CI + Dev-Workspace: disable automatic rollout and setup new Workspace (#145)
Reviewed-on: #145 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
parent
47a71e9d5b
commit
bb6f7d1853
8 changed files with 51 additions and 81 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,5 +1,5 @@
|
||||||
.git/
|
.git/
|
||||||
vault-pass.yml
|
vault-pass
|
||||||
id_ed25519
|
id_ed25519
|
||||||
id_ed25519.pub
|
id_ed25519.pub
|
||||||
roles/ansible-role-pip
|
roles/ansible-role-pip
|
||||||
|
|
|
@ -4,17 +4,13 @@ depends_on:
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
ansible-lint:
|
ansible-lint:
|
||||||
image: quay.io/ansible/creator-ee:v24.2.0
|
image: registry.mgrote.net/ansible-devspace:latest
|
||||||
commands:
|
commands:
|
||||||
# Secrets
|
# Secrets
|
||||||
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert"
|
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreaks, daher mit base64 -w0 "kodiert"
|
||||||
- echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung
|
- echo $${VAULTPASS} | base64 -d > ./vault-pass # Name des Secrets in Großschreibung
|
||||||
- chmod 0400 ./id_ed25519
|
- chmod 0400 ./id_ed25519
|
||||||
# Abhängigkeiten
|
|
||||||
- pip install pykeepass Jinja2 markupsafe jmespath --user
|
|
||||||
- ansible-galaxy install -r requirements.yaml
|
|
||||||
# Doing
|
# Doing
|
||||||
- ansible-lint --version
|
|
||||||
- ansible-lint --force-color --format pep8
|
- ansible-lint --force-color --format pep8
|
||||||
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
|
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
|
||||||
secrets: [vaultpass]
|
secrets: [vaultpass]
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
---
|
|
||||||
depends_on:
|
|
||||||
- ansible-lint
|
|
||||||
|
|
||||||
steps:
|
|
||||||
ansible-playbook:
|
|
||||||
image: quay.io/ansible/creator-ee:v24.2.0
|
|
||||||
commands:
|
|
||||||
# Secrets
|
|
||||||
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert"
|
|
||||||
- echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung
|
|
||||||
- chmod 0400 ./id_ed25519
|
|
||||||
# Abhängigkeiten
|
|
||||||
- pip install 'pykeepass==4.0.3' --user
|
|
||||||
- ansible-galaxy install -r requirements.yaml
|
|
||||||
# Debug
|
|
||||||
- ansible localhost -m debug -a "var={{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
|
|
||||||
# Doing
|
|
||||||
#- ansible-playbook playbooks/2_all.yml playbooks/3_service/* --limit production
|
|
||||||
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
|
|
||||||
secrets: [vaultpass, sshkey]
|
|
||||||
when:
|
|
||||||
- event: [push, pull_request_closed]
|
|
||||||
branch: master
|
|
||||||
...
|
|
|
@ -1,3 +1,11 @@
|
||||||
# ansible_heimserver
|
# ansible_heimserver
|
||||||
|
|
||||||
[![status-badge](https://ci.mgrote.net/api/badges/2/status.svg)](https://ci.mgrote.net/repos/2)
|
[![status-badge](https://ci.mgrote.net/api/badges/2/status.svg)](https://ci.mgrote.net/repos/2)
|
||||||
|
|
||||||
|
## ansible-devspace
|
||||||
|
|
||||||
|
- Repository: https://git.mgrote.net/container-images/ansible-devspace
|
||||||
|
- dort mit Woodpecker-CI gebaut und in eigene Registry gepushed
|
||||||
|
- ``devspace.sh`` pulled Image, prüft ob SSH-Key und ``vault-pass`` vorhanden sind
|
||||||
|
- mountet git-Secrets
|
||||||
|
- startet Container
|
||||||
|
|
|
@ -2,11 +2,9 @@
|
||||||
inventory = ./inventory
|
inventory = ./inventory
|
||||||
nocows = 1
|
nocows = 1
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
roles_path = ./roles
|
roles_path = ./roles:~/.ansible/roles/
|
||||||
lookup_plugins = ./plugins/lookup
|
|
||||||
collections_path = ./collections
|
|
||||||
private_key_file = ./id_ed25519
|
private_key_file = ./id_ed25519
|
||||||
vault_password_file = vault-pass.yml
|
vault_password_file = vault-pass
|
||||||
gathering = smart
|
gathering = smart
|
||||||
[diff]
|
[diff]
|
||||||
always = true
|
always = true
|
||||||
|
|
37
devspace.sh
Executable file
37
devspace.sh
Executable file
|
@ -0,0 +1,37 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
IMAGE="registry.mgrote.net/ansible-devspace:latest"
|
||||||
|
|
||||||
|
# Farben
|
||||||
|
# https://stackoverflow.com/questions/5947742/how-to-change-the-output-color-of-echo-in-linux
|
||||||
|
RESET='\033[0m'
|
||||||
|
RED='\033[0;31m'
|
||||||
|
GREEN='\033[0;32m'
|
||||||
|
YELLOW='\033[0;33m'
|
||||||
|
|
||||||
|
echo -e "${GREEN}Run checks...${RESET}"
|
||||||
|
|
||||||
|
if ! [ -f "./vault-pass" ]; then
|
||||||
|
echo -e "${RED}Vault-Pass File is missing!${RESET}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if ! [ -f "./id_ed25519" ]; then
|
||||||
|
echo -e "${RED}SSH-Private-Key is missing!${RESET}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if ! [ -f "$HOME/.git-credentials" ]; then
|
||||||
|
echo -e "${YELLOW}~/.git-credentials not found!${RESET}"
|
||||||
|
fi
|
||||||
|
if ! [[ $(id -u) -eq "1000" ]]; then
|
||||||
|
echo -e "${RED}Wrong UID! (!=1000)${RESET}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -e "${GREEN}Pull Image...${RESET}"
|
||||||
|
docker pull ${IMAGE}
|
||||||
|
|
||||||
|
echo -e "${GREEN}Start container...${RESET}"
|
||||||
|
docker run -it \
|
||||||
|
-v "$PWD:/home/ansible-dev/ansible-homeserver" \
|
||||||
|
-v "$HOME/.git-credentials:/home/ansible-dev/.git-credentials" \
|
||||||
|
-w /home/ansible-dev/ansible-homeserver ${IMAGE}
|
|
@ -1,42 +0,0 @@
|
||||||
collections:
|
|
||||||
- name: community.general
|
|
||||||
version: "9.2.0"
|
|
||||||
- name: community.crypto
|
|
||||||
version: "2.21.1"
|
|
||||||
- name: ansible.posix
|
|
||||||
version: "1.5.4"
|
|
||||||
- name: community.docker
|
|
||||||
version: "3.11.0"
|
|
||||||
- name: viczem.keepass
|
|
||||||
version: "0.7.5"
|
|
||||||
roles:
|
|
||||||
- name: ansible-role-bootstrap
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-bootstrap
|
|
||||||
version: "7.0.2"
|
|
||||||
- name: ansible-ufw
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-ufw
|
|
||||||
version: "v4.1.13"
|
|
||||||
- name: ansible-manage-lvm
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-manage-lvm
|
|
||||||
version: "v0.2.12"
|
|
||||||
- name: ansible-role-unattended-upgrades
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-unattended-upgrades
|
|
||||||
version: "v4.6.0"
|
|
||||||
- name: ansible-role-pip
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-pip
|
|
||||||
version: "3.0.3"
|
|
||||||
- name: ansible-role-nfs
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-nfs
|
|
||||||
version: "2.0.0"
|
|
||||||
- name: ansible-role-docker
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-docker
|
|
||||||
version: "7.1.0"
|
|
||||||
- name: ansible_role_ctop
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible_role_ctop
|
|
||||||
version: "1.1.6"
|
|
||||||
- name: ansible_role_gitea
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible_role_gitea
|
|
||||||
version: "v3.5.0"
|
|
||||||
- name: ansible-role-postgresql
|
|
||||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-postgresql
|
|
||||||
version: "3.5.2"
|
|
|
@ -11,8 +11,6 @@
|
||||||
when:
|
when:
|
||||||
- sanoid_syncoid_destination_host
|
- sanoid_syncoid_destination_host
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- name: add user to sudoers
|
- name: add user to sudoers
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
|
|
Loading…
Reference in a new issue