6 changed files with 13 additions and 231 deletions
--- a/.drone-manifest.yml
+++ b/.drone-manifest.yml
@ -1,22 +0,0 @@
 image: happydomain/checker-authoritative-consistency:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
 {{#if build.tags}}
 tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
 {{/if}}
 manifests:
  - image: happydomain/checker-authoritative-consistency:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
    platform:
      architecture: amd64
      os: linux
  - image: happydomain/checker-authoritative-consistency:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
    platform:
      architecture: arm64
      os: linux
      variant: v8
  - image: happydomain/checker-authoritative-consistency:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
    platform:
      architecture: arm
      os: linux
      variant: v7
--- a/.drone.yml
+++ b/.drone.yml
@ -1,187 +0,0 @@
 ---
 kind: pipeline
 type: docker
 name: build-amd64
 platform:
  os: linux
  arch: amd64
 steps:
  - name: checker build
    image: golang:1-alpine
    commands:
      - apk add --no-cache git make
      - make
    environment:
      CHECKER_VERSION: "${DRONE_BRANCH}-${DRONE_COMMIT}"
      CGO_ENABLED: 0
    when:
      event:
        exclude:
          - tag
  - name: checker build tag
    image: golang:1-alpine
    commands:
      - apk add --no-cache git make
      - make
    environment:
      CHECKER_VERSION: "${DRONE_SEMVER}"
      CGO_ENABLED: 0
    when:
      event:
        - tag
  - name: publish on Docker Hub
    image: plugins/docker
    settings:
      repo: happydomain/checker-authoritative-consistency
      auto_tag: true
      auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
      dockerfile: Dockerfile
      build_args:
        - CHECKER_VERSION=${DRONE_BRANCH}-${DRONE_COMMIT}
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
    when:
      event:
        exclude:
          - tag
  - name: publish on Docker Hub (tag)
    image: plugins/docker
    settings:
      repo: happydomain/checker-authoritative-consistency
      auto_tag: true
      auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
      dockerfile: Dockerfile
      build_args:
        - CHECKER_VERSION=${DRONE_SEMVER}
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
    when:
      event:
        - tag
 trigger:
  branch:
    exclude:
      - renovate/*
  event:
    - cron
    - push
    - tag
 ---
 kind: pipeline
 type: docker
 name: build-arm64
 platform:
  os: linux
  arch: arm64
 steps:
  - name: checker build
    image: golang:1-alpine
    commands:
      - apk add --no-cache git make
      - make
    environment:
      CHECKER_VERSION: "${DRONE_BRANCH}-${DRONE_COMMIT}"
      CGO_ENABLED: 0
    when:
      event:
        exclude:
          - tag
  - name: checker build tag
    image: golang:1-alpine
    commands:
      - apk add --no-cache git make
      - make
    environment:
      CHECKER_VERSION: "${DRONE_SEMVER}"
      CGO_ENABLED: 0
    when:
      event:
        - tag
  - name: publish on Docker Hub
    image: plugins/docker
    settings:
      repo: happydomain/checker-authoritative-consistency
      auto_tag: true
      auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
      dockerfile: Dockerfile
      build_args:
        - CHECKER_VERSION=${DRONE_BRANCH}-${DRONE_COMMIT}
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
    when:
      event:
        exclude:
          - tag
  - name: publish on Docker Hub (tag)
    image: plugins/docker
    settings:
      repo: happydomain/checker-authoritative-consistency
      auto_tag: true
      auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
      dockerfile: Dockerfile
      build_args:
        - CHECKER_VERSION=${DRONE_SEMVER}
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
    when:
      event:
        - tag
 trigger:
  event:
    - cron
    - push
    - tag
 ---
 kind: pipeline
 name: docker-manifest
 platform:
  os: linux
  arch: arm64
 steps:
  - name: publish on Docker Hub
    image: plugins/manifest
    settings:
      auto_tag: true
      ignore_missing: true
      spec: .drone-manifest.yml
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
 trigger:
  branch:
    exclude:
      - renovate/*
  event:
    - cron
    - push
    - tag
 depends_on:
  - build-amd64
  - build-arm64
--- a/checker/collect.go
+++ b/checker/collect.go
@ -32,7 +32,7 @@ func (p *authoritativeConsistencyProvider) Collect(ctx context.Context, opts sdk
 	data := &ObservationData{
 		Zone:       dns.Fqdn(zone),
 		HasSOA:     svc.SOA != nil,
-		DeclaredNS: normalizeNSList(svc.NameServers, zone),
+		DeclaredNS: normalizeNSList(svc.NameServers),
 		Results:    map[string]*NSResult{},
 	}
 	if svc.SOA != nil {
@ -167,17 +167,13 @@ func loadZone(opts sdk.CheckerOptions, svc *originService) (string, error) {
 	return "", fmt.Errorf("no zone name provided (missing 'domain_name' option and SOA header)")
 }
-func normalizeNSList(ns []*dns.NS, origin string) []string {
+func normalizeNSList(ns []*dns.NS) []string {
 	out := make([]string, 0, len(ns))
 	for _, n := range ns {
 		if n == nil {
 			continue
 		}
-		name := n.Ns
+		out = append(out, strings.ToLower(dns.Fqdn(n.Ns)))
 		if !strings.HasSuffix(name, ".") {
 			name = sdk.JoinRelative(name, strings.TrimSuffix(origin, "."))
 		}
 		out = append(out, strings.ToLower(dns.Fqdn(name)))
 	}
 	sort.Strings(out)
 	return out
--- a/checker/collect_test.go
+++ b/checker/collect_test.go
@ -80,15 +80,13 @@ func TestDiffStringSets_Equal(t *testing.T) {
 }
 func TestNormalizeNSList(t *testing.T) {
 	// Relative labels (no trailing dot) are joined with the zone origin.
 	// Absolute FQDNs (trailing dot) are kept as-is.
 	in := []*dns.NS{
-		{Ns: "ns2"},
+		{Ns: "NS2.Example.COM"},
 		nil,
 		{Ns: "ns1.example.com."},
-		{Ns: "ns1"},
+		{Ns: "NS1.example.com"},
 	}
-	got := normalizeNSList(in, "example.com.")
+	got := normalizeNSList(in)
 	want := []string{"ns1.example.com.", "ns1.example.com.", "ns2.example.com."}
 	if !reflect.DeepEqual(got, want) {
 		t.Errorf("got %v, want %v", got, want)
--- a/checker/definition.go
+++ b/checker/definition.go
@ -110,11 +110,6 @@ func (p *authoritativeConsistencyProvider) Definition() *sdk.CheckerDefinition {
 					Label:    "Origin service",
 					AutoFill: sdk.AutoFillService,
 				},
 				{
 					Id:       "domain_name",
 					Label:    "Zone name",
 					AutoFill: sdk.AutoFillDomainName,
 				},
 			},
 		},
 		Rules: Rules(),
--- a/checker/types.go
+++ b/checker/types.go
@ -3,7 +3,6 @@ package checker
 import (
 	"encoding/json"
 	"fmt"
 	"slices"
 	"github.com/miekg/dns"
 )
@ -78,9 +77,11 @@ type NSResult struct {
 // Dedupes identical messages and caps the list with a sentinel summary.
 func (n *NSResult) appendError(format string, args ...any) {
 	msg := fmt.Sprintf(format, args...)
-	if slices.Contains(n.Errors, msg) {
+	for _, e := range n.Errors {
 		if e == msg {
 			return
 		}
 	}
 	if len(n.Errors) >= maxNSResultErrors {
 		n.suppressedErrors++
 		sentinel := fmt.Sprintf("(%d more error(s) suppressed)", n.suppressedErrors)
@ -107,6 +108,7 @@ type ObservationData struct {
 	// Union of DeclaredNS and ParentNS, de-duplicated.
 	Probed   []string             `json:"probed,omitempty"`
 	Results  map[string]*NSResult `json:"results,omitempty"`
 	Findings []Finding            `json:"findings"`
 }
 // Local mirror of happyDomain's services/abstract.Origin. Duplicated on