init add docker bws

ansible/playbooks/deploy-docker.yml

@@ -3,7 +3,42 @@
   hosts: "{{ target_host }}"
   vars:
     repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder }}"
+    secrets_mapping_file: "/home/{{ ansible_user }}/iac/secret-mapping.yml"
   tasks:
+    - name: Read secret mapping
+      ansible.builtin.slurp:
+        src: "{{ secrets_mapping_file }}"
+      register: secret_mapping_content
+
+    - name: Parse secret mapping
+      ansible.builtin.set_fact:
+        secret_mapping: "{{ secret_mapping_content['content'] | b64decode | from_yaml }}"
+
+    - name: Generate .env content
+      vars:
+        env_variables: "{{ secret_mapping[target_host]['env_variables'] | default({}) }}"
+      ansible.builtin.shell: |
+        #!/bin/bash
+        echo "Generating .env for {{ target_host }} at {{ repo_path }}/.env"
+        for var in "${!env_variables[@]}"; do
+          secret_id="${env_variables[$var]}"
+          if [ -n "$secret_id" ]; then
+            value=$(bws secret get "$secret_id" | jq -r '.value')
+            echo "$var=$value"
+          else
+            echo "$var="
+          fi
+        done
+      args:
+        executable: /bin/bash
+      register: env_file_content
+
+    - name: Write .env file to target host
+      ansible.builtin.copy:
+        dest: "{{ repo_path }}/.env"
+        content: "{{ env_file_content.stdout }}"
+        mode: '0644'
+
     - name: Ensure the repository is up-to-date
       ansible.builtin.shell: git pull
       args:
@@ -20,12 +55,12 @@
         state: present
         remove_orphans: true
 
-    - name: Run Docker Command		
+    - name: Run Docker Command
       command: docker compose ps
       args:
         chdir: "{{ repo_path }}"
-      register: docker_output		
+      register: docker_output
 
-    - name: Display Docker Output		
+    - name: Display Docker Output
-      debug:		
+      debug:
-        var: docker_output.stdout_lines
+        var: docker_output.stdout_lines