Public/infra-maintenance
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test
Some checks failed
Authelia Update Check / check-and-notify (push) Failing after 47s
Details

Browse Source
This commit is contained in:
Matthias Berner
2026-01-11 16:19:28 +01:00
parent 1479c3f0ab
commit a3dd4cbee7
2 changed files with 23 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
.drone.yml → .drone.yml_
View File

45
.gitea/workflows/authelia.yaml
View File

@@ -6,7 +6,6 @@ on:
inputs: inputs:
args: args:
description: 'Argumente (z.B. --apply)' description: 'Argumente (z.B. --apply)'
required: false
default: '' default: ''
jobs: jobs:
@@ -14,21 +13,33 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
# 1. Secrets aus Vault holen
- name: Import Secrets from Vault
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://dein-vault-server.de # <--- Deine Vault URL
token: ${{ secrets.VAULT_TOKEN }} # <--- Nur diesen einen Token musst du in Gitea hinterlegen
tlsSkipVerify: false
secrets: |
secret/data/authelia/ssh root | SSH_PASSWORD ;
secret/data/matrix/bot/drone-bot password | MATRIX_PASSWORD ;
secret/data/matrix/bot/drone-bot userid | MATRIX_USERID ;
secret/data/matrix/bot/drone-bot roomid | MATRIX_ROOMID
# 2. SSH Step (nutzt jetzt die Variablen aus Vault)
- name: SSH Execution and Logic - name: SSH Execution and Logic
id: ssh_step id: ssh_step
uses: https://github.com/appleboy/ssh-action@v1.0.3 uses: https://github.com/appleboy/ssh-action@v1.0.3
with: with:
host: 10.0.4.18 host: 10.0.4.18
username: root username: root
password: ${{ secrets.PASSWORD_AUTHELIA }} password: ${{ env.SSH_PASSWORD }}
port: 22 port: 22
# Wir nutzen hier die GitHub Actions Syntax für den Zugriff auf Inputs
script: | script: |
fetch -o /tmp/authelia-update.sh https://git.familie-berner.de/Open/infra-maintenance/raw/branch/main/authelia/authelia-update.sh fetch -o /tmp/authelia-update.sh https://git.familie-berner.de/Open/infra-maintenance/raw/branch/main/authelia/authelia-update.sh
chmod +x /tmp/authelia-update.sh chmod +x /tmp/authelia-update.sh
set +e set +e
# Fallunterscheidung: Entweder Input von UI oder leer
ARGS="${{ github.event.inputs.args }}" ARGS="${{ github.event.inputs.args }}"
timeout 10m /tmp/authelia-update.sh $ARGS timeout 10m /tmp/authelia-update.sh $ARGS
EXIT_CODE=$? EXIT_CODE=$?
@@ -37,32 +48,22 @@ jobs:
case $EXIT_CODE in case $EXIT_CODE in
0) MSG="✅ Update erfolgreich / Alles aktuell" ;; 0) MSG="✅ Update erfolgreich / Alles aktuell" ;;
10) MSG=" Update verfügbar, aber nicht angewendet" ;; 10) MSG=" Update verfügbar, aber nicht angewendet" ;;
64) MSG="❌ Fehler: Ungültige Parameter" ;;
69) MSG="🌐 Fehler: Netzwerk/GitHub nicht erreichbar" ;;
70) MSG="📂 Fehler: Authelia Binary nicht gefunden" ;;
75) MSG="🔥 KRITISCH: Dienst startet nicht!" ;; 75) MSG="🔥 KRITISCH: Dienst startet nicht!" ;;
*) MSG="❓ Unbekannter Fehler (Code: $EXIT_CODE)" ;; *) MSG=" Fehler (Code: $EXIT_CODE)" ;;
esac esac
# Wir schreiben die Outputs für die Gitea-Umgebung
echo "status_msg=$MSG" >> $GITHUB_OUTPUT echo "status_msg=$MSG" >> $GITHUB_OUTPUT
echo "exit_code=$EXIT_CODE" >> $GITHUB_OUTPUT echo "exit_code=$EXIT_CODE" >> $GITHUB_OUTPUT
if [ $CODE -gt 10 ]; then exit $CODE; fi
if [ $EXIT_CODE -ne 0 ] && [ $EXIT_CODE -ne 10 ]; then exit $EXIT_CODE; fi
- name: Matrix Notification via Curl # 3. Matrix Notification (nutzt ebenfalls Vault Daten)
- name: Matrix Notification
if: always() if: always()
run: | run: |
# Wir holen uns den Access Token TOKEN_JSON=$(curl -s -X POST -d "{\"type\":\"m.login.password\", \"user\":\"${{ env.MATRIX_USERID }}\", \"password\":\"${{ env.MATRIX_PASSWORD }}\"}" "https://matrix.familie-berner.de/_matrix/client/r0/login")
TOKEN_JSON=$(curl -s -X POST -d "{\"type\":\"m.login.password\", \"user\":\"${{ secrets.USERID_MATRIX }}\", \"password\":\"${{ secrets.PASSWORD_MATRIX }}\"}" "https://matrix.familie-berner.de/_matrix/client/r0/login")
TOKEN=$(echo $TOKEN_JSON | sed -nE 's/.*"access_token":"([^"]+)".*/\1/p') TOKEN=$(echo $TOKEN_JSON | sed -nE 's/.*"access_token":"([^"]+)".*/\1/p')
# Nachricht zusammenbauen BODY="### Authelia Bericht\n**Status:** ${{ steps.ssh_step.outputs.status_msg }}\n**Exit-Code:** ${{ steps.ssh_step.outputs.exit_code }}"
MSG="${{ steps.ssh_step.outputs.status_msg || 'Build-Fehler vor SSH Ausführung' }}"
CODE="${{ steps.ssh_step.outputs.exit_code || 'N/A' }}"
BODY="### Authelia Bericht\n**Status:** $MSG\n**Exit-Code:** $CODE\n[Protokoll ansehen](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})" curl -s -X POST -d "{\"msgtype\":\"m.text\", \"format\":\"org.matrix.custom.html\", \"formatted_body\":\"$BODY\", \"body\":\"$BODY\"}" \
"https://matrix.familie-berner.de/_matrix/client/r0/rooms/${{ env.MATRIX_ROOMID }}/send/m.room.message?access_token=$TOKEN"
# Senden an Matrix
curl -s -X POST -d "{\"msgtype\":\"m.text\", \"format\":\"org.matrix.custom.html\", \"formatted_body\":\"$(echo -e $BODY)\", \"body\":\"$BODY\"}" \
"https://matrix.familie-berner.de/_matrix/client/r0/rooms/${{ secrets.ROOMID_MATRIX }}/send/m.room.message?access_token=$TOKEN"