Lab 6: blocks/tags, Docker Compose, wipe logic, CI/CD #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Ansible Deployment | |
| on: | |
| push: | |
| branches: [master] | |
| paths: | |
| - 'ansible/**' | |
| - '!ansible/docs/**' | |
| - '.github/workflows/ansible-deploy.yml' | |
| pull_request: | |
| branches: [master] | |
| paths: | |
| - 'ansible/**' | |
| - '.github/workflows/ansible-deploy.yml' | |
| concurrency: | |
| group: ansible-deploy-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| name: Ansible Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Python 3.12 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| cache: pip | |
| - name: Install Ansible and ansible-lint | |
| run: pip install ansible ansible-lint | |
| - name: Run ansible-lint | |
| run: | | |
| cd ansible | |
| ansible-lint playbooks/provision.yml playbooks/deploy.yml playbooks/site.yml | |
| deploy: | |
| name: Deploy Application | |
| needs: lint | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Python 3.12 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| cache: pip | |
| - name: Install Ansible | |
| run: pip install ansible | |
| - name: Install community.docker collection | |
| run: ansible-galaxy collection install community.docker community.general | |
| - name: Configure SSH access to target VM | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| ssh-keyscan -H "${{ secrets.VM_HOST }}" >> ~/.ssh/known_hosts | |
| - name: Write Vault password file | |
| run: echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > /tmp/vault_pass | |
| - name: Run Ansible deploy playbook | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: "False" | |
| run: | | |
| cd ansible | |
| ansible-playbook playbooks/deploy.yml \ | |
| --vault-password-file /tmp/vault_pass | |
| - name: Clean up Vault password file | |
| if: always() | |
| run: rm -f /tmp/vault_pass | |
| - name: Verify deployment | |
| run: | | |
| sleep 10 | |
| curl -f "http://${{ secrets.VM_HOST }}:5000/health" || exit 1 |