init runner v2

.gitea/workflows/ansible-runner.yaml

@@ -1,102 +1,102 @@
-name: 🏃Run Ansible
+name: 🏃 Run Ansible
 
 on:
   workflow_call:
     inputs:
       playbook_path:
+        description: 'Path to playbook relative to the role repo (e.g. playbooks/deploy.yml)'
         required: true
         type: string
       role_repo:
+        description: 'Gitea repository of the role (e.g. ansible/role-samba)'
         required: true
         type: string
+      inventory:
+        description: 'Inventory file relative to ansible-runner repo'
+        required: false
+        type: string
+        default: 'inventory/raspberries.yaml'
+      ansible_extra_args:
+        description: 'Additional Ansible arguments (e.g. --tags install)'
+        required: false
+        type: string
+        default: ''
     secrets:
       TOKEN:
         required: true
 
 jobs:
-  install_ansible:
-    runs-on: ubuntu-latest
+  run_ansible:
+    # Uses the custom ansible-act-runner image with Node, Python and Ansible pre-installed
+    runs-on: ansible
     container:
-      image: cattheinvoker/ubuntu-act-baked:22.04
+      image: gitea.mod.home/${{ gitea.repository_owner }}/ansible-act-runner:latest
+
     steps:
-      - name: 🔐Setup SSH for submodules
+      - name: 🔑 Setup SSH
         run: |
-          echo "Key length: ${#SSH_PRIVATE_KEY}"
           mkdir -p $HOME/.ssh
           echo "$SSH_PRIVATE_KEY" | base64 -d > $HOME/.ssh/id_ed25519
           chmod 600 $HOME/.ssh/id_ed25519
-          ls -laR
-          # ssh-keyscan -t rsa -p 2222 gitlab.mod.home > $HOME/.ssh/known_hosts
-          echo "Host *" >> ~/.ssh/config
-          echo "  StrictHostKeyChecking no" >> ~/.ssh/config
-          echo "  UserKnownHostsFile /dev/null" >> ~/.ssh/config
-          echo "Host gitea.mod.home" >> ~/.ssh/config
-          echo "  port 2222" >> ~/.ssh/config
+          cat > ~/.ssh/config << 'SSHEOF'
+          Host *
+            StrictHostKeyChecking no
+            UserKnownHostsFile /dev/null
+            IdentityFile ~/.ssh/id_ed25519
+          Host gitea.mod.home
+            Port 2222
+          SSHEOF
+          chmod 600 ~/.ssh/config
         env:
           SSH_PRIVATE_KEY: ${{ secrets.SSHKEY_B64 }}
 
-      - name: 🛠️ Install Node.js fallback
-        run: |
-          if ! command -v node &> /dev/null; then
-            echo "Node nicht gefunden. Installiere..."
-            sudo apt-get update && sudo apt-get install -y nodejs
-          fi
-
-      - name: 🔎Checkout Repository
+      - name: 🔎 Checkout ansible-runner (Inventory & Vault)
         uses: actions/checkout@v4
         with:
-          submodules: recursive
+          repository: ${{ gitea.repository_owner }}/ansible-runner
+          token: ${{ secrets.TOKEN }}
           fetch-depth: 0
-      # Python 3 installieren, was für pip und Ansible notwendig ist
 
-      - name: ⚙️Setup Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.x" # Wählt die neueste Python 3 Version
-
-      # Abhängigkeiten aktualisieren und Ansible über pip installieren
-      - name: ⚙️Install Ansible via pip
-        run: |
-          python -m pip install --upgrade pip
-          pip install ansible
-
-      # vault file anlegen
-      - name: 🔑create vault file
-        run: echo "${{ secrets.ANSIBLE_VAULT_KEY }}" > .vault_pass.txt
-
-      - name: 📋Manuelles Submodule Update
-        run: |
-          git submodule init
-          git submodule update --recursive --init --force
-
-      - name: ⚙️Install Ansible roles
-        run: |
-          ansible-galaxy role install -r requirements.yml --roles-path ./roles
-
-      - name: 🔎Check Ansible roles exists
-        run: |
-          ansible-galaxy list
-
-      - name: 🔎 Checkout Triggering Role Repo
+      - name: 🔎 Checkout Role Repo
         uses: actions/checkout@v4
         with:
           token: ${{ secrets.TOKEN }}
           repository: ${{ inputs.role_repo }}
           path: active_role
+          fetch-depth: 0
 
-      - name: 🔎Check Ansible Playbook Syntax
+      - name: 🔑 Setup Vault Key
         run: |
-          ansible-playbook --syntax-check active_role/${{ inputs.playbook_path }}
+          echo "${{ secrets.ANSIBLE_VAULT_KEY }}" > .vault_pass.txt
+          chmod 600 .vault_pass.txt
 
-      - name: 🏃Run Ansible deploy_valkey.yml.ansible
+      - name: 🔎 Syntax Check
         run: |
-          ansible-playbook -i inventory/raspberries.yaml active_role/${{ inputs.playbook_path }} --vault-password-file .vault_pass.txt -v
-      # Beispiel für den Benachrichtigungsschritt
-      - name: 📨Telegram Benachrichtigung senden
+          ansible-playbook \
+            --syntax-check \
+            -i ${{ inputs.inventory }} \
+            active_role/${{ inputs.playbook_path }}
+
+      - name: 🏃 Run Playbook
+        run: |
+          ansible-playbook \
+            -i ${{ inputs.inventory }} \
+            active_role/${{ inputs.playbook_path }} \
+            --vault-password-file .vault_pass.txt \
+            ${{ inputs.ansible_extra_args }} \
+            -v
+
+      - name: 🧹 Cleanup Secrets
+        if: always()
+        run: |
+          rm -f .vault_pass.txt
+          rm -f $HOME/.ssh/id_ed25519
+
+      - name: 📨 Telegram Notification
         uses: chapvic/telegram-notify@master
-        if: always() # Stellt sicher, dass die Benachrichtigung immer gesendet wird
+        if: always()
         with:
-          token: ${{ secrets.TELEGRAM_BOT_TOKEN }} # Ihr Bot-Token Secret
-          chat: ${{ secrets.TELEGRAM_CHAT_ID }} # Ihre Chat-ID Secret
-          status: ${{ job.status }} # Sendet den Job-Status (success/failure/cancelled)
-          title: "Deploy: ${{ inputs.role_repo }}"
+          token: ${{ secrets.TELEGRAM_BOT_TOKEN }}
+          chat: ${{ secrets.TELEGRAM_CHAT_ID }}
+          status: ${{ job.status }}
+          title: "Deploy: ${{ inputs.role_repo }} → ${{ inputs.playbook_path }}"