Skip to content

Merge pull request #540 from sebdanielsson/renovate/ghcr.io-open-webu… #464

Merge pull request #540 from sebdanielsson/renovate/ghcr.io-open-webu…

Merge pull request #540 from sebdanielsson/renovate/ghcr.io-open-webu… #464

Workflow file for this run

---
name: Run playbook
"on":
push:
branches:
- main
paths:
- ansible/**
- docker/**
workflow_dispatch:
defaults:
run:
working-directory: "sebdanielsson.infra/ansible"
jobs:
run-playbook:
name: Run playbook
runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: "sebdanielsson.infra"
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Install Ansible dependencies
run: |
ansible-galaxy install -r requirements.yml
- name: Disable host key checking
run: |
mkdir -p ~/.ssh
echo "Host *" >> ~/.ssh/config
echo " StrictHostKeyChecking no" >> ~/.ssh/config
- name: Install 1Password CLI
uses: 1password/install-cli-action@v1
with:
version: latest
- name: Load secret ts-authkey
id: op-load-ts-authkey
uses: 1password/load-secrets-action@v2
with:
export-env: false
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
TS_CLIENTID: op://prod/ts-gh-action-oauth/username
TS_CLIENTSECRET: op://prod/ts-gh-action-oauth/credential
- name: Get latest Tailscale version
id: get_latest_ts_version
run: |
echo "ts_latest=$(curl --silent https://api.github.com/repos/tailscale/tailscale/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^"]+)\".*/\1/' | sed 's/^v\(.*\)/\1/')" >> $GITHUB_OUTPUT
- name: Setup Tailscale
uses: tailscale/github-action@v2
with:
version: 1.76.1 # or "steps.get_latest_ts_version.outputs.ts_latest" for latest
oauth-client-id: ${{ steps.op-load-ts-authkey.outputs.TS_CLIENTID }}
oauth-secret: ${{ steps.op-load-ts-authkey.outputs.TS_CLIENTSECRET }}
tags: tag:ci
- name: Check connection
run: tailscale ping --icmp hogsmeade
- name: Run playbook
run: |
ansible-playbook -i inventory.yml hogsmeade.yml
env:
OP_CREDENTIAL: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}