-
Notifications
You must be signed in to change notification settings - Fork 1
108 lines (99 loc) · 3.24 KB
/
infra.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: Configure Directus
on:
workflow_dispatch:
inputs:
directus_domain:
type: string
required: true
directus_db_connection_string:
type: string
required: true
docker_network:
type: string
required: true
default: traefik_network
TARGET_HOST:
type: string
required: true
SSH_PORT:
type: string
required: false
default: 22
SSH_USER:
type: string
required: false
default: "root"
SSH_USER_HOME_DIR:
type: string
required: false
default: "/root"
ANSIBLE_BECOME_PASS:
type: string
required: false
default: "no-password"
env:
directus_db_client: pg
directus_key: 7O4o3nHTdL2Bj5aBJKihPFYhnsCbzRCbM2XI8N1f4Ol
directus_secret: SWEAx5xPJ83MNsDHUICpfGe+4aM0Olk+f+9MH
jobs:
ansible:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Add SSH Keys
run: |
cat << EOF > devops-key
${{ secrets.SSH_PRIVATE_KEY }}
EOF
- name: Update devops private key permissions
run: |
chmod 400 devops-key
- name: Install Ansible
run: |
pip install ansible
- name: Adding or Override Ansible inventory File
run: |
cat << EOF > ./inventory.ini
[webservers]
${{ inputs.TARGET_HOST }}
EOF
- name: Adding or Override Ansible Config File
run: |
cat << EOF > ./ansible.cfg
[defaults]
ansible_python_interpreter='/usr/bin/python3'
deprecation_warnings=False
inventory=./inventory.ini
remote_user="${{ inputs.SSH_USER }}"
remote_tmp="${{ inputs.SSH_USER_HOME_DIR }}/.ansible/tmp"
host_key_checking=False
private_key_file = ./devops-key
retries=2
remote_port = ${{ inputs.SSH_PORT }}
EOF
- name: Adding Ansible Variables
run: |
mkdir -p directus-install/vars/
cat << EOF > directus-install/vars/main.yaml
---
directus_hostname: ${{ inputs.directus_domain }}
directus_domain: ${{ inputs.directus_domain }}
directus_key: "${{ env.directus_key }}"
directus_secret: "${{ env.directus_secret }}"
directus_db_client: "pg"
directus_db_connection_string: "${{ inputs.directus_db_connection_string }}"
directus_db_ssl: ${{ secrets.DIRECTUS_DB_SSL }}
directus_db_ssl_ca: "${{ secrets.DIRECTUS_DB_SSL_CA }}"
directus_admin_email: [email protected]
directus_admin_password: changeme#
docker_network: ${{ inputs.docker_network }}
user_home_dir: ${{ inputs.SSH_USER_HOME_DIR }}
EOF
- name: Run main playbook
run: |
if [ "${{ inputs.ANSIBLE_BECOME_PASS }}" != "no-password" ]; then
ANSIBLE_CONFIG=ansible.cfg ansible-playbook --ask-become-pass main.yml
else
ANSIBLE_CONFIG=ansible.cfg ansible-playbook main.yml
fi