diff --git a/.gitea/workflows/ansible.yml b/.gitea/workflows/ansible.yml new file mode 100644 index 0000000..cfe7a03 --- /dev/null +++ b/.gitea/workflows/ansible.yml @@ -0,0 +1,54 @@ +name: Ansible + +on: + push: + branches: [main] + paths: + - 'ansible/**' + workflow_dispatch: + inputs: + playbook: + description: 'Playbook to run' + required: true + default: 'infra.yml' + type: choice + options: + - infra.yml + +jobs: + ansible: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ansible + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Ansible + run: pip install ansible + + - name: Write SSH key + run: | + mkdir -p ~/.ssh + echo "${{ secrets.DROPLET_SSH_KEY }}" > ~/.ssh/do + chmod 600 ~/.ssh/do + ssh-keyscan -H ${{ secrets.DROPLET_IP }} >> ~/.ssh/known_hosts + + - name: Write inventory + run: | + echo "[infra]" > inventory.ini + echo "${{ secrets.DROPLET_IP }} ansible_user=root ansible_ssh_private_key_file=~/.ssh/do" >> inventory.ini + + - name: Write vault password + run: echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > .vault_pass + + - name: Run playbook + run: | + ansible-playbook -i inventory.ini ${{ inputs.playbook || 'infra.yml' }} \ + --vault-password-file .vault_pass + + - name: Cleanup + if: always() + run: rm -f ~/.ssh/do .vault_pass diff --git a/.gitea/workflows/terraform.yml b/.gitea/workflows/terraform.yml new file mode 100644 index 0000000..8668326 --- /dev/null +++ b/.gitea/workflows/terraform.yml @@ -0,0 +1,74 @@ +name: Terraform + +on: + push: + branches: [main] + paths: + - 'terraform/**' + workflow_dispatch: + inputs: + action: + description: 'Terraform action to run' + required: true + default: 'plan' + type: choice + options: + - plan + - apply + - destroy + +jobs: + terraform: + runs-on: ubuntu-latest + defaults: + run: + working-directory: terraform + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + + - name: Terraform Init + env: + AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }} + run: terraform init + + - name: Terraform Plan + if: github.event_name == 'push' || inputs.action == 'plan' + env: + AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }} + TF_VAR_do_token: ${{ secrets.DO_TOKEN }} + TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }} + TF_VAR_ssh_key_name: ${{ secrets.DO_SSH_KEY_NAME }} + TF_VAR_domain: ${{ secrets.DOMAIN }} + TF_VAR_admin_ip: ${{ secrets.ADMIN_IP }} + run: terraform plan + + - name: Terraform Apply + if: inputs.action == 'apply' + env: + AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }} + TF_VAR_do_token: ${{ secrets.DO_TOKEN }} + TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }} + TF_VAR_ssh_key_name: ${{ secrets.DO_SSH_KEY_NAME }} + TF_VAR_domain: ${{ secrets.DOMAIN }} + TF_VAR_admin_ip: ${{ secrets.ADMIN_IP }} + run: terraform apply -auto-approve + + - name: Terraform Destroy + if: inputs.action == 'destroy' + env: + AWS_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_KEY }} + TF_VAR_do_token: ${{ secrets.DO_TOKEN }} + TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }} + TF_VAR_ssh_key_name: ${{ secrets.DO_SSH_KEY_NAME }} + TF_VAR_domain: ${{ secrets.DOMAIN }} + TF_VAR_admin_ip: ${{ secrets.ADMIN_IP }} + run: terraform destroy -auto-approve