-
Notifications
You must be signed in to change notification settings - Fork 0
52 lines (41 loc) · 1.31 KB
/
apply.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: Apply Ansible
on:
workflow_dispatch:
push:
branches:
- master
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Tailscale
run: |
curl -fsSL https://tailscale.com/install.sh | sh
- name: Join Tailscale Network
run: |
sudo tailscale up --authkey=${{ secrets.TAILSCALE_AUTH_KEY }}
- name: Add private SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.PRIVATE_SSH_KEY_B64 }}" | base64 -d > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
- name: Create Vault Password File
run: |
echo "${{ secrets.VAULT_PASSWORD }}" > /tmp/vault_password.txt
- name: Install Ansible
run: |
sudo apt-get install -y ansible
- name: Install Ansible requirements
run: |
ansible-galaxy collection install -r requirements.yml
- name: Install jmespath because GHA is broken
run: |
sudo pipx inject ansible-core jmespath
- name: Run Ansible Playbook
run: |
export ANSIBLE_HOST_KEY_CHECKING=false
export no_proxy='*'
ansible-playbook -i hosts.yml -e @secrets.yml --vault-password-file /tmp/vault_password.txt site.yml