From d4b17ad14b5b45d1eb63ad3c6b91b8c4c28f1b87 Mon Sep 17 00:00:00 2001 From: Wildan M Date: Tue, 21 Nov 2023 22:41:22 +0700 Subject: [PATCH] add self-sign, use ssl combined, add deploy hooks --- .github/workflows/domcloud.yml | 24 ++++++++++++++++++++++++ package.json | 2 +- src/executor/runner.js | 11 +++++++---- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/.github/workflows/domcloud.yml b/.github/workflows/domcloud.yml index f831357..3d29709 100644 --- a/.github/workflows/domcloud.yml +++ b/.github/workflows/domcloud.yml @@ -32,3 +32,27 @@ jobs: webhook_auth: ${{ secrets.WEBHOOK_AUTH_FRA }} data: >- {"commands":["git pull","sudo systemctl restart bridge"]} + - name: Invoke OSA deployment hook + uses: distributhor/workflow-webhook@v2 + env: + webhook_url: https://my.domcloud.co/api/githubdeploy + webhook_secret: ${{ secrets.WEBHOOK_SECRET_OSA }} + webhook_auth: ${{ secrets.WEBHOOK_AUTH_OSA }} + data: >- + {"commands":["git pull","sudo systemctl restart bridge"]} + - name: Invoke BLR deployment hook + uses: distributhor/workflow-webhook@v2 + env: + webhook_url: https://my.domcloud.co/api/githubdeploy + webhook_secret: ${{ secrets.WEBHOOK_SECRET_BLR }} + webhook_auth: ${{ secrets.WEBHOOK_AUTH_BLR }} + data: >- + {"commands":["git pull","sudo systemctl restart bridge"]} + - name: Invoke SAO deployment hook + uses: distributhor/workflow-webhook@v2 + env: + webhook_url: https://my.domcloud.co/api/githubdeploy + webhook_secret: ${{ secrets.WEBHOOK_SECRET_SAO }} + webhook_auth: ${{ secrets.WEBHOOK_AUTH_SAO }} + data: >- + {"commands":["git pull","sudo systemctl restart bridge"]} diff --git a/package.json b/package.json index 35ef6c0..46ea619 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "domcloud-bridge", - "version": "0.32.1", + "version": "0.32.2", "description": "Deployment runner for DOM Cloud", "main": "app.js", "engines": { diff --git a/src/executor/runner.js b/src/executor/runner.js index a837f8a..d607192 100644 --- a/src/executor/runner.js +++ b/src/executor/runner.js @@ -667,17 +667,20 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec, break; } let regenerateSsl = false; + let selfSignSsl = false; let expectedSslMode = null; if (['off', 'always', 'on'].includes(value)) { expectedSslMode = value; - } else if (value == 'letsencrypt') { + } else if (value == 'letsencrypt' || value == 'lets-encrypt') { regenerateSsl = true; + } else if (value == 'selfsign' || value == 'self-sign') { + selfSignSsl = true; } var nginxNodes = await nginxExec.get(subdomain); var nginxInfos = nginxExec.extractInfo(nginxNodes, subdomain); var sharedSSL = regenerateSsl ? null : detectCanShareSSL(subdomain); var changed = false; - var expectCert = sharedSSL ? path.join(sharedSSL, 'ssl.cert') : domaindata['SSL cert file']; + var expectCert = sharedSSL ? path.join(sharedSSL, 'ssl.combined') : domaindata['SSL cert and CA file']; var expectKey = sharedSSL ? path.join(sharedSSL, 'ssl.key') : domaindata['SSL key file']; if (!expectCert || !expectKey) { expectedSslMode = 'off'; @@ -702,7 +705,7 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec, await writeLog("$> Applying nginx ssl config on " + subdomain); await writeLog(await nginxExec.setDirect(subdomain, nginxInfos)); } - if (regenerateSsl || (!expectedSslMode && !sharedSSL)) { + if (regenerateSsl || (!expectedSslMode && !sharedSSL && !selfSignSsl)) { await writeLog("$> Generating ssl cert with let's encrypt"); await spawnSudoUtil('OPENSSL_CLEAN'); await virtExec("generate-letsencrypt-cert", { @@ -710,7 +713,7 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec, 'renew': 2, 'web': true, }); - } else if (sharedSSL && domaindata['Lets Encrypt renewal'] == 'Enabled') { + } else if ((selfSignSsl || sharedSSL) && domaindata['Lets Encrypt renewal'] == 'Enabled') { await writeLog("$> Generating self signed cert and turning off let's encrypt renewal"); await virtExec("generate-cert", { domain: subdomain,