add dependabot for github actions

remove dry-run
fix vault password
2024-11-23 15:58:04 +01:00 · 2024-10-11 12:23:03 +02:00 · 2024-10-11 12:17:54 +02:00 · 2024-10-11 12:14:58 +02:00 · 2024-10-11 12:11:37 +02:00 · 2024-10-11 12:06:59 +02:00
19 changed files with 93 additions and 15 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -3,3 +3,4 @@ profile: production
 strict: true
 exclude_paths:
  - "**/*docker-compose.yaml"
  - .github/
--- a/.ansible-lint-ignore
+++ b/.ansible-lint-ignore
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@ -0,0 +1,6 @@
 version: 2
 updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "monthly"
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -0,0 +1,36 @@
 on:
  workflow_dispatch:
  push:
    branches:
      - master
 jobs:
  ansible:
    name: run ansible
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Python
        uses: actions/setup-python@v5.2.0
        with:
          # Version range or exact version of Python or PyPy to use, using SemVer's version range syntax. Reads from .python-version if unset.
          python-version: 3
          # Used to specify a package manager for caching in the default directory. Supported values: pip, pipenv, poetry.
          cache: pip
          # Set this option if you want the action to check for the latest available version that satisfies the version spec.
          check-latest: true
      - name: Run ansible
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
          DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
          DEPLOY_USERNAME: ${{ secrets.DEPLOY_USERNAME }}
          ANSIBLE_INVENTORY: inventories/github.yaml
          ANSIBLE_VAULT_PASSWORD_FILE: vault.pass
          ANSIBLE_FORCE_COLOR: "true"
        run: |
          echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > $ANSIBLE_VAULT_PASSWORD_FILE
          ls $ANSIBLE_VAULT_PASSWORD_FILE
          export KEY_FILE=$(mktemp)
          echo "${{ secrets.DEPLOY_KEY }}" > $KEY_FILE
          ansible-playbook playbooks/all.yaml
--- a/.mise.toml
+++ b/.mise.toml
@ -1,3 +1,3 @@
 [env]
-ANSIBLE_INVENTORY = "{{config_root}}/inventory.ini"
+ANSIBLE_INVENTORY = "{{config_root}}/inventories/local.yaml"
 ANSIBLE_VAULT_PASSWORD_FILE = "{{config_root}}/vault.pass"
--- a/inventories/github.yaml
+++ b/inventories/github.yaml
@ -0,0 +1,10 @@
 ---
 servers:
  hosts:
    ubuntu:
      ansible_host: "{{ lookup('env', 'DEPLOY_HOST') }}"
      ansible_port: "{{ lookup('env', 'DEPLOY_PORT') }}"
      ansible_user: "{{ lookup('env', 'DEPLOY_USERNAME') }}"
      ansible_ssh_private_key_file: "{{ lookup('env', 'KEY_FILE') }}"
      ansible_python_interpreter: auto_silent
      ansible_ssh_common_args: -o StrictHostKeyChecking=no
--- a/inventories/local.yaml
+++ b/inventories/local.yaml
@ -0,0 +1,6 @@
 ---
 servers:
  hosts:
    ubuntu:
      ansible_host: 192.168.0.6
      ansible_python_interpreter: auto_silent
--- a/inventory.ini
+++ b/inventory.ini
@ -1,2 +0,0 @@
 [servers]
 ubuntu ansible_host=192.168.0.6 ansible_python_interpreter=auto_silent
--- a/playbooks/all.yaml
+++ b/playbooks/all.yaml
@ -0,0 +1,4 @@
 ---
 - import_playbook: system/all.yaml # noqa: name[play]
 - import_playbook: dependencies/all.yaml # noqa: name[play]
 - import_playbook: apps/all.yaml # noqa: name[play]
--- a/playbooks/apps/all.yaml
+++ b/playbooks/apps/all.yaml
@ -0,0 +1,8 @@
 ---
 - import_playbook: caddy.yaml # noqa: name[play]
 - import_playbook: ghost-update.yaml # noqa: name[play]
 - import_playbook: gitea.yaml # noqa: name[play]
 - import_playbook: goatcounter.yaml # noqa: name[play]
 - import_playbook: lyon-transports.yaml # noqa: name[play]
 - import_playbook: test_headers.yaml # noqa: name[play]
 - import_playbook: wallabag.yaml # noqa: name[play]
--- a/playbooks/apps/ghost-update.yaml
+++ b/playbooks/apps/ghost-update.yaml
@ -8,7 +8,7 @@
        chdir: /mnt/data/gabnotes.org
        cmd: ghost update
      register: gabnotes_async
-      changed_when: true
+      changed_when: false
      async: 300
      poll: 0
    - name: Start update on voyages-lois.augendre.info
@ -16,7 +16,7 @@
        chdir: /mnt/data/voyages-lois.augendre.info
        cmd: ghost update
      register: voyages_lois_async
-      changed_when: true
+      changed_when: false
      async: 300
      poll: 0
    - name: Start update on voyages.coccomagnard.fr
@ -24,7 +24,7 @@
        chdir: /mnt/data/voyages.coccomagnard.fr
        cmd: ghost update
      register: voyages_coccomagnard_async
-      changed_when: true
+      changed_when: false
      async: 300
      poll: 0
    - name: Check gabnotes.org
--- a/playbooks/apps/goatcounter.yaml
+++ b/playbooks/apps/goatcounter.yaml
@ -15,22 +15,22 @@
    - name: Download binary
      ansible.builtin.get_url:
        url: https://github.com/arp242/goatcounter/releases/download/{{ release.tag }}/goatcounter-{{ release.tag }}-linux-amd64.gz
-        dest: "{{ base_dir }}/goatcounter-{{ release.tag }}.gz"
+        dest: "{{ dir }}/goatcounter-{{ release.tag }}.gz"
        mode: "0644"
        owner: gaugendre
        group: gaugendre
    - name: Uncompress
-      ansible.builtin.command: gunzip {{ base_dir }}/goatcounter-{{ release.tag }}.gz
+      ansible.builtin.command: gunzip {{ dir }}/goatcounter-{{ release.tag }}.gz
      args:
-        creates: "{{ base_dir }}/goatcounter-{{ release.tag }}"
+        creates: "{{ dir }}/goatcounter-{{ release.tag }}"
    - name: Make executable
      ansible.builtin.file:
-        path: "{{ base_dir }}/goatcounter-{{ release.tag }}"
+        path: "{{ dir }}/goatcounter-{{ release.tag }}"
        mode: "0775"
    - name: Symlink
      ansible.builtin.file:
-        src: "{{ base_dir }}/goatcounter-{{ release.tag }}"
+        src: "{{ dir }}/goatcounter-{{ release.tag }}"
-        dest: "{{ base_dir }}/goatcounter"
+        dest: "{{ dir }}/goatcounter"
        state: link
    - name: Write service unit file
      become: true
@ -65,7 +65,7 @@
  vars:
    ansible_python_interpreter: /tmp/ansible/bin/python
-    base_dir: /mnt/data/goatcounter
+    dir: /mnt/data/goatcounter
    gc_mailgun_api_key: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      31386237653033306338393237353961396535363061363931643863653461333631376365663338
--- a/playbooks/apps/lyon-transports.yaml
+++ b/playbooks/apps/lyon-transports.yaml
@ -35,6 +35,7 @@
        state: restarted
  vars:
    dir: /mnt/data/lyon-transports
    lyon_transports_password: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      35356364616633356164376433623139333165626433303437666266613762643239373730616131
--- a/playbooks/apps/templates/goatcounter.service.j2
+++ b/playbooks/apps/templates/goatcounter.service.j2
@ -3,7 +3,7 @@ Description=Goatcounter
 After=network.target
 [Service]
-ExecStart={{base_dir}}/goatcounter serve -listen *:8005 -tls http -smtp smtps://goatcounter%%40mg.augendre.info:{{gc_mailgun_api_key}}@smtp.mailgun.org:587 -email-from goatcounter@mg.augendre.info -automigrate -db sqlite+{{base_dir}}/db/goatcounter.sqlite3
+ExecStart={{ dir }}/goatcounter serve -listen *:8005 -tls http -smtp smtps://goatcounter%%40mg.augendre.info:{{gc_mailgun_api_key}}@smtp.mailgun.org:587 -email-from goatcounter@mg.augendre.info -automigrate -db sqlite+{{ dir }}/db/goatcounter.sqlite3
 Type=simple
 Restart=always
 User=gaugendre
--- a/playbooks/apps/templates/lyon-transports.service.j2
+++ b/playbooks/apps/templates/lyon-transports.service.j2
@ -3,7 +3,7 @@ Description=Lyon transports API
 After=network.target
 [Service]
-ExecStart=/mnt/data/lyon-transports/lyon-transports-linux-amd64 --host 0.0.0.0 --port 8013 -u {{ lyon_transports_username }} -p {{ lyon_transports_password }} --cors-allowed-origin https://display.augendre.info
+ExecStart={{ dir }}/lyon-transports-linux-amd64 --host 0.0.0.0 --port 8013 -u {{ lyon_transports_username }} -p {{ lyon_transports_password }} --cors-allowed-origin https://display.augendre.info
 Type=simple
 Restart=always
 User=gaugendre
--- a/playbooks/dependencies/01-setup-deps.yaml
+++ b/playbooks/dependencies/01-setup-deps.yaml
@ -9,6 +9,7 @@
        pkg:
          - python3-venv
    - name: Setup venv
      # github3.py required by the goatcounter playbook
      ansible.builtin.shell: |
        if [ -x /tmp/ansible/bin/python ]; then exit 123; fi
        /usr/bin/python3 -m venv /tmp/ansible
--- a/playbooks/dependencies/all.yaml
+++ b/playbooks/dependencies/all.yaml
@ -0,0 +1,4 @@
 ---
 # intentionally leaving 00-clean-deps to prevent re-creating the venv every time
 - import_playbook: 01-setup-deps.yaml # noqa: name[play]
 - import_playbook: caddy.yaml # noqa: name[play]
--- a/playbooks/system/all.yaml
+++ b/playbooks/system/all.yaml
@ -0,0 +1,2 @@
 ---
 - import_playbook: update.yaml # noqa: name[play]
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1 @@
 ansible
Author	SHA1	Message	Date
Gabriel Augendre	32d5c75883	add dependabot for github actions Some checks failed / run ansible (push) Has been cancelled Details	2024-10-11 12:23:03 +02:00
Gabriel Augendre	3cdd6ec124	remove dry-run	2024-10-11 12:17:54 +02:00
Gabriel Augendre	e1899bd3b6	fix vault password	2024-10-11 12:14:58 +02:00
Gabriel Augendre	18e923609e	ansible force color	2024-10-11 12:11:37 +02:00
Gabriel Augendre	0e3bb9edcc	disable strict host key checking	2024-10-11 12:06:59 +02:00
Gabriel Augendre	69c038380e	expose secrets as env	2024-10-11 12:05:19 +02:00
Gabriel Augendre	5cc1003b67	dry-run only for the moment	2024-10-11 12:00:11 +02:00
Gabriel Augendre	a2fc23e8e8	add missing env vars	2024-10-11 11:58:43 +02:00
Gabriel Augendre	81597a4b34	add missing checkout github step	2024-10-11 11:55:26 +02:00
Gabriel Augendre	1bc6cad793	debug	2024-10-11 11:53:34 +02:00
Gabriel Augendre	ef51a0608c	add ansible to requirements file	2024-10-11 11:51:33 +02:00
Gabriel Augendre	30e07ae069	add ansible action	2024-10-11 11:48:37 +02:00
Gabriel Augendre	c4cd000c13	add github inventory	2024-10-11 11:47:38 +02:00
Gabriel Augendre	83b33455f0	harmonize 'dir' variables	2024-10-11 11:29:20 +02:00
Gabriel Augendre	2c9cfa104d	move to yaml inventory	2024-10-11 11:18:39 +02:00
Gabriel Augendre	813aa28dd1	mark ghost start update tasks as never changed	2024-10-11 11:14:39 +02:00
Gabriel Augendre	9b9f85d4de	add 'all' playbooks to facilitate running all other	2024-10-11 11:14:16 +02:00
		`@ -1,2 +0,0 @@`
			`[servers]`
			`ubuntu ansible_host=192.168.0.6 ansible_python_interpreter=auto_silent`
		`@ -0,0 +1,2 @@`
							`---`
							`- import_playbook: update.yaml # noqa: name[play]`