stack/.github/workflows/ci.yml at master · vghn/stack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
name: CI

on:
  push:
    branches:
      - master

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    env:
      VAULT_VERSION: '1.5.0'
      VAULT_ADDR: 'https://vault.ghn.me:8200'
    steps:
    - uses: actions/checkout@v2
    - name: Set up Python
      uses: actions/setup-python@v2
    - name: Install dependencies
      run: pip install --upgrade pip ansible hvac pycrypto paramiko
    - name: Install Vault
      run: |
            wget -q "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip"
            wget -qO - "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS" | grep linux_amd64 | sha256sum -c
            sudo unzip -o -d /usr/local/bin/ "vault_${VAULT_VERSION}_linux_amd64.zip"
            vault version
    - name: Authenticate Vault
      run: |
            VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=${{ secrets.VAULT_ROLE_ID }} secret_id=${{ secrets.VAULT_SECRET_ID }})
            echo ::add-mask::$VAULT_TOKEN && echo ::set-env name=VAULT_TOKEN::$VAULT_TOKEN
    - name: Set-up SSH
      run: vault kv get -field=id_rsa vgh/ansible/ssh > deploy_rsa && chmod 600 deploy_rsa
    - name: Deploy stack
      run: ansible-playbook site.yml