2024-12-05 00:11:36 -05:00
|
|
|
name: Ansible Deploy to Hosts
|
|
|
|
on:
|
|
|
|
pull_request:
|
|
|
|
types: [closed]
|
2024-12-06 00:34:39 -05:00
|
|
|
workflow_dispatch:
|
2024-12-05 00:11:36 -05:00
|
|
|
|
|
|
|
jobs:
|
|
|
|
deploy:
|
|
|
|
if: github.event.pull_request.merged == true
|
|
|
|
runs-on: docker
|
2024-12-05 23:34:04 -05:00
|
|
|
container:
|
2024-12-31 22:45:16 -05:00
|
|
|
image: mafyuh/ansible-bws:v1.0.8
|
2024-12-05 00:11:36 -05:00
|
|
|
steps:
|
|
|
|
- name: Checkout repository
|
|
|
|
uses: actions/checkout@v4
|
|
|
|
|
|
|
|
- name: Fetch all history for git diff
|
|
|
|
run: git fetch --depth=2
|
|
|
|
|
|
|
|
- name: Detect modified folders
|
|
|
|
id: detect-changes
|
|
|
|
run: |
|
|
|
|
if [ "$(git rev-parse --is-shallow-repository)" = "true" ]; then
|
|
|
|
git fetch --unshallow
|
|
|
|
fi
|
|
|
|
folders=$(git diff --name-only HEAD~1 HEAD | grep '^docker/' | cut -d/ -f2 | sort | uniq)
|
|
|
|
echo "Modified folders: $folders"
|
|
|
|
echo "::set-output name=folders::$folders"
|
|
|
|
|
2024-12-06 00:31:22 -05:00
|
|
|
- name: Map Folder to Host
|
2024-12-06 00:15:03 -05:00
|
|
|
shell: bash
|
2024-12-05 00:11:36 -05:00
|
|
|
run: |
|
|
|
|
IFS=' ' read -r -a folder_array <<< "${{ steps.detect-changes.outputs.folders }}"
|
|
|
|
for folder in "${folder_array[@]}"; do
|
|
|
|
case $folder in
|
|
|
|
actual)
|
|
|
|
target_host="ubu.lan"
|
|
|
|
;;
|
|
|
|
arrs)
|
|
|
|
target_host="arrs.lan"
|
|
|
|
;;
|
|
|
|
arm)
|
|
|
|
target_host="arm.lan"
|
|
|
|
;;
|
|
|
|
AI)
|
|
|
|
target_host="ai.lan"
|
|
|
|
;;
|
|
|
|
authentik)
|
|
|
|
target_host="auth.lan"
|
|
|
|
;;
|
|
|
|
ag-main)
|
|
|
|
target_host="dns.lan"
|
|
|
|
;;
|
|
|
|
exporters)
|
|
|
|
target_host="all"
|
|
|
|
;;
|
|
|
|
grafana)
|
|
|
|
target_host="ubu.lan"
|
|
|
|
;;
|
|
|
|
jellyfin)
|
|
|
|
target_host="jf.lan"
|
|
|
|
;;
|
|
|
|
kasm)
|
|
|
|
target_host="kasm.lan"
|
|
|
|
;;
|
|
|
|
netboot)
|
|
|
|
target_host="netboot.lan"
|
|
|
|
;;
|
|
|
|
nexterm)
|
|
|
|
target_host="ubu.lan"
|
|
|
|
;;
|
|
|
|
npm)
|
|
|
|
target_host="npm.lan"
|
|
|
|
;;
|
2025-01-08 01:49:18 -05:00
|
|
|
plex)
|
|
|
|
target_host="plex.lan"
|
|
|
|
;;
|
2024-12-05 00:11:36 -05:00
|
|
|
paperless)
|
|
|
|
target_host="ubu.lan"
|
|
|
|
;;
|
|
|
|
portainer)
|
|
|
|
target_host="port.lan"
|
|
|
|
;;
|
|
|
|
runner)
|
|
|
|
target_host="runner.lan"
|
|
|
|
;;
|
|
|
|
# Add cases for other folders/hosts
|
|
|
|
*)
|
|
|
|
echo "Unknown folder: $folder"
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
echo "Deploying to $target_host for folder $folder"
|
2024-12-06 00:15:03 -05:00
|
|
|
|
2024-12-05 23:04:07 -05:00
|
|
|
echo "target_host=$target_host" >> $GITHUB_ENV
|
|
|
|
echo "folder=$folder" >> $GITHUB_ENV
|
2024-12-05 00:49:35 -05:00
|
|
|
done
|
|
|
|
|
2024-12-05 23:04:07 -05:00
|
|
|
- name: Get Secrets from Bitwarden
|
|
|
|
id: bitwarden-secrets
|
2024-12-05 23:09:04 -05:00
|
|
|
uses: https://github.com/bitwarden/sm-action@v2
|
2024-12-05 23:04:07 -05:00
|
|
|
with:
|
|
|
|
access_token: ${{ secrets.BW_ACCESS_TOKEN }}
|
|
|
|
base_url: https://vault.bitwarden.com
|
|
|
|
secrets: |
|
|
|
|
267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host
|
2025-01-12 23:31:45 -05:00
|
|
|
d9924181-b061-44e0-b7b9-b264004791eb > ag_main_host
|
2024-12-05 23:04:07 -05:00
|
|
|
e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host
|
|
|
|
6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host
|
|
|
|
52512c15-b474-42c3-9835-b23e001edf35 > auth_host
|
|
|
|
903364d9-1b29-4b7f-aa66-b23e001f7327 > jf_host
|
|
|
|
e4c5d8be-b91f-41ab-8071-b23e00203340 > kasm_host
|
|
|
|
566329f5-5af3-4bcd-b187-b23e00216134 > netboot_host
|
|
|
|
fb62a8d1-6dd5-4fab-aff4-b23e0021e215 > npm_host
|
2025-01-09 22:14:58 -05:00
|
|
|
fe0a2fa5-8e2b-4b4f-ac68-b26100315b20 > plex_host
|
2024-12-05 23:04:07 -05:00
|
|
|
90a16954-45df-49ad-9f45-b23e002273c5 > runner_host
|
|
|
|
a5b6fa4b-4643-4f85-988b-b23e00245e2f > ubu_host
|
2024-12-06 01:07:37 -05:00
|
|
|
26b06759-9791-42d7-a076-b23e0063c4dd > ssh_private_key
|
2024-12-05 23:04:07 -05:00
|
|
|
|
|
|
|
|
|
|
|
- name: Create hosts.ini file
|
|
|
|
run: |
|
|
|
|
cat <<EOF > ansible/hosts.ini
|
|
|
|
[iac]
|
2025-01-12 23:31:45 -05:00
|
|
|
dns.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ag_main_host }} ansible_user=mafyuh
|
2024-12-06 00:43:48 -05:00
|
|
|
arrs.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arrs_host }} ansible_user=mafyuh
|
2024-12-07 00:30:16 -05:00
|
|
|
ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424
|
2024-12-05 23:04:07 -05:00
|
|
|
arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424
|
2024-12-06 00:43:48 -05:00
|
|
|
auth.lan ansible_host=${{ steps.bitwarden-secrets.outputs.auth_host }} ansible_user=mafyuh
|
|
|
|
jf.lan ansible_host=${{ steps.bitwarden-secrets.outputs.jf_host }} ansible_user=mafyuh
|
|
|
|
kasm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.kasm_host }} ansible_user=mafyuh
|
|
|
|
netboot.lan ansible_host=${{ steps.bitwarden-secrets.outputs.netboot_host }} ansible_user=mafyuh
|
|
|
|
npm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.npm_host }} ansible_user=mafyuh
|
2025-01-09 22:14:58 -05:00
|
|
|
plex.lan ansible_host=${{ steps.bitwarden-secrets.outputs.plex_host }} ansible_user=mafyuh ansible_port=2009
|
2024-12-06 00:43:48 -05:00
|
|
|
runner.lan ansible_host=${{ steps.bitwarden-secrets.outputs.runner_host }} ansible_user=mafyuh
|
|
|
|
ubu.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ubu_host }} ansible_user=mafyuh
|
2024-12-05 23:04:07 -05:00
|
|
|
EOF
|
|
|
|
|
2024-12-06 01:33:54 -05:00
|
|
|
- name: Ensure SSH directory exists
|
|
|
|
run: |
|
|
|
|
mkdir -p /root/.ssh
|
|
|
|
chmod 700 /root/.ssh
|
|
|
|
|
2024-12-06 01:07:37 -05:00
|
|
|
- name: Create Private key
|
|
|
|
run: |
|
|
|
|
cat <<EOF > /root/.ssh/id_rsa
|
|
|
|
${{ steps.bitwarden-secrets.outputs.ssh_private_key }}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
- name: Set permissions for private key
|
|
|
|
run: |
|
2024-12-06 02:37:49 -05:00
|
|
|
chmod 700 /root/.ssh/id_rsa
|
2024-12-06 01:07:37 -05:00
|
|
|
|
2024-12-06 01:11:32 -05:00
|
|
|
- name: Set up SSH agent
|
|
|
|
run: |
|
|
|
|
eval $(ssh-agent -s)
|
|
|
|
ssh-add /root/.ssh/id_rsa
|
2024-12-06 01:07:37 -05:00
|
|
|
|
2024-12-06 01:53:15 -05:00
|
|
|
|
2024-12-05 00:11:36 -05:00
|
|
|
- name: Run Ansible Playbook
|
|
|
|
env:
|
2024-12-05 00:47:09 -05:00
|
|
|
BWS_ACCESS_TOKEN: ${{ secrets.BWS_ACCESS_TOKEN }}
|
2024-12-06 00:31:22 -05:00
|
|
|
ANSIBLE_CONFIG: ansible/ansible.cfg
|
2024-12-07 00:28:55 -05:00
|
|
|
run: |
|
|
|
|
ansible-playbook -i ansible/hosts.ini ./ansible/playbooks/deploy-docker.yml \
|
2025-01-12 23:45:55 -05:00
|
|
|
--extra-vars "target_host=${{ env.target_host }} folder=${{ env.folder }} bw_access_token=${{ secrets.BW_ACCESS_TOKEN }}" | tee ansible_output.txt
|
|
|
|
|
|
|
|
- name: Post Ansible Output as PR Comment
|
|
|
|
if: github.event.pull_request.merged == true
|
|
|
|
uses: https://github.com/actions/github-script@v7
|
|
|
|
with:
|
|
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
script: |
|
|
|
|
const fs = require('fs');
|
|
|
|
const output = fs.readFileSync('ansible_output.txt', 'utf8');
|
|
|
|
const prNumber = context.payload.pull_request.number;
|
|
|
|
|
|
|
|
await github.rest.issues.createComment({
|
|
|
|
owner: context.repo.owner,
|
|
|
|
repo: context.repo.repo,
|
|
|
|
issue_number: prNumber,
|
|
|
|
body: `### Ansible Deployment Output\n\`\`\`\n${output}\n\`\`\``
|
|
|
|
});
|
|
|
|
|
2024-12-07 00:28:55 -05:00
|
|
|
|