Add renewal notifications (#20 )

Reviewed-on: #20
Move renewal function to its own file
2024-05-30 19:44:10 +00:00 · 2024-05-30 19:44:10 +00:00 · 2024-05-30 19:44:10 +00:00 · 2024-05-30 19:44:10 +00:00 · 2024-05-30 19:44:10 +00:00 · 2024-05-30 19:44:10 +00:00
9 changed files with 101 additions and 45 deletions
--- a/.gitea/workflows/build-develop.yaml
+++ b/.gitea/workflows/build-develop.yaml
@ -0,0 +1,88 @@
+name: Build Image
+on:
+  push:
+    branches:
+      - 'develop'
+
+env:
+  TEST_TAG: mrmeeb/certbot-cron:test
+  FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron:develop
+
+jobs:
+  "Validate Image":
+    runs-on: [ubuntu-docker-latest, linux/amd64]
+    steps:
+      - name: Build locally
+        uses: docker/build-push-action@v5
+        with:
+          load: true
+          tags: ${{ env.TEST_TAG }}
+          provenance: false
+      - name: Test certificate issuing
+        id: test
+        run: |
+          # First create a volume
+          docker volume create ${{ gitea.sha }} && \
+          # Then issue a certificate
+          docker run --rm -v ${{ gitea.sha }}:/config -e STAGING=true -e EMAIL=${{ secrets.EMAIL }} -e DOMAINS=${{ gitea.sha }}.mrmeeb.stream -e PLUGIN=cloudflare -e CLOUDFLARE_TOKEN=${{ secrets.CLOUDFLARE_TOKEN }} -e ONE_SHOT=true -e GENERATE_DHPARAM=false ${{ env.TEST_TAG }} && \
+          # Then revoke it again
+          docker run --rm --entrypoint "/usr/bin/certbot" -v ${{ gitea.sha }}:/config ${{ env.TEST_TAG }} revoke --non-interactive --agree-tos --email ${{ secrets.EMAIL }} --staging --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --cert-path /config/letsencrypt/live/${{ gitea.sha }}.mrmeeb.stream/fullchain.pem          
+      - name: Tidy up
+        if: always()
+        run: |
+          echo "Removing docker volume ${{ gitea.sha }}" && \
+          docker volume rm ${{ gitea.sha }}          
+      - name: Test Failure
+        uses: rjstone/discord-webhook-notify@v1
+        if: failure()
+        with:
+          severity: error
+          details: Test Failed!
+          webhookUrl: ${{ secrets.DISCORD_WEBHOOK }}
+          username: Gitea
+          avatarUrl: ${{ vars.RUNNER_ICON_URL }}
+  
+  "Publish Image":
+    runs-on: [ubuntu-docker-latest, linux/amd64]
+    needs: ["Validate Image"]
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.mrmeeb.stream
+          username: ${{ env.GITHUB_ACTOR }}
+          password: ${{ secrets.GTCR_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ env.FULL_TAG }}
+          provenance: false
+      - name: Build Failure
+        uses: rjstone/discord-webhook-notify@v1
+        if: failure()
+        with:
+          severity: error
+          details: Build Failed!
+          webhookUrl: ${{ secrets.DISCORD_WEBHOOK }}
+          username: Gitea
+          avatarUrl: ${{ vars.RUNNER_ICON_URL }}
+
+  "Notify":
+    runs-on: [ubuntu-docker-latest, linux/amd64]
+    needs: ["Validate Image", "Publish Image"]
+    steps:
+      - name: Notify of success
+        uses: rjstone/discord-webhook-notify@v1
+        if: success()
+        with:
+          severity: info
+          details: Build succeeded!
+          webhookUrl: ${{ secrets.DISCORD_WEBHOOK }}
+          username: Gitea
+          avatarUrl: ${{ vars.RUNNER_ICON_URL }}
--- a/4
+++ b/4
@ -9,7 +9,7 @@ ENV S6_OVERLAY_ARCH=aarch64

 FROM base-${TARGETARCH}${TARGETVARIANT}

-ARG S6_OVERLAY_VERSION="3.2.0.0"
+ARG S6_OVERLAY_VERSION="3.1.6.2"

 # Core variables
 ENV PUID=1000
@ -40,7 +40,7 @@ ENV CLOUDFLARE_TOKEN=
 ENV CERT_COUNT=1

 #Get required packages
-RUN apk update && apk add curl bash python3 py3-virtualenv procps tzdata nano shadow xz busybox-suid openssl logrotate
+RUN apk update && apk add curl bash python3 py3-virtualenv procps tzdata nano shadow xz busybox-suid openssl

 #Make folders
 RUN mkdir /config && \
--- a/README.md
+++ b/README.md
@ -4,9 +4,10 @@ Dockerised Certbot that utilises cron to schedule creating and renewing SSL cert

 ## Tags

-I use the [Feature Branch](https://www.atlassian.com/git/tutorials/comparing-workflows/feature-branch-workflow) workflow. The `latest` tag contains all of the latest changes that have been merged from individual feature branches. Feature branches are squashed into `master`.
-
-Pinned releases are created by creating a tag off `master` to capture the repo in a particular state. They are recommended for stability.
+|Tag    |Description|
+|-------|-----------|
+|latest |Latest image built from the main branch. Usually coincides with a tagged release.|
+|develop|Latest image built from the develop branch. Commits are made to the develop branch before being merged to main. Old versions of `develop` are removed after 14 days.|

 ## Running

--- a/requirements.txt
+++ b/requirements.txt
@ -1,5 +1,5 @@
 # For pinning Python packages to then be parsed by Renovate

-certbot ==2.11.0
-certbot-dns-cloudflare ==2.11.0
+certbot ==2.10.0
+certbot-dns-cloudflare ==2.10.0
 apprise ==1.8.0
--- a/root/certbot-prepare.sh
+++ b/root/certbot-prepare.sh
@ -47,7 +47,7 @@ function better_exit {
 }

 # Check APPRISE_URL is set if either NOTIFY_ON_SUCCESS or NOTIFY_ON_FAILURE are set
-if [ "${NOTIFY_ON_SUCCESS}" = "true" ] || [ "${NOTIFY_ON_FAILURE}" = "true" ] && [ -z "${APPRISE_URL}" ]; then
+if [ ! -z "${NOTIFY_ON_SUCCESS}" ] || [ ! -z "${NOTIFY_ON_FAILURE}" ] && [ -z "${APPRISE_URL}" ]; then

    echo "You have notifications enabled but have not set APPRISE_URL. Please set APPRISE_URL and restart the container."
    better_exit
@ -786,8 +786,7 @@ if [ $ONE_SHOT == "true" ]; then

 elif [ $ONE_SHOT == "false" ]; then

-    echo "$INTERVAL /config/.renew-list.sh >> /config/logs/renew.log
-    0 0 * * * logrotate -v --state /config/logs/logrotate.status /logrotate.conf" > /config/.crontab.txt
+    echo "$INTERVAL /config/.renew-list.sh >> /config/logs/renew.log" > /config/.crontab.txt

    echo ""

--- a/root/check-one-shot.sh
+++ b/root/check-one-shot.sh
@ -4,7 +4,6 @@
 if [ $ONE_SHOT == "true" ]; then

    # Cleanly kill container by sending kill signal to supervisor process
-    echo 0 > /run/s6-linux-init-container-results/exitcode
-    /run/s6/basedir/bin/halt
+    kill 1

 fi
--- a/root/etc/s6-overlay/s6-rc.d/cron/finish
+++ b/root/etc/s6-overlay/s6-rc.d/cron/finish
@ -1,9 +1 @@
-#!/command/with-contenv bash
-# shellcheck shell=bash
-
-if [ $ONE_SHOT == "false" ]; then
-
-    # Export exit code if not a ONE_SHOT
-    echo "$e" > /run/s6-linux-init-container-results/exitcode
-
-fi
+echo "$e" > /run/s6-linux-init-container-results/exitcode
--- a/root/etc/s6-overlay/s6-rc.d/logs/finish
+++ b/root/etc/s6-overlay/s6-rc.d/logs/finish
@ -1,9 +1 @@
-#!/command/with-contenv bash
-# shellcheck shell=bash
-
-if [ $ONE_SHOT == "false" ]; then
-
-    # Export exit code if not a ONE_SHOT
-    echo "$e" > /run/s6-linux-init-container-results/exitcode
-
-fi
+echo "$e" > /run/s6-linux-init-container-results/exitcode
--- a/root/logrotate.conf
+++ b/root/logrotate.conf
@ -1,15 +0,0 @@
-missingok
-
-/config/logs/letsencrypt.log {
-    daily
-    rotate 10
-    postrotate
-        find /config/logs -type f -regex '.*letsencrypt\.log\.\(.[2-9]\|[2-9].\|[1-9][0-9]\{2,\}\).*' -delete
-    endscript
-}
-
-/config/logs/renew.log {
-    rotate 5
-    size 100k
-    compress
-}
Author	SHA1	Message	Date
MrMeeb	111657411e	Add renewal notifications (#20 ) Some checks failed Build Image / Validate Image (push) Failing after 2m2s Details Build Image / Publish Image (push) Has been skipped Details Build Image / Notify (push) Has been skipped Details Reviewed-on: #20	2024-05-30 19:44:10 +00:00
MrMeeb	2b961950f8	Move renewal function to its own file	2024-05-30 19:44:10 +00:00
MrMeeb	da87dcc8e3	Add new env vars to readme	2024-05-30 19:44:10 +00:00
MrMeeb	f9d99b7c7f	Add support for alerting on success or failure of renewal Installs apprise and allows config of alerting for successful or failed renewals. Currently only supports renewals, not inital issuing. Not necessarily a problem as I'd hope you'd be watching the logs on first run. I don't love how I create /config/.renew-list.sh. I should readdress this somehow	2024-05-30 19:44:10 +00:00
MrMeeb	c590df5a10	Add setuptools for certbot dependencies	2024-05-30 19:44:10 +00:00
Renovate Bot	864a59f76a	Update alpine Docker tag to v3.20.0	2024-05-30 19:44:10 +00:00
MrMeeb	9513767892	revert `c12eb0b381` revert Update alpine Docker tag to v3.20.0	2024-05-30 19:44:10 +00:00
Renovate Bot	8a1d95c4f5	Update certbot to v2.10.0	2024-05-30 19:44:10 +00:00
Renovate Bot	ab42a76755	Update alpine Docker tag to v3.20.0	2024-05-30 19:44:10 +00:00
MrMeeb	1d5a66a385	Fix incorrect reference to default branch Some checks failed Test Pull Request / Build Image (pull_request) Successful in 4m1s Details Test Pull Request / Notify (pull_request) Successful in 3s Details Build Image / Publish Image (push) Has been cancelled Details Build Image / Notify (push) Has been cancelled Details Build Image / Validate Image (push) Has been cancelled Details	2024-05-27 20:53:20 +00:00
MrMeeb	df3fc81a9d	Update base renovate branch	2024-05-27 15:57:57 +00:00
MrMeeb	2a41f240a3	Merge pull request 'Add automations and bump base versions' (#11 ) from develop into master Some checks failed Build Image / Publish Image (push) Has been cancelled Details Build Image / Notify (push) Has been cancelled Details Build Image / Validate Image (push) Has been cancelled Details Reviewed-on: #11	2024-05-12 11:40:44 +00:00
MrMeeb	1b8831b888	Correct build-main workflow All checks were successful Build Image / Validate Image (push) Successful in 1m40s Details Build Image / Publish Image (push) Successful in 4m17s Details Build Image / Notify (push) Successful in 3s Details	2024-05-12 11:33:34 +00:00
MrMeeb	295c554933	Merge branch 'automation' into develop Some checks failed Build Image / Validate Image (push) Failing after 1m57s Details Build Image / Publish Image (push) Has been skipped Details Build Image / Notify (push) Has been skipped Details	2024-05-12 11:30:13 +00:00
MrMeeb	d02cf72bbc	Correct workflow dependency graph	2024-05-12 11:22:16 +00:00
MrMeeb	5d3eed683d	Add gitea actions All checks were successful Build Image / Validate Image (push) Successful in 2m19s Details Build Image / Notify (push) Successful in 3s Details Build Image / Publish Image (push) Successful in 4m13s Details	2024-05-12 11:00:57 +00:00
MrMeeb	0157a462ed	Remove Drone build badges	2024-05-12 10:58:19 +00:00
MrMeeb	63f586768f	Add gitea actions	2024-05-12 10:57:43 +00:00
MrMeeb	5863d5b808	Change release formatting	2024-05-12 09:25:01 +00:00
MrMeeb	c42462b4e1	Update goreleaser syntax	2024-05-12 09:24:53 +00:00
MrMeeb	3db15537e8	Rebase to Alpine 3.19.1	2024-05-12 09:22:25 +00:00
MrMeeb	9465157295	Update S6 to 3.1.6.2	2024-05-12 09:22:08 +00:00
MrMeeb	8d36f0c117	Version control for Certbot packages	2024-05-12 09:21:44 +00:00
MrMeeb	b574ae146e	Enable Renovate	2024-05-12 09:21:23 +00:00
MrMeeb	0eeb08f4d8	Update README.md [CI SKIP]	2024-01-13 17:30:08 +00:00
MrMeeb	639120e46d	Update README.md [CI SKIP]	2024-01-13 17:28:19 +00:00
MrMeeb	75488a4009	Merge pull request '1.1.2' (#7 ) from develop into master All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Reviewed-on: #7	2023-08-02 11:54:14 +00:00
MrMeeb	b962b65145	add ONE_SHOT so container exits after run All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-17 17:49:02 +00:00
MrMeeb	0614aa0565	fix build issues due to cython 3.0.0 release	2023-07-17 17:19:30 +00:00
MrMeeb	83f8c39e48	Merge pull request '1.1.1' (#6 ) from develop into master All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Reviewed-on: #6	2023-07-16 18:07:08 +00:00
MrMeeb	961f218621	further small tweak to log formatting All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-16 17:39:48 +00:00
MrMeeb	6134b05328	Merge pull request '1.1.0' (#5 ) from develop into master All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Reviewed-on: #5	2023-07-16 17:08:41 +00:00
MrMeeb	ada326f2d8	tweak log formatting All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-16 16:45:36 +00:00
MrMeeb	5d14d166eb	add multi-certificate support All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-16 15:37:12 +00:00
MrMeeb	3a6466612b	enable tracking of env vars between runs All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-15 16:04:45 +00:00
MrMeeb	36b71a0ebb	add standalone and webroot methods All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-09 21:53:06 +00:00
MrMeeb	e0da513893	Merge pull request '1.0.0' (#4 ) from develop into master All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Reviewed-on: #4	2023-06-21 18:20:15 +00:00
MrMeeb	df56fcf997	make CLOUDFLARE_TOKEN override instead of append All checks were successful continuous-integration/drone/push Build is passing Details	2023-06-21 17:48:29 +00:00
MrMeeb	3c3cc47d32	add CLOUDFLARE_TOKEN to env vars All checks were successful continuous-integration/drone/push Build is passing Details	2023-06-21 17:32:17 +00:00
MrMeeb	053cef4c31	add build dependencies for arm All checks were successful continuous-integration/drone/push Build is passing Details	2023-06-20 22:14:44 +00:00
MrMeeb	b6d93c1164	update readme Some checks failed continuous-integration/drone/push Build is failing Details	2023-06-20 21:27:42 +00:00
MrMeeb	a41c409f9d	update build logic	2023-06-20 21:27:36 +00:00
MrMeeb	e859aa7218	add goreleaser	2023-06-20 21:27:27 +00:00
MrMeeb	a4b59c360e	change to s6	2023-06-20 21:27:01 +00:00
MrMeeb	e7bd87d5bd	change to alpine	2023-06-20 21:26:11 +00:00
MrMeeb	6ef0abfd6b	Update 'README.md' All checks were successful continuous-integration/drone/push Build is passing Details	2023-01-02 16:40:31 +00:00
MrMeeb	868eb4eb59	Update '.drone.yml' All checks were successful continuous-integration/drone/push Build is passing Details	2022-12-25 20:38:20 +00:00
MrMeeb	578284bb10	Update '.drone.yml' All checks were successful continuous-integration/drone/push Build is passing Details	2022-12-25 19:18:06 +00:00
MrMeeb	e10bdd741d	Update 'README.md'	2022-12-25 19:09:13 +00:00
MrMeeb	0aa35c3ef6	Update 'README.md'	2022-12-25 19:07:54 +00:00
MrMeeb	90f5095eef	Add '.drone.yml'	2022-12-25 18:50:54 +00:00
MrMeeb	3daee369ca	Update 'README.md'	2022-12-25 18:48:33 +00:00
MrMeeb	6a27c9232c	Update 'README.md'	2022-06-21 16:56:35 +00:00
MrMeeb	e130fc041e	Prevented dhparams regenerating if they already exist	2022-06-21 11:58:46 +00:00
MrMeeb	591e35c91a	Formatting	2022-06-20 22:42:29 +00:00
MrMeeb	375cf5da74	Add GENERATE_DHPARAM	2022-06-20 22:41:27 +00:00
MrMeeb	09eb18adda	Added PROPOGATION_TIME variable	2022-06-20 22:08:30 +00:00
MrMeeb	d09988c241	Update 'README.md'	2022-06-19 17:11:20 +00:00
MrMeeb	6d696dd4b2	Fix typo	2022-06-18 23:12:11 +00:00
MrMeeb	c23657ce01	Formatting fix	2022-06-18 23:10:07 +00:00
MrMeeb	634f0cac4a	first commit	2022-06-18 23:08:39 +00:00