Ansible Docker Swarm #212
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ansible Docker Swarm | |
# Controls when the workflow will run | |
on: | |
pull_request: | |
# Only run when targeting main | |
branches: | |
- main | |
types: | |
- opened | |
- edited | |
- ready_for_review | |
- synchronize | |
paths: | |
- .github/workflows/ansible.yml | |
- 'ansible/**' | |
- requirements.txt | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
jobs: | |
validate: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v4 | |
- name: Run ansible-lint | |
uses: ansible/ansible-lint@v24.7.0 # or version tag instead of 'main' | |
with: | |
args: "ansible" | |
lock: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# Lock if this is a PR so two PR cannot deploy at the same time | |
- name: PR Lock | |
if: github.event_name == 'pull_request' | |
uses: ./.github/actions/pr-lock | |
- name: Clear PR Lock | |
if: github.ref == 'refs/heads/main' | |
uses: ./.github/actions/pr-unlock | |
run-playbook: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
# The validate Job needs to be successful | |
needs: [ validate, lock ] | |
# The deployment environment thus provides the secrets for that env | |
environment: docker_swarm | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v4 | |
# Setup the environment | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: 'pip' # caching pip dependencies | |
- name: Install dependencies Including Ansible | |
run: | | |
python -m pip install --upgrade pip | |
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
if [ -f test-requirements.txt ]; then pip install -r test-requirements.txt; fi | |
if [ -f requirements.yml ]; then ansible-galaxy install -r requirements.yml; fi | |
- name: write inventory to file | |
env: | |
INVENTORY: ${{ secrets.ANSIBLE_INVENTORY }} | |
run: 'echo "$INVENTORY" > inventory' | |
- name: Install SSH key | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: ${{ secrets.ANSIBLE_SSH_KEY }} | |
name: id_rsa # optional | |
known_hosts: ${{ secrets.ANSIBLE_KNOWN_HOSTS }} | |
# config: ${{ secrets.CONFIG }} # ssh_config; optional | |
if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) | |
- name: run playbook | |
run: | | |
ansible-playbook -i inventory ansible/docker-swarm-portainer-caddy.yml | |
env: | |
BRANCH_NAME: ${{ github.head_ref }} | |
# This is used by caddy to authenticate users | |
CADDY_GITHUB_CLIENT_ID: ${{ secrets.CADDY_GITHUB_CLIENT_ID }} | |
CADDY_GITHUB_CLIENT_SECRET: ${{ secrets.CADDY_GITHUB_CLIENT_SECRET }} | |
CADDY_JWT_SHARED_KEY: ${{ secrets.CADDY_JWT_SHARED_KEY }} | |
# This is used by caddy to configure dns records | |
CADDY_DIGITALOCEAN_API_TOKEN: ${{ secrets.CADDY_DIGITALOCEAN_API_TOKEN }} |