3
3
hosts : " {{ target_host }}"
4
4
vars :
5
5
repo_path : " /home/{{ ansible_user }}/iac/docker/{{ folder }}"
6
+ secrets_mapping_file : " /home/{{ ansible_user }}/iac/secret-mapping.yml"
6
7
tasks :
8
+ - name : Read secret mapping
9
+ ansible.builtin.slurp :
10
+ src : " {{ secrets_mapping_file }}"
11
+ register : secret_mapping_content
12
+
13
+ - name : Parse secret mapping
14
+ ansible.builtin.set_fact :
15
+ secret_mapping : " {{ secret_mapping_content['content'] | b64decode | from_yaml }}"
16
+
17
+ - name : Generate .env content
18
+ vars :
19
+ env_variables : " {{ secret_mapping[target_host]['env_variables'] | default({}) }}"
20
+ ansible.builtin.shell : |
21
+ #!/bin/bash
22
+ echo "Generating .env for {{ target_host }} at {{ repo_path }}/.env"
23
+ for var in "${!env_variables[@]}"; do
24
+ secret_id="${env_variables[$var]}"
25
+ if [ -n "$secret_id" ]; then
26
+ value=$(bws secret get "$secret_id" | jq -r '.value')
27
+ echo "$var=$value"
28
+ else
29
+ echo "$var="
30
+ fi
31
+ done
32
+ args :
33
+ executable : /bin/bash
34
+ register : env_file_content
35
+
36
+ - name : Write .env file to target host
37
+ ansible.builtin.copy :
38
+ dest : " {{ repo_path }}/.env"
39
+ content : " {{ env_file_content.stdout }}"
40
+ mode : ' 0644'
41
+
7
42
- name : Ensure the repository is up-to-date
8
43
ansible.builtin.shell : git pull
9
44
args :
20
55
state : present
21
56
remove_orphans : true
22
57
23
- - name : Run Docker Command
58
+ - name : Run Docker Command
24
59
command : docker compose ps
25
60
args :
26
61
chdir : " {{ repo_path }}"
27
- register : docker_output
62
+ register : docker_output
28
63
29
- - name : Display Docker Output
30
- debug :
31
- var : docker_output.stdout_lines
64
+ - name : Display Docker Output
65
+ debug :
66
+ var : docker_output.stdout_lines
0 commit comments