Improve test-deploy workflow:

- Switch to Python-based vault password generation
- Export VAULT_PASSWORD for internal container usage
- Add first deploy with --debug
- Add second deploy with --reset --debug
- Add third async deploy (no debug)
- Remove incorrect volume copy step and create vault file inside container
Conversation reference: https://chatgpt.com/share/692f1035-6bc4-800f-91a9-342db54e1a75

.github/workflows/test-deploy.yml

@@ -7,51 +7,93 @@ on:
   pull_request:
 
 jobs:
-  build-and-test:
+  test-deploy:
     runs-on: ubuntu-latest
     timeout-minutes: 30
 
-    env:
-      ANSIBLE_VAULT_PASSWORD_FILE: /opt/infinito-src/.vault_pass
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
       - name: Generate vault password automatically
         run: |
-          tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 64 > .vault_pass
+          python3 - << 'EOF' > .vault_pass
+          import secrets
+          import string
+
+          alphabet = string.ascii_letters + string.digits
+          pw = ''.join(secrets.choice(alphabet) for _ in range(64))
+          print(pw, end="")
+          EOF
+
           chmod 600 .vault_pass
+
+          # Export password as environment variable
+          echo "VAULT_PASSWORD=$(cat .vault_pass)" >> "$GITHUB_ENV"
         shell: bash
 
       - name: Build Docker image
         run: |
-          docker build -t infinito:latest .
+          docker build --network=host --no-cache --pull -t infinito:latest .
 
-      - name: Copy vault password into container workspace
+      # ----------------------------------------------------------------------
+      # 1) First deploy: NORMAL DEPLOY + DEBUG enabled
+      # ----------------------------------------------------------------------
+      - name: First deploy (normal + debug)
         run: |
-          docker run --rm \
-            -v "${PWD}:/opt/infinito-src" \
+          docker run --network=host --rm \
+            -e VAULT_PASSWORD="${VAULT_PASSWORD}" \
             infinito:latest \
-            /bin/sh -lc "cp /opt/infinito-src/.vault_pass /opt/infinito-src/.vault_pass && chmod 600 /opt/infinito-src/.vault_pass"
+            /bin/sh -lc '
+              echo "$VAULT_PASSWORD" > /tmp/.vault_pass
+              chmod 600 /tmp/.vault_pass
+              export ANSIBLE_VAULT_PASSWORD_FILE=/tmp/.vault_pass
 
-      - name: Clean build artifacts
-        run: |
-          docker run --rm \
-            -e ANSIBLE_VAULT_PASSWORD_FILE=/opt/infinito-src/.vault_pass \
-            infinito:latest \
-            /bin/sh -lc "cd /opt/infinito-src && infinito make clean"
+              cd /opt/infinito-src
 
-      - name: Generate outputs
-        run: |
-          docker run --rm \
-            -e ANSIBLE_VAULT_PASSWORD_FILE=/opt/infinito-src/.vault_pass \
-            infinito:latest \
-            /bin/sh -lc "cd /opt/infinito-src && infinito make build"
+              infinito create inventory inventories/github-ci \
+                --host localhost \
+                --ssl-disabled
 
-      - name: Run tests
+              INVENTORY_PATH="inventories/github-ci/servers.yml"
+              infinito deploy "$INVENTORY_PATH" -T server --debug
+            '
+
+      # ----------------------------------------------------------------------
+      # 2) Second deploy: RESET + DEBUG
+      # ----------------------------------------------------------------------
+      - name: Second deploy (--reset --debug)
         run: |
-          docker run --rm \
-            -e ANSIBLE_VAULT_PASSWORD_FILE=/opt/infinito-src/.vault_pass \
+          docker run --network=host --rm \
+            -e VAULT_PASSWORD="${VAULT_PASSWORD}" \
             infinito:latest \
-            /bin/sh -lc "cd /opt/infinito-src && infinito make test"
+            /bin/sh -lc '
+              echo "$VAULT_PASSWORD" > /tmp/.vault_pass
+              chmod 600 /tmp/.vault_pass
+              export ANSIBLE_VAULT_PASSWORD_FILE=/tmp/.vault_pass
+
+              cd /opt/infinito-src
+              INVENTORY_PATH="inventories/github-ci/servers.yml"
+
+              infinito deploy "$INVENTORY_PATH" -T server --reset --debug
+            '
+
+      # ----------------------------------------------------------------------
+      # 3) Third deploy: ASYNC DEPLOY (no debug flag)
+      # ----------------------------------------------------------------------
+      - name: Third deploy (async deploy – no debug)
+        run: |
+          docker run --network=host --rm \
+            -e VAULT_PASSWORD="${VAULT_PASSWORD}" \
+            infinito:latest \
+            /bin/sh -lc '
+              echo "$VAULT_PASSWORD" > /tmp/.vault_pass
+              chmod 600 /tmp/.vault_pass
+              export ANSIBLE_VAULT_PASSWORD_FILE=/tmp/.vault_pass
+
+              cd /opt/infinito-src
+              INVENTORY_PATH="inventories/github-ci/servers.yml"
+
+              # Without --debug the deploy is asynchronous in several roles
+              infinito deploy "$INVENTORY_PATH" -T server
+            '