Check upstream image every 6h.

.dockerignore

@@ -0,0 +1,2 @@
+ci/
+README.md

Dockerfile

@@ -1,9 +1,7 @@
 FROM alpine:latest
 
-RUN apk add \
-        curl \
-        certbot \
-        openssl
+RUN apk add --no-cache --upgrade \
+        curl certbot openssl
 
 RUN mkdir -p /etc/periodic/12h \
     && mkdir -p /etc/periodic/5min
@@ -11,5 +9,7 @@ RUN mkdir -p /etc/periodic/12h \
 COPY certbot-* duckdns start-certbot-duckdns.sh /usr/local/bin/
 COPY etc/periodic/ /etc/periodic/
 
+VOLUME /etc/letsencrypt/
+
 ENTRYPOINT [ "/bin/sh", "-c" ]
 CMD [ "duckdns; certbot-duckdns; start-certbot-duckdns.sh" ]

README.md

@@ -9,10 +9,18 @@ one for the domain and one wildcard cert.
 
 **Example:**
 
+```
+docker run --rm \
+    -e DUCKDNS_DOMAIN=redxef \
+    -e DUCKDNS_TOKEN=<your ddns token> \
+    -e LE_EMAIL=noreply@example.com \
+    redxef/certbot-duckdns
+```
+
 `DUCKDNS_DOMAIN=redxef`
 
 Yields 2 certificates, the first being for redxef.duckdns.org and the
-second being for *.redxef.duckdns.org. These certificates can be found
+second being for \*.redxef.duckdns.org. These certificates can be found
 under the following locations respectively:
 
 - `/etc/letsencrypt/live/redxef.duckdns.org/`
@@ -22,4 +30,9 @@ under the following locations respectively:
 
 - DUCKDNS_DOMAIN: The domain to update, ex: DUCKDNS_DOMAIN=redxef for redxef.duckdns.org
 - DUCKDNS_TOKEN: Your duckdns api token
+- DUCKDNS_PROPAGATION_DELAY: Wait this many seconds after the TXT record was updated
 - LE_EMAIL: Your email for certificate related notifications
+
+## SOURCE
+
+[gitea.redxef.at/redxef/certbot-duckdns](https://gitea.redxef.at/redxef/certbot-duckdns)

arch.txt

@@ -1,35 +0,0 @@
-aarch64
-# aarch64_be
-# alpha
-arm
-# armeb
-# cris
-# hppa
-i386
-# m68k
-# microblaze
-# microblazeel
-# mips
-# mips64
-# mips64el
-# mipsel
-# mipsn32
-# mipsn32el
-# nios2
-# or1k
-# ppc
-# ppc64
-# ppc64abi32
-ppc64le
-# riscv32
-# riscv64
-s390x
-# sh4
-# sh4eb
-# sparc
-# sparc32plus
-# sparc64
-# tilegx
-x86_64
-# xtensa
-# xtensaeb

build.sh

@@ -1,30 +0,0 @@
-#!/usr/bin/env sh
-
-platforms() {
-    plat="$(grep '^[^#].*' < arch.txt)"
-    arch_count="$(echo "$plat" | wc -l)"
-    echo "$plat" | tr '\n' ',' | cut -d, -f1-$arch_count
-}
-
-create() {
-    docker buildx create --use
-}
-
-build() {
-    tagname="$1"
-    docker pull 'alpine:latest'
-    docker buildx build --push --tag="$tagname" --platform="$(platforms)" .
-}
-
-get_tag() {
-    git rev-parse --short HEAD
-}
-
-deploy() {
-    tag0="redxef/certbot-duckdns:$(get_tag)"
-    tag1="redxef/certbot-duckdns:latest"
-    build "$tag0"
-    build "$tag1"
-}
-
-"$@"

certbot-auth

@@ -7,13 +7,12 @@ result="$(printf "url=$baseurl\n" "$DUCKDNS_DOMAIN" "$DUCKDNS_TOKEN" "$CERTBOT_V
 
 # give some time for the record to update
 echo "waiting for txt record"
-for i in $(seq 0 60); do
+for _i in $(seq 0 60); do
     val="$(nslookup -type=TXT "$DUCKDNS_DOMAIN.duckdns.org" | grep "$DUCKDNS_DOMAIN.duckdns.org.*text.*=.*" | sed -n 's/.*"\([^"]*\)".*/\1/p')"
     echo "current txt record: $val"
     test "$val" = "$CERTBOT_VALIDATION" && break
     sleep 10
 done
+sleep "${DUCKDNS_PROPAGATION_DELAY:-0}"
 
-echo "waiting 60s for propagation"
-sleep 60
 test "$result" = 'OK'

certbot-duckdns

@@ -2,13 +2,13 @@
 
 certbot certonly --manual --preferred-challenges dns-01 --keep \
     --email="$LE_EMAIL" --domains="$DUCKDNS_DOMAIN.duckdns.org" \
-    --agree-tos --no-eff-email --manual-public-ip-logging-ok \
+    --agree-tos --no-eff-email \
     --manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
     "$@"
 
 certbot certonly --manual --preferred-challenges dns-01 --keep \
     --email="$LE_EMAIL" --domains="*.$DUCKDNS_DOMAIN.duckdns.org" \
-    --agree-tos --no-eff-email --manual-public-ip-logging-ok \
+    --agree-tos --no-eff-email \
     --manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
     "$@"
 

ci/pipeline.yml

@@ -0,0 +1,83 @@
+---
+resources:
+- name: source
+  type: git
+  source:
+    uri: https://gitea.redxef.at/redxef/certbot-duckdns
+    branch: master
+    fetch_tags: true
+- name: upstream-image
+  check_every: 6h
+  type: registry-image
+  source:
+    repository: alpine
+- name: image
+  type: oci-image
+  source:
+    repository: redxef/certbot-duckdns
+    tag: latest
+    username: ((docker.username))
+    password: ((docker.password))
+
+resource_types:
+- name: oci-image
+  type: registry-image
+  source:
+    repository: redxef/concourse-oci-resource
+    tag: latest
+
+jobs:
+- name: build-push
+  plan:
+  - get: source
+    trigger: true
+  - get: upstream-image
+    trigger: true
+  - task: compute-docker-tags
+    config:
+      platform: linux
+      image_resource:
+        type: registry-image
+        source:
+          repository: alpine/git
+      inputs:
+      - name: source
+        path: .
+      outputs:
+      - name: docker-tags
+      run:
+        path: sh
+        args:
+        - -c
+        - |
+          #!/usr/bin/env sh
+          git rev-parse --short HEAD > docker-tags/tags.txt
+          git show-ref --tags | \
+              sed -n "/$(git rev-parse HEAD)/ s|$(git rev-parse HEAD).refs/tags/||gp" \
+              >> docker-tags/tags.txt
+  - task: build
+    privileged: true
+    config:
+      platform: linux
+      image_resource:
+        type: registry-image
+        source:
+          repository: redxef/concourse-buildkit
+      inputs:
+      - name: source
+        path: .
+      - name: docker-tags
+      outputs:
+      - name: build-output
+      params:
+        dest: build-output/image.tar
+        platform: aarch64,arm,i386,ppc64le,s390x,x86_64
+      run:
+        path: build
+  - put: image
+    inputs:
+    - build-output
+    - docker-tags
+    params:
+      image: build-output/image.tar
+      additionaltags: docker-tags/tags.txt