Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #777 from atsign-foundation/cert_renewal
feat: Added cert renewal script for github workflow
- Loading branch information
Showing
2 changed files
with
96 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
name: Refreshcerts | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: '15 2 15 * *' # At 0215 on the 15th day of every odd month | ||
jobs: | ||
refresh-ACME-cert: | ||
runs-on: ubuntu-latest | ||
name: SSL Renewal for vip.ve.atsign.zone | ||
steps: | ||
- name: Set up Python | ||
uses: actions/setup-python@v3 | ||
with: | ||
python-version: 3.9 #install the python needed | ||
- name: setup certinfo | ||
uses: atsign-company/certinfo-action@v1 | ||
# checkout at_server code | ||
- name: checkout repo content | ||
uses: actions/checkout@v3 # checkout the repository content to github runner. | ||
# Pull ZeroSSL and Letsencrypt keys file from secret | ||
- name: Pull ACME script | ||
uses: actions/checkout@v3 | ||
with: | ||
repository: atsign-company/secondaries-scripts | ||
path: secondaries-scripts | ||
token: ${{ secrets.MY_GITHUB_TOKEN }} | ||
ref: trunk | ||
# Create required directory | ||
- name: Create required directory and pull secrets | ||
run: |- | ||
sudo mkdir -p /gluster/@/api/keys | ||
sudo chmod -R 777 /gluster/@/api/keys | ||
echo "${{secrets.LETSENCRYPT_PRIVKEY}}" > /gluster/@/api/keys/letsencrypt.key | ||
echo "${{secrets.ZEROSSL_PRIVKEY}}" > /gluster/@/api/keys/zerossl.key | ||
echo "${{secrets.GOOGLE_PRIVKEY}}" > /gluster/@/api/keys/google.key | ||
# Install Python Libraries | ||
- name: Install Python Libraries | ||
run: |- | ||
python3 -m pip install requests dnspython | ||
# Run Python ACME script | ||
- name: Run ACME script | ||
run: |- | ||
set +e | ||
chmod -R 777 secondaries-scripts | ||
cd secondaries-scripts && ./create_cert_workflow.sh vip.ve.atsign.zone | ||
cp cert.pem ../tests/at_functional_test/test/testData/cert.pem | ||
cd .. && rm -rf vip.ve.atsign.zone* secondaries-scripts | ||
git config --global user.name 'Getcert Action' | ||
git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com' | ||
set -e | ||
env: | ||
DO_KEY: ${{ secrets.DO_KEY }} | ||
gChat_url: ${{ secrets.GOOGLE_CHAT_WEBHOOK }} | ||
|
||
# create PR with renewed certificate | ||
- name: Create Pull Request | ||
id: cpr | ||
uses: peter-evans/create-pull-request@v4 | ||
with: | ||
token: ${{ secrets.MY_GITHUB_TOKEN }} | ||
commit-message: 'chore: New certificates for at_server' | ||
committer: library-action[bot] <41898282+github-actions[bot]@users.noreply.github.com> | ||
author: library-action[bot] <41898282+github-actions[bot]@users.noreply.github.com> | ||
signoff: false | ||
add-paths: ./tests/at_functional_test/test/testData | ||
branch: bot-new-certs | ||
delete-branch: true | ||
title: 'chore: New certificates generated' | ||
body: | | ||
Fresh certificates generated. | ||
labels: | | ||
operations | ||
assignees: cpswan | ||
reviewers: gkc | ||
draft: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,30 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIFLDCCBBSgAwIBAgISBAAOlxS2nBvkxSahxke0Vb4dMA0GCSqGSIb3DQEBCwUA | ||
MIIFLDCCBBSgAwIBAgISBOM2qvKDUdG8jPIbnosxU+OYMA0GCSqGSIb3DQEBCwUA | ||
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD | ||
EwJSMzAeFw0yMjA3MTUwNjQxMTFaFw0yMjEwMTMwNjQxMTBaMB0xGzAZBgNVBAMT | ||
EwJSMzAeFw0yMjExMDMxNzIwMTdaFw0yMzAyMDExNzIwMTZaMB0xGzAZBgNVBAMT | ||
EnZpcC52ZS5hdHNpZ24uem9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC | ||
ggEBAL6sK1lj/xk61tqJbU+BjKLFcXmCrpidsgOjTuIaNyGzlA2A9ct9Paoh5cQ5 | ||
jVlDptOaCq7YJ1B0OmO13nPPRkMNkm/cleQh3L0KOESSriSr+wOzs2nXxHas+7US | ||
U3bU5aRotvptozifQcgAUJKVgKBgicG2yJlDDJK1R6ZyifnHRmiOX/7z/06ecD2d | ||
KW3ujOfL+PLJtJXELdklHXw4vrXMAyw+p+2BL26sX5L0QWuBZGYwyoGnesQaOgiG | ||
xOomxES8kM7dUiU8h2B07V9Lc0BxPz7M/xekyKOnd8VbxTSpfpE9T7lQN+ZP3Mvg | ||
S5t8o6UEasq7Ln1JwC/z6W8oAp8CAwEAAaOCAk8wggJLMA4GA1UdDwEB/wQEAwIF | ||
ggEBAM9VRu9r2vTh8zej66DeatX4RP7XmL8Y8gNxEoqGbjscskyE3fs83iAuB4Sl | ||
QnsrSh4uNGXtFpLzGakAMjLFUcethZt2rR7Yh6Zjazw8TpauNvbrS1XRwE4MxarI | ||
nGQs40WovJbPV+f/pO5lnbTUlz2MGViylXWCNsj6gGnEghsUP/pwoOU71OnXIpcf | ||
GtKuf/y1sRx7YvKpgopm5dz92UXrwI5sWIjni1K146MkcaV/GF+Slzw2hTcXO/oj | ||
mpYxIPsTYNBw2k7uegkQQNvvhBYFhJPTyyDQ3dsgHjgjMMamo6Qsmxf+JsHt85vo | ||
wWhWdk5mNQmuBMH0IuFt/OWxiIUCAwEAAaOCAk8wggJLMA4GA1UdDwEB/wQEAwIF | ||
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd | ||
BgNVHQ4EFgQU7ksCkNm7UkeELC1L1V7c/Cgt+EkwHwYDVR0jBBgwFoAUFC6zF7dY | ||
BgNVHQ4EFgQUjM7x/02302cqZW3MaeoVRBSgO7gwHwYDVR0jBBgwFoAUFC6zF7dY | ||
VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw | ||
Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy | ||
Lm9yZy8wHQYDVR0RBBYwFIISdmlwLnZlLmF0c2lnbi56b25lMEwGA1UdIARFMEMw | ||
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j | ||
cHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAQcjK | ||
sd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAGCAM3tnwAABAMASDBGAiEA | ||
tqW+egsIjkdyQjt1LfSA85xbXfxf2eH2zhSp9HJBmIUCIQDFLbp7V+023Dgh7L+Z | ||
NoE7aq6XcAq0/KAQDLwbRPALGwB3AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr | ||
8vxw/m1HAAABggDN7bUAAAQDAEgwRgIhAMrqNRh7iwgocoGh1N/ds1RZG0dc9aFR | ||
g0wZvO69DkdhAiEAxaEaPU/a1DVYbFrPYaMTWVBLMFYb/LvUxFS++rhC2BMwDQYJ | ||
KoZIhvcNAQELBQADggEBAGD5bM5L4I43fCpzXze9L1bhAUKDskxgADaACI2s/Ri4 | ||
BvyoDBkk2Qyut6WlOXS1f0QwCr7GS9KEihETKbR+rRypVBM5VKSNkHbH3C451LwC | ||
WnhizWBqDpcNBWGe1CjvG9ouRpuBbrCqh6OoJuABfULmejN9nPynA2EpiOFJEGg5 | ||
MfR+PuQ8i7qNOzIHaPfjnDHU4ld//qSnO4H6mP7miOqm3iWTxPeMqKslcyEdjDdB | ||
ReHQB8lkdZ+N/i1ecvAbbzjn68NvMm9bo9B9nT2LNr1HEJj3KF10R2DvFIz3GyOP | ||
S9ffV+eYSxNCS/TlPOggYi/z1a2Xs0Kwe4spm+DQ8lY= | ||
cHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAtz77 | ||
JN+cTbp18jnFulj0bF38Qs96nzXEnh0JgSXttJkAAAGEPrjtxAAABAMASDBGAiEA | ||
9UZ4vFEDy45+cuuRXfWgvzdAJbzwFZEwD22NbMUBHSYCIQCjjNXpc6+O7x7N5nVM | ||
DiJqwiSCY6E0WSZgi5YYWZ+E+wB3AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaN | ||
sgiaN9kTAAABhD647tkAAAQDAEgwRgIhANzv1Tq1939fW1i4Vbn2ZReQ6Y+j1L7a | ||
veX9BazsftxEAiEA/9QoO76TFJw1l4+vA8lNhZkt390iCXTYorlPSnXhJWAwDQYJ | ||
KoZIhvcNAQELBQADggEBADnnLYKCm2+eru0Yo7cfwNddTraprQKzKMV2UeAIICMC | ||
f4a1bV5QLaSbbo00bZ7WwsiwX5OB9hEaq/SBdB1BYcpdBdUykU/naPxqH/AgpT6D | ||
6Wh05txBdyAqK1HG+0JcGNq1T5vyyp/hxulBk1QoxgbqzvbMJMahY9ruWLxx6g/R | ||
6M50dGrMlehU0Y2aUzmFiJ4KO3nAhecHs6vTF28dkSiHCaKf9Wptce0qbhZpPoup | ||
VdBlGPx2RiCuFU9yXjrUjnXNyFQWG7aS6StVmd/etTnYRWWlq9OTfGqRW0sOFNGk | ||
QDnj/GFf0IHn3qAswEsxZj6pm1lZ+DBYdY91ImCtqjM= | ||
-----END CERTIFICATE----- |