From 3921b648ce1412160d3ba0450712234589c67e56 Mon Sep 17 00:00:00 2001
From: mkelcik <mkelcik@gmail.com>
Date: Sat, 29 Apr 2023 12:45:21 +0200
Subject: [PATCH] github action + minor refactor

---
 .github/workflows/image-scanner.yml | 31 ++++++++++++++
 main.go                             | 64 +++++++++++++++++------------
 public_resolvers/ifconfigme.go      | 11 ++++-
 3 files changed, 78 insertions(+), 28 deletions(-)
 create mode 100644 .github/workflows/image-scanner.yml

diff --git a/.github/workflows/image-scanner.yml b/.github/workflows/image-scanner.yml
new file mode 100644
index 0000000..9d48ac0
--- /dev/null
+++ b/.github/workflows/image-scanner.yml
@@ -0,0 +1,31 @@
+name: build
+on:
+  workflow_run:
+    workflows: [ "Code check" ]
+    types:
+      - completed
+jobs:
+  on-failure:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+    steps:
+      - run: echo 'The triggering workflow failed'
+  build:
+    name: Image vulnerability scanner
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
\ No newline at end of file
diff --git a/main.go b/main.go
index f66eaff..d8c0bda 100644
--- a/main.go
+++ b/main.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"log"
 	"net"
-	"net/http"
 	"os/signal"
 	"syscall"
 	"time"
@@ -24,9 +23,7 @@ func getResolver(resolverName string) PublicIpResolver {
 	case public_resolvers.IfConfigMeTag:
 		fallthrough
 	default:
-		return public_resolvers.NewIfConfigMe(&http.Client{
-			Timeout: 10 * time.Second,
-		})
+		return public_resolvers.NewDefaultIfConfigMe()
 	}
 }
 
@@ -57,33 +54,46 @@ func main() {
 		log.Fatal(err)
 	}
 
-	dns, err := allDNSRecords(ctx, api, cloudflare.ZoneIdentifier(zoneID))
-	if err != nil {
-		log.Fatal(err)
-	}
+	log.Println("waiting for update tick ...")
+	ticker := time.NewTicker(config.CheckInterval)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ticker.C:
+			log.Println("tick received checking ...")
+			func() {
+				dns, err := allDNSRecords(ctx, api, cloudflare.ZoneIdentifier(zoneID))
+				if err != nil {
+					log.Fatal(err)
+				}
 
-	for _, dnsRecord := range dns {
-		if internal.Contains(config.DnsRecordsToCheck, dnsRecord.Name) {
-			log.Printf("Checking record `%s` with current value `%s` ...", dnsRecord.Name, dnsRecord.Content)
-			if currentPublicIP.String() == dnsRecord.Content {
-				log.Println("OK")
-				continue // no update needed
-			}
+				for _, dnsRecord := range dns {
+					if internal.Contains(config.DnsRecordsToCheck, dnsRecord.Name) {
+						log.Printf("Checking record `%s` with current value `%s` ...", dnsRecord.Name, dnsRecord.Content)
+						if currentPublicIP.String() == dnsRecord.Content {
+							log.Println("OK")
+							continue // no update needed
+						}
 
-			update := cloudflare.UpdateDNSRecordParams{
-				ID:      dnsRecord.ID,
-				Content: currentPublicIP.String(),
-			}
+						update := cloudflare.UpdateDNSRecordParams{
+							ID:      dnsRecord.ID,
+							Content: currentPublicIP.String(),
+						}
 
-			if config.OnChangeComment != "" {
-				update.Comment = config.OnChangeComment
-			}
+						if config.OnChangeComment != "" {
+							update.Comment = config.OnChangeComment
+						}
 
-			if _, err := api.UpdateDNSRecord(ctx, cloudflare.ZoneIdentifier(zoneID), update); err != nil {
-				log.Printf("error updating dns record: %s", err)
-			} else {
-				log.Printf("Updated to `%s`", currentPublicIP)
-			}
+						if _, err := api.UpdateDNSRecord(ctx, cloudflare.ZoneIdentifier(zoneID), update); err != nil {
+							log.Printf("error updating dns record: %s", err)
+						} else {
+							log.Printf("Updated to `%s`", currentPublicIP)
+						}
+					}
+				}
+			}()
+		case <-ctx.Done():
+			break
 		}
 	}
 }
diff --git a/public_resolvers/ifconfigme.go b/public_resolvers/ifconfigme.go
index 829d95d..97bfbeb 100644
--- a/public_resolvers/ifconfigme.go
+++ b/public_resolvers/ifconfigme.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"net"
 	"net/http"
+	"time"
 )
 
 const (
@@ -24,6 +25,12 @@ type IfConfigMe struct {
 	client Doer
 }
 
+func NewDefaultIfConfigMe() *IfConfigMe {
+	return NewIfConfigMe(&http.Client{
+		Timeout: 10 * time.Second,
+	})
+}
+
 func NewIfConfigMe(c Doer) *IfConfigMe {
 	return &IfConfigMe{client: c}
 }
@@ -38,7 +45,9 @@ func (i IfConfigMe) ResolvePublicIp(ctx context.Context) (net.IP, error) {
 	if err != nil {
 		return net.IP{}, err
 	}
-	defer resp.Body.Close()
+	defer func() {
+		_ = resp.Body.Close()
+	}()
 
 	if resp.StatusCode != http.StatusOK {
 		return net.IP{}, fmt.Errorf("unexpected response code %d", resp.StatusCode)