feat: test auto-dns on the auth endpoint (#49)

* feat: test auto-dns on the auth endpoint

* test: debug affected roles scripts

* test: changed role feature

* feat: add sanity test for affected roles

* fix: issue with playbook_dir being absolute path

* fix: caddy file comment should use #

* feat: test dynamicdns

* chore: remove test with dns  challenge

* feat: activate dynamic_domains

* fix: dynamic dns misconfiguration

Author: xNok

.github/workflows/ansible.yml

@@ -28,7 +28,6 @@ jobs:
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
 
       - name: Run ansible-lint

ansible/affected-roles.yml

@@ -0,0 +1,6 @@
+- name: Determine affected roles
+  hosts: localhost
+  gather_facts: false
+
+  roles:
+  - utils-affected-roles

ansible/roles/docker-swarm-app-caddy/assets/Caddyfile

@@ -6,6 +6,14 @@
 	order authenticate before respond
 	order authorize before basicauth
 
+	dynamic_dns {
+		provider digitalocean {env.DIGITALOCEAN_API_TOKEN}
+		domains {
+			{{domain}} @ www
+		}
+		dynamic_domains
+	}
+
 	security {
 		oauth identity provider github {env.GITHUB_CLIENT_ID} {env.GITHUB_CLIENT_SECRET}
 
@@ -49,12 +57,17 @@
 	}
 }
 
+# Snippet enable automatic DNS configuration
+(external-dns) {
+	tls {
+		dns digitalocean {env.DIGITALOCEAN_API_TOKEN}
+	}
+}
+
+# Auth endpoint for caddy security
 auth.{{domain}} {
+	import external-dns
 	authenticate with myportal
 }
 
-(external_dns) {
-	tls {
-		dns digitalocean {env.DIGITALOCEAN_API_TOKEN}
-	}
-}
+

ansible/roles/docker-swarm-app-caddy/assets/caddy-stack.yml

@@ -54,18 +54,6 @@ services:
         caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}' }}"
         caddy.authorize: with admins_policy
 
-  whoami-dns:
-    # A container that exposes an API to show its IP address
-    image: containous/whoami
-    networks:
-      - caddy
-    deploy:
-      labels:
-        caddy: whoami-dns.{{domain}}
-        caddy.import: external_dns
-        caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}' }}"
-
-
 volumes:
   caddy_data:
   caddy_config:

ansible/roles/utils-affected-roles/defaults/main.yaml

@@ -1,3 +1,3 @@
 # Default variables for affected_roles role
 default_branch: "main"
-roles_folder: "{{ playbook_dir }}/roles"
+roles_folder: "ansible/roles"

ansible/roles/utils-affected-roles/tasks/main.yaml

@@ -21,6 +21,10 @@
   tags:
   - skip_ansible_lint
 
+- name: Debug git diff output
+  debug:
+    msg: "{{ diff.stdout_lines }}"
+
 - name: Extract folders from the diff
   set_fact:
     changed_folders: "{{
@@ -30,6 +34,10 @@
       }}"
   when: branch.stdout != default_branch
 
+- name: Debug changed_folders output
+  debug:
+    msg: "{{ changed_folders }}"
+
 - name: Filter folders within the roles directory
   set_fact:
     roles_with_changes: "{{ changed_folders