Update Filter Lists #106
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Filter Lists | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| fresh: | |
| required: false | |
| description: Force re-create all lists and rules | |
| type: boolean | |
| default: false | |
| schedule: ## 3am every day | |
| - cron: "0 3 * * *" | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| env: | |
| NODE_ENV: production | |
| jobs: | |
| custom: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 1 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Get allowlist | |
| id: allowlist | |
| run: | | |
| response=$(curl -sf "https://api.cloudflare.com/client/v4/accounts/${{ secrets.CLOUDFLARE_ACCOUNT_ID }}/gateway/lists" \ | |
| -H "Authorization: Bearer ${{ secrets.CLOUDFLARE_API_TOKEN }}" \ | |
| -H "Content-Type: application/json") | |
| list_json=$(echo "$response" | jq -c '.result[] | select(.name=="Allowlist")') | |
| if [ -z "$list_json" ]; then | |
| echo "List could not be found" | |
| exit 1 | |
| fi | |
| echo "json=$list_json" | tee -a "$GITHUB_OUTPUT" | |
| - name: Get blocklist | |
| id: blocklist | |
| run: | | |
| response=$(curl -sf "https://api.cloudflare.com/client/v4/accounts/${{ secrets.CLOUDFLARE_ACCOUNT_ID }}/gateway/lists" \ | |
| -H "Authorization: Bearer ${{ secrets.CLOUDFLARE_API_TOKEN }}" \ | |
| -H "Content-Type: application/json") | |
| list_json=$(echo "$response" | jq -c '.result[] | select(.name=="Blocklist")') | |
| if [ -z "$list_json" ]; then | |
| echo "List could not be found" | |
| exit 1 | |
| fi | |
| echo "json=$list_json" | tee -a "$GITHUB_OUTPUT" | |
| - name: Update allowlist | |
| run: | | |
| LIST_ITEMS="$(grep -v '^[#!]' allowlist.txt | jq -Rsc 'split("\n") | map(select(length > 0)) | map({value: .})')" | |
| UPDATED_LIST="$(echo ${{ toJson(steps.allowlist.outputs.json) }} | jq --argjson items "$LIST_ITEMS" '.items = $items')" | |
| LIST_ID="$(echo "$UPDATED_LIST" | jq -r '.id')" | |
| curl -sf -X PUT "https://api.cloudflare.com/client/v4/accounts/${{ secrets.CLOUDFLARE_ACCOUNT_ID }}/gateway/lists/$LIST_ID" \ | |
| -H "Authorization: Bearer ${{ secrets.CLOUDFLARE_API_TOKEN }}" \ | |
| -H "Content-Type: application/json" \ | |
| --data-raw "$UPDATED_LIST" \ | |
| -w "HTTP Status: %{http_code}" | |
| - name: Update blocklist | |
| run: | | |
| LIST_ITEMS="$(grep -v '^[#!]' blocklist.txt | jq -Rsc 'split("\n") | map(select(length > 0)) | map({value: .})')" | |
| UPDATED_LIST="$(echo ${{ toJson(steps.blocklist.outputs.json) }} | jq --argjson items "$LIST_ITEMS" '.items = $items')" | |
| LIST_ID="$(echo "$UPDATED_LIST" | jq -r '.id')" | |
| curl -sf -X PUT "https://api.cloudflare.com/client/v4/accounts/${{ secrets.CLOUDFLARE_ACCOUNT_ID }}/gateway/lists/$LIST_ID" \ | |
| -H "Authorization: Bearer ${{ secrets.CLOUDFLARE_API_TOKEN }}" \ | |
| -H "Content-Type: application/json" \ | |
| --data-raw "$UPDATED_LIST" \ | |
| -w "HTTP Status: %{http_code}" | |
| cgps: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| repository: mrrfv/cloudflare-gateway-pihole-scripts | |
| # testing https://github.com/mrrfv/cloudflare-gateway-pihole-scripts/pull/144 | |
| ref: refs/pull/144/merge | |
| - name: Install Node.js | |
| uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 | |
| with: | |
| node-version-file: .node-version | |
| - name: Install npm dependencies | |
| run: npm ci | |
| - name: Download allowlists | |
| run: npm run download:allowlist | |
| env: | |
| ALLOWLIST_URLS: | | |
| ${{ github.server_url }}/${{ github.repository }}/raw/${{ github.sha }}/allowlist.txt | |
| - name: Download blocklists | |
| run: npm run download:blocklist | |
| env: | |
| BLOCKLIST_URLS: | | |
| ${{ github.server_url }}/${{ github.repository }}/raw/${{ github.sha }}/blocklist.txt | |
| https://github.com/hagezi/dns-blocklists/raw/main/wildcard/doh-vpn-proxy-bypass-onlydomains.txt | |
| https://github.com/hagezi/dns-blocklists/raw/main/wildcard/pro-onlydomains.txt | |
| - name: Delete old rules and lists | |
| if: inputs.fresh | |
| run: npm run cloudflare-delete | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| - name: Create new rules and lists | |
| run: npm run cloudflare-create | |
| env: | |
| # BLOCK_PAGE_ENABLED: 1 | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| workflow-keepalive: | |
| uses: kieranbrown/github-actions/.github/workflows/workflow-keepalive.yaml@v1 | |
| permissions: | |
| actions: write |