diff --git a/.github/workflows/test-deploy.yml b/.github/workflows/test-deploy.yml index 48f84358..cde2c9ea 100644 --- a/.github/workflows/test-deploy.yml +++ b/.github/workflows/test-deploy.yml @@ -7,51 +7,93 @@ on: pull_request: jobs: - build-and-test: + test-deploy: runs-on: ubuntu-latest timeout-minutes: 30 - env: - ANSIBLE_VAULT_PASSWORD_FILE: /opt/infinito-src/.vault_pass - steps: - name: Checkout repository uses: actions/checkout@v4 - name: Generate vault password automatically run: | - tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 64 > .vault_pass + python3 - << 'EOF' > .vault_pass + import secrets + import string + + alphabet = string.ascii_letters + string.digits + pw = ''.join(secrets.choice(alphabet) for _ in range(64)) + print(pw, end="") + EOF + chmod 600 .vault_pass + + # Export password as environment variable + echo "VAULT_PASSWORD=$(cat .vault_pass)" >> "$GITHUB_ENV" shell: bash - name: Build Docker image run: | - docker build -t infinito:latest . + docker build --network=host --no-cache --pull -t infinito:latest . - - name: Copy vault password into container workspace + # ---------------------------------------------------------------------- + # 1) First deploy: NORMAL DEPLOY + DEBUG enabled + # ---------------------------------------------------------------------- + - name: First deploy (normal + debug) run: | - docker run --rm \ - -v "${PWD}:/opt/infinito-src" \ + docker run --network=host --rm \ + -e VAULT_PASSWORD="${VAULT_PASSWORD}" \ infinito:latest \ - /bin/sh -lc "cp /opt/infinito-src/.vault_pass /opt/infinito-src/.vault_pass && chmod 600 /opt/infinito-src/.vault_pass" + /bin/sh -lc ' + echo "$VAULT_PASSWORD" > /tmp/.vault_pass + chmod 600 /tmp/.vault_pass + export ANSIBLE_VAULT_PASSWORD_FILE=/tmp/.vault_pass - - name: Clean build artifacts - run: | - docker run --rm \ - -e ANSIBLE_VAULT_PASSWORD_FILE=/opt/infinito-src/.vault_pass \ - infinito:latest \ - /bin/sh -lc "cd /opt/infinito-src && infinito make clean" + cd /opt/infinito-src - - name: Generate outputs - run: | - docker run --rm \ - -e ANSIBLE_VAULT_PASSWORD_FILE=/opt/infinito-src/.vault_pass \ - infinito:latest \ - /bin/sh -lc "cd /opt/infinito-src && infinito make build" + infinito create inventory inventories/github-ci \ + --host localhost \ + --ssl-disabled - - name: Run tests + INVENTORY_PATH="inventories/github-ci/servers.yml" + infinito deploy "$INVENTORY_PATH" -T server --debug + ' + + # ---------------------------------------------------------------------- + # 2) Second deploy: RESET + DEBUG + # ---------------------------------------------------------------------- + - name: Second deploy (--reset --debug) run: | - docker run --rm \ - -e ANSIBLE_VAULT_PASSWORD_FILE=/opt/infinito-src/.vault_pass \ + docker run --network=host --rm \ + -e VAULT_PASSWORD="${VAULT_PASSWORD}" \ infinito:latest \ - /bin/sh -lc "cd /opt/infinito-src && infinito make test" + /bin/sh -lc ' + echo "$VAULT_PASSWORD" > /tmp/.vault_pass + chmod 600 /tmp/.vault_pass + export ANSIBLE_VAULT_PASSWORD_FILE=/tmp/.vault_pass + + cd /opt/infinito-src + INVENTORY_PATH="inventories/github-ci/servers.yml" + + infinito deploy "$INVENTORY_PATH" -T server --reset --debug + ' + + # ---------------------------------------------------------------------- + # 3) Third deploy: ASYNC DEPLOY (no debug flag) + # ---------------------------------------------------------------------- + - name: Third deploy (async deploy – no debug) + run: | + docker run --network=host --rm \ + -e VAULT_PASSWORD="${VAULT_PASSWORD}" \ + infinito:latest \ + /bin/sh -lc ' + echo "$VAULT_PASSWORD" > /tmp/.vault_pass + chmod 600 /tmp/.vault_pass + export ANSIBLE_VAULT_PASSWORD_FILE=/tmp/.vault_pass + + cd /opt/infinito-src + INVENTORY_PATH="inventories/github-ci/servers.yml" + + # Without --debug the deploy is asynchronous in several roles + infinito deploy "$INVENTORY_PATH" -T server + '