mafyuh/iac
Archived
1
0
Fork 0
Code Issues6 Pull requests9 Projects1 Wiki Activity Actions
This repository has been archived on 2025-03-03. You can view files and clone it, but cannot push or open issues or pull requests.
iac/.forgejo/workflows/CD.yml
Matt Reeves f507bf0491 remove docker arrs
2025-02-25 23:56:20 -05:00

198 lines
6.8 KiB
YAML
Raw Permalink Blame History

name: Ansible Deploy to Hosts
on:
pull_request:
types: [closed]
workflow_dispatch:
jobs:
deploy:
if: github.event.pull_request.merged == true
runs-on: docker
container:
image: mafyuh/ansible-bws:v1.1.1
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Fetch all history for git diff
run: git fetch --depth=2
- name: Detect modified folders
id: detect-changes
run: |
if [ "$(git rev-parse --is-shallow-repository)" = "true" ]; then
git fetch --unshallow
fi
folders=$(git diff --name-only HEAD~1 HEAD | grep '^docker/' | cut -d/ -f2 | sort | uniq)
echo "Modified folders: $folders"
echo "::set-output name=folders::$folders"
if [ -z "$folders" ]; then
echo "No changes in docker folder. Exiting."
exit 0
fi
- name: Map Folder to Host
shell: bash
run: |
IFS=' ' read -r -a folder_array <<< "${{ steps.detect-changes.outputs.folders }}"
hosts=""
folders=""
for folder in "${folder_array[@]}"; do
case $folder in
actual)
host="ubu.lan"
;;
arm)
host="arm.lan"
;;
AI)
host="ai.lan"
;;
authentik)
host="auth.lan"
;;
ag-main)
host="dns.lan"
;;
exporters)
host="all"
;;
grafana)
host="ubu.lan"
;;
jellyfin)
host="jf.lan"
;;
kasm)
host="kasm.lan"
;;
netboot)
host="netboot.lan"
;;
nexterm)
host="ubu.lan"
;;
npm)
host="npm.lan"
;;
plex)
host="plex.lan"
;;
paperless)
host="ubu.lan"
;;
portainer)
host="port.lan"
;;
runner)
host="runner.lan"
;;
*)
echo "Unknown folder: $folder"
exit 1
;;
esac
if [ -z "$hosts" ]; then
hosts="$host"
folders="$folder"
else
hosts="$hosts,$host"
folders="$folders,$folder"
fi
done
echo "Deploying to hosts: $hosts for folders: $folders"
echo "target_host=$hosts" >> $GITHUB_ENV
echo "folder=$folders" >> $GITHUB_ENV
- name: Get Secrets from Bitwarden
id: bitwarden-secrets
uses: https://github.com/bitwarden/sm-action@v2
with:
access_token: ${{ secrets.BW_ACCESS_TOKEN }}
base_url: https://vault.bitwarden.com
secrets: |
267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host
d9924181-b061-44e0-b7b9-b264004791eb > ag_main_host
e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host
6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host
52512c15-b474-42c3-9835-b23e001edf35 > auth_host
903364d9-1b29-4b7f-aa66-b23e001f7327 > jf_host
e4c5d8be-b91f-41ab-8071-b23e00203340 > kasm_host
566329f5-5af3-4bcd-b187-b23e00216134 > netboot_host
fb62a8d1-6dd5-4fab-aff4-b23e0021e215 > npm_host
fe0a2fa5-8e2b-4b4f-ac68-b26100315b20 > plex_host
90a16954-45df-49ad-9f45-b23e002273c5 > runner_host
a5b6fa4b-4643-4f85-988b-b23e00245e2f > ubu_host
26b06759-9791-42d7-a076-b23e0063c4dd > ssh_private_key
- name: Create hosts.ini file
run: |
cat <<EOF > ansible/hosts.ini
[iac]
dns.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ag_main_host }} ansible_user=mafyuh
arrs.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arrs_host }} ansible_user=mafyuh
ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424
arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424
auth.lan ansible_host=${{ steps.bitwarden-secrets.outputs.auth_host }} ansible_user=mafyuh
jf.lan ansible_host=${{ steps.bitwarden-secrets.outputs.jf_host }} ansible_user=mafyuh
kasm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.kasm_host }} ansible_user=mafyuh
netboot.lan ansible_host=${{ steps.bitwarden-secrets.outputs.netboot_host }} ansible_user=mafyuh
npm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.npm_host }} ansible_user=mafyuh
plex.lan ansible_host=${{ steps.bitwarden-secrets.outputs.plex_host }} ansible_user=mafyuh ansible_port=2009
runner.lan ansible_host=${{ steps.bitwarden-secrets.outputs.runner_host }} ansible_user=mafyuh
ubu.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ubu_host }} ansible_user=mafyuh
EOF
- name: Ensure SSH directory exists
run: |
mkdir -p /root/.ssh
chmod 700 /root/.ssh
- name: Create Private key
run: |
cat <<EOF > /root/.ssh/id_rsa
${{ steps.bitwarden-secrets.outputs.ssh_private_key }}
EOF
- name: Set permissions for private key
run: |
chmod 700 /root/.ssh/id_rsa
- name: Set up SSH agent
run: |
eval $(ssh-agent -s)
ssh-add /root/.ssh/id_rsa
- name: Run Ansible Playbook
env:
BWS_ACCESS_TOKEN: ${{ secrets.BWS_ACCESS_TOKEN }}
ANSIBLE_CONFIG: ansible/ansible.cfg
run: |
ansible-playbook -i ansible/hosts.ini ./ansible/playbooks/deploy-docker.yml \
--extra-vars "target_host=${{ env.target_host }} folder=${{ env.folder }} bw_access_token=${{ secrets.BW_ACCESS_TOKEN }}" | tee ansible_output.txt
- name: Post Ansible Output as PR Comment
if: github.event.pull_request.merged == true
uses: https://github.com/actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const output = fs.readFileSync('ansible_output.txt', 'utf8');
const prNumber = context.payload.pull_request.number;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
body: `### Ansible Deployment Output\n\`\`\`\n${output}\n\`\`\``
});
Reference in a new issue View git blame Copy permalink