Derive droplet IP from Terraform state in Ansible workflow

.gitea/workflows/ansible.yml

@@ -26,20 +26,42 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Install Ansible
-        run: pip install ansible
+      - name: Install dependencies
+        run: pip install ansible && sudo apt-get install -y unzip
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Init
+        working-directory: terraform
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }}
+        run: terraform init
+
+      - name: Get droplet IP from Terraform state
+        working-directory: terraform
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }}
+          TF_VAR_do_token: ${{ secrets.DO_TOKEN }}
+          TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }}
+          TF_VAR_ssh_key_name: ${{ secrets.DO_SSH_KEY_NAME }}
+          TF_VAR_domain: ${{ secrets.DOMAIN }}
+          TF_VAR_admin_ip: ${{ secrets.ADMIN_IP }}
+        run: echo "DROPLET_IP=$(terraform output -raw gitea_ip)" >> $GITHUB_ENV
 
       - name: Write SSH key
         run: |
           mkdir -p ~/.ssh
           echo "${{ secrets.DROPLET_SSH_KEY }}" > ~/.ssh/do
           chmod 600 ~/.ssh/do
-          ssh-keyscan -H ${{ secrets.DROPLET_IP }} >> ~/.ssh/known_hosts
+          ssh-keyscan -H $DROPLET_IP >> ~/.ssh/known_hosts
 
       - name: Write inventory
         run: |
           echo "[infra]" > inventory.ini
-          echo "${{ secrets.DROPLET_IP }} ansible_user=root ansible_ssh_private_key_file=~/.ssh/do" >> inventory.ini
+          echo "$DROPLET_IP ansible_user=root ansible_ssh_private_key_file=~/.ssh/do" >> inventory.ini
 
       - name: Write vault password
         run: echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > .vault_pass