sync standalone domain and SSL certificate

stevethomas · stevethomas · commit dc5e80eecd00 · 2025-09-22T16:23:46.000+10:00
diff --git a/src/Commands/SyncCommand.php b/src/Commands/SyncCommand.php
@@ -35,7 +35,7 @@ public function handle(): void
                     Commands\SyncMultitenancyTenantsCommand::class,
                 ]
                 : [
-                    //            Commands\SyncStandaloneCommand::class,
+                    Commands\SyncStandaloneCommand::class,
                 ],
             Commands\SyncComputeCommand::class,
             Commands\SyncCiCommand::class,
diff --git a/src/Commands/SyncStandaloneCommand.php b/src/Commands/SyncStandaloneCommand.php
@@ -8,8 +8,8 @@
 class SyncStandaloneCommand extends SteppedCommand
 {
     protected array $steps = [
-        //        Steps\Standalone\SyncHostedZoneStep::class,
-        //        Steps\Standalone\SyncSslCertificateStep::class,
+        Steps\Standalone\SyncHostedZoneStep::class,
+        Steps\Standalone\SyncSslCertificateStep::class,
         Steps\Standalone\SyncQueueStep::class,
         Steps\Standalone\SyncQueueAlarmStep::class,
     ];
diff --git a/src/Concerns/SyncsSslCertificates.php b/src/Concerns/SyncsSslCertificates.php
@@ -0,0 +1,74 @@
+<?php
+
+namespace Codinglabs\Yolo\Concerns;
+
+use Codinglabs\Yolo\Aws;
+use Codinglabs\Yolo\AwsResources;
+
+trait SyncsSslCertificates
+{
+    protected function requestCertificate(string $apex): void
+    {
+        $certificate = Aws::acm()->requestCertificate([
+            'DomainName' => $apex,
+            'SubjectAlternativeNames' => ["*.{$apex}"],
+            'ValidationMethod' => 'DNS',
+        ]);
+
+        $this->validateCertificate($certificate['CertificateArn'], $apex);
+    }
+
+    protected function validateCertificate(string $certificateArn, string $apex): void
+    {
+        do {
+            $certificate = Aws::acm()->describeCertificate([
+                'CertificateArn' => $certificateArn,
+            ])['Certificate'];
+
+            // take a little snooze because the AWS result
+            // is incomplete on the first request
+            sleep(2);
+        } while (
+            ! array_key_exists('DomainValidationOptions', $certificate) ||
+            ! collect($certificate['DomainValidationOptions'])
+                ->every(fn (array $option) => array_key_exists('ResourceRecord', $option))
+        );
+
+        Aws::route53()->changeResourceRecordSets([
+            'ChangeBatch' => [
+                'Changes' => collect($certificate['DomainValidationOptions'])
+                    ->filter(fn (array $option) => $option['ValidationMethod'] === 'DNS'
+                        && ! str_starts_with($option['ValidationDomain'], '*'))
+                    ->map(function (array $option) {
+                        return [
+                            'Action' => 'UPSERT',
+                            'ResourceRecordSet' => [
+                                'Name' => $option['ResourceRecord']['Name'],
+                                'Type' => $option['ResourceRecord']['Type'],
+                                'ResourceRecords' => [
+                                    [
+                                        'Value' => $option['ResourceRecord']['Value'],
+                                    ],
+                                ],
+                                'TTL' => 300,
+                            ],
+                        ];
+                    })->toArray(),
+                'Comment' => 'Created by yolo CLI',
+            ],
+            'HostedZoneId' => AwsResources::hostedZone($apex)['Id'],
+        ]);
+
+        // wait for the certificate to be issued
+        $certificate = AwsResources::certificate($apex);
+
+        if ($certificate['Status'] !== 'ISSUED') {
+            do {
+                $certificate = AwsResources::certificate($apex);
+
+                // take a little snooze until the certificate is issued
+                sleep(2);
+            } while ($certificate['Status'] !== 'ISSUED');
+        }
+    }
+}
diff --git a/src/Contracts/ExecutesDomainStep.php b/src/Contracts/ExecutesDomainStep.php
@@ -0,0 +1,5 @@
+<?php
+
+namespace Codinglabs\Yolo\Contracts;
+
+interface ExecutesDomainStep extends Step {}
diff --git a/src/Steps/Standalone/SyncHostedZoneStep.php b/src/Steps/Standalone/SyncHostedZoneStep.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace Codinglabs\Yolo\Steps\Standalone;
+
+use Codinglabs\Yolo\Aws;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Str;
+use Codinglabs\Yolo\Manifest;
+use Codinglabs\Yolo\AwsResources;
+use Codinglabs\Yolo\Enums\StepResult;
+use Codinglabs\Yolo\Contracts\ExecutesDomainStep;
+use Codinglabs\Yolo\Exceptions\ResourceDoesNotExistException;
+
+class SyncHostedZoneStep implements ExecutesDomainStep
+{
+    public function __invoke(array $options): StepResult
+    {
+        try {
+            AwsResources::hostedZone(Manifest::apex());
+
+            return StepResult::SYNCED;
+        } catch (ResourceDoesNotExistException) {
+            if (! Arr::get($options, 'dry-run')) {
+                Aws::route53()->createHostedZone([
+                    'CallerReference' => Str::uuid(),
+                    'Name' => Manifest::apex(),
+                ]);
+
+                return StepResult::CREATED;
+            }
+
+            return StepResult::WOULD_CREATE;
+        }
+    }
+}
diff --git a/src/Steps/Standalone/SyncSslCertificateStep.php b/src/Steps/Standalone/SyncSslCertificateStep.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace Codinglabs\Yolo\Steps\Standalone;
+
+use Illuminate\Support\Arr;
+use Codinglabs\Yolo\Manifest;
+use Codinglabs\Yolo\AwsResources;
+use Codinglabs\Yolo\Enums\StepResult;
+use Codinglabs\Yolo\Contracts\ExecutesDomainStep;
+use Codinglabs\Yolo\Concerns\SyncsSslCertificates;
+use Codinglabs\Yolo\Exceptions\ResourceDoesNotExistException;
+
+class SyncSslCertificateStep implements ExecutesDomainStep
+{
+    use SyncsSslCertificates;
+
+    public function __invoke(array $options): StepResult
+    {
+        try {
+            $certificate = AwsResources::certificate(Manifest::apex());
+
+            if ($certificate['Status'] === 'PENDING_VALIDATION') {
+                if (! Arr::get($options, 'dry-run')) {
+                    $this->validateCertificate($certificate['CertificateArn'], Manifest::apex());
+                } else {
+                    return StepResult::WOULD_SYNC;
+                }
+            }
+
+            return StepResult::SYNCED;
+        } catch (ResourceDoesNotExistException) {
+            if (! Arr::get($options, 'dry-run')) {
+                $this->requestCertificate(Manifest::apex());
+
+                return StepResult::CREATED;
+            }
+
+            return StepResult::WOULD_CREATE;
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ public function handle(): void`
`35`	`35`	`Commands\SyncMultitenancyTenantsCommand::class,`
`36`	`36`	`]`
`37`	`37`	`: [`
`38`		`- // Commands\SyncStandaloneCommand::class,`
	`38`	`+ Commands\SyncStandaloneCommand::class,`
`39`	`39`	`],`
`40`	`40`	`Commands\SyncComputeCommand::class,`
`41`	`41`	`Commands\SyncCiCommand::class,`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +<?php
++
 +namespace Codinglabs\Yolo\Contracts;
++
 +interface ExecutesDomainStep extends Step {}