4 changed files with 52 additions and 29 deletions
@@ -2,7 +2,7 @@ name: Deploy
 on:
  push:
-    branches: [dev]
+    branches: [master]
 env:
  REGISTRY: gitea.d3m0k1d.ru
@@ -16,11 +16,13 @@ jobs:
      - name: Setup SSH
        run: |
          mkdir -p ~/.ssh
-          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_rsa
      - name: Install Ansible
-        run: apt update && apt install -y ansible
+        run: |
          apt update && apt install -y ansible
          ansible-galaxy install -r infra/ansible/requirements.yml
      - name: Login to registry
        run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login $REGISTRY -u "${{ secrets.REGISTRY_USER }}" --password-stdin
@@ -35,8 +37,5 @@ jobs:
      - name: Deploy
        run: |
          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > .vault_pass
-          ansible-playbook -i infra/ansible/inventory/hosts.yml infra/ansible/playbook.yml \
+          ansible-playbook -i infra/ansible/inventory/hosts.yml infra/ansible/playbook.yml --vault-password-file .vault_pass
            --vault-password-file .vault_pass \
            -e registry=$REGISTRY \
            -e tag=latest
          rm .vault_pass
@@ -1,6 +1,13 @@
-all:
+$ANSIBLE_VAULT;1.1;AES256
-  hosts:
+63663666653739363337653532643363626133303030323462363762316364633838623636626636
-    prod:
+3163343137366530326139353638316466663037663935340a386362666236633237313939366639
-      ansible_host: <SERVER_IP>
+34626337346365663033386631366362366261366163646438646461376662666665363635396333
-      ansible_user: root
+3533626234383564390a663966376163366530643965306563363565326438313465383866343138
-      ansible_port: 22
+66633432663430373339326365303033323133383365656231373736323234386435626431383639
 63396366333433343039343165633436633839666330646261633338666435353035656230313932
 33333630343535646338303539356532306632373433643536393537383463396330366634393962
 36356139616432336664613139623038373434643562353565353866303130323938383439396131
 30316139333733356462366464653964313264646632336566616536643438326433623363643465
 63343430373666356634323761363433666463366431343537613635363239636131643837353935
 64316633663334663536656137666330393034666661383165376365666633303764643439366461
 33386433643034643466
@@ -1,32 +1,47 @@
 ---
 - name: Deploy Frontend
  hosts: prod
  vars:
    deploy_path: /opt/app
  pre_tasks:
    - name: Install docker
      ansible.builtin.include_role:
        name: geerlingguy.docker
    - name: Configure ufw
      community.general.ufw:
        rule: allow
        port: "{{ item }}"
      loop:
        - "80"
        - "443"
        - "2222"
    - name: Enable ufw
      community.general.ufw:
        state: enabled
  tasks:
-    - name: Ensure deployment directory
+    - name: Ensure directory
      ansible.builtin.file:
-        path: "{{ deploy_path }}"
+        path: /opt/aegisfront
        state: directory
-    - name: Copy docker-compose
+    - name: Copy compose
      ansible.builtin.copy:
        src: "{{ playbook_dir }}/../docker-compose.yml"
-        dest: "{{ deploy_path }}/docker-compose.yml"
+        dest: /opt/aegisfront/docker-compose.yml
-    - name: Pull images
+    - name: Pull image
      ansible.builtin.shell:
        cmd: docker compose pull
-        chdir: "{{ deploy_path }}"
+        chdir: /opt/aegisfront
      environment:
-        REGISTRY: "{{ registry }}"
+        REGISTRY: gitea.d3m0k1d.ru
-        TAG: "{{ tag }}"
+        TAG: latest
-    - name: Start services
+    - name: Start
      ansible.builtin.shell:
        cmd: docker compose up -d --remove-orphans
-        chdir: "{{ deploy_path }}"
+        chdir: /opt/aegisfront
      environment:
-        REGISTRY: "{{ registry }}"
+        REGISTRY: gitea.d3m0k1d.ru
-        TAG: "{{ tag }}"
+        TAG: latest
@@ -1,4 +1,6 @@
 ---
-roles: []
+roles:
  - geerlingguy.docker
-collections: []
+collections:
  - community.general