From e676545f7ad2d82076751af14b3bede7ea73752e Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Fri, 19 Jan 2024 12:18:27 +0100
Subject: [PATCH] CI: DEFAULT_DNS_ZONE doesn't need to be secret

---
 .../staging.testrun.org-default.zone          | 20 +++++++++++++++++++
 .github/workflows/test-and-deploy.yaml        | 17 +++++++---------
 2 files changed, 27 insertions(+), 10 deletions(-)
 create mode 100644 .github/workflows/staging.testrun.org-default.zone

diff --git a/.github/workflows/staging.testrun.org-default.zone b/.github/workflows/staging.testrun.org-default.zone
new file mode 100644
index 0000000..0d8734f
--- /dev/null
+++ b/.github/workflows/staging.testrun.org-default.zone
@@ -0,0 +1,20 @@
+;; Zone file for staging.testrun.org
+
+$ORIGIN staging.testrun.org.
+$TTL 300
+
+@  IN  SOA     ns.testrun.org. root.nine.testrun.org (
+  2023010101 ; Serial
+  7200       ; Refresh
+  3600       ; Retry
+  1209600    ; Expire
+  3600       ; Negative response caching TTL
+)
+
+;; Nameservers.
+@  IN NS ns.testrun.org.
+
+;; DNS records.
+@       IN      A       37.27.37.98
+mta-sts.staging.testrun.org.    CNAME   staging.testrun.org.
+www.staging.testrun.org.        CNAME   staging.testrun.org.
diff --git a/.github/workflows/test-and-deploy.yaml b/.github/workflows/test-and-deploy.yaml
index 2895e92..dd64d1f 100644
--- a/.github/workflows/test-and-deploy.yaml
+++ b/.github/workflows/test-and-deploy.yaml
@@ -30,8 +30,7 @@ jobs:
      #      -d '{"image":"debian-12"}' \
      #      "https://api.hetzner.cloud/v1/servers/${{ secrets.STAGING_SERVER_ID }}/actions/rebuild"
 
-      - name: initenv 
-        run: scripts/initenv.sh
+      - run: scripts/initenv.sh
 
       - name: append venv/bin to PATH
         run: echo venv/bin >>$GITHUB_PATH
@@ -51,25 +50,23 @@ jobs:
      #    rsync -avz acme root@staging.testrun.org:/var/lib/ || true
      #    rsync -avz dkim root@staging.testrun.org:/var/lib/rspamd/ || true
 
-      - name: cmdeploy init staging.testrun.org
-        run: cmdeploy init staging.testrun.org
+      - run: cmdeploy init staging.testrun.org
 
-      - name: cmdeploy run
-        run: cmdeploy run
+      - run: cmdeploy run
 
       - name: set DNS entries
         run: |
           #ssh -o StrictHostKeyChecking=accept-new -v root@staging.testrun.org chown _rspamd:_rspamd -R /var/lib/rspamd/dkim
-          echo "${{ secrets.DEFAULT_DNS_ZONE }}" > staging.testrun.org.zone
           cmdeploy dns --zonefile staging-generated.zone
-          cat staging-generated.zone >> staging.testrun.org.zone
-          scp -o StrictHostKeyChecking=accept-new staging.testrun.org.zone root@ns.testrun.org:/etc/nsd/staging.testrun.org.zone
+          cat staging-generated.zone >> .github/workflows/staging.testrun.org-default.zone
+          cat .github/workflows/staging.testrun.org-default.zone
+          scp -o StrictHostKeyChecking=accept-new .github/workflows/staging.testrun.org-default.zone root@ns.testrun.org:/etc/nsd/staging.testrun.org.zone
           ssh root@ns.testrun.org nsd-checkzone staging.testrun.org /etc/nsd/staging.testrun.org.zone
           ssh root@ns.testrun.org systemctl reload nsd
 
       - name: cmdeploy test
         run: CHATMAIL_DOMAIN2=nine.testrun.org cmdeploy test --slow
 
-      - name: cmdeploy dns
+      - name: cmdeploy dns (try 3 times)
         run: cmdeploy dns || cmdeploy dns || cmdeploy dns