ansible: store cloudflare credentials on release builders

MoLow · MoLow · commit 95a6fd5c1c03 · 2023-09-27T02:56:27.000+03:00
diff --git a/ansible/roles/read-secrets/tasks/partials/release.yml b/ansible/roles/read-secrets/tasks/partials/release.yml
@@ -12,3 +12,4 @@
   with_items:
     - { 'key': 'staging_key', 'file': "staging_id_rsa_private.key" }
     - { 'key': 'known_hosts', 'file': "known_hosts" }
+    - { 'key': 'worker_credentials', 'file': "release-cloudflare-worker-credentials" }
diff --git a/ansible/roles/release-builder/files/worker_config b/ansible/roles/release-builder/files/worker_config
@@ -0,0 +1 @@
+[profile worker]
diff --git a/ansible/roles/release-builder/tasks/main.yml b/ansible/roles/release-builder/tasks/main.yml
@@ -36,3 +36,24 @@
     state: present
   become: yes
   become_user: "{{ server_user }}"
+
+- name: create .aws directory
+  ansible.builtin.file:
+    dest: "{{ release_home_dir }}/.aws"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+    state: directory
+
+- name: copy credentials to deploy release artifacts
+  ansible.builtin.copy:
+    content: "{{ secrets.worker_credentials }}"
+    dest: "{{ release_home_dir }}/.aws/credentials"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+
+- name: write worker_config
+  ansible.builtin.copy:
+    dest: "{{ release_home_dir }}/.aws/config"
+    src: "{{ role_path }}/files/worker_config"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
