name: Ansible Lint on: push: branches: [ main, develop ] workflow_dispatch: inputs: environment: description: 'Environment to deploy' required: true default: 'staging' type: choice options: - staging - production pull_request: branches: [ main ] jobs: ansible_lint_and_syntax_check: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Python uses: actions/setup-python@v4 with: python-version: '3.9' - name: Install dependencies run: | pip install ansible ansible-lint yamllint - name: Run yamllint run: yamllint . continue-on-error: true - name: Run ansible-lint run: ansible-lint continue-on-error: true - name: Validate inventory files run: | ansible-inventory --list -i inventories/production/hosts.yml ansible-inventory --list -i inventories/staging/hosts.yml deploy: runs-on: ubuntu-latest environment: ${{ github.event.inputs.environment || 'staging' }} steps: - uses: actions/checkout@v4 - name: Setup Python uses: actions/setup-python@v4 with: python-version: '3.9' - name: Install Ansible run: pip install ansible - name: Setup SSH key run: | mkdir -p ~/.ssh echo "${{ secrets.ANSIBLE_SSH_KEY }}" > ~/.ssh/ansible_key chmod 600 ~/.ssh/ansible_key ssh-keyscan -H ${{ secrets.ANSIBLE_HOST }} >> ~/.ssh/known_hosts - name: Create vault password file run: echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ~/.ansible_vault_pass - name: Deploy to staging if: ${{ github.event.inputs.environment == 'staging' || github.ref == 'refs/heads/develop' }} run: | ansible-playbook -i inventories/staging/hosts.yml site.yml \ --vault-password-file ~/.ansible_vault_pass \ --private-key ~/.ssh/ansible_key - name: Deploy to production if: ${{ github.event.inputs.environment == 'production' || github.ref == 'refs/heads/main' }} run: | ansible-playbook -i inventories/production/hosts.yml site.yml \ --vault-password-file ~/.ansible_vault_pass \ --private-key ~/.ssh/ansible_key