forked from opencrvs/opencrvs-countryconfig
-
Notifications
You must be signed in to change notification settings - Fork 17
129 lines (124 loc) · 4.75 KB
/
provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Provision environment
run-name: Provision ${{ github.event.inputs.environment }}
on:
workflow_dispatch:
inputs:
environment:
type: choice
description: Machine to provision
default: qa
required: true
options:
- development
- staging
- qa
- production
tag:
type: choice
description: Select group tag you want to execute
default: all
options:
- all
- backups
- checks
- updates
- application
- tools
- docker
- deployment
- users
- crontab
- mongodb
- data
- swap
- ufw
- fail2ban
- decrypt
- swarm
- elasticsearch
- traefik
debug:
type: boolean
description: Open SSH session to the runner after deployment
default: false
jobs:
provision:
environment: ${{ github.event.inputs.environment }}
runs-on: ubuntu-20.04
outputs:
outcome: ${{ steps.deploy.outcome }}
timeout-minutes: 60
steps:
- name: Clone country config resource package
uses: actions/checkout@v3
with:
fetch-depth: 0
path: './${{ github.event.repository.name }}'
- name: Set variables for ansible in production environments
id: ansible-variables
run: |
JSON_WITH_NEWLINES=$(cat<<EOF
${{ toJSON(env) }}
EOF)
JSON_WITHOUT_NEWLINES=$(echo $JSON_WITH_NEWLINES | jq -R -c .)
echo "EXTRA_VARS=$JSON_WITHOUT_NEWLINES" >> $GITHUB_OUTPUT
env:
encrypted_disk_size: ${{ vars.DISK_SPACE }}
disk_encryption_key: ${{ secrets.ENCRYPTION_KEY }}
dockerhub_username: ${{ secrets.DOCKER_USERNAME }}
dockerhub_password: ${{ secrets.DOCKER_TOKEN }}
mongodb_admin_username: ${{ secrets.MONGODB_ADMIN_USER }}
mongodb_admin_password: ${{ secrets.MONGODB_ADMIN_PASSWORD }}
backup_encryption_passphrase: ${{ secrets.BACKUP_ENCRYPTION_PASSPHRASE }}
restore_backup_encryption_passphrase: ${{ secrets.RESTORE_BACKUP_ENCRYPTION_PASSPHRASE }}
elasticsearch_superuser_password: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }}
external_backup_server_remote_directory: ${{ vars.BACKUP_DIRECTORY }}
external_backup_server_user: ${{ secrets.BACKUP_SSH_USER }}
external_backup_server_ssh_port: 22
external_backup_server_ip: ${{ secrets.BACKUP_HOST }}
manager_production_server_ip: ${{ secrets.SSH_HOST }}
ansible_user: ${{ secrets.SSH_USER }}
- name: Read known hosts
run: |
cd ${{ github.event.repository.name }}
echo "KNOWN_HOSTS<<EOF" >> $GITHUB_ENV
sed -i -e '$a\' ./infrastructure/.known-hosts
cat ./infrastructure/.known-hosts >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Install SSH Key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.SSH_KEY }}
known_hosts: ${{ env.KNOWN_HOSTS }}
- name: Setup tmate session
if: ${{ github.event.inputs.debug == 'true' }}
uses: mxschmitt/action-tmate@v3
env:
encrypted_disk_size: ${{ vars.DISK_SPACE }}
disk_encryption_key: ${{ secrets.ENCRYPTION_KEY }}
dockerhub_username: ${{ secrets.DOCKER_USERNAME }}
dockerhub_password: ${{ secrets.DOCKER_TOKEN }}
mongodb_admin_username: ${{ secrets.MONGODB_ADMIN_USER }}
mongodb_admin_password: ${{ secrets.MONGODB_ADMIN_PASSWORD }}
backup_encryption_passphrase: ${{ secrets.BACKUP_ENCRYPTION_PASSPHRASE }}
elasticsearch_superuser_password: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }}
external_backup_server_remote_directory: ${{ vars.BACKUP_DIRECTORY }}
external_backup_server_user: ${{ secrets.BACKUP_SSH_USER }}
external_backup_server_ssh_port: 22
external_backup_server_ip: ${{ secrets.BACKUP_HOST }}
manager_production_server_ip: ${{ secrets.SSH_HOST }}
ansible_user: ${{ secrets.SSH_USER }}
- name: Run playbook
uses: dawidd6/action-ansible-playbook@v2
env:
ANSIBLE_PERSISTENT_COMMAND_TIMEOUT: 10
ANSIBLE_SSH_TIMEOUT: 10
ANSIBLE_SSH_RETRIES: 5
with:
playbook: playbook.yml
directory: ${{ github.event.repository.name }}/infrastructure/server-setup
options: |
--verbose
--inventory ${{ github.event.inputs.environment }}.yml
${{ inputs.tag != 'all' && format('--tags={0}', inputs.tag) || ''}}
--extra-vars ""${{ steps.ansible-variables.outputs.EXTRA_VARS }}""