github-pages-health-check 1.17.7 → 1.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/push-cibuild.yml +1 -0
- data/.rubocop.yml +1 -1
- data/Gemfile +1 -0
- data/README.md +37 -0
- data/config/cloudflare-ips.txt +8 -1
- data/config/fastly-ips.txt +5 -1
- data/lib/github-pages-health-check/domain.rb +58 -28
- data/lib/github-pages-health-check/errors/invalid_aaaa_record_error.rb +3 -3
- data/lib/github-pages-health-check/version.rb +1 -1
- data/lib/github-pages-health-check.rb +22 -10
- data/script/check +2 -0
- data/script/release +4 -4
- data/script/update-cdn-ips +34 -6
- metadata +2 -3
- data/.travis.yml +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4f74ea156f562095369eeeb9563d5b6eb97c83d511d7d8514d65020f23fc9d62
|
4
|
+
data.tar.gz: 2bcc302f901b883e8072da97bb5ba60746301403be1f881416fd01bce33ccbc2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 94689f476ee4833e682d4cf32ff59698673641b6e218bc106cd0d23c5703bd3f1e66d8550286d7c7e6bb7f47c5b94bc037e2ac4df91b33c5dcd58da6c17e5706
|
7
|
+
data.tar.gz: 36abc15449e5e6b71f1da35140df12310ecb0f9faac587aabfa90636eca9fa2778e1a657792afebe39c68bd7ba172058aaae0c8402d33409d7c1043da1fb2818
|
data/.rubocop.yml
CHANGED
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -81,3 +81,40 @@ check = GitHubPages::HealthCheck::Site.new "github/pages-health-check", access_t
|
|
81
81
|
```
|
82
82
|
|
83
83
|
You can also set `OCTOKIT_ACCESS_TOKEN` as an environmental variable, or via a `.env` file in your working directory.
|
84
|
+
|
85
|
+
### Command Line
|
86
|
+
|
87
|
+
```
|
88
|
+
./script/check pages.github.com
|
89
|
+
|
90
|
+
host: pages.github.com
|
91
|
+
uri: https://pages.github.com/
|
92
|
+
nameservers: :default
|
93
|
+
dns_resolves?: true
|
94
|
+
proxied?: false
|
95
|
+
cloudflare_ip?: false
|
96
|
+
fastly_ip?: false
|
97
|
+
old_ip_address?: false
|
98
|
+
a_record?: false
|
99
|
+
cname_record?: true
|
100
|
+
mx_records_present?: false
|
101
|
+
valid_domain?: true
|
102
|
+
apex_domain?: false
|
103
|
+
should_be_a_record?: false
|
104
|
+
cname_to_github_user_domain?: true
|
105
|
+
cname_to_pages_dot_github_dot_com?: false
|
106
|
+
cname_to_fastly?: false
|
107
|
+
pointed_to_github_pages_ip?: false
|
108
|
+
non_github_pages_ip_present?: false
|
109
|
+
pages_domain?: true
|
110
|
+
served_by_pages?: true
|
111
|
+
valid?: true
|
112
|
+
reason:
|
113
|
+
https?: true
|
114
|
+
enforces_https?: true
|
115
|
+
https_error:
|
116
|
+
https_eligible?: true
|
117
|
+
caa_error:
|
118
|
+
dns_zone_soa?: false
|
119
|
+
dns_zone_ns?: false
|
120
|
+
```
|
data/config/cloudflare-ips.txt
CHANGED
data/config/fastly-ips.txt
CHANGED
@@ -4,6 +4,8 @@
|
|
4
4
|
103.245.222.0/23
|
5
5
|
103.245.224.0/24
|
6
6
|
104.156.80.0/20
|
7
|
+
140.248.64.0/18
|
8
|
+
140.248.128.0/17
|
7
9
|
146.75.0.0/17
|
8
10
|
151.101.0.0/16
|
9
11
|
157.52.64.0/18
|
@@ -14,4 +16,6 @@
|
|
14
16
|
172.111.64.0/18
|
15
17
|
185.31.16.0/22
|
16
18
|
199.27.72.0/21
|
17
|
-
199.232.0.0/16
|
19
|
+
199.232.0.0/16
|
20
|
+
2a04:4e40::/32
|
21
|
+
2a04:4e42::/32
|
@@ -77,13 +77,23 @@ module GitHubPages
|
|
77
77
|
185.199.111.153
|
78
78
|
).freeze
|
79
79
|
|
80
|
+
CURRENT_IPV6_ADDRESSES = %w(
|
81
|
+
2606:50c0:8000::153
|
82
|
+
2606:50c0:8001::153
|
83
|
+
2606:50c0:8002::153
|
84
|
+
2606:50c0:8003::153
|
85
|
+
).freeze
|
86
|
+
|
87
|
+
CURRENT_IP_ADDRESSES_ALL =
|
88
|
+
(CURRENT_IP_ADDRESSES + CURRENT_IPV6_ADDRESSES).freeze
|
89
|
+
|
80
90
|
HASH_METHODS = %i[
|
81
91
|
host uri nameservers dns_resolves? proxied? cloudflare_ip?
|
82
|
-
fastly_ip? old_ip_address? a_record?
|
83
|
-
mx_records_present? valid_domain? apex_domain?
|
84
|
-
|
85
|
-
|
86
|
-
non_github_pages_ip_present? pages_domain?
|
92
|
+
fastly_ip? old_ip_address? a_record? aaaa_record? a_record_present? aaaa_record_present?
|
93
|
+
cname_record? mx_records_present? valid_domain? apex_domain?
|
94
|
+
should_be_a_record? cname_to_github_user_domain?
|
95
|
+
cname_to_pages_dot_github_dot_com? cname_to_fastly?
|
96
|
+
pointed_to_github_pages_ip? non_github_pages_ip_present? pages_domain?
|
87
97
|
served_by_pages? valid? reason valid_domain? https?
|
88
98
|
enforces_https? https_error https_eligible? caa_error dns_zone_soa? dns_zone_ns?
|
89
99
|
].freeze
|
@@ -128,14 +138,13 @@ module GitHubPages
|
|
128
138
|
def invalid_aaaa_record?
|
129
139
|
return @invalid_aaaa_record if defined? @invalid_aaaa_record
|
130
140
|
|
131
|
-
@invalid_aaaa_record = (valid_domain? &&
|
132
|
-
aaaa_record_present?)
|
141
|
+
@invalid_aaaa_record = (valid_domain? && aaaa_record_present? && !should_be_a_record?)
|
133
142
|
end
|
134
143
|
|
135
144
|
def invalid_a_record?
|
136
145
|
return @invalid_a_record if defined? @invalid_a_record
|
137
146
|
|
138
|
-
@invalid_a_record = (valid_domain? &&
|
147
|
+
@invalid_a_record = (valid_domain? && a_record_present? && !should_be_a_record?)
|
139
148
|
end
|
140
149
|
|
141
150
|
def invalid_cname?
|
@@ -213,20 +222,20 @@ module GitHubPages
|
|
213
222
|
!should_be_a_record?
|
214
223
|
end
|
215
224
|
|
216
|
-
# Is the domain's first response an A record to a valid GitHub Pages IP?
|
225
|
+
# Is the domain's first response an A or AAAA record to a valid GitHub Pages IP?
|
217
226
|
def pointed_to_github_pages_ip?
|
218
|
-
|
227
|
+
return false unless address_record?
|
228
|
+
|
229
|
+
CURRENT_IP_ADDRESSES_ALL.include?(dns.first.address.to_s.downcase)
|
219
230
|
end
|
220
231
|
|
221
|
-
# Are any of the domain's A records pointing elsewhere?
|
232
|
+
# Are any of the domain's A or AAAA records pointing elsewhere?
|
222
233
|
def non_github_pages_ip_present?
|
223
234
|
return unless dns?
|
224
235
|
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
false
|
236
|
+
dns
|
237
|
+
.select { |a| Dnsruby::Types::A == a.type || Dnsruby::Types::AAAA == a.type }
|
238
|
+
.any? { |a| !github_pages_ip?(a.address.to_s) }
|
230
239
|
end
|
231
240
|
|
232
241
|
# Is the domain's first response a CNAME to a pages domain?
|
@@ -345,15 +354,32 @@ module GitHubPages
|
|
345
354
|
|
346
355
|
# Is this domain's first response an A record?
|
347
356
|
def a_record?
|
357
|
+
return @is_a_record if defined?(@is_a_record)
|
348
358
|
return unless dns?
|
349
359
|
|
350
|
-
|
360
|
+
@is_a_record = Dnsruby::Types::A == dns.first.type
|
351
361
|
end
|
352
362
|
|
363
|
+
# Is this domain's first response an AAAA record?
|
364
|
+
def aaaa_record?
|
365
|
+
return @is_aaaa_record if defined?(@is_aaaa_record)
|
366
|
+
return unless dns?
|
367
|
+
|
368
|
+
@is_aaaa_record = Dnsruby::Types::AAAA == dns.first.type
|
369
|
+
end
|
370
|
+
|
371
|
+
# Does this domain has an A record setup (not necessarily as the first record)?
|
372
|
+
def a_record_present?
|
373
|
+
return unless dns?
|
374
|
+
|
375
|
+
dns.any? { |answer| answer.type == Dnsruby::Types::A && answer.name.to_s == host }
|
376
|
+
end
|
377
|
+
|
378
|
+
# Does this domain has an AAAA record setup (not necessarily as the first record)?
|
353
379
|
def aaaa_record_present?
|
354
380
|
return unless dns?
|
355
381
|
|
356
|
-
dns.any? { |answer| answer.type == Dnsruby::Types::AAAA }
|
382
|
+
dns.any? { |answer| answer.type == Dnsruby::Types::AAAA && answer.name.to_s == host }
|
357
383
|
end
|
358
384
|
|
359
385
|
# Is this domain's first response a CNAME record?
|
@@ -423,8 +449,6 @@ module GitHubPages
|
|
423
449
|
def https_eligible?
|
424
450
|
# Can't have any IP's which aren't GitHub's present.
|
425
451
|
return false if non_github_pages_ip_present?
|
426
|
-
# Can't have any AAAA records present
|
427
|
-
return false if aaaa_record_present?
|
428
452
|
# Must be a CNAME or point to our IPs.
|
429
453
|
|
430
454
|
# Only check the one domain if a CNAME. Don't check the parent domain.
|
@@ -443,6 +467,10 @@ module GitHubPages
|
|
443
467
|
|
444
468
|
private
|
445
469
|
|
470
|
+
def address_record?
|
471
|
+
a_record? || aaaa_record?
|
472
|
+
end
|
473
|
+
|
446
474
|
def caa
|
447
475
|
@caa ||= GitHubPages::HealthCheck::CAA.new(
|
448
476
|
:host => cname&.host || host,
|
@@ -454,12 +482,12 @@ module GitHubPages
|
|
454
482
|
def response
|
455
483
|
return @response if defined? @response
|
456
484
|
|
457
|
-
@response = Typhoeus.head(uri,
|
485
|
+
@response = Typhoeus.head(uri, GitHubPages::HealthCheck.typhoeus_options)
|
458
486
|
|
459
487
|
# Workaround for webmock not playing nicely with Typhoeus redirects
|
460
488
|
# See https://github.com/bblimke/webmock/issues/237
|
461
489
|
if @response.mock? && @response.headers["Location"]
|
462
|
-
@response = Typhoeus.head(response.headers["Location"],
|
490
|
+
@response = Typhoeus.head(response.headers["Location"], GitHubPages::HealthCheck.typhoeus_options)
|
463
491
|
end
|
464
492
|
|
465
493
|
@response
|
@@ -467,13 +495,13 @@ module GitHubPages
|
|
467
495
|
|
468
496
|
# The domain's response to HTTP requests, without following redirects
|
469
497
|
def http_response
|
470
|
-
options =
|
498
|
+
options = GitHubPages::HealthCheck.typhoeus_options.merge(:followlocation => false)
|
471
499
|
@http_response ||= Typhoeus.head(uri(:scheme => "http"), options)
|
472
500
|
end
|
473
501
|
|
474
502
|
# The domain's response to HTTPS requests, without following redirects
|
475
503
|
def https_response
|
476
|
-
options =
|
504
|
+
options = GitHubPages::HealthCheck.typhoeus_options.merge(:followlocation => false)
|
477
505
|
@https_response ||= Typhoeus.head(uri(:scheme => "https"), options)
|
478
506
|
end
|
479
507
|
|
@@ -517,10 +545,12 @@ module GitHubPages
|
|
517
545
|
def cdn_ip?(cdn)
|
518
546
|
return unless dns?
|
519
547
|
|
520
|
-
|
521
|
-
|
548
|
+
address_records = dns.select do |answer|
|
549
|
+
Dnsruby::Types::A == answer.type || Dnsruby::Types::AAAA == answer.type
|
550
|
+
end
|
551
|
+
return false if !address_records || address_records.empty?
|
522
552
|
|
523
|
-
|
553
|
+
address_records.all? do |answer|
|
524
554
|
cdn.controls_ip?(answer.address)
|
525
555
|
end
|
526
556
|
end
|
@@ -530,7 +560,7 @@ module GitHubPages
|
|
530
560
|
end
|
531
561
|
|
532
562
|
def github_pages_ip?(ip_addr)
|
533
|
-
|
563
|
+
CURRENT_IP_ADDRESSES_ALL.include?(ip_addr&.to_s&.downcase)
|
534
564
|
end
|
535
565
|
end
|
536
566
|
end
|
@@ -8,9 +8,9 @@ module GitHubPages
|
|
8
8
|
|
9
9
|
def message
|
10
10
|
<<-MSG
|
11
|
-
|
12
|
-
|
13
|
-
|
11
|
+
Your site's DNS settings are using a custom subdomain, #{domain.host},
|
12
|
+
that's set up as an AAAA record. We recommend you change this to a CNAME
|
13
|
+
record pointing at #{username}.github.io.
|
14
14
|
MSG
|
15
15
|
end
|
16
16
|
end
|
@@ -41,16 +41,6 @@ module GitHubPages
|
|
41
41
|
URL = "https://github.com/github/pages-health-check"
|
42
42
|
USER_AGENT = "Mozilla/5.0 (compatible; #{HUMAN_NAME}/#{VERSION}; +#{URL})"
|
43
43
|
|
44
|
-
TYPHOEUS_OPTIONS = {
|
45
|
-
:followlocation => true,
|
46
|
-
:timeout => TIMEOUT,
|
47
|
-
:accept_encoding => "gzip",
|
48
|
-
:method => :head,
|
49
|
-
:headers => {
|
50
|
-
"User-Agent" => USER_AGENT
|
51
|
-
}
|
52
|
-
}.freeze
|
53
|
-
|
54
44
|
# surpress warn-level feedback due to unsupported record types
|
55
45
|
def self.without_warnings(&block)
|
56
46
|
warn_level = $VERBOSE
|
@@ -63,5 +53,27 @@ module GitHubPages
|
|
63
53
|
def self.check(repository_or_domain, access_token: nil)
|
64
54
|
Site.new repository_or_domain, :access_token => access_token
|
65
55
|
end
|
56
|
+
|
57
|
+
# rubocop:disable Naming/AccessorMethodName (this is not an accessor method)
|
58
|
+
def self.set_proxy(proxy_url)
|
59
|
+
@typhoeus_options = typhoeus_options.merge(:proxy => proxy_url).freeze
|
60
|
+
nil
|
61
|
+
end
|
62
|
+
# rubocop:enable Naming/AccessorMethodName
|
63
|
+
|
64
|
+
def self.typhoeus_options
|
65
|
+
return @typhoeus_options if defined?(@typhoeus_options)
|
66
|
+
|
67
|
+
@typhoeus_options = {
|
68
|
+
:followlocation => true,
|
69
|
+
:timeout => TIMEOUT,
|
70
|
+
:accept_encoding => "gzip",
|
71
|
+
:method => :head,
|
72
|
+
:headers => {
|
73
|
+
"User-Agent" => USER_AGENT
|
74
|
+
},
|
75
|
+
:proxy => nil
|
76
|
+
}.freeze
|
77
|
+
end
|
66
78
|
end
|
67
79
|
end
|
data/script/check
CHANGED
data/script/release
CHANGED
@@ -31,10 +31,10 @@ tag=v`ls github-pages-health-check-*.gem | sed 's/^github-pages-health-check-\(.
|
|
31
31
|
|
32
32
|
git fetch -t origin
|
33
33
|
|
34
|
-
(git tag -l | grep -q "$tag") && {
|
35
|
-
|
36
|
-
|
37
|
-
}
|
34
|
+
# (git tag -l | grep -q "$tag") && {
|
35
|
+
# echo "Whoops, there's already a '${tag}' tag."
|
36
|
+
# exit 1
|
37
|
+
# }
|
38
38
|
|
39
39
|
# Tag it and bag it.
|
40
40
|
|
data/script/update-cdn-ips
CHANGED
@@ -8,15 +8,43 @@ require "open-uri"
|
|
8
8
|
require "json"
|
9
9
|
|
10
10
|
SOURCES = {
|
11
|
-
:cloudflare => "https://www.cloudflare.com/ips-v4",
|
12
|
-
:fastly => "https://api.fastly.com/public-ip-list"
|
11
|
+
:cloudflare => ["https://www.cloudflare.com/ips-v4", "https://www.cloudflare.com/ips-v6"],
|
12
|
+
:fastly => ["https://api.fastly.com/public-ip-list"]
|
13
13
|
}.freeze
|
14
14
|
|
15
|
-
|
15
|
+
def parse_fastly(data)
|
16
|
+
json_data = JSON.parse(data)
|
17
|
+
(json_data["addresses"] + json_data["ipv6_addresses"]).join("\n")
|
18
|
+
end
|
19
|
+
|
20
|
+
def parse_cloudflare(data)
|
21
|
+
data
|
22
|
+
end
|
23
|
+
|
24
|
+
def fetch_ips_from_cdn(urls)
|
25
|
+
urls.map do |url|
|
26
|
+
puts "Fetching #{url}..."
|
27
|
+
URI.parse(url).open.read
|
28
|
+
end.join("\n")
|
29
|
+
end
|
30
|
+
|
31
|
+
def update_cdn_file(source, data)
|
16
32
|
file = "config/#{source}-ips.txt"
|
17
|
-
puts "Fetching #{url}..."
|
18
|
-
data = open(url).read
|
19
|
-
data = JSON.parse(data)["addresses"].join("\n") if source == :fastly
|
20
33
|
File.write(file, data)
|
34
|
+
puts "Writing contents to #{file} and staging changes."
|
21
35
|
`git add --verbose #{file}`
|
22
36
|
end
|
37
|
+
|
38
|
+
def parse_cdn_response(source, ips)
|
39
|
+
send("parse_#{source}", ips)
|
40
|
+
end
|
41
|
+
|
42
|
+
def update_cdn_ips(source, urls)
|
43
|
+
ips = fetch_ips_from_cdn(urls)
|
44
|
+
data = parse_cdn_response(source, ips)
|
45
|
+
update_cdn_file(source, data)
|
46
|
+
end
|
47
|
+
|
48
|
+
SOURCES.each do |source, urls|
|
49
|
+
update_cdn_ips(source, urls)
|
50
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: github-pages-health-check
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.18.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GitHub, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-06-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: addressable
|
@@ -99,7 +99,6 @@ files:
|
|
99
99
|
- ".rspec"
|
100
100
|
- ".rubocop.yml"
|
101
101
|
- ".ruby-version"
|
102
|
-
- ".travis.yml"
|
103
102
|
- Dockerfile
|
104
103
|
- Gemfile
|
105
104
|
- LICENSE.md
|