--- name: run-ansible-deploy description: Run a play using ansible-playbook. author: Michael Sasser branding: icon: shield color: blue inputs: playbook_repository: description: The repository that contains the playbook required: true config_file: description: The path to the ansible config file default: "" required: false cache_dependencies: description: Cache the dependencies from the requirement file default: "false" required: false # # Secrets # PERSONAL_ACCESS_TOKEN: description: A personal access token that allows this workflow to pull the playbook repository. required: true ANSIBLE_VAULT_PASSWORD: description: The vault token/password for ansible vault. required: true ANSIBLE_SSH_PRIVATE_KEY: description: A SSH private key to deploy the playbook with the role required: true runs: using: composite steps: - name: Prepare Ansible Role Name id: get-role-info shell: bash run: | echo "gitea.event.repository.name = ${{ gitea.event.repository.name }}" if [ -n '${{ gitea.event.repository.name }}' ]; then ROLE_NAME=$(echo ${{ gitea.event.repository.name }} | sed 's/ansible-role-//g') else ROLE_NAME=$(echo "$GITHUB_REPOSITORY" | sed 's/.*\/ansible-role-//g') fi echo "::set-output name=role_name::$ROLE_NAME" CONFIG_FILE='/workspace/${{ gitea.repository }}/ansible.cfg' if [ -n '${{ inputs.config_file }}' ]; then CONFIG_FILE='${{ inputs.config_file }}' fi echo "::set-output name=config_file::$CONFIG_FILE" # Clone Playbook - name: Checkout the Ansible Playbook uses: https://git.michaelsasser.org/actions/checkout@v4 with: ref: refs/heads/main repository: "${{ inputs.playbook_repository }}" path: /workspace/${{ gitea.repository }} token: ${{ inputs.PERSONAL_ACCESS_TOKEN }} # Clone Role - name: Checkout this Ansible Role uses: https://git.michaelsasser.org/actions/checkout@v4 with: path: "/workspace/${{ gitea.repository }}/plays/roles/michaelsasser.${{ steps.get-role-info.outputs.role_name }}" token: ${{ inputs.PERSONAL_ACCESS_TOKEN }} # Setup SSH - name: Setup SSH shell: bash run: | eval `ssh-agent -s` mkdir -p /home/runner/.ssh/ touch /home/runner/.ssh/id_rsa echo -e "${{ inputs.ANSIBLE_SSH_PRIVATE_KEY }}" > /home/runner/.ssh/id_ed25519 chmod 700 /home/runner/.ssh/id_ed25519 # Check if dependencies must be installed before running the playbook - name: Check if the role has dependencies id: get-role-has-dependencies shell: bash run: | if test -f "/workspace/${{ gitea.repository }}/plays/roles/michaelsasser.${{ steps.get-role-info.outputs.role_name }}/meta/requirements.yml"; then echo "::set-output name=role_has_dependencies::true" else echo "::set-output name=role_has_dependencies::false" fi # Workaround for `hashFiles`, which is currently not supported by gitea - name: Generate Galaxy Cache if: ${{ steps.get-role-has-dependencies.outputs.role_has_dependencies == 'true' && inputs.cache_dependencies == 'true' }} uses: https://git.michaelsasser.org/actions/hashfiles@v0.0.1 id: ansible-galaxy-hash with: patterns: |- **/meta/requirements.yml # Setup Ansible Galaxy Cache - name: Cache Ansible Galaxy if: ${{ steps.get-role-has-dependencies.outputs.role_has_dependencies == 'true' && inputs.cache_dependencies == 'true'}} uses: https://git.michaelsasser.org/actions/cache@v4 with: path: | ~/.ansible/collections/ ~/.ansible/roles/ roles/ key: ansible-galaxy-${{ steps.ansible-galaxy-hash.outputs.hash }} # Run Ansible - name: Run Ansible Playbook shell: bash run: | # Only install dependencies if there are some if [ '${{ steps.get-role-has-dependencies.outputs.role_has_dependencies }}' = 'true' ]; then ansible-galaxy install -r "/workspace/${{ gitea.repository }}/plays/roles/michaelsasser.${{ steps.get-role-info.outputs.role_name }}/meta/requirements.yml" fi ansible-playbook --private-key /home/runner/.ssh/id_ed25519 -i "/workspace/${{ gitea.repository }}/inventory/hosts.yml" "/workspace/${{ gitea.repository }}/plays/${{ steps.get-role-info.outputs.role_name }}.yml" env: VAULT_SECRET: ${{ inputs.ANSIBLE_VAULT_PASSWORD }} ANSIBLE_CONFIG: ${{ steps.get-role-info.outputs.config_file }} ANSIBLE_HOST_KEY_CHECKING: "false" ANSIBLE_DEPRECATION_WARNINGS: "false"