-
Notifications
You must be signed in to change notification settings - Fork 0
35 lines (33 loc) · 1.52 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
name: Deploy to production
# We only deploy to production if... we're on the main branch, and the ansible-check has passed
# It is not necessary for now to add a dependency to the test pipeline because it won't
# publish our images if it doesn't pass
on:
workflow_run:
workflows: ["ansible-check"]
branches: [main]
types:
- completed
workflow_dispatch:
jobs:
deploy-to-prod:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/[email protected]
- name: Deploy to prod
# We only deploy to prod if the ansible-check was successful, or if the deployment is manual
if: ${{ github.event.workflowgithub.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
# We use the ansible playbook action with our private key as well as our vault password.
uses: dawidd6/action-ansible-playbook@v2
with:
directory: ./ansible
playbook: playbook.yml
key: ${{ secrets.ANSIBLE_SSH_PRIVATE_KEY }}
vault_password: ${{ secrets.VAULT_PASSWORD }}
# We give the fingerprint of our servers, to avoid DNS Redirection attacks
known_hosts: |
medhy.dohou.takima.cloud ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOWcoyHWc8qNdZbf/+NL/faVWdYAdchHep26pjro5No
options: |
--inventory ./inventories/setup.yml
requirements: ./requirements.yml