diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 9aae8507..9febe2ff 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -1,12 +1,10 @@ name: Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment - on: push: branches-ignore: - main paths: - '**.yml' - jobs: check-and-create-pr: name: Check and Create PR @@ -14,14 +12,12 @@ jobs: steps: - name: Checkout Code uses: actions/checkout@v4 - - name: Install tea uses: supplypike/setup-bin@v4 with: uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64' name: 'tea' version: '0.9.2' - - name: Check if open PR exists id: check-opened-pr-step continue-on-error: true @@ -34,7 +30,6 @@ jobs: pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l) echo ${pr_exists} echo "exists=$pr_exists" >> $GITHUB_OUTPUT - - name: Create PR if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }} run: | @@ -43,7 +38,6 @@ jobs: pr_index_new=$(expr ${pr_index_old} + 1) echo "New PR index: ${pr_index_new}" tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - ${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} - docker-compose-ansible-lints: name: Docker Compose & Ansible Lints needs: [check-and-create-pr] @@ -54,32 +48,35 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - name: Install jq uses: dcarbone/install-jq-action@v3.0.1 - - name: Install Vault uses: cpanato/vault-installer@main with: vault-release: '1.18.3' - - - uses: getsentry/action-setup-venv@v2.1.0 - id: venv + - name: Install Ansible + uses: alex-oleshkevich/setup-ansible@v1.0.1 with: - python-version: 3.11.11 - install-cmd: pip install hvac - - - name: Ansible Lint - uses: ansible/ansible-lint@v24.12.2 + version: "2.18.1" + - name: Install hvac (Python library for HashiCorp Vault) + uses: insightsengineering/pip-action@v2 with: - working_directory: "ansible" - requirements_file: "collections/requirements.yml" - - - name: Generate .env file for docker compose linting + packages: hvac + - name: Ansible Playbook Dry Run + uses: arillso/action.playbook@0.0.8 + with: + galaxy_collections_path: ansible/collections + galaxy_requirements_file: ansible/collections/requirements.yml + inventory: ansible/ansible-inventory + playbook: ansible/docker_config_deploy.yml + check: true + diff: true + vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} + verbose: 1 + - name: Generate .env file for Docker Compose Dry Run run: | vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - - - name: Docker Compose Lint + - name: Docker Compose Dry Run uses: yu-ichiro/spin-up-docker-compose-action@v1 with: file: docker-compose.yml @@ -89,7 +86,6 @@ jobs: up-opts: --dry-run -d --remove-orphans env: DOCKER_HOST: tcp://dockerproxy:2375 - cloudflare-dns-setup: name: Cloudflare DNS Setup needs: [docker-compose-ansible-lints] @@ -97,20 +93,16 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - name: Install jq uses: dcarbone/install-jq-action@v3.0.1 - - name: Install yq uses: dcarbone/install-yq-action@v1 - - name: Install flarectl uses: supplypike/setup-bin@v4 with: uri: 'https://github.com/cloudflare/cloudflare-go/releases/download/v0.113.0/flarectl_0.113.0_linux_amd64.tar.gz' name: 'flarectl' version: '0.113.0' - - name: Grab Subdomains from Docker Compose & Cloudflare id: grab-subdomains env: @@ -121,7 +113,6 @@ jobs: yq '.services[].labels.swag_url' docker-compose.yml | egrep -v 'null' | sed -e 's|"||g' | awk -F'.' '{print $1}' | sort > compose_subdomains.txt echo "Grabbing subdomains from Cloudflare..." flarectl --json dns list --zone "trez.wtf" --type=CNAME --content "trez.wtf" | jq '.[].Name' | sed -e 's|"||g' | awk -F"." '{print $1}' | sort > cloudflare_subdomains.txt - - name: Compare Subdomains id: compare-subdomains uses: LouisBrunner/diff-action@v2.2.0 @@ -131,7 +122,6 @@ jobs: mode: addition tolerance: mixed-better output: domain_compare.txt - - name: Create Subdomains if: steps.compare-subdomains.outputs.output != '' continue-on-error: true @@ -143,7 +133,6 @@ jobs: echo "Creating $subdomain.trez.wtf..." flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf" --proxy true done - regenerate-readme: name: Update README runs-on: ubuntu-latest @@ -153,33 +142,27 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - name: Install yq uses: dcarbone/install-yq-action@v1 - - name: Generate service list run: | yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml - - name: Generate Markdown Table uses: gazab/create-markdown-table@v1 id: service-table with: file: ./services.yml - - name: Regenerate README run: | echo "# List of Services" > README.md echo -e "\n\n" >> README.md echo "${{ steps.service-table.outputs.table }}" >> README.md - - name: Add/Commit README.md id: commit-readme uses: EndBug/add-and-commit@v9 with: message: "chore: Update README" add: "README.md" - pr-merge: name: PR Merge needs: [regenerate-readme] @@ -187,14 +170,12 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - name: Install tea uses: supplypike/setup-bin@v4 with: uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64' name: 'tea' version: '0.9.2' - - name: PR Merge id: pr_merge run: | @@ -204,7 +185,6 @@ jobs: pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F, '{print $1}' | sed -e 's|"||g') echo "${pr_index}" tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR #${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" --output table ${pr_index} - ansible-config-docker-compose-deploy: name: Deploy via Ansible & Docker Compose runs-on: ubuntu-latest @@ -219,25 +199,20 @@ jobs: uses: actions/checkout@v4 with: ref: main - - - name: Install Ansible - uses: alex-oleshkevich/setup-ansible@v1.0.1 - with: - version: "2.18.1" - - name: Install Vault uses: cpanato/vault-installer@main - - - name: Run Ansible Playbook for Docker Service Configs - uses: actions-ansible@v2 + - name: Ansible Playbook Dry Run + uses: arillso/action.playbook@0.0.8 with: - playbook: ./ansible/docker_config_deploy.yml - inventory: ./ansible/ansible-inventory - + galaxy_collections_path: ansible/collections + galaxy_requirements_file: ansible/collections/requirements.yml + inventory: ansible/ansible-inventory + playbook: ansible/docker_config_deploy.yml + vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} + verbose: 1 - name: Generate .env file for deployment run: | vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - - name: Docker Compose Deployment uses: keatonLiu/docker-compose-remote-action@v1.2 with: diff --git a/.gitignore b/.gitignore index 38d143ba..9455a820 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ **/.cache.ggshield +ansible/collections/ansible_collections/ \ No newline at end of file diff --git a/ansible/ansible-navigator.yml b/ansible/ansible-navigator.yml deleted file mode 100644 index d9d70574..00000000 --- a/ansible/ansible-navigator.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -ansible-navigator: - logging: - level: debug - append: false - file: $PWD/.logs/ansible-navigator.log - - playbook-artifact: - enable: true - save-as: "$PWD/.logs/{playbook_name}-artifact-{time_stamp}.json"