117 lines
3.4 KiB
YAML
117 lines
3.4 KiB
YAML
#! wake up runner !
|
|
- hosts: tower
|
|
gather_facts: false
|
|
vars:
|
|
# Variables depuis Environment (non-sensibles)
|
|
vaultwarden_url: "{{ lookup('env', 'vaultwarden_url') }}"
|
|
bw_client_secret: "{{ lookup('env', 'bw_client_secret') }}"
|
|
bw_client_password: "{{ lookup('env', 'bw_client_password') }}"
|
|
bw_client_id: "{{ lookup('env', 'bw_client_id') }}"
|
|
# Token gitea runner
|
|
bw_requested_password_id: "{{ lookup('env', 'bw_requested_password_id') }}"
|
|
# b8decb1a-222d-402c-a882-f70c191ba936
|
|
tasks:
|
|
|
|
|
|
#! SECRETS
|
|
- name: Install Bitwarden CLI
|
|
ansible.builtin.command:
|
|
cmd: "{{ item }}"
|
|
delegate_to: localhost
|
|
loop:
|
|
- apk add --no-cache nodejs npm
|
|
- npm install -g @bitwarden/cli
|
|
|
|
- ansible.builtin.command:
|
|
cmd: bw logout
|
|
delegate_to: localhost
|
|
ignore_errors: true
|
|
|
|
- name: bitwarden token session
|
|
ansible.builtin.shell: "{{ item }}"
|
|
environment:
|
|
BW_CLIENTID: "{{ bw_client_id }}"
|
|
BW_CLIENTSECRET: "{{ bw_client_secret }}"
|
|
BW_PASSWORD: "{{ bw_client_password }}"
|
|
loop:
|
|
- bw config server {{ vaultwarden_url }}
|
|
- bw login --apikey
|
|
- bw unlock --passwordenv BW_PASSWORD --raw
|
|
delegate_to: localhost
|
|
register: bw_session_result
|
|
|
|
- name: Get secret from Bitwarden
|
|
command:
|
|
argv:
|
|
- bw
|
|
- get
|
|
- password
|
|
- "{{ bw_requested_password_id }}"
|
|
- --session
|
|
- "{{ bw_session_result.results[-1].stdout | trim }}"
|
|
delegate_to: localhost
|
|
register: gitea_token_result
|
|
no_log: true
|
|
changed_when: false
|
|
|
|
# - name: Return all secrets from a path
|
|
# ansible.builtin.debug:
|
|
# msg: "{{ gitea_token_result.stdout }}"
|
|
# delegate_to: localhost
|
|
|
|
- ansible.builtin.set_fact:
|
|
gitea_token : "{{ gitea_token_result.stdout | trim }}"
|
|
no_log: true
|
|
delegate_to: localhost
|
|
|
|
#! runner
|
|
|
|
- community.docker.docker_compose_v2:
|
|
project_src: /opt/dockerapps
|
|
services:
|
|
- runner
|
|
state: present
|
|
|
|
- ansible.builtin.pause:
|
|
seconds: 30
|
|
|
|
# --labels ubuntu-latest:docker://ubuntu:latest
|
|
|
|
- community.docker.docker_container_exec:
|
|
container: runner
|
|
command: "act_runner register --instance http://gitea:3000 --labels ubuntu-latest:docker://docker:dind --labels ubuntu-latest:docker://ubuntu:latest --labels ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest --no-interactive --ephemeral --name runner --token {{ gitea_token }}"
|
|
chdir: /data
|
|
env:
|
|
DOCKER_HOST: unix:///var/run/user/1000/docker.sock
|
|
# BUILDKIT_STEP_LOG_MAX_SIZE: 0
|
|
# DOCKER_BUILDKIT: 1
|
|
|
|
# when: register_runner.failed == true
|
|
# - ansible.builtin.pause:
|
|
# seconds: 30
|
|
|
|
- community.docker.docker_container_exec:
|
|
container: runner
|
|
command: act_runner daemon --config .runner
|
|
chdir: /data
|
|
env:
|
|
DOCKER_HOST: unix:///var/run/user/1000/docker.sock
|
|
register: register_runner
|
|
async: 0
|
|
poll: 0
|
|
|
|
- ansible.builtin.debug:
|
|
var: register_runner
|
|
|
|
|
|
- community.docker.docker_compose_v2:
|
|
project_src: /opt/dockerapps
|
|
services:
|
|
- runner
|
|
state: absent
|
|
|
|
|
|
- name: logout bw
|
|
ansible.builtin.command:
|
|
cmd: bw logout
|
|
delegate_to: localhost |