113 lines
3.5 KiB
YAML
113 lines
3.5 KiB
YAML
name: Deploy Stack
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
extra_vars:
|
|
required: false
|
|
type: string
|
|
description: "JSON string of extra variables to pass to Ansible"
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
steps:
|
|
- name: Validate required secrets
|
|
run: |
|
|
if [ -z "${{ secrets.STAF_SSH_KEY }}" ]; then
|
|
echo "❌ STAF_SSH_KEY secret is required"
|
|
exit 1
|
|
fi
|
|
if [ -z "${{ secrets.STAF_HOST }}" ]; then
|
|
echo "❌ STAF_HOST secret is required"
|
|
exit 1
|
|
fi
|
|
if [ -z "${{ secrets.STAF_ANSIBLE_USER }}" ]; then
|
|
echo "❌ STAF_ANSIBLE_USER secret is required"
|
|
exit 1
|
|
fi
|
|
if [ -z "${{ secrets.ORG_GITEA_TOKEN }}" ]; then
|
|
echo "❌ ORG_GITEA_TOKEN secret is required"
|
|
exit 1
|
|
fi
|
|
if [ -z "${{ secrets.STAF_PUID }}" ]; then
|
|
echo "❌ STAF_PUID secret is required"
|
|
exit 1
|
|
fi
|
|
if [ -z "${{ secrets.STAF_PGID }}" ]; then
|
|
echo "❌ STAF_PGID secret is required"
|
|
exit 1
|
|
fi
|
|
if [ -z "${{ secrets.STAF_TIMEZONE }}" ]; then
|
|
echo "❌ STAF_TIMEZONE secret is required"
|
|
exit 1
|
|
fi
|
|
if [ -z "${{ secrets.STAF_APPDATA_ROOT }}" ]; then
|
|
echo "❌ STAF_APPDATA_ROOT secret is required"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Checkout stack repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Checkout shared ansible
|
|
uses: actions/checkout@v4
|
|
with:
|
|
repository: ${{ github.event.repository.owner.login }}/ansible-shared
|
|
path: ansible-shared
|
|
token: ${{ secrets.ORG_GITEA_TOKEN }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.11"
|
|
cache: "pip"
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
pip install ansible docker
|
|
|
|
- name: Setup SSH
|
|
run: |
|
|
echo "${{ secrets.STAF_SSH_KEY }}" > ~/.ssh/ssh_key
|
|
chmod 600 ~/.ssh/ssh_key
|
|
eval $(ssh-agent -s)
|
|
ssh-add ~/.ssh/ssh_key
|
|
|
|
- name: Deploy stack with Ansible
|
|
run: |
|
|
cd ansible-shared
|
|
EXTRA_VARS_FLAG=""
|
|
if [ -n "${{ inputs.extra_vars }}" ]; then
|
|
EXTRA_VARS_FLAG="--extra-vars '${{ inputs.extra_vars }}'"
|
|
fi
|
|
if ! eval "ansible-playbook -i inventory.ini deploy-compose-stack.yml $EXTRA_VARS_FLAG"; then
|
|
echo "❌ Ansible playbook execution failed"
|
|
exit 1
|
|
fi
|
|
env:
|
|
ANSIBLE_HOST_KEY_CHECKING: False
|
|
STACK_NAME: ${{ github.event.repository.name }}
|
|
REPO_URL: ${{ github.server_url }}/${{ github.repository }}.git
|
|
STAF_HOST: ${{ secrets.STAF_HOST }}
|
|
STAF_ANSIBLE_USER: ${{ secrets.STAF_ANSIBLE_USER }}
|
|
STAF_PUID: ${{ secrets.STAF_PUID }}
|
|
STAF_PGID: ${{ secrets.STAF_PGID }}
|
|
STAF_TZ: ${{ secrets.STAF_TIMEZONE }}
|
|
STAF_APPDATA_ROOT: ${{ secrets.STAF_APPDATA_ROOT }}
|
|
|
|
- name: Notify deployment status
|
|
if: always()
|
|
run: |
|
|
if [ "${{ job.status }}" == "success" ]; then
|
|
echo "✅ Stack ${{ github.event.repository.name }} deployed successfully"
|
|
else
|
|
echo "❌ Stack ${{ github.event.repository.name }} deployment failed"
|
|
fi
|
|
|
|
- name: Cleanup SSH key
|
|
if: always()
|
|
run: |
|
|
rm -f ~/.ssh/ssh_key
|