init runner v2
This commit is contained in:
master of disaster
@@ -1,102 +1,102 @@
|
||||
name: 🏃Run Ansible
|
||||
name: 🏃 Run Ansible
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
playbook_path:
|
||||
description: 'Path to playbook relative to the role repo (e.g. playbooks/deploy.yml)'
|
||||
required: true
|
||||
type: string
|
||||
role_repo:
|
||||
description: 'Gitea repository of the role (e.g. ansible/role-samba)'
|
||||
required: true
|
||||
type: string
|
||||
inventory:
|
||||
description: 'Inventory file relative to ansible-runner repo'
|
||||
required: false
|
||||
type: string
|
||||
default: 'inventory/raspberries.yaml'
|
||||
ansible_extra_args:
|
||||
description: 'Additional Ansible arguments (e.g. --tags install)'
|
||||
required: false
|
||||
type: string
|
||||
default: ''
|
||||
secrets:
|
||||
TOKEN:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
install_ansible:
|
||||
runs-on: ubuntu-latest
|
||||
run_ansible:
|
||||
# Uses the custom ansible-act-runner image with Node, Python and Ansible pre-installed
|
||||
runs-on: ansible
|
||||
container:
|
||||
image: cattheinvoker/ubuntu-act-baked:22.04
|
||||
image: gitea.mod.home/${{ gitea.repository_owner }}/ansible-act-runner:latest
|
||||
|
||||
steps:
|
||||
- name: 🔐Setup SSH for submodules
|
||||
- name: 🔑 Setup SSH
|
||||
run: |
|
||||
echo "Key length: ${#SSH_PRIVATE_KEY}"
|
||||
mkdir -p $HOME/.ssh
|
||||
echo "$SSH_PRIVATE_KEY" | base64 -d > $HOME/.ssh/id_ed25519
|
||||
chmod 600 $HOME/.ssh/id_ed25519
|
||||
ls -laR
|
||||
# ssh-keyscan -t rsa -p 2222 gitlab.mod.home > $HOME/.ssh/known_hosts
|
||||
echo "Host *" >> ~/.ssh/config
|
||||
echo " StrictHostKeyChecking no" >> ~/.ssh/config
|
||||
echo " UserKnownHostsFile /dev/null" >> ~/.ssh/config
|
||||
echo "Host gitea.mod.home" >> ~/.ssh/config
|
||||
echo " port 2222" >> ~/.ssh/config
|
||||
cat > ~/.ssh/config << 'SSHEOF'
|
||||
Host *
|
||||
StrictHostKeyChecking no
|
||||
UserKnownHostsFile /dev/null
|
||||
IdentityFile ~/.ssh/id_ed25519
|
||||
Host gitea.mod.home
|
||||
Port 2222
|
||||
SSHEOF
|
||||
chmod 600 ~/.ssh/config
|
||||
env:
|
||||
SSH_PRIVATE_KEY: ${{ secrets.SSHKEY_B64 }}
|
||||
|
||||
- name: 🛠️ Install Node.js fallback
|
||||
run: |
|
||||
if ! command -v node &> /dev/null; then
|
||||
echo "Node nicht gefunden. Installiere..."
|
||||
sudo apt-get update && sudo apt-get install -y nodejs
|
||||
fi
|
||||
|
||||
- name: 🔎Checkout Repository
|
||||
- name: 🔎 Checkout ansible-runner (Inventory & Vault)
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
submodules: recursive
|
||||
repository: ${{ gitea.repository_owner }}/ansible-runner
|
||||
token: ${{ secrets.TOKEN }}
|
||||
fetch-depth: 0
|
||||
# Python 3 installieren, was für pip und Ansible notwendig ist
|
||||
|
||||
- name: ⚙️Setup Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.x" # Wählt die neueste Python 3 Version
|
||||
|
||||
# Abhängigkeiten aktualisieren und Ansible über pip installieren
|
||||
- name: ⚙️Install Ansible via pip
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install ansible
|
||||
|
||||
# vault file anlegen
|
||||
- name: 🔑create vault file
|
||||
run: echo "${{ secrets.ANSIBLE_VAULT_KEY }}" > .vault_pass.txt
|
||||
|
||||
- name: 📋Manuelles Submodule Update
|
||||
run: |
|
||||
git submodule init
|
||||
git submodule update --recursive --init --force
|
||||
|
||||
- name: ⚙️Install Ansible roles
|
||||
run: |
|
||||
ansible-galaxy role install -r requirements.yml --roles-path ./roles
|
||||
|
||||
- name: 🔎Check Ansible roles exists
|
||||
run: |
|
||||
ansible-galaxy list
|
||||
|
||||
- name: 🔎 Checkout Triggering Role Repo
|
||||
- name: 🔎 Checkout Role Repo
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
token: ${{ secrets.TOKEN }}
|
||||
repository: ${{ inputs.role_repo }}
|
||||
path: active_role
|
||||
fetch-depth: 0
|
||||
|
||||
- name: 🔎Check Ansible Playbook Syntax
|
||||
- name: 🔑 Setup Vault Key
|
||||
run: |
|
||||
ansible-playbook --syntax-check active_role/${{ inputs.playbook_path }}
|
||||
echo "${{ secrets.ANSIBLE_VAULT_KEY }}" > .vault_pass.txt
|
||||
chmod 600 .vault_pass.txt
|
||||
|
||||
- name: 🏃Run Ansible deploy_valkey.yml.ansible
|
||||
- name: 🔎 Syntax Check
|
||||
run: |
|
||||
ansible-playbook -i inventory/raspberries.yaml active_role/${{ inputs.playbook_path }} --vault-password-file .vault_pass.txt -v
|
||||
# Beispiel für den Benachrichtigungsschritt
|
||||
- name: 📨Telegram Benachrichtigung senden
|
||||
ansible-playbook \
|
||||
--syntax-check \
|
||||
-i ${{ inputs.inventory }} \
|
||||
active_role/${{ inputs.playbook_path }}
|
||||
|
||||
- name: 🏃 Run Playbook
|
||||
run: |
|
||||
ansible-playbook \
|
||||
-i ${{ inputs.inventory }} \
|
||||
active_role/${{ inputs.playbook_path }} \
|
||||
--vault-password-file .vault_pass.txt \
|
||||
${{ inputs.ansible_extra_args }} \
|
||||
-v
|
||||
|
||||
- name: 🧹 Cleanup Secrets
|
||||
if: always()
|
||||
run: |
|
||||
rm -f .vault_pass.txt
|
||||
rm -f $HOME/.ssh/id_ed25519
|
||||
|
||||
- name: 📨 Telegram Notification
|
||||
uses: chapvic/telegram-notify@master
|
||||
if: always() # Stellt sicher, dass die Benachrichtigung immer gesendet wird
|
||||
if: always()
|
||||
with:
|
||||
token: ${{ secrets.TELEGRAM_BOT_TOKEN }} # Ihr Bot-Token Secret
|
||||
chat: ${{ secrets.TELEGRAM_CHAT_ID }} # Ihre Chat-ID Secret
|
||||
status: ${{ job.status }} # Sendet den Job-Status (success/failure/cancelled)
|
||||
title: "Deploy: ${{ inputs.role_repo }}"
|
||||
token: ${{ secrets.TELEGRAM_BOT_TOKEN }}
|
||||
chat: ${{ secrets.TELEGRAM_CHAT_ID }}
|
||||
status: ${{ job.status }}
|
||||
title: "Deploy: ${{ inputs.role_repo }} → ${{ inputs.playbook_path }}"
|
||||
|
||||
73
.gitea/workflows/build-image.yaml
Normal file
73
.gitea/workflows/build-image.yaml
Normal file
@@ -0,0 +1,73 @@
|
||||
name: 🐳 Build Ansible Act Runner Image
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'docker/Dockerfile'
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
force_rebuild:
|
||||
description: 'Force rebuild without cache'
|
||||
required: false
|
||||
default: 'false'
|
||||
type: boolean
|
||||
|
||||
jobs:
|
||||
build:
|
||||
# Runs directly on the runner host to access the DinD sidecar
|
||||
# DOCKER_HOST=tcp://localhost:2376 is already set via runner configmap
|
||||
runs-on: docker
|
||||
|
||||
steps:
|
||||
- name: 🔎 Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: 🏷️ Set Image Tags
|
||||
id: tags
|
||||
run: |
|
||||
REGISTRY="gitea.mod.home"
|
||||
ORG="${{ gitea.repository_owner }}"
|
||||
IMAGE="ansible-act-runner"
|
||||
SHORT_SHA="${{ gitea.sha }}"
|
||||
SHORT_SHA="${SHORT_SHA:0:8}"
|
||||
|
||||
echo "image=${REGISTRY}/${ORG}/${IMAGE}" >> $GITHUB_OUTPUT
|
||||
echo "tag_latest=${REGISTRY}/${ORG}/${IMAGE}:latest" >> $GITHUB_OUTPUT
|
||||
echo "tag_sha=${REGISTRY}/${ORG}/${IMAGE}:${SHORT_SHA}" >> $GITHUB_OUTPUT
|
||||
echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: 🐳 Docker Login → Gitea Registry
|
||||
run: |
|
||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | \
|
||||
docker login gitea.mod.home \
|
||||
--username "${{ secrets.REGISTRY_USER }}" \
|
||||
--password-stdin
|
||||
|
||||
- name: 🐳 Build Image
|
||||
run: |
|
||||
BUILD_ARGS=""
|
||||
if [ "${{ inputs.force_rebuild }}" = "true" ]; then
|
||||
BUILD_ARGS="--no-cache"
|
||||
fi
|
||||
|
||||
docker build ${BUILD_ARGS} \
|
||||
-t ${{ steps.tags.outputs.tag_latest }} \
|
||||
-t ${{ steps.tags.outputs.tag_sha }} \
|
||||
-f docker/Dockerfile \
|
||||
docker/
|
||||
|
||||
- name: 🐳 Push Image
|
||||
run: |
|
||||
docker push ${{ steps.tags.outputs.tag_latest }}
|
||||
docker push ${{ steps.tags.outputs.tag_sha }}
|
||||
|
||||
- name: 📨 Telegram Notification
|
||||
uses: chapvic/telegram-notify@master
|
||||
if: always()
|
||||
with:
|
||||
token: ${{ secrets.TELEGRAM_BOT_TOKEN }}
|
||||
chat: ${{ secrets.TELEGRAM_CHAT_ID }}
|
||||
status: ${{ job.status }}
|
||||
title: "🐳 Build: ansible-act-runner:${{ steps.tags.outputs.short_sha }}"
|
||||
Reference in New Issue
Block a user