Quick Fix: Add ssh allow rules on runner #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Hayaworld Ansible Jobs (Deploy) | |
on: | |
push: | |
branches: | |
- 'master' | |
workflow_dispatch: | |
jobs: | |
Yamllint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run YAML Lint | |
run: yamllint --strict --format github . | |
AnsibleLint: | |
runs-on: self-hosted | |
container: | |
image: ghcr.io/ansible/community-ansible-dev-tools:latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Restore Caches | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
/github/home/.cache/ | |
/github/home/.ansible/ | |
key: cache-ansible-roles | |
- name: Prepare environments (ansible-galaxy install role) | |
run: | | |
ansible-galaxy role install -r requirements.yml --ignore-errors | |
- name: Prepare environments (ansible-galaxy install collection) | |
run: | | |
ansible-galaxy collection install -r requirements.yml --ignore-errors | |
- name: Run Ansible-lint | |
run: | | |
ansible-lint | |
- name: Save Caches | |
uses: actions/cache/save@v4 | |
with: | |
path: | | |
/github/home/.cache/ | |
/github/home/.ansible/ | |
key: cache-ansible-roles | |
Duplicate_Check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Add exec flag to dupcheck.sh | |
run: "chmod +x ./dupcheck.sh" | |
- name: NXDOMAIN_Duplicate_Check | |
run: > | |
"./dupcheck.sh" | |
"inventories/host_vars/rui/NXDOMAIN.yml" | |
Dry_Run_ansible: | |
needs: | |
- Yamllint | |
- AnsibleLint | |
- Duplicate_Check | |
runs-on: self-hosted | |
strategy: | |
fail-fast: false | |
matrix: | |
vm: | |
- console | |
- jenkins | |
- rui | |
- runner03 | |
- skylark | |
- tm | |
environment: Production | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Prepare environments (ansible-galaxy install role) | |
run: | | |
ansible-galaxy role install -r requirements.yml --ignore-errors | |
- name: Prepare environments (ansible-galaxy install collection) | |
run: | | |
ansible-galaxy collection install -r requirements.yml --ignore-errors | |
- name: "ansible-playbook -C" | |
env: | |
ANSIBLE_FORCE_COLOR: '1' | |
run: | | |
ansible-playbook \ | |
-i inventories \ | |
-C \ | |
--ssh-extra-args='-o StrictHostKeyChecking=no' \ | |
--vault-password-file ${{ secrets.VAULT_PASSWORD_FILE }} \ | |
--extra-vars "ansible_sudo_pass=${{ secrets.SUDO }}" \ | |
${{ matrix.vm }}.yml | |
Run_ansible: | |
if: "${{ github.ref == 'refs/heads/master'}}" | |
needs: | |
- Dry_Run_ansible | |
runs-on: self-hosted | |
strategy: | |
fail-fast: false | |
matrix: | |
vm: | |
- console | |
- jenkins | |
- rui | |
- skylark | |
- tm | |
environment: Production | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Prepare environments (ansible-galaxy install role) | |
run: | | |
ansible-galaxy role install -r requirements.yml --ignore-errors | |
- name: Prepare environments (ansible-galaxy install collection) | |
run: | | |
ansible-galaxy collection install -r requirements.yml --ignore-errors | |
- name: "Run ansible-playbook" | |
env: | |
ANSIBLE_FORCE_COLOR: '1' | |
run: | | |
ansible-playbook \ | |
-i inventories \ | |
--ssh-extra-args='-o StrictHostKeyChecking=no' \ | |
--vault-password-file ${{ secrets.VAULT_PASSWORD_FILE }} \ | |
--extra-vars "ansible_sudo_pass=${{ secrets.SUDO }}" \ | |
${{ matrix.vm }}.yml |