Merge pull request #22 from cisagov/improvement/manual-override

Add ability to use challenges other than Route53 DNS
cisagov · May 14, 2021 · 0617d90 · 0617d90
2 parents ae25df9 + ec8909e
commit 0617d90
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 9 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -156,6 +156,10 @@ jobs:
           if [ "${{ github.event_name }}" = "push" ]; then
             TAGS="${TAGS},${IMAGE_NAME}:sha-${GITHUB_SHA::8}"
           fi
+          for i in ${TAGS//,/ }
+          do
+            TAGS="${TAGS},ghcr.io/${i}"
+          done
           echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
           echo ::set-output name=source_version::$(./bump_version.sh show)
           echo ::set-output name=tags::${TAGS}
@@ -275,9 +279,10 @@ jobs:
   build-push-all:
     # Builds the final set of images for each of the platforms listed in
     # PLATFORMS environment variable.  These images are tagged with the Docker
-    # tags calculated in the "prepare" job and pushed to DockerHub.  The
-    # contents of README.md is pushed as the image's description.  This job is
-    # skipped when the triggering event is a pull request.
+    # tags calculated in the "prepare" job and pushed to DockerHub and the
+    # GitHub Container Registry.  The contents of README.md are pushed as the
+    # image's description to DockerHub.  This job is skipped when the triggering
+    # event is a pull request.
     name: "Build and push all platforms"
     runs-on: ubuntu-latest
     needs: [lint, prepare, test]
@@ -288,6 +293,12 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Checkout
         uses: actions/checkout@v2
       - name: Set up QEMU
@@ -305,7 +316,7 @@ jobs:
             ${{ env.BASE_CACHE_KEY }}
       - name: Create cross-platform support Dockerfile-x
         run: ./buildx-dockerfile.sh
-      - name: Build and push platform images to Docker Hub
+      - name: Build and push platform images to registries
         id: docker_build
         uses: docker/build-push-action@v2
         with:

diff --git a/README.md b/README.md
@@ -38,6 +38,13 @@ For additional `certbot` commands see the help:
 docker-compose run certboto --help
 ```
 
+To disable usage of the Route53 DNS plugin pass `--no-dns-route53` as the first
+argument.  This is useful if you need to use other types of challenges.
+
+```console
+docker-compose run certboto --no-dns-route53 --manual certonly -d lemmy.imotorhead.com
+```
+
 ### Install ###
 
 Create a `docker-compose.yml` file similar to this:
@@ -76,7 +83,7 @@ Or build `cisagov/certboto` from source:
 ```console
 git clone https://github.com/cisagov/certboto-docker.git
 cd certboto-docker
-docker-compose build --build-arg VERSION=0.0.1
+docker-compose build --build-arg VERSION=0.0.3
 ```
 
 ## Environment Variables ##

diff --git a/src/entrypoint.sh b/src/entrypoint.sh
@@ -4,7 +4,12 @@ set -o nounset
 set -o errexit
 # Sha-bang cannot be /bin/bash (not available), but
 # the container's /bin/sh does support pipefail.
-# shellcheck disable=SC2039
+# SC2039 has been retired in favor of SC3xxx issues.
+# See: https://github.com/koalaman/shellcheck/wiki/SC2039
+# See: https://github.com/koalaman/shellcheck/issues/2052
+# Both the old and new codes are listed since CI is using the old code (0.7.0),
+# and dev environments are using the newer version (0.7.2).
+# shellcheck disable=SC2039,SC3040
 set -o pipefail
 
 if [ "$1" = "--version" ]; then
@@ -28,9 +33,18 @@ AWS_PROFILE=${BUCKET_PROFILE} aws s3 sync --no-progress "s3://${BUCKET_NAME}" \
 echo "Rebuilding symlinks in ${ACME_CONFIG_ROOT}"
 ./rebuild-symlinks.py --log-level warning ${ACME_CONFIG_ROOT}
 
-echo "Running: certbot --dns-route53 $*"
+# First argument flag --no-dns-route53 disables default use of --dns-route53
+if [ "$1" = "--no-dns-route53" ]; then
+  shift
+  echo "Route53 DNS challenge disabled by --no-dns-route53 flag"
+else
+  # Add the --dns-route53 argument to the start of our args
+  set -- --dns-route53 "$*"
+fi
+
+echo "Running: certbot $*"
 # shellcheck disable=SC2048,SC2086
-AWS_PROFILE=${DNS_PROFILE} certbot --dns-route53 $*
+AWS_PROFILE=${DNS_PROFILE} certbot $*
 
 echo "Syncing certbot configs to ${BUCKET_NAME}"
 AWS_PROFILE=${BUCKET_PROFILE} aws s3 sync --delete ${ACME_CONFIG_ROOT} "s3://${BUCKET_NAME}"
diff --git a/src/version.txt b/src/version.txt
@@ -1 +1 @@
-__version__ = "0.0.2"
+__version__ = "0.0.3"