90 lines
3.0 KiB
Bash
Executable File
90 lines
3.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Run from Phoenix deploy API (child of gitea Cloudflare job) on the host that holds
|
|
# PHOENIX_REPO_ROOT + .env — not from Gitea cloud runners (wrong public IP / no .env).
|
|
#
|
|
# Gates:
|
|
# PHOENIX_CLOUDFLARE_SYNC=1|true — must be set in repo .env and/or phoenix systemd (safety)
|
|
# Path filter: only commits touching DNS/CF-related paths (unless target is cloudflare-sync-force)
|
|
# Env (optional):
|
|
# CLOUDFLARE_GITEA_SYNC_ZONE — default d-bis.org (passed as --zone-only=… to update script)
|
|
# PHOENIX_DEPLOY_TARGET — set by phoenix; cloudflare-sync-force skips path filter
|
|
|
|
set -euo pipefail
|
|
|
|
ROOT="${PHOENIX_REPO_ROOT:-}"
|
|
if [[ -z "$ROOT" ]]; then
|
|
echo "gitea-cloudflare-sync: PHOENIX_REPO_ROOT is not set" >&2
|
|
exit 1
|
|
fi
|
|
|
|
UPDATE_SCRIPT="${ROOT}/scripts/update-all-dns-to-public-ip.sh"
|
|
|
|
if [[ ! -f "$UPDATE_SCRIPT" ]]; then
|
|
echo "gitea-cloudflare-sync: missing ${UPDATE_SCRIPT}" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# shellcheck source=/dev/null
|
|
if [[ -f "$ROOT/.env" ]]; then
|
|
set +u
|
|
# shellcheck source=/dev/null
|
|
source "$ROOT/.env"
|
|
set -u
|
|
fi
|
|
|
|
target="${PHOENIX_DEPLOY_TARGET:-cloudflare-sync}"
|
|
force_sync=0
|
|
if [[ "$target" == "cloudflare-sync-force" ]] || [[ "${PHOENIX_FORCE_CLOUDFLARE_SYNC:-0}" == "1" ]]; then
|
|
force_sync=1
|
|
fi
|
|
|
|
sync_on="${PHOENIX_CLOUDFLARE_SYNC:-0}"
|
|
if [[ "$sync_on" != "1" && "${sync_on,,}" != "true" ]]; then
|
|
echo "gitea-cloudflare-sync: skip (set PHOENIX_CLOUDFLARE_SYNC=1 in .env or phoenix environment)"
|
|
exit 0
|
|
fi
|
|
|
|
if [[ -z "${PHOENIX_DEPLOY_SHA:-}" && "$force_sync" -eq 0 ]]; then
|
|
echo "gitea-cloudflare-sync: skip (no PHOENIX_DEPLOY_SHA; use target cloudflare-sync-force to run anyway)"
|
|
exit 0
|
|
fi
|
|
|
|
matches_cloudflare_paths() {
|
|
local sha="$1"
|
|
local out
|
|
if ! git -C "$ROOT" rev-parse --verify "${sha}^{commit}" >/dev/null 2>&1; then
|
|
echo "gitea-cloudflare-sync: skip (commit ${sha:0:12}… not in ${ROOT} — git pull there or use cloudflare-sync-force)" >&2
|
|
return 1
|
|
fi
|
|
if ! out=$(git -C "$ROOT" show --name-only --format="" "$sha" 2>/dev/null); then
|
|
echo "gitea-cloudflare-sync: skip (git show ${sha:0:12}… failed — use cloudflare-sync-force)" >&2
|
|
return 1
|
|
fi
|
|
if [[ -z "$out" ]]; then
|
|
return 1
|
|
fi
|
|
while IFS= read -r f; do
|
|
[[ -z "$f" ]] && continue
|
|
if [[ "$f" == scripts/cloudflare/* ||
|
|
"$f" == scripts/deployment/gitea-cloudflare-sync.sh ||
|
|
"$f" == scripts/update-all-dns-to-public-ip.sh ||
|
|
"$f" == phoenix-deploy-api/deploy-targets.json ||
|
|
"$f" == config/ip-addresses.conf ]]; then
|
|
return 0
|
|
fi
|
|
done <<<"$out"
|
|
return 1
|
|
}
|
|
|
|
if [[ "$force_sync" -eq 0 ]]; then
|
|
if ! matches_cloudflare_paths "$PHOENIX_DEPLOY_SHA"; then
|
|
echo "gitea-cloudflare-sync: no Cloudflare/DNS-related files in ${PHOENIX_DEPLOY_SHA:0:12}…; skip (use cloudflare-sync-force to override)"
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
zone="${CLOUDFLARE_GITEA_SYNC_ZONE:-d-bis.org}"
|
|
echo "gitea-cloudflare-sync: applying DNS sync for zone ${zone} (force=${force_sync})"
|
|
|
|
exec bash "$UPDATE_SCRIPT" "--zone-only=${zone}"
|