[Update gitea runner]

2025-11-16 16:25:15 +01:00
parent a12fd96bf5
commit 270c9f02b5
1 changed files with 61 additions and 10 deletions
--- a/gitea-runner.yml
+++ b/gitea-runner.yml
@@ -1,17 +1,62 @@
 #! wake up runner !
 - hosts: tower
  gather_facts: false
-  vars:
-    token_register_runner: !vault |
-              $ANSIBLE_VAULT;1.2;AES256;prod
-              38313233316133303530346633376266386137363665636264613635356365636435646164643563
-              3765646235333862363161376464613931323262653730660a623933373633346132353335613265
-              31623238393064663137643062323165616564643037373632313932346437383365343661313964
-              3530653265353863320a316331333363376436303562363933663834323333633065303534653039
-              65363661373934383638323530656531353138623732616432333031396561373037616661386335
-              6466613030333533363536393537666232383735373065653030
  tasks:

+
+#! SECRETS
+    - name: Install Bitwarden CLI
+      ansible.builtin.command:
+        cmd: "{{ item }}"
+      delegate_to: localhost
+      loop: 
+        - apk add --no-cache nodejs npm
+        - npm install -g @bitwarden/cli 
+
+    - ansible.builtin.command:
+        cmd: bw logout
+      delegate_to: localhost
+      ignore_errors: true
+
+    - name: bitwarden token session 
+      ansible.builtin.shell: "{{ item }}"
+      environment:
+        BW_CLIENTID: "{{ bw_client_id }}"
+        BW_CLIENTSECRET: "{{ bw_client_secret }}"
+        BW_PASSWORD: "{{ bw_client_password }}"
+      loop:
+        - bw config server {{ vaultwarden_url }}
+        - bw login --apikey
+        - bw unlock --passwordenv BW_PASSWORD --raw
+      delegate_to: localhost
+      register: bw_session_result
+
+    - name: Get secret from Bitwarden
+      command:
+        argv:
+          - bw
+          - get
+          - password
+          - "{{ bw_requested_password_id }}"
+          - --session
+          - "{{ bw_session_result.results[-1].stdout | trim }}"
+      delegate_to: localhost
+      register: gitea_token_result
+      no_log: true
+      changed_when: false
+
+    # - name: Return all secrets from a path
+    #   ansible.builtin.debug: 
+    #     msg: "{{ gitea_token_result.stdout }}"
+    #   delegate_to: localhost
+
+    - ansible.builtin.set_fact:
+        gitea_token : "{{ gitea_token_result.stdout | trim }}"
+      no_log: true
+      delegate_to: localhost
+
+    #! runner
+
    - community.docker.docker_compose_v2:
        project_src: /opt/dockerapps
        services:
@@ -25,7 +70,7 @@

    - community.docker.docker_container_exec:
        container: runner
-        command: "act_runner register --instance http://gitea:3000 --labels ubuntu-latest:docker://docker:dind --labels ubuntu-latest:docker://ubuntu:latest --labels ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest --no-interactive --ephemeral --name runner --token {{ token_register_runner }}" 
+        command: "act_runner register --instance http://gitea:3000 --labels ubuntu-latest:docker://docker:dind --labels ubuntu-latest:docker://ubuntu:latest --labels ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest --no-interactive --ephemeral --name runner --token {{ gitea_token }}" 
        chdir: /data
        env:
          DOCKER_HOST: unix:///var/run/user/1000/docker.sock
@@ -56,3 +101,9 @@
        services:
          - runner
        state: absent
+
+
+    - name: logout bw
+      ansible.builtin.command:
+        cmd: bw logout
+      delegate_to: localhost