github-workflows/.github/workflows/deploy.yml at main · epimorphics/github-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: "Deployment via Ansible"
on:
  workflow_call:
    inputs:
      aws_region:
        required: false
        type: string
        default: "eu-west-1"
      ansible_playbook:
        required: false
        type: string
        default: "apps.yml"
      ansible_repo:
        required: true
        type: string
      ansible_repo_ref:
        required: false
        type: string
        default: "main"
      deploy: # Output from build stage
        required: true
        type: string
      host_prefix: # used by ssh config
        required: true
        type: string
      key: # Output from build stage
        required: true
        type: string
      tag: # Output from build stage
        required: true
        type: string
    secrets:
      ansible_vault_password:
        required: true
      aws_access_key_id:
        required: true
      aws_secret_access_key:
        required: true
      github_pat:
        required: true
      ssh_key:
        required: true

jobs:
  deploy:
    name: "Deploy via Ansible"
    runs-on: ubuntu-24.04
    if: inputs.deploy != ''
    steps:
    - name: "SSH Setup: github -> aws"
      uses: shimataro/ssh-key-action@v2.8.1
      with:
        key: "${{ secrets.ssh_key }}"
        known_hosts: unnesessary

    - name: "Setup Ansible"
      uses: "epimorphics/github-actions/ansible@v19"
      with:
        aws-access-key-id: "${{ secrets.aws_access_key_id }}"
        aws-secret-access-key: "${{ secrets.aws_secret_access_key }}"
        aws-region: "${{ inputs.aws_region }}"
        host-prefix: "${{ inputs.host_prefix }}"

    - name: "Ansible Deployment Repository Checkout"
      id: deploy
      uses: actions/checkout@v6
      with:
        repository: "${{ inputs.ansible_repo }}"
        ref: "${{ inputs.ansible_repo_ref }}"
        token: "${{ secrets.github_pat }}"

    - name: "Ansible Deploy"
      if: ( inputs.tag != '' && inputs.deploy != '' )
      uses: "epimorphics/github-actions/ansible-deploy-image@v19"
      with:
        secret: "${{ secrets.ansible_vault_password }}"
        stage: "${{ inputs.deploy }}"
        name: "${{ inputs.key }}"
        version: "${{ inputs.tag }}"
        playbook: "${{ inputs.ansible_playbook }}"

    - name: "Git Commit"
      if: inputs.tag != ''
      shell: bash
      run: |
        if ! git diff --quiet
        then
          git config --global user.name "Github CICD"
          git config --global user.email "noreply@epimorphics.com"
          git commit -am "Github/CICD: ${{ inputs.deploy }}/${{ inputs.key }}:${{ inputs.tag }}"
          git push
        else
          echo "No changes to commit"
          echo "tag: ${{ inputs.tag }}"
        fi