homeserver/.woodpecker/ansible-playbook.yml

---
depends_on:
  - ansible-lint

steps:
  ansible-playbook:
    image: quay.io/ansible/creator-ee:v24.2.0
    commands:
      # Secrets
      - echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert"
      - echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung
      - chmod 0400 ./id_ed25519
      # Abhängigkeiten
      - pip install 'pykeepass==4.0.3' --user
      - ansible-galaxy install -r requirements.yaml
      # Debug
      - ansible localhost -m debug -a "var={{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
      # Doing
      - ansible-playbook playbooks/2_all.yml playbooks/3_service/* --limit production
    # https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
    secrets: [vaultpass, sshkey]
    when:
      - event: [push, pull_request_closed]
        branch: master
...