Bump dawidd6/action-ansible-playbook from 5 to 6 (#80) #153
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: "Deploy" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| paths: | |
| - "deployment/**" | |
| permissions: | |
| pull-requests: write | |
| jobs: | |
| terraform: | |
| name: "Terraform" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Setup python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.x | |
| - name: Install environment | |
| run: | | |
| curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 > jq | |
| chmod +x jq | |
| pip install yq ansible fedcloudclient | |
| # add PWD to the PATH | |
| echo "$PWD" >> "$GITHUB_PATH" | |
| - name: Configure providers access | |
| env: | |
| CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
| CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
| run: | | |
| # using parametric scopes to only have access to cloud.egi.eu VO | |
| SCOPE="openid%20email%20profile%20voperson_id" | |
| SCOPE="$SCOPE%20eduperson_entitlement:urn:mace:egi.eu:group:cloud.egi.eu:role=vm_operator#aai.egi.eu" | |
| SCOPE="$SCOPE%20eduperson_entitlement:urn:mace:egi.eu:group:cloud.egi.eu:role=member#aai.egi.eu" | |
| SCOPE="$SCOPE%20entitlements:urn:mace:egi.eu:group:cloud.egi.eu:role=vm_operator#aai.egi.eu" | |
| SCOPE="$SCOPE%20entitlements:urn:mace:egi.eu:group:cloud.egi.eu:role=member#aai.egi.eu" | |
| OIDC_TOKEN=$(curl -X POST "https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token" \ | |
| -d "grant_type=client_credentials&client_id=$CLIENT_ID&scope=$SCOPE&client_secret=$CLIENT_SECRET" \ | |
| | jq -r ".access_token") | |
| echo "::add-mask::$OIDC_TOKEN" | |
| echo "OIDC_TOKEN=$OIDC_TOKEN" >> "$GITHUB_ENV" | |
| export OIDC_TOKEN="$OIDC_TOKEN" | |
| cd deployment | |
| ./site-config.sh | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.2.9 | |
| - name: Terraform Format | |
| id: fmt | |
| run: | | |
| cd deployment | |
| terraform fmt -check | |
| - name: Terraform init | |
| id: init | |
| run: | | |
| cd deployment | |
| terraform init | |
| - name: terraform plan | |
| id: plan | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| cd deployment | |
| terraform plan -no-color -var-file=deploy.tfvars | |
| continue-on-error: true | |
| - name: Update Pull Request | |
| uses: actions/github-script@v8 | |
| if: github.event_name == 'pull_request' | |
| env: | |
| PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | |
| #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | |
| #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
| <details><summary>Show Plan</summary> | |
| \`\`\` | |
| ${process.env.PLAN} | |
| \`\`\` | |
| </details> | |
| *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) | |
| - name: Terraform Plan Status | |
| if: steps.plan.outcome == 'failure' | |
| run: exit 1 | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| run: | | |
| cd deployment | |
| terraform apply -auto-approve -var-file=deploy.tfvars | |
| - name: Get IP | |
| id: public_ip | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| run: | | |
| cd deployment | |
| terraform output -raw public_ip | |
| - name: Update IP in DNS | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| env: | |
| NSUPDATE_SECRET: ${{ secrets.NSUPDATE_SECRET }} | |
| run: | | |
| curl -u "horizon.vm.fedcloud.eu:$NSUPDATE_SECRET" \ | |
| "https://nsupdate.fedcloud.eu/nic/update?myip=${{ steps.public_ip.outputs.stdout }}" | |
| - name: Configure with ansible | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| uses: dawidd6/action-ansible-playbook@v6 | |
| with: | |
| playbook: playbook.yaml | |
| directory: ./deployment | |
| key: ${{ secrets.SSH_KEY }} | |
| inventory: | | |
| [all] | |
| ${{ steps.public_ip.outputs.stdout }} | |
| requirements: galaxy-requirements.yaml | |
| options: | | |
| --extra-vars ACCESS_TOKEN=${{ env.OIDC_TOKEN }} | |
| --extra-vars git_ref=${{ github.sha }} | |
| --ssh-common-args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" | |
| -u egi |