those TXT records).
Example
on: [tag]
jobs:
upload-release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: ">=1.21"
check-latest: true
- uses: actions/forgejo-release@v1
with:
subdomain: _release
domain: example.org
record-id: 12345
value: v=${{ github.ref_name }}
ovh-app-key: ${{ secrets.OVH_APP_KEY }}
ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}