2024-07-09 17:35:56 +02:00
|
|
|
---
|
|
|
|
|
depends_on:
|
|
|
|
|
- ansible-lint
|
|
|
|
|
|
|
|
|
|
steps:
|
|
|
|
|
ansible-playbook:
|
|
|
|
|
image: quay.io/ansible/creator-ee:v24.2.0
|
|
|
|
|
commands:
|
2024-07-09 22:07:08 +02:00
|
|
|
# Secrets
|
2024-07-09 18:32:09 +02:00
|
|
|
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert"
|
2024-07-09 22:07:08 +02:00
|
|
|
- echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung
|
2024-07-09 18:18:39 +02:00
|
|
|
- chmod 0400 ./id_ed25519
|
2024-07-09 22:07:08 +02:00
|
|
|
# Abhängigkeiten
|
|
|
|
|
- pip install 'pykeepass==4.0.3' --user
|
|
|
|
|
- ansible-galaxy install -r requirements.yaml
|
|
|
|
|
# Debug
|
|
|
|
|
- ansible localhost -m debug -a "var={{ lookup('keepass', 'restic_repository_password', 'password') }}"
|
|
|
|
|
# Doing
|
2024-07-09 18:32:09 +02:00
|
|
|
- ansible-playbook playbooks/2_all.yml playbooks/3_service/* --limit production
|
2024-07-09 17:35:56 +02:00
|
|
|
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
|
2024-07-09 17:57:37 +02:00
|
|
|
secrets: [vaultpass, sshkey]
|
2024-07-09 17:35:56 +02:00
|
|
|
when:
|
2024-07-09 17:50:23 +02:00
|
|
|
- event: [push, pull_request_closed]
|
2024-07-09 17:35:56 +02:00
|
|
|
branch: master
|
|
|
|
|
...
|
