fix(ci): use zone name instead of FQDN for external-dns domain filter

vincentchalamon · claude · vincentchalamon · commit 4f60a12c3db3 · 2026-03-27T14:13:05.000+01:00
external-dns rejects zones that don't match its domainFilter. When the
filter was set to the full FQDN (e.g. pr-614-demo.api-platform.com),
external-dns found the Cloudflare zone "api-platform.com" but rejected
it with "zone not in domain filter", preventing DNS record creation.

Extract the zone (last two domain segments) from the URL so external-dns
can match the Cloudflare zone correctly.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -105,6 +105,8 @@ jobs:
             url=$release-demo.api-platform.com
           fi
           echo "url=$url" >> "$GITHUB_OUTPUT"
+          # Extract the zone (last two segments) for external-dns domain filter
+          dns_zone=$(echo "$url" | awk -F. '{print $(NF-1)"."$NF}')
           cors="https://$url|http://localhost|https://localhost|http://localhost:3000|https://api-platform.github.io"
           set -o pipefail
           helm upgrade $release ./helm/api-platform -f ./helm/api-platform/values.yaml \
@@ -127,7 +129,7 @@ jobs:
             --set=ingress.tls[0].hosts[0]=$url \
             --set=external-dns.env[0].name=CF_API_TOKEN \
             --set=external-dns.env[0].value=${{ secrets.cloudflare-api-token }} \
-            --set=external-dns.domainFilters[0]=$url \
+            --set=external-dns.domainFilters[0]=$dns_zone \
             --set=external-dns.txtOwnerId=$release \
             --set=php.corsAllowOrigin="^$(echo "$cors" | sed 's/\./\\\\./g')$" \
             --set=php.trustedHosts="^127\\.0\\.0\\.1|localhost|$(echo "$url" | sed 's/\./\\\\./g')$" \
