add ansible | fix pipeline for ansible

Kroner · Kroner · commit d258fad5aee7 · 2025-04-13T16:28:12.000+03:00
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -3,12 +3,12 @@ name: ci-cd
 on:
   push:
     branches:
-      - main   # Запускать пайплайн при пуше в ветку main
-      - v0.3
+      #- main   # Запускать пайплайн при пуше в ветку main
+      - v0.4
     workflow_dispatch:
 
 jobs:
-  test:
+  tests:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -59,4 +59,32 @@ jobs:
 
       - name: Cleanup (containers down)
         if: always()
-        run: docker compose down
+        run: docker compose down
+
+  deploy:  
+    runs-on: ubuntu-latest
+    #needs: tests 
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      
+      - name: Resolve DNS
+        run: |
+          echo "Проверка DNS:"
+          nslookup ${{ secrets.SERVER_DNS }}
+
+      - name: Set up SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" | base 64 > ~/.ssh/webserver
+          chmod 600 ~/.ssh/webserver
+          # Добавляем сервер в known_hosts (замените your-server-ip)
+          ssh-keyscan -T 10 ${{ secrets.SERVER_DNS }} >> ~/.ssh/known_hosts
+
+      - name: Install ansible on runner
+        run: pip install ansible
+
+      - name: Starting ansible
+        run: |
+          cd ansible/
+          ansible-playbook playbook.yaml     
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
@@ -0,0 +1,4 @@
+[defaults]
+inventory = inventory/hosts  # (опционально) автоматически подхватывает инвентарь
+private_key_file = ~/.ssh/webserver  # SSH-ключ
+remote_user = deployer  # пользователь для подключения
diff --git a/ansible/inventory/group_vars/webserver.yaml b/ansible/inventory/group_vars/webserver.yaml
@@ -0,0 +1,7 @@
+---
+# Настройки специфичные для production
+app_dirr: /opt/goserv
+docker_users:
+  - deploy_user
+  - www-data
+max_connections: 100
diff --git a/ansible/inventory/hosts b/ansible/inventory/hosts
@@ -0,0 +1,5 @@
+[localhost]
+127.0.0.1 ansible_connection=local  # для локального запуска
+
+[webserver]
+goserv.duckdns.org
diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
@@ -0,0 +1,8 @@
+---
+- name: Deploy webserver via Docker Compose
+  hosts: "{{ target | default('webserver') }}"  # переменная для выбора цели
+  become: yes
+
+  roles:
+    - role: docker
+    - role: app
diff --git a/ansible/roles/app/defaults/main.yaml b/ansible/roles/app/defaults/main.yaml
@@ -0,0 +1,4 @@
+---
+app_repo_url: "https://github.com/Kron-x/web_go.git"
+app_dir: "{{ ansible_user_dir }}/server"
+app_branch: "main"
diff --git a/ansible/roles/app/tasks/main.yaml b/ansible/roles/app/tasks/main.yaml
@@ -0,0 +1,21 @@
+---
+- name: Check if repo exists
+  stat:
+    path: "{{ app_dir }}/.git"
+  register: repo_exists
+
+- name: Check app_dir
+  run: echo {{ app_dir }}
+
+- name: Clone or update repo
+  git:
+    repo: "{{ app_repo_url }}"
+    dest: "{{ app_dir }}"
+    update: "{{ repo_exists.stat.exists }}"
+    force: yes
+    version: "{{ app_branch }}"
+
+- name: Run Docker Compose
+  command: docker compose up -d --force-recreate
+  args:
+    chdir: "{{ app_dir }}"
diff --git a/ansible/roles/docker/defaults/main.yaml b/ansible/roles/docker/defaults/main.yaml
@@ -0,0 +1,10 @@
+--- 
+docker_key_dir: /usr/share/keyrings
+docker_repo_url: "https://download.docker.com/linux/ubuntu"
+docker_repo_distribution: noble
+docker_repo_component: stable
+docker_packages:
+  - docker-ce
+  - docker-ce-cli
+  - containerd.io
+  - docker-compose-plugin
diff --git a/ansible/roles/docker/tasks/main.yaml b/ansible/roles/docker/tasks/main.yaml
@@ -0,0 +1,33 @@
+---  
+- name: Ensure keyring directory exists
+  file:
+    path: "{{ docker_key_dir }}"
+    state: directory
+    mode: 0755
+
+- name: Download Docker GPG key (proper way)
+  ansible.builtin.get_url:
+    url: "{{ docker_repo_url }}/gpg"
+    dest: "{{ docker_key_dir }}/docker-archive-keyring.gpg"
+    mode: "0644"
+
+- name: Add Docker repository (secure way)
+  ansible.builtin.apt_repository:
+    repo: "deb [arch=amd64 signed-by={{ docker_key_dir }}/docker-archive-keyring.gpg] \
+          {{ docker_repo_url }} \
+          {{ docker_repo_distribution }} \
+          {{ docker_repo_component }}"
+    state: present
+    filename: "docker"
+
+- name: Install Docker & Docker Compose (v2)
+  apt:  
+    name: "{{ docker_packages }}"
+    state: present    
+    update_cache: yes
+
+- name: Ensure Docker is running  
+  service:  
+    name: docker  
+    state: started  
+    enabled: yes  
