feat: add ansible to deployment pipeline

Author: EnricoBausenhart

.github/workflows/terraform-deploy.yml

@@ -54,69 +54,14 @@ jobs:
           sleep 60
           echo "Instance should be ready now"
 
-      - name: Install Docker on EC2 instance
-        uses: appleboy/[email protected]
-        with:
-          host: ${{ steps.terraform.outputs.public_ip }}
-          username: ${{ vars.AWS_EC2_USER }}
-          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
-          script: |
-            # Add Docker's official GPG key
-            sudo apt-get update
-            sudo apt-get install -y ca-certificates curl
-            sudo install -m 0755 -d /etc/apt/keyrings
-            sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
-            sudo chmod a+r /etc/apt/keyrings/docker.asc
-
-            # Add the repository to Apt sources
-            echo \
-              "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
-              $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
-              sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-            # Install Docker
-            sudo apt-get update
-            sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-
-            # Add user to docker group
-            sudo usermod -a -G docker ${{ vars.AWS_EC2_USER }}
-
-            # Apply group changes without logout
-            newgrp docker
-
-      - name: Copy Docker Compose File From Repo to VM Host
-        uses: appleboy/[email protected]
-        with:
-          host: ${{ steps.terraform.outputs.public_ip }}
-          username: ${{ vars.AWS_EC2_USER }}
-          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
-          source: "deployment/compose.aws.yml"
-          target: "/home/${{ vars.AWS_EC2_USER }}/deployment"
-          strip_components: 1
-          overwrite: true
-
-      - name: SSH to VM and Create .env.prod
-        uses: appleboy/[email protected]
-        with:
-          host: ${{ steps.terraform.outputs.public_ip }}
-          username: ${{ vars.AWS_EC2_USER }}
-          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
-          script: |
-            cd /home/${{ vars.AWS_EC2_USER }}
-            rm -f .env.prod
-            touch .env.prod
-            echo "EC2_PUBLIC_IP=${{ steps.terraform.outputs.public_ip }}" >> .env.prod
-            echo "CLIENT_HOST=client.${{ steps.terraform.outputs.public_ip }}.nip.io" >> .env.prod
-            echo "SERVER_HOST=api.${{ steps.terraform.outputs.public_ip }}.nip.io" >> .env.prod
-            echo "PUBLIC_API_URL=https://api.${{ steps.terraform.outputs.public_ip }}.nip.io" >> .env.prod
+      - name: Setup Ansible
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible
 
-      - name: SSH to VM and Execute Docker-Compose Up
-        uses: appleboy/[email protected]
-        with:
-          host: ${{ steps.terraform.outputs.public_ip }}
-          username: ${{ vars.AWS_EC2_USER }}
-          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
-          script: |
-            cd /home/${{ vars.AWS_EC2_USER }}
-            echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
-            docker compose -f deployment/compose.aws.yml --env-file=/home/${{ vars.AWS_EC2_USER }}/.env.prod up -d
+      - name: Run Ansible Playbook
+        run: |
+          cd infrastructure/ansible
+          EC2_PUBLIC_IP=${{ steps.terraform.outputs.public_ip }} \
+          AWS_EC2_USER=${{ vars.AWS_EC2_USER }} \
+          ansible-playbook -i inventory.yml playbooks/deploy.yml

infrastructure/ansible/inventory.yml

@@ -0,0 +1,6 @@
+all:
+  hosts:
+    app_server:
+      ansible_host: "{{ lookup('env', 'EC2_PUBLIC_IP') }}"
+      ansible_user: "{{ lookup('env', 'AWS_EC2_USER') }}"
+      ansible_ssh_private_key_file: "vockey.pem"

infrastructure/ansible/playbooks/deploy.yml

@@ -0,0 +1,76 @@
+---
+- name: Deploy application
+  hosts: app_server
+  become: yes
+  vars:
+    app_user: "{{ ansible_user }}"
+    app_dir: "/home/{{ app_user }}"
+    deployment_dir: "{{ app_dir }}/deployment"
+
+  tasks:
+    - name: Install required packages
+      apt:
+        name:
+          - apt-transport-https
+          - ca-certificates
+          - curl
+          - software-properties-common
+        state: present
+        update_cache: yes
+
+    - name: Add Docker GPG key
+      apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: Add Docker repository
+      apt_repository:
+        repo: "deb [arch={{ ansible_architecture }}] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+        state: present
+        update_cache: yes
+
+    - name: Install Docker packages
+      apt:
+        name:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
+        state: present
+        update_cache: yes
+
+    - name: Add user to docker group
+      user:
+        name: "{{ app_user }}"
+        groups: docker
+        append: yes
+
+    - name: Create deployment directory
+      file:
+        path: "{{ deployment_dir }}"
+        state: directory
+        mode: "0755"
+
+    - name: Copy docker-compose file
+      copy:
+        src: ../../deployment/compose.aws.yml
+        dest: "{{ deployment_dir }}/compose.aws.yml"
+        mode: "0644"
+
+    - name: Create .env.prod file
+      template:
+        src: ../templates/env.prod.j2
+        dest: "{{ app_dir }}/.env.prod"
+        mode: "0644"
+
+    - name: Start Docker Compose
+      docker_compose:
+        project_src: "{{ deployment_dir }}"
+        files:
+          - compose.aws.yml
+        state: present
+        build: yes
+        remove_orphans: yes
+      environment:
+        DOCKER_BUILDKIT: 1

infrastructure/ansible/templates/env.prod.j2

@@ -0,0 +1,4 @@
+EC2_PUBLIC_IP={{ lookup('env', 'EC2_PUBLIC_IP') }}
+CLIENT_HOST=client.{{ lookup('env', 'EC2_PUBLIC_IP') }}.nip.io
+SERVER_HOST=api.{{ lookup('env', 'EC2_PUBLIC_IP') }}.nip.io
+PUBLIC_API_URL=https://api.{{ lookup('env', 'EC2_PUBLIC_IP') }}.nip.io