70 lines
1.7 KiB
YAML
70 lines
1.7 KiB
YAML
---
|
|
|
|
# generic
|
|
name: "Linting and Deployment"
|
|
on: # yamllint disable-line rule:truthy
|
|
push:
|
|
branches:
|
|
- "main"
|
|
|
|
# jobs
|
|
jobs:
|
|
|
|
# ansible linting
|
|
Linting:
|
|
runs-on: "ubuntu-latest"
|
|
container:
|
|
image: "cr.simoncor.net/siempie/ansible-deployment:latest"
|
|
credentials:
|
|
username: "${{ vars.REGISTER_USERNAME }}"
|
|
password: "${{ vars.REGISTER_PASSWORD }}"
|
|
|
|
# steps
|
|
steps:
|
|
|
|
# checkout code
|
|
- name: "Clone repo"
|
|
uses: "actions/checkout@v4"
|
|
|
|
# setup vault key
|
|
- name: "Setup Vault Key"
|
|
run: |
|
|
echo ${{ secrets.VAULT_KEY }} >> secret.key
|
|
|
|
# run ansible linter
|
|
- name: "Run Ansible Lint"
|
|
run: |
|
|
ansible-lint -c .
|
|
|
|
|
|
# ansible deployment
|
|
Deployment:
|
|
runs-on: "ubuntu-latest"
|
|
needs: "Linting"
|
|
|
|
# steps
|
|
steps:
|
|
|
|
# ansible deployment
|
|
- name: "Ansible deployment"
|
|
uses: "appleboy/ssh-action@v1.2.0"
|
|
with:
|
|
|
|
# bastion
|
|
proxy_host: "bastion.simoncor.net"
|
|
proxy_port: "22"
|
|
proxy_username: "${{ secrets.USERNAME }}"
|
|
proxy_key: "${{ secrets.SSHKEY }}"
|
|
|
|
# ansible server
|
|
host: "ansible.siempie.internal"
|
|
port: "22"
|
|
username: "${{ secrets.USERNAME }}"
|
|
key: "${{ secrets.SSHKEY }}"
|
|
|
|
# execute commands
|
|
script: |
|
|
sudo /usr/bin/git -C /etc/ansible/roles/common reset --hard HEAD
|
|
sudo /usr/bin/git -C /etc/ansible/roles/common clean -fd
|
|
sudo /usr/bin/git -C /etc/ansible/roles/common fetch --quiet
|
|
sudo /usr/bin/git -C /etc/ansible/roles/common pull origin main --quiet
|