Deploy SSL certificate to Aliyun WAF.
If you need to issue SSL certificates automatically, you can use enroll acme.sh action.
This action will deploy your PEM-formatted SSL certificate to WAF.
According to Aliyun API, both Access Keys and STS Token are accepted as credentials.
jobs:
deploy-to-aliyun:
name: Deploy certificate to Aliyun
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v2.1
with:
# If you just commited and pushed your newly issued certificate to this repo in a previous job,
# use `ref` to make sure checking out the newest commit in this job
ref: ${{ github.ref }}
- uses: tls-deploy-actions/alibabacloud-waf@v2
with:
# Specify WAF region host, default is "https://wafopenapi.cn-hangzhou.aliyuncs.com"
# waf-region-host: "https://wafopenapi.ap-southeast-1.aliyuncs.com"
# Use Access Key
access-key-id: ${{ secrets.ALIYUN_ACCESS_KEY_ID }}
access-key-secret: ${{ secrets.ALIYUN_ACCESS_KEY_SECRET }}
# Or use STS Token
# security-token: ${{ secrets.ALIYUN_SECURITY_TOKEN }}
# Specify PEM fullchain file
fullchain-file: ${{ env.FILE_FULLCHAIN }}
# Specify PEM private key file
key-file: ${{ env.FILE_KEY }}
# (Optional) Deploy to WAF
waf-domains: |
waf1.example.com
waf2.example.com
*.waf3.example.com