feat: Add Outline application resources and configurations #45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy with Ansible | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'ingress/**' | |
| - 'roles/**' | |
| workflow_dispatch: | |
| inputs: | |
| tags: | |
| description: 'Ansible tags to run (comma-separated, leave empty for all)' | |
| required: false | |
| default: '' | |
| limit: | |
| description: 'Limit to specific hosts (leave empty for all)' | |
| required: false | |
| default: '' | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.14' | |
| - name: Install Ansible and dependencies | |
| run: | | |
| pip install ansible | |
| ansible-galaxy install -r requirements.yml | |
| - name: Create SSH key | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| ssh-keyscan -H ${{ secrets.ANSIBLE_HOST }} >> ~/.ssh/known_hosts | |
| - name: Create inventory file | |
| run: | | |
| cat > inventory.ini << EOF | |
| [oracle_hosts] | |
| oracle-server ansible_host=${{ secrets.ANSIBLE_HOST }} ansible_user=${{ secrets.ANSIBLE_USER }} ansible_ssh_private_key_file=~/.ssh/id_rsa | |
| EOF | |
| - name: Create Ansible vault password file | |
| run: | | |
| # Trim whitespace and create password file | |
| echo -n "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" | tr -d '[:space:]' > .vault_password | |
| chmod 600 .vault_password | |
| - name: Test vault decryption | |
| run: | | |
| echo "Testing vault password..." | |
| echo "Password file size: $(wc -c < .vault_password) bytes" | |
| if ansible-vault view group_vars/oracle_hosts/vault.yml --vault-password-file .vault_password > /tmp/vault_test 2>&1; then | |
| echo "✓ Vault decryption successful" | |
| head -5 /tmp/vault_test | |
| else | |
| echo "ERROR: Failed to decrypt vault file" | |
| cat /tmp/vault_test | |
| echo "Password file (first 10 chars): $(head -c 10 .vault_password | od -An -tx1)" | |
| exit 1 | |
| fi | |
| - name: Run Ansible playbook | |
| run: | | |
| ANSIBLE_OPTS="" | |
| if [ -n "${{ github.event.inputs.tags }}" ]; then | |
| ANSIBLE_OPTS="$ANSIBLE_OPTS --tags ${{ github.event.inputs.tags }}" | |
| fi | |
| if [ -n "${{ github.event.inputs.limit }}" ]; then | |
| ANSIBLE_OPTS="$ANSIBLE_OPTS --limit ${{ github.event.inputs.limit }}" | |
| fi | |
| ansible-playbook site.yml $ANSIBLE_OPTS | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| rm -f ~/.ssh/id_rsa | |
| rm -f .vault_password | |
| rm -f inventory.ini |