name: ๐Ÿƒ Run Ansible on: workflow_call: inputs: playbook_path: description: 'Path to playbook relative to the role repo (e.g. playbooks/deploy.yml)' required: true type: string role_repo: description: 'Gitea repository of the role (e.g. ansible/role-samba)' required: true type: string inventory: description: 'Inventory file relative to ansible-runner repo' required: false type: string default: 'inventory/raspberries.yaml' ansible_extra_args: description: 'Additional Ansible arguments (e.g. --tags install)' required: false type: string default: '' secrets: TOKEN: required: true jobs: run_ansible: # Uses the custom ansible-act-runner image with Node, Python and Ansible pre-installed runs-on: ansible container: image: gitea.mod.home/${{ gitea.repository_owner }}/ansible-act-runner:latest steps: - name: ๐Ÿ”‘ Setup SSH run: | mkdir -p $HOME/.ssh echo "$SSH_PRIVATE_KEY" | base64 -d > $HOME/.ssh/id_ed25519 chmod 600 $HOME/.ssh/id_ed25519 cat > ~/.ssh/config << 'SSHEOF' Host * StrictHostKeyChecking no UserKnownHostsFile /dev/null IdentityFile ~/.ssh/id_ed25519 Host gitea.mod.home Port 2222 SSHEOF chmod 600 ~/.ssh/config env: SSH_PRIVATE_KEY: ${{ secrets.SSHKEY_B64 }} - name: ๐Ÿ”Ž Checkout ansible-runner (Inventory & Vault) uses: actions/checkout@v4 with: repository: ${{ gitea.repository_owner }}/ansible-runner token: ${{ secrets.TOKEN }} fetch-depth: 0 - name: ๐Ÿ”Ž Checkout Role Repo uses: actions/checkout@v4 with: token: ${{ secrets.TOKEN }} repository: ${{ inputs.role_repo }} path: active_role fetch-depth: 0 - name: ๐Ÿ”‘ Setup Vault Key run: | echo "${{ secrets.ANSIBLE_VAULT_KEY }}" > .vault_pass.txt chmod 600 .vault_pass.txt - name: ๐Ÿ”Ž Syntax Check run: | ansible-playbook \ --syntax-check \ -i ${{ inputs.inventory }} \ active_role/${{ inputs.playbook_path }} - name: ๐Ÿƒ Run Playbook run: | ansible-playbook \ -i ${{ inputs.inventory }} \ active_role/${{ inputs.playbook_path }} \ --vault-password-file .vault_pass.txt \ ${{ inputs.ansible_extra_args }} \ -v - name: ๐Ÿงน Cleanup Secrets if: always() run: | rm -f .vault_pass.txt rm -f $HOME/.ssh/id_ed25519 - name: ๐Ÿ“จ Telegram Notification uses: chapvic/telegram-notify@master if: always() with: token: ${{ secrets.TELEGRAM_BOT_TOKEN }} chat: ${{ secrets.TELEGRAM_CHAT_ID }} status: ${{ job.status }} title: "Deploy: ${{ inputs.role_repo }} โ†’ ${{ inputs.playbook_path }}"