Run Ansible #146
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run Ansible | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| deploy_site: | |
| description: "deploy to which environment" | |
| required: true | |
| type: choice | |
| options: | |
| - prod | |
| - dev | |
| stack_name: | |
| description: "stack name" | |
| required: true | |
| type: string | |
| deploy_type: | |
| description: "deployment type" | |
| required: true | |
| type: choice | |
| options: | |
| - a11yvillage-be | |
| - a11yvillage-fe | |
| - coseeing-fe | |
| - coseeing-be | |
| jobs: | |
| deploy: | |
| environment: a11y-village-production | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_GITHUB_ACTION_ROLE }} | |
| aws-region: ap-northeast-1 | |
| - name: Set SSH Key | |
| uses: webfactory/ssh-agent@v0.5.4 | |
| with: | |
| ssh-private-key: ${{ secrets.EC2_SSH_KEY }} | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: Install dependencies in virtual environment | |
| run: | | |
| which python | |
| python -m venv venv | |
| source venv/bin/activate | |
| which python | |
| pip install --upgrade pip | |
| pip install ansible boto3 botocore | |
| ansible-galaxy collection install community.docker community.aws --upgrade | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_GITHUB_ACTION_ROLE }} | |
| aws-region: ap-northeast-1 | |
| - name: Get instance public IP | |
| id: get_ip | |
| run: | | |
| IP=$(aws cloudformation describe-stacks --stack-name ${{ github.event.inputs.stack_name }} --query "Stacks[0].Outputs[?OutputKey=='InstancePublicIp'].OutputValue" --output text) | |
| echo "Instance Public IP: $IP" | |
| echo "IP=$IP" >> $GITHUB_OUTPUT | |
| - name: Write inventory file | |
| run: | | |
| INVENTORY_FILE="inventory" | |
| INSTANCE_NAME="${{ github.event.inputs.stack_name }}" | |
| INSTANCE_IP="${{ steps.get_ip.outputs.IP }}" | |
| ANSIBLE_USER="ubuntu" | |
| # Check if the inventory file exists | |
| if [ -f "$INVENTORY_FILE" ]; then | |
| # Check if the group [INSTANCE_NAME] already exists | |
| if grep -q "^\[$INSTANCE_NAME\]" "$INVENTORY_FILE"; then | |
| echo "Group [$INSTANCE_NAME] already exists in $INVENTORY_FILE." | |
| else | |
| # Append the group and host information | |
| echo -e "\n[$INSTANCE_NAME]\n$INSTANCE_IP ansible_user=$ANSIBLE_USER" >> "$INVENTORY_FILE" | |
| echo "Appended new group [$INSTANCE_NAME] with IP $INSTANCE_IP to $INVENTORY_FILE." | |
| fi | |
| else | |
| # Create the inventory file with the group and host information | |
| echo "[$INSTANCE_NAME]" > "$INVENTORY_FILE" | |
| echo "$INSTANCE_IP ansible_user=$ANSIBLE_USER" >> "$INVENTORY_FILE" | |
| echo "Created $INVENTORY_FILE with group [$INSTANCE_NAME] and IP $INSTANCE_IP." | |
| fi | |
| # Display the inventory file content | |
| cat "$INVENTORY_FILE" | |
| - name: Set deploy domain | |
| id: set_domain | |
| run: | | |
| DOMAIN=$(jq -r --arg type "${{ github.event.inputs.deploy_type }}" --arg site "${{ github.event.inputs.deploy_site }}" '.[$type][$site].domain' .github/workflows/config/domain.json) | |
| if [ "$DOMAIN" = "null" ]; then | |
| echo "Error: Unknown deploy_type: ${{ github.event.inputs.deploy_type }} or deploy_site: ${{ github.event.inputs.deploy_site }}" | |
| exit 1 | |
| fi | |
| echo "deploy_domain=$DOMAIN" >> $GITHUB_OUTPUT | |
| echo "Using deploy_domain: $DOMAIN" | |
| - name: Update Route53 A record | |
| run: | | |
| DOMAIN="${{ steps.set_domain.outputs.deploy_domain }}" | |
| IP="${{ steps.get_ip.outputs.IP }}" | |
| echo "Updating Route53 A record for $DOMAIN -> $IP" | |
| # find hosted zone id for coseeing.org | |
| HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name coseeing.org --query 'HostedZones[0].Id' --output text) | |
| if [ -z "$HOSTED_ZONE_ID" ] || [ "$HOSTED_ZONE_ID" = "None" ]; then | |
| echo "Hosted zone for coseeing.org not found" | |
| exit 1 | |
| fi | |
| HOSTED_ZONE_ID="${HOSTED_ZONE_ID##*/}" | |
| cat > change-batch.json <<EOF | |
| { | |
| "Comment": "Update A record for ${DOMAIN} to point to ${IP}", | |
| "Changes": [ | |
| { | |
| "Action": "UPSERT", | |
| "ResourceRecordSet": { | |
| "Name": "${DOMAIN}", | |
| "Type": "A", | |
| "TTL": 300, | |
| "ResourceRecords": [ { "Value": "${IP}" } ] | |
| } | |
| } | |
| ] | |
| } | |
| EOF | |
| aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch file://change-batch.json | |
| aws route53 list-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --query "ResourceRecordSets[?Name=='${DOMAIN}.']" --output json | |
| - name: Run Ansible Playbook | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: 'False' | |
| run: | | |
| source venv/bin/activate | |
| DOMAIN="${{ steps.set_domain.outputs.deploy_domain }}" | |
| echo "Using domain: $DOMAIN" | |
| # Set deploy tag based on deploy_site | |
| DEPLOY_TAG="latest" | |
| if [ "${{ github.event.inputs.deploy_site }}" = "dev" ]; then | |
| DEPLOY_TAG="dev" | |
| fi | |
| POSTFIX="" | |
| if [ "${{ github.event.inputs.deploy_site }}" = "dev" ]; then | |
| POSTFIX="-dev" | |
| fi | |
| ansible-playbook -i inventory \ | |
| -e "deploy_tag=$DEPLOY_TAG" \ | |
| -e "server_ip=${{ steps.get_ip.outputs.IP }}" \ | |
| -e "deploy_domain=$DOMAIN" \ | |
| -e "project_postfix=$POSTFIX" \ | |
| ansible_yaml/${{ github.event.inputs.deploy_type }}-playbook.yml |