@@ -0,0 +1,69 @@
|
||||
name: Authelia Update Check
|
||||
|
||||
on:
|
||||
push:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
args:
|
||||
description: 'Argumente (z.B. --apply)'
|
||||
default: ''
|
||||
|
||||
jobs:
|
||||
check-and-notify:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
# 1. Secrets aus Vault holen
|
||||
- name: Import Secrets from Vault
|
||||
uses: https://github.com/hashicorp/vault-action@v2
|
||||
with:
|
||||
url: https://vault.familie-berner.de
|
||||
token: ${{ secrets.VAULT_TOKEN }}
|
||||
tlsSkipVerify: false
|
||||
secrets: |
|
||||
secret/data/authelia/ssh root | SSH_PASSWORD ;
|
||||
secret/data/matrix/bot/drone-bot password | MATRIX_PASSWORD ;
|
||||
secret/data/matrix/bot/drone-bot userid | MATRIX_USERID ;
|
||||
secret/data/matrix/bot/drone-bot roomid | MATRIX_ROOMID
|
||||
|
||||
# 2. SSH Step (nutzt jetzt die Variablen aus Vault)
|
||||
- name: SSH Execution and Logic
|
||||
id: ssh_step
|
||||
uses: https://github.com/appleboy/ssh-action@v1.0.3
|
||||
with:
|
||||
host: 10.0.4.18
|
||||
username: root
|
||||
password: ${{ env.SSH_PASSWORD }}
|
||||
port: 22
|
||||
script: |
|
||||
fetch -o /tmp/authelia-update.sh https://git.familie-berner.de/Open/infra-maintenance/raw/branch/main/authelia/authelia-update.sh
|
||||
chmod +x /tmp/authelia-update.sh
|
||||
|
||||
set +e
|
||||
ARGS="${{ github.event.inputs.args }}"
|
||||
timeout 10m /tmp/authelia-update.sh $ARGS
|
||||
EXIT_CODE=$?
|
||||
set -e
|
||||
|
||||
case $EXIT_CODE in
|
||||
0) MSG="✅ Update erfolgreich / Alles aktuell" ;;
|
||||
10) MSG="ℹ Update verfügbar, aber nicht angewendet" ;;
|
||||
75) MSG="🔥 KRITISCH: Dienst startet nicht!" ;;
|
||||
*) MSG="❌ Fehler (Code: $EXIT_CODE)" ;;
|
||||
esac
|
||||
|
||||
echo "status_msg=$MSG" >> $GITHUB_OUTPUT
|
||||
echo "exit_code=$EXIT_CODE" >> $GITHUB_OUTPUT
|
||||
if [ $CODE -gt 10 ]; then exit $CODE; fi
|
||||
|
||||
# 3. Matrix Notification (nutzt ebenfalls Vault Daten)
|
||||
- name: Matrix Notification
|
||||
if: always()
|
||||
run: |
|
||||
TOKEN_JSON=$(curl -s -X POST -d "{\"type\":\"m.login.password\", \"user\":\"${{ env.MATRIX_USERID }}\", \"password\":\"${{ env.MATRIX_PASSWORD }}\"}" "https://matrix.familie-berner.de/_matrix/client/r0/login")
|
||||
TOKEN=$(echo $TOKEN_JSON | sed -nE 's/.*"access_token":"([^"]+)".*/\1/p')
|
||||
|
||||
BODY="### Authelia Bericht\n**Status:** ${{ steps.ssh_step.outputs.status_msg }}\n**Exit-Code:** ${{ steps.ssh_step.outputs.exit_code }}"
|
||||
|
||||
curl -s -X POST -d "{\"msgtype\":\"m.text\", \"format\":\"org.matrix.custom.html\", \"formatted_body\":\"$BODY\", \"body\":\"$BODY\"}" \
|
||||
"https://matrix.familie-berner.de/_matrix/client/r0/rooms/${{ env.MATRIX_ROOMID }}/send/m.room.message?access_token=$TOKEN"
|
||||
Reference in New Issue
Block a user