CI + Dev-Workspace: disable automatic rollout and setup new Workspace #145
8 changed files with 51 additions and 81 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,5 +1,5 @@
|
|||
.git/
|
||||
vault-pass.yml
|
||||
vault-pass
|
||||
id_ed25519
|
||||
id_ed25519.pub
|
||||
roles/ansible-role-pip
|
||||
|
|
|
@ -4,17 +4,13 @@ depends_on:
|
|||
|
||||
steps:
|
||||
ansible-lint:
|
||||
image: quay.io/ansible/creator-ee:v24.2.0
|
||||
image: registry.mgrote.net/ansible-devspace:latest
|
||||
commands:
|
||||
# Secrets
|
||||
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert"
|
||||
- echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung
|
||||
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreaks, daher mit base64 -w0 "kodiert"
|
||||
- echo $${VAULTPASS} | base64 -d > ./vault-pass # Name des Secrets in Großschreibung
|
||||
- chmod 0400 ./id_ed25519
|
||||
# Abhängigkeiten
|
||||
- pip install pykeepass Jinja2 markupsafe jmespath --user
|
||||
- ansible-galaxy install -r requirements.yaml
|
||||
# Doing
|
||||
- ansible-lint --version
|
||||
- ansible-lint --force-color --format pep8
|
||||
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
|
||||
secrets: [vaultpass]
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
---
|
||||
depends_on:
|
||||
- ansible-lint
|
||||
|
||||
steps:
|
||||
ansible-playbook:
|
||||
image: quay.io/ansible/creator-ee:v24.2.0
|
||||
commands:
|
||||
# Secrets
|
||||
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert"
|
||||
- echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung
|
||||
- chmod 0400 ./id_ed25519
|
||||
# Abhängigkeiten
|
||||
- pip install 'pykeepass==4.0.3' --user
|
||||
- ansible-galaxy install -r requirements.yaml
|
||||
# Debug
|
||||
- ansible localhost -m debug -a "var={{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
|
||||
# Doing
|
||||
#- ansible-playbook playbooks/2_all.yml playbooks/3_service/* --limit production
|
||||
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
|
||||
secrets: [vaultpass, sshkey]
|
||||
when:
|
||||
- event: [push, pull_request_closed]
|
||||
branch: master
|
||||
...
|
|
@ -1,3 +1,11 @@
|
|||
# ansible_heimserver
|
||||
|
||||
[![status-badge](https://ci.mgrote.net/api/badges/2/status.svg)](https://ci.mgrote.net/repos/2)
|
||||
|
||||
## ansible-devspace
|
||||
|
||||
- Repository: https://git.mgrote.net/container-images/ansible-devspace
|
||||
- dort mit Woodpecker-CI gebaut und in eigene Registry gepushed
|
||||
- ``devspace.sh`` pulled Image, prüft ob SSH-Key und ``vault-pass`` vorhanden sind
|
||||
- mountet git-Secrets
|
||||
- startet Container
|
||||
|
|
|
@ -2,11 +2,9 @@
|
|||
inventory = ./inventory
|
||||
nocows = 1
|
||||
retry_files_enabled = False
|
||||
roles_path = ./roles
|
||||
lookup_plugins = ./plugins/lookup
|
||||
collections_path = ./collections
|
||||
roles_path = ./roles:~/.ansible/roles/
|
||||
private_key_file = ./id_ed25519
|
||||
vault_password_file = vault-pass.yml
|
||||
vault_password_file = vault-pass
|
||||
gathering = smart
|
||||
[diff]
|
||||
always = true
|
||||
|
|
37
devspace.sh
Executable file
37
devspace.sh
Executable file
|
@ -0,0 +1,37 @@
|
|||
#!/bin/bash
|
||||
|
||||
IMAGE="registry.mgrote.net/ansible-devspace:latest"
|
||||
|
||||
# Farben
|
||||
# https://stackoverflow.com/questions/5947742/how-to-change-the-output-color-of-echo-in-linux
|
||||
RESET='\033[0m'
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[0;33m'
|
||||
|
||||
echo -e "${GREEN}Run checks...${RESET}"
|
||||
|
||||
if ! [ -f "./vault-pass" ]; then
|
||||
echo -e "${RED}Vault-Pass File is missing!${RESET}"
|
||||
exit 1
|
||||
fi
|
||||
if ! [ -f "./id_ed25519" ]; then
|
||||
echo -e "${RED}SSH-Private-Key is missing!${RESET}"
|
||||
exit 1
|
||||
fi
|
||||
if ! [ -f "$HOME/.git-credentials" ]; then
|
||||
echo -e "${YELLOW}~/.git-credentials not found!${RESET}"
|
||||
fi
|
||||
if ! [[ $(id -u) -eq "1000" ]]; then
|
||||
echo -e "${RED}Wrong UID! (!=1000)${RESET}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "${GREEN}Pull Image...${RESET}"
|
||||
docker pull ${IMAGE}
|
||||
|
||||
echo -e "${GREEN}Start container...${RESET}"
|
||||
docker run -it \
|
||||
-v "$PWD:/home/ansible-dev/ansible-homeserver" \
|
||||
-v "$HOME/.git-credentials:/home/ansible-dev/.git-credentials" \
|
||||
-w /home/ansible-dev/ansible-homeserver ${IMAGE}
|
|
@ -1,42 +0,0 @@
|
|||
collections:
|
||||
- name: community.general
|
||||
version: "9.2.0"
|
||||
- name: community.crypto
|
||||
version: "2.21.1"
|
||||
- name: ansible.posix
|
||||
version: "1.5.4"
|
||||
- name: community.docker
|
||||
version: "3.11.0"
|
||||
- name: viczem.keepass
|
||||
version: "0.7.5"
|
||||
roles:
|
||||
- name: ansible-role-bootstrap
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-bootstrap
|
||||
version: "7.0.2"
|
||||
- name: ansible-ufw
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-ufw
|
||||
version: "v4.1.13"
|
||||
- name: ansible-manage-lvm
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-manage-lvm
|
||||
version: "v0.2.12"
|
||||
- name: ansible-role-unattended-upgrades
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-unattended-upgrades
|
||||
version: "v4.6.0"
|
||||
- name: ansible-role-pip
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-pip
|
||||
version: "3.0.3"
|
||||
- name: ansible-role-nfs
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-nfs
|
||||
version: "2.0.0"
|
||||
- name: ansible-role-docker
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-docker
|
||||
version: "7.1.0"
|
||||
- name: ansible_role_ctop
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible_role_ctop
|
||||
version: "1.1.6"
|
||||
- name: ansible_role_gitea
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible_role_gitea
|
||||
version: "v3.5.0"
|
||||
- name: ansible-role-postgresql
|
||||
src: git+https://git.mgrote.net/ansible-role-mirrors/ansible-role-postgresql
|
||||
version: "3.5.2"
|
|
@ -11,8 +11,6 @@
|
|||
when:
|
||||
- sanoid_syncoid_destination_host
|
||||
|
||||
|
||||
|
||||
- name: add user to sudoers
|
||||
become: true
|
||||
ansible.builtin.blockinfile:
|
||||
|
|
Loading…
Reference in a new issue