Merge pull request #117 from cisagov/es/107-zone-file-script

107: CI to push automated gov.txt updates from CZDS API
cisagov · Feb 26, 2024 · 1638628 · 1638628
2 parents b5ea0c8 + a369ba6
commit 1638628
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 3 deletions.
diff --git a/.github/workflows/update-gov-zone-file.yml b/.github/workflows/update-gov-zone-file.yml
@@ -0,0 +1,30 @@
+name: Update gov.txt from CZDS API zone file
+run-name: Update gov.txt from CZDS API zone file
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: "5 6 * * *"
+
+jobs:
+  update_zone_file:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Download gov.txt.gz
+        env:
+          ICANN_USERNAME: '${{ secrets.ICANN_USERNAME }}'
+          ICANN_PASSWORD: '${{ secrets.ICANN_PASSWORD }}'
+        run: |
+          chmod +x ./scripts/download_zone_file.sh
+          ./scripts/download_zone_file.sh '${{ env.ICANN_USERNAME }}' '${{ env.ICANN_PASSWORD }}' > gov.txt
+        shell: sh
+      # Push daily zone file to branch only if a diff is found
+      - name: Commit and push updated zone file update to branch
+        run: |-
+          git config user.name "botgov"
+          git config user.email "[email protected]"
+          git add gov.txt
+          timestamp=$(date -u)
+          git commit -m "CZDS Update ${timestamp}" || exit 0
+          git push
diff --git a/gov.txt b/gov.txt
@@ -1,4 +1,4 @@
-gov.			3600	IN	SOA	a.ns.gov. dns.cloudflare.com. 1708827900 3600 900 604800 300
+gov.			3600	IN	SOA	a.ns.gov. dns.cloudflare.com. 1708914301 3600 900 604800 300
 gov.			86400	IN	NS	a.ns.gov.
 gov.			86400	IN	NS	b.ns.gov.
 gov.			86400	IN	NS	c.ns.gov.
@@ -10466,8 +10466,8 @@ fremontcountyid.gov.	10800	IN	NS	ns22.digicertdns.com.
 fremontcountyid.gov.	10800	IN	NS	ns23.digicertdns.net.
 fremontcountyid.gov.	10800	IN	NS	ns24.digicertdns.net.
 fremontcountyid.gov.	10800	IN	NS	ns25.digicertdns.net.
-fremontcountywy.gov.	10800	IN	NS	ns3.mwtn.net.
-fremontcountywy.gov.	10800	IN	NS	nse1.tribcsp.com.
+fremontcountywy.gov.	10800	IN	NS	ace.ns.cloudflare.com.
+fremontcountywy.gov.	10800	IN	NS	olivia.ns.cloudflare.com.
 fremontfire.gov.	10800	IN	NS	ns1.fremont.gov.
 fremontfire.gov.	10800	IN	NS	ns2.fremont.gov.
 fremonthills.gov.	10800	IN	NS	ns1.siteground.net.

diff --git a/scripts/download_zone_file.sh b/scripts/download_zone_file.sh
@@ -0,0 +1,6 @@
+"""Authenticates into ICANN using Github Actions secrets credentials and downloads .gov zone file"""
+ICANN_username=$1
+ICANN_password=$2
+authentication_data="{\"username\":\"$ICANN_username\",\"password\":\"$ICANN_password\"}"
+token=$(curl -X POST -H "Accept: application/json" -H "Content-Type: application/json" -d $authentication_data https://account-api.icann.org/api/authenticate | jq -r .accessToken)
+[ ! -z "$token" ] && curl -X GET --output gov.txt.gz -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer $token" https://czds-api.icann.org/czds/downloads/gov.zone && gunzip -f ./gov.txt.gz > gov.txt