134 lines
4.7 KiB
YAML
134 lines
4.7 KiB
YAML
---
|
|
name: run-ansible-deploy
|
|
description: Run a play using ansible-playbook.
|
|
author: Michael Sasser <info@michaelsasser.org>
|
|
|
|
branding:
|
|
icon: shield
|
|
color: blue
|
|
|
|
inputs:
|
|
playbook_repository:
|
|
description: The repository that contains the playbook
|
|
required: true
|
|
|
|
config_file:
|
|
description: The path to the ansible config file
|
|
default: ""
|
|
required: false
|
|
|
|
cache_dependencies:
|
|
description: Cache the dependencies from the requirement file
|
|
default: "false"
|
|
required: false
|
|
|
|
#
|
|
# Secrets
|
|
#
|
|
PERSONAL_ACCESS_TOKEN:
|
|
description: A personal access token that allows this workflow to pull the playbook repository.
|
|
required: true
|
|
|
|
ANSIBLE_VAULT_PASSWORD:
|
|
description: The vault token/password for ansible vault.
|
|
required: true
|
|
|
|
ANSIBLE_SSH_PRIVATE_KEY:
|
|
description: A SSH private key to deploy the playbook with the role
|
|
required: true
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Prepare Ansible Role Name
|
|
id: get-role-info
|
|
shell: bash
|
|
run: |
|
|
echo "gitea.event.repository.name = ${{ gitea.event.repository.name }}"
|
|
|
|
if [ -n '${{ gitea.event.repository.name }}' ]; then
|
|
ROLE_NAME=$(echo ${{ gitea.event.repository.name }} | sed 's/ansible-role-//g')
|
|
else
|
|
ROLE_NAME=$(echo "$GITHUB_REPOSITORY" | sed 's/.*\/ansible-role-//g')
|
|
fi
|
|
|
|
echo "::set-output name=role_name::$ROLE_NAME"
|
|
|
|
CONFIG_FILE='/workspace/${{ gitea.repository }}/ansible.cfg'
|
|
if [ -n '${{ inputs.config_file }}' ]; then
|
|
CONFIG_FILE='${{ inputs.config_file }}'
|
|
fi
|
|
echo "::set-output name=config_file::$CONFIG_FILE"
|
|
|
|
# Clone Playbook
|
|
- name: Checkout the Ansible Playbook
|
|
uses: https://git.michaelsasser.org/actions/checkout@v4
|
|
with:
|
|
ref: refs/heads/main
|
|
repository: "${{ inputs.playbook_repository }}"
|
|
path: /workspace/${{ gitea.repository }}
|
|
token: ${{ inputs.PERSONAL_ACCESS_TOKEN }}
|
|
|
|
# Clone Role
|
|
- name: Checkout this Ansible Role
|
|
uses: https://git.michaelsasser.org/actions/checkout@v4
|
|
with:
|
|
path: "/workspace/${{ gitea.repository }}/plays/roles/michaelsasser.${{ steps.get-role-info.outputs.role_name }}"
|
|
token: ${{ inputs.PERSONAL_ACCESS_TOKEN }}
|
|
|
|
# Setup SSH
|
|
- name: Setup SSH
|
|
shell: bash
|
|
run: |
|
|
eval `ssh-agent -s`
|
|
mkdir -p /home/runner/.ssh/
|
|
touch /home/runner/.ssh/id_rsa
|
|
echo -e "${{ inputs.ANSIBLE_SSH_PRIVATE_KEY }}" > /home/runner/.ssh/id_ed25519
|
|
chmod 700 /home/runner/.ssh/id_ed25519
|
|
|
|
# Check if dependencies must be installed before running the playbook
|
|
- name: Check if the role has dependencies
|
|
id: get-role-has-dependencies
|
|
shell: bash
|
|
run: |
|
|
if test -f "/workspace/${{ gitea.repository }}/plays/roles/michaelsasser.${{ steps.get-role-info.outputs.role_name }}/meta/requirements.yml"; then
|
|
echo "::set-output name=role_has_dependencies::true"
|
|
else
|
|
echo "::set-output name=role_has_dependencies::false"
|
|
fi
|
|
|
|
# Workaround for `hashFiles`, which is currently not supported by gitea
|
|
- name: Generate Galaxy Cache
|
|
if: ${{ steps.get-role-has-dependencies.outputs.role_has_dependencies == 'true' && inputs.cache_dependencies == 'true' }}
|
|
uses: https://git.michaelsasser.org/actions/hashfiles@v0.0.1
|
|
id: ansible-galaxy-hash
|
|
with:
|
|
patterns: |-
|
|
**/meta/requirements.yml
|
|
|
|
# Setup Ansible Galaxy Cache
|
|
- name: Cache Ansible Galaxy
|
|
if: ${{ steps.get-role-has-dependencies.outputs.role_has_dependencies == 'true' && inputs.cache_dependencies == 'true'}}
|
|
uses: https://git.michaelsasser.org/actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.ansible/collections/
|
|
~/.ansible/roles/
|
|
roles/
|
|
key: ansible-galaxy-${{ steps.ansible-galaxy-hash.outputs.hash }}
|
|
|
|
# Run Ansible
|
|
- name: Run Ansible Playbook
|
|
shell: bash
|
|
run: |
|
|
# Only install dependencies if there are some
|
|
if [ '${{ steps.get-role-has-dependencies.outputs.role_has_dependencies }}' = 'true' ]; then
|
|
ansible-galaxy install -r "/workspace/${{ gitea.repository }}/plays/roles/michaelsasser.${{ steps.get-role-info.outputs.role_name }}/meta/requirements.yml"
|
|
fi
|
|
|
|
ansible-playbook --private-key /home/runner/.ssh/id_ed25519 -i "/workspace/${{ gitea.repository }}/inventory/hosts.yml" "/workspace/${{ gitea.repository }}/plays/${{ steps.get-role-info.outputs.role_name }}.yml"
|
|
env:
|
|
VAULT_SECRET: ${{ inputs.ANSIBLE_VAULT_PASSWORD }}
|
|
ANSIBLE_CONFIG: ${{ steps.get-role-info.outputs.config_file }}
|
|
ANSIBLE_HOST_KEY_CHECKING: "false"
|
|
ANSIBLE_DEPRECATION_WARNINGS: "false"
|