From 21a8d9b37e8e6de6beba7c9f6e9a46bb57c1c3fd Mon Sep 17 00:00:00 2001 From: Alexander Foley Date: Thu, 31 Oct 2024 18:29:38 -0400 Subject: [PATCH 1/9] chore: playbook and github actions for builds --- .github/workflows/build-and-publish.yml | 56 ++++++++++++++++-------- ansible/README.md | 57 +++++++++++++++++++++++++ ansible/ansible.cfg | 16 +++++++ ansible/group_vars/all.yaml | 8 ++++ ansible/inventory/gcp.yml | 10 +++++ ansible/requirements.txt | 2 + ansible/scripts/gcp-scp-wrapper.sh | 24 +++++++++++ ansible/scripts/gcp-ssh-wrapper.sh | 21 +++++++++ ansible/site.yml | 14 ++++++ ansible/tasks/docker.yml | 27 ++++++++++++ ansible/tasks/fs.yml | 38 +++++++++++++++++ ansible/tasks/users.yml | 19 +++++++++ docker-compose.yaml | 13 ++++++ 13 files changed, 287 insertions(+), 18 deletions(-) create mode 100644 ansible/README.md create mode 100644 ansible/ansible.cfg create mode 100644 ansible/group_vars/all.yaml create mode 100644 ansible/inventory/gcp.yml create mode 100644 ansible/requirements.txt create mode 100755 ansible/scripts/gcp-scp-wrapper.sh create mode 100755 ansible/scripts/gcp-ssh-wrapper.sh create mode 100644 ansible/site.yml create mode 100644 ansible/tasks/docker.yml create mode 100644 ansible/tasks/fs.yml create mode 100644 ansible/tasks/users.yml create mode 100644 docker-compose.yaml diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 9800945..843cc64 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -4,6 +4,15 @@ on: push: branches: - "main" + paths: + - 'voxelbot/**' + - 'ansible/**' + - 'dockerfile' + - 'docker-compose.yaml' + - '.github/workflows/build-and-publish.yml' + +concurrency: + group: "${{ github.ref_name }}-build-and-deploy" jobs: build: @@ -11,40 +20,51 @@ jobs: permissions: contents: 'write' id-token: 'write' - env: - GCP_LOCATION: '' - GCP_PROJECT: '' - GCP_DOCKER_REPOSITORY: '' - GCP_HELM_REGISTRY: '' - GCP_SERVICE_ACCOUNT: '' - VERSION: ${{ github.sha }} + steps: - uses: actions/checkout@v4 + - name: Authenticate to Google Cloud uses: google-github-actions/auth@v2 with: - project_id: ${{ env.GCP_PROJECT }} - service_account: ${{ env.GCP_SERVICE_ACCOUNT }} + project_id: ${{ secrets.GCP_PROJECT }} + service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} workload_identity_provider: ${{ secrets.ORG_GOOGLE_WORKLOAD_IDP }} + - name: Set Up Cloud SDK uses: google-github-actions/setup-gcloud@v2 + with: + install_components: 'beta' + - name: Docker login run: | gcloud auth print-access-token | docker login \ -u oauth2accesstoken \ - --password-stdin "https://${{ env.GCP_LOCATION }}-docker.pkg.dev" - - name: Helm login - run: | - gcloud auth print-access-token | \ - helm registry login -u oauth2accesstoken \ - --password-stdin "https://${{ env.GCP_LOCATION }}-docker.pkg.dev" + --password-stdin "https://${{ secrets.GCP_LOCATION }}-docker.pkg.dev" + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Build and push uses: docker/build-push-action@v6 with: push: true platforms: linux/amd64,linux/arm64 - file: ./external/VoxelBot/dockerfile - context: ./external/VoxelBot - tags: ${{ env.GCP_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT }}/${{ env.GCP_DOCKER_REPOSITORY }}/voxel51-discordbot:${{ env.VERSION }} + file: dockerfile + context: . + tags: ${{ secrets.GCP_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_DOCKER_REPOSITORY }}/voxel51-discordbot:${{ github.sha }} + cache-from: type=gha + cache-to: type=gha,node=max + + - name: Deploy via ansible + shell: bash + env: + DOCKER_REGISTRY: "${{ secrets.GCP_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_DOCKER_REPOSITORY }}/" + GCP_SM_KEY: "${{ secrets.GCP_SM_KEY }}" + TAG: ${{ github.sha }} + GCP_COMPUTE_SERVER_NAME: "${{ secrets.GCP_COMPUTE_SERVER_NAME }}" + run: | + pushd ansible + sudo pipx inject ansible-core -r requirements.txt + ansible-playbook site.yml + popd diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..bac73ca --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,57 @@ +# Ansible Automation For Docker Compose Systems + +In order to provide a GitOps +flow for docker compose, we wrote a suite of ansible tooling +to be triggered via GitHub actions. + +This automation includes a few task sets: + +1. A task set to perform any `git pull` / `git fetch` / `git checkout` + actions for the fiftyone-teams-app-deploy repository. + This includes: + 1. Cloning the repository + 1. Setting it a shared group repository + 1. Making it writeable to the `fiftyone` linux group +1. A task set to log in to GCP and internal docker registries +1. A task set to deploy our docker compose stacks. This includes: + 1. Ensuring there is a `.env` file either in google secrets manager + or on disk for the stack to use. + 1. Ensuring there is a `license` file either in google secrets manager + or on disk for the stack to use. + 1. Ensuring the ansible user is part of the `docker` linux group. + 1. Setting appropriate versions via override file + 1. Bringing up the docker compose stack +1. A task set to configure ingress. This includes: + 1. Using `certbot` to issue certificates + 1. Creating and testing `nginx` configurations based on whether this + is a path-based or hostname-based routing system. + 1. Reloading `nginx` to make sure changes take effect. + +## Variables + +Host variables are documented and defaulted in [this](group_vars/all.yaml) file. + +## Running + +You can run locally via the `ansible-playbook` command. +You can set your hosts via the command line via the `ANSIBLE_HOST_OR_GROUP` +environment variable. + +A list of environment variables: + +* `ANSIBLE_HOST_OR_GROUP` - The ansbile host or group to target +* `GCP_LOCATION` - The GCP location to use for `gcloud` commands +* `GCP_PROJECT` - The GCP project to use for `gcloud` commands +* `GCP_SERVICE_ACCOUNT` - The GCP service account to use for `gcloud` commands +* `GCP_SA_KEY_JSON` - The GCP Service account key contents in JSON format + +An example: + +```shell +export ANSIBLE_HOST_OR_GROUP=docker-compose-new.dev.fiftyone.ai +export GCP_LOCATION=us-central1 +export GCP_PROJECT=computer-vision-team +export GCP_SERVICE_ACCOUNT=github@computer-vision-team.iam.gserviceaccount.com +export GCP_SA_KEY_JSON='{.....}' +ansible-playbook -i inventory/hosts.yaml main.yml +``` diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..f2190ea --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,16 @@ +[inventory] +enable_plugins = gcp_compute + +[defaults] +inventory = inventory/gcp.yml + +[ssh_connection] +# Enabling pipelining reduces the number of SSH operations required +# to execute a module on the remote server. +# This can result in a significant performance improvement +# when enabled. +pipelining = True +ssh_executable = scripts/gcp-ssh-wrapper.sh +ssh_args = None +scp_if_ssh = True +scp_executable = scripts/gcp-scp-wrapper.sh diff --git a/ansible/group_vars/all.yaml b/ansible/group_vars/all.yaml new file mode 100644 index 0000000..2d95226 --- /dev/null +++ b/ansible/group_vars/all.yaml @@ -0,0 +1,8 @@ +--- +ansible_ssh_args: --tunnel-through-iap --zone={{ zone }} --project={{ project }} --no-user-output-enabled --quiet +ansible_scp_extra_args: --tunnel-through-iap --zone={{ zone }} --quiet +docker_dir: /deploy/voxel51-discordbot +compose_async_timeout: 30 +gcp_sm_key: "{{ lookup('env', 'GCP_SM_KEY') }}" +docker_registry: "{{ lookup('env', 'DOCKER_REGISTRY') }}" +tag: "{{ lookup('env', 'TAG') }}" diff --git a/ansible/inventory/gcp.yml b/ansible/inventory/gcp.yml new file mode 100644 index 0000000..eb81b81 --- /dev/null +++ b/ansible/inventory/gcp.yml @@ -0,0 +1,10 @@ +plugin: google.cloud.gcp_compute +projects: + - voxel51-discordbot +zones: + - us-central1-a +filters: + - status = RUNNING +auth_kind: application +hostnames: + - name diff --git a/ansible/requirements.txt b/ansible/requirements.txt new file mode 100644 index 0000000..f0c3563 --- /dev/null +++ b/ansible/requirements.txt @@ -0,0 +1,2 @@ +google-auth==2.35.0 +requests==2.31.0 diff --git a/ansible/scripts/gcp-scp-wrapper.sh b/ansible/scripts/gcp-scp-wrapper.sh new file mode 100755 index 0000000..4b5e24c --- /dev/null +++ b/ansible/scripts/gcp-scp-wrapper.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# This is a wrapper script allowing to use GCP's IAP option to connect +# to our servers. + +# Ansible passes a large number of SSH parameters along with the hostname as the +# second to last argument and the command as the last. We will pop the last two +# arguments off of the list and then pass all of the other SSH flags through +# without modification: +host="${@: -2: 1}" +cmd="${@: -1: 1}" + +# Unfortunately ansible has hardcoded scp options, so we need to filter these out +# It's an ugly hack, but for now we'll only accept the options starting with '--' +declare -a opts +for scp_arg in "${@: 1: $# -3}" ; do + if [[ "${scp_arg}" == --* ]] ; then + opts+="${scp_arg} " + fi +done + +# Remove [] around our host, as gcloud scp doesn't understand this syntax +cmd=`echo "${cmd}" | tr -d []` + +exec gcloud beta compute scp $opts "${host}" "${cmd}" diff --git a/ansible/scripts/gcp-ssh-wrapper.sh b/ansible/scripts/gcp-ssh-wrapper.sh new file mode 100755 index 0000000..3512f2d --- /dev/null +++ b/ansible/scripts/gcp-ssh-wrapper.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# This is a wrapper script allowing to use GCP's IAP SSH option to connect +# to our servers. + +# Ansible passes a large number of SSH parameters along with the hostname as the +# second to last argument and the command as the last. We will pop the last two +# arguments off of the list and then pass all of the other SSH flags through +# without modification: +host="${@: -2: 1}" +cmd="${@: -1: 1}" + +# Unfortunately ansible has hardcoded ssh options, so we need to filter these out +# It's an ugly hack, but for now we'll only accept the options starting with '--' +declare -a opts +for ssh_arg in "${@: 1: $# -3}" ; do + if [[ "${ssh_arg}" == --* ]] ; then + opts+="${ssh_arg} " + fi +done + +exec gcloud beta compute ssh $opts "${host}" -- -C "${cmd}" diff --git a/ansible/site.yml b/ansible/site.yml new file mode 100644 index 0000000..77f498a --- /dev/null +++ b/ansible/site.yml @@ -0,0 +1,14 @@ +--- +- name: Deploy Voxel51 Discord Bot + hosts: "{{ lookup('env', 'GCP_COMPUTE_SERVER_NAME') }}" + gather_facts: true + + tasks: + - name: Sync User Permissions + include_tasks: tasks/users.yml + + - name: Ensure paths and dot envs + include_tasks: tasks/fs.yml + + - name: Deploy stack + include_tasks: tasks/docker.yml diff --git a/ansible/tasks/docker.yml b/ansible/tasks/docker.yml new file mode 100644 index 0000000..b818e21 --- /dev/null +++ b/ansible/tasks/docker.yml @@ -0,0 +1,27 @@ +--- +- name: Pull docker images + community.docker.docker_compose_v2_pull: + project_src: "{{ docker_dir }}" + environment: + DOCKER_REGISTRY: "{{ docker_registry }}" + TAG: "{{ tag }}" + +- name: Create and start services + community.docker.docker_compose_v2: + project_src: "{{ docker_dir }}" + build: "never" + environment: + DOCKER_REGISTRY: "{{ docker_registry }}" + TAG: "{{ tag }}" + register: compose_out + +# Assert that states == running here +- name: Verify all services are running + ansible.builtin.assert: + that: + - "{{ item.State == 'running' }}" + msg: "{{ item.Name }} failed to start properly" + quiet: true + with_items: "{{ compose_out.containers }}" + loop_control: + label: "{{ item.Name }}" diff --git a/ansible/tasks/fs.yml b/ansible/tasks/fs.yml new file mode 100644 index 0000000..5559813 --- /dev/null +++ b/ansible/tasks/fs.yml @@ -0,0 +1,38 @@ +--- + +- name: Create directories + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: '0770' + owner: "{{ ansible_user_id }}" + group: fiftyone + recurse: true + loop: + - /deploy + - "{{ docker_dir }}" + +- name: Read from gcp + ansible.builtin.shell: | + gcloud secrets versions access latest \ + --secret="{{ gcp_sm_key }}" \ + --project="{{ project }}" + register: _env + +- name: Save to .env file + ansible.builtin.copy: + content: "{{ _env.stdout }}" + dest: "{{ docker_dir }}/.env" + owner: "{{ ansible_user_id }}" + group: fiftyone + mode: '0660' + no_log: true + +- name: Move compose file over + ansible.builtin.copy: + src: "{{ playbook_dir }}/../docker-compose.yaml" + dest: "{{ docker_dir }}/docker-compose.yaml" + group: fiftyone + mode: '0660' + no_log: true diff --git a/ansible/tasks/users.yml b/ansible/tasks/users.yml new file mode 100644 index 0000000..8154f93 --- /dev/null +++ b/ansible/tasks/users.yml @@ -0,0 +1,19 @@ +--- +- name: Add groups to the system + become: true + ansible.builtin.group: + name: "{{ item }}" + state: present + loop: + - docker + - fiftyone + +- name: Add user to group + become: true + ansible.builtin.user: + name: "{{ ansible_user_id }}" + groups: "{{ item }}" + append: true + loop: + - docker + - fiftyone diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..402fc13 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,13 @@ +--- + +services: + discordbot: + image: "${DOCKER_REGISTRY:-}voxel51-discordbot:${TAG:-latest}" + build: + context: . + dockerfile: dockerfile + volumes: + - discordbot:/app/persist/:rw + +volumes: + discordbot: {} From 4b136b1af5d785cdea2217c38d4513c78fb834ea Mon Sep 17 00:00:00 2001 From: Alexander Foley Date: Fri, 1 Nov 2024 07:34:41 -0400 Subject: [PATCH 2/9] chore: README --- ansible/README.md | 34 +++++++++------------------------- 1 file changed, 9 insertions(+), 25 deletions(-) diff --git a/ansible/README.md b/ansible/README.md index bac73ca..dea914b 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -6,26 +6,12 @@ to be triggered via GitHub actions. This automation includes a few task sets: -1. A task set to perform any `git pull` / `git fetch` / `git checkout` - actions for the fiftyone-teams-app-deploy repository. - This includes: - 1. Cloning the repository - 1. Setting it a shared group repository - 1. Making it writeable to the `fiftyone` linux group 1. A task set to log in to GCP and internal docker registries 1. A task set to deploy our docker compose stacks. This includes: 1. Ensuring there is a `.env` file either in google secrets manager or on disk for the stack to use. - 1. Ensuring there is a `license` file either in google secrets manager - or on disk for the stack to use. 1. Ensuring the ansible user is part of the `docker` linux group. - 1. Setting appropriate versions via override file 1. Bringing up the docker compose stack -1. A task set to configure ingress. This includes: - 1. Using `certbot` to issue certificates - 1. Creating and testing `nginx` configurations based on whether this - is a path-based or hostname-based routing system. - 1. Reloading `nginx` to make sure changes take effect. ## Variables @@ -39,19 +25,17 @@ environment variable. A list of environment variables: -* `ANSIBLE_HOST_OR_GROUP` - The ansbile host or group to target -* `GCP_LOCATION` - The GCP location to use for `gcloud` commands -* `GCP_PROJECT` - The GCP project to use for `gcloud` commands -* `GCP_SERVICE_ACCOUNT` - The GCP service account to use for `gcloud` commands -* `GCP_SA_KEY_JSON` - The GCP Service account key contents in JSON format +* `DOCKER_REGISTRY` - The registry to pull images from +* `GCP_COMPUTE_SERVER_NAME` - The ansbile host or group to deploy to +* `GCP_SM_KEY` - The GCP secret with .env file contents +* `TAG` - The image tag to deploy An example: ```shell -export ANSIBLE_HOST_OR_GROUP=docker-compose-new.dev.fiftyone.ai -export GCP_LOCATION=us-central1 -export GCP_PROJECT=computer-vision-team -export GCP_SERVICE_ACCOUNT=github@computer-vision-team.iam.gserviceaccount.com -export GCP_SA_KEY_JSON='{.....}' -ansible-playbook -i inventory/hosts.yaml main.yml +export DOCKER_REGISTRY="us.gcr.io/.../..." +export GCP_COMPUTE_SERVER_NAME=some-server-name +export GCP_SM_KEY="some-key-name" +export TAG="abc123" +ansible-playbook main.yml ``` From 873987ce3152648900af0994ccc3e012232f9106 Mon Sep 17 00:00:00 2001 From: Alexander Foley Date: Fri, 1 Nov 2024 07:44:03 -0400 Subject: [PATCH 3/9] chore: Configure docker --- .github/workflows/build-and-publish.yml | 1 + ansible/tasks/docker.yml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 843cc64..f2c3efe 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -63,6 +63,7 @@ jobs: GCP_SM_KEY: "${{ secrets.GCP_SM_KEY }}" TAG: ${{ github.sha }} GCP_COMPUTE_SERVER_NAME: "${{ secrets.GCP_COMPUTE_SERVER_NAME }}" + GCP_LOCATION: ${{ secrets.GCP_LOCATION }} run: | pushd ansible sudo pipx inject ansible-core -r requirements.txt diff --git a/ansible/tasks/docker.yml b/ansible/tasks/docker.yml index b818e21..7649842 100644 --- a/ansible/tasks/docker.yml +++ b/ansible/tasks/docker.yml @@ -1,4 +1,10 @@ --- +- name: Docker login + shell: | + gcloud auth configure-docker \ + "{{ lookup('env', 'GCP_LOCATION') }}-docker.pkg.dev" \ + --quiet + - name: Pull docker images community.docker.docker_compose_v2_pull: project_src: "{{ docker_dir }}" From f6c661c9e8ac9acf9dd38c679627323d3ed0aef4 Mon Sep 17 00:00:00 2001 From: Alexander Foley Date: Fri, 1 Nov 2024 07:47:27 -0400 Subject: [PATCH 4/9] chore: Documenting env var --- ansible/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/README.md b/ansible/README.md index dea914b..03f8f46 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -27,6 +27,7 @@ A list of environment variables: * `DOCKER_REGISTRY` - The registry to pull images from * `GCP_COMPUTE_SERVER_NAME` - The ansbile host or group to deploy to +* `GCP_LOCATION` - The GCP location of the registry * `GCP_SM_KEY` - The GCP secret with .env file contents * `TAG` - The image tag to deploy @@ -35,6 +36,7 @@ An example: ```shell export DOCKER_REGISTRY="us.gcr.io/.../..." export GCP_COMPUTE_SERVER_NAME=some-server-name +export GCP_LOCATION=some-gcp-location export GCP_SM_KEY="some-key-name" export TAG="abc123" ansible-playbook main.yml From 92a09ecdec4e264ea44fa29a8bdadd79c9593758 Mon Sep 17 00:00:00 2001 From: Alexander Foley Date: Fri, 1 Nov 2024 08:45:44 -0400 Subject: [PATCH 5/9] chore: updating docs --- ansible/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/README.md b/ansible/README.md index 03f8f46..f77ec95 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -20,7 +20,7 @@ Host variables are documented and defaulted in [this](group_vars/all.yaml) file. ## Running You can run locally via the `ansible-playbook` command. -You can set your hosts via the command line via the `ANSIBLE_HOST_OR_GROUP` +You can set your hosts via the command line via the `GCP_COMPUTE_SERVER_NAME` environment variable. A list of environment variables: From 8b8d81716e1a52cc0a79110ffe73bc81efb26530 Mon Sep 17 00:00:00 2001 From: Alexander Foley Date: Fri, 1 Nov 2024 09:10:56 -0400 Subject: [PATCH 6/9] chore: Adding .env --- ansible/tasks/docker.yml | 2 +- docker-compose.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/tasks/docker.yml b/ansible/tasks/docker.yml index 7649842..67fd180 100644 --- a/ansible/tasks/docker.yml +++ b/ansible/tasks/docker.yml @@ -25,7 +25,7 @@ - name: Verify all services are running ansible.builtin.assert: that: - - "{{ item.State == 'running' }}" + - item.State == 'running' msg: "{{ item.Name }} failed to start properly" quiet: true with_items: "{{ compose_out.containers }}" diff --git a/docker-compose.yaml b/docker-compose.yaml index 402fc13..2d6af8a 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -6,6 +6,8 @@ services: build: context: . dockerfile: dockerfile + env_file: + - .env volumes: - discordbot:/app/persist/:rw From f61230184450da04372006b66cfd996540e9e960 Mon Sep 17 00:00:00 2001 From: Alexander Foley Date: Fri, 1 Nov 2024 09:17:20 -0400 Subject: [PATCH 7/9] chore: Restart policy --- docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index 2d6af8a..ddb7618 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -8,6 +8,7 @@ services: dockerfile: dockerfile env_file: - .env + restart_policy: unless-stopped volumes: - discordbot:/app/persist/:rw From 2859fc06e54949bfd4e0d9278f599967510b2c20 Mon Sep 17 00:00:00 2001 From: Alexander Foley Date: Fri, 1 Nov 2024 09:18:09 -0400 Subject: [PATCH 8/9] chore: Restart policy --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index ddb7618..14f2ca5 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -8,7 +8,7 @@ services: dockerfile: dockerfile env_file: - .env - restart_policy: unless-stopped + restart: unless-stopped volumes: - discordbot:/app/persist/:rw From c4ec74a66554453fa0a90c52624b405c723e936c Mon Sep 17 00:00:00 2001 From: Alexander Foley Date: Fri, 1 Nov 2024 12:22:31 -0400 Subject: [PATCH 9/9] chore: Adding yq calls --- .github/workflows/build-and-publish.yml | 3 +++ ansible/inventory/gcp.yml | 6 ++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index f2c3efe..499ea3c 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -64,8 +64,11 @@ jobs: TAG: ${{ github.sha }} GCP_COMPUTE_SERVER_NAME: "${{ secrets.GCP_COMPUTE_SERVER_NAME }}" GCP_LOCATION: ${{ secrets.GCP_LOCATION }} + GCP_PROJECT: ${{ secrets.GCP_PROJECT }} run: | pushd ansible + yq -i ".projects |= [\"$GCP_PROJECT\"]" ./inventory/gcp.yml + yq -i ".zones |= [\"$GCP_LOCATION\"]" ./inventory/gcp.yml sudo pipx inject ansible-core -r requirements.txt ansible-playbook site.yml popd diff --git a/ansible/inventory/gcp.yml b/ansible/inventory/gcp.yml index eb81b81..41df5f1 100644 --- a/ansible/inventory/gcp.yml +++ b/ansible/inventory/gcp.yml @@ -1,8 +1,6 @@ plugin: google.cloud.gcp_compute -projects: - - voxel51-discordbot -zones: - - us-central1-a +projects: [] +zones: [] filters: - status = RUNNING auth_kind: application