Skip to content

Add support for TEST_DNS_TXT_LEN secret in DNS API workflow (for acmetest PR) #6641

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: dev
Choose a base branch
from
Open

Add support for TEST_DNS_TXT_LEN secret in DNS API workflow (for acmetest PR) #6641

wants to merge 2 commits into from
+19 −7

Conversation

@kubax
Copy link

@kubax kubax commented Nov 26, 2025

Summary

This PR updates the DNS workflow to support the new TEST_DNS_TXT_LEN secret introduced in acmetest PR.
The related changes in the testing framework are implemented in my PR to acmetest:

acmetest PR: acmesh-official/acmetest#34

The updated acmetest adds the ability to configure the length of TXT values used during DNS API testing — a requirement for testing systems such as acme-dns, which expect TXT records with an exact length. To ensure acme.sh can pass this configuration to all test environments, the workflow needs to be updated accordingly.

What This PR Does

1. Adds support for the TEST_DNS_TXT_LEN secret

  • Introduces the new secret into all DNS test jobs
  • Ensures that every environment (Linux/Docker, macOS, Windows/Cygwin, BSD variants, Solaris/OmniOS) passes the value through to letest.sh or the acmetest Docker runtime
  • Keeps the value optional — if the secret is not defined, the default behavior remains unchanged

2. Updates Docker-based testing

  • Adds TEST_DNS_TXT_LEN to docker.env so that the variable is available inside the acmetest container
  • Ensures consistent behavior with the native runner environments

3. Updates VM-based testing (FreeBSD, OpenBSD, NetBSD, DragonFlyBSD, Solaris, OmniOS)

  • Adds TEST_DNS_TXT_LEN to the envs: variable list so that the VM receives the configuration

Why This Change Is Needed

The updated acmetest now allows generating TXT values of a configurable size.
This is required because some DNS ACME challenge implementations — specifically acme-dns — need TXT records of a fixed length to function correctly.

Without updating the acme.sh workflow:

  • acmetest cannot receive the new configuration
  • TXT length cannot be adjusted during CI
  • DNS API tests relying on acme-dns will not work correctly
  • the CI behavior between Docker and native platforms would become inconsistent

With this PR, the workflow fully supports the new functionality.

Backward Compatibility

  • If TEST_DNS_TXT_LEN is not defined, all workflows behave exactly as before.
  • The default TXT length remains unchanged internally (handled by acmetest).
  • No changes are required for existing DNS API providers or test setups.

Summary

This PR ensures that acme.sh’s DNS testing workflow is compatible with the upcoming enhancements in acmetest by exposing the new TEST_DNS_TXT_LEN secret to all supported test environments.
It enables full and consistent testing of DNS providers that require fixed-length TXT values while preserving existing behavior for all others.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kubax