-
-
Notifications
You must be signed in to change notification settings - Fork 174
Expand file tree
/
Copy pathmain.yml
More file actions
188 lines (164 loc) · 5.16 KB
/
main.yml
File metadata and controls
188 lines (164 loc) · 5.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
---
- name: check if secrets are properly set
fail:
failed_when: not {{ secret }}
loop_control:
loop_var: secret
with_items:
- gh_bot_secrets.envs.port
- gh_bot_secrets.envs.travis_token
- gh_bot_secrets.envs.github_token
- gh_bot_secrets.envs.github_webhook_secret
- gh_bot_secrets.envs.login_credentials
- gh_bot_secrets.envs.jenkins_api_credentials
- gh_bot_secrets.envs.jenkins_job_citgm
- gh_bot_secrets.envs.jenkins_build_token_citgm
- gh_bot_secrets.envs.jenkins_job_node
- gh_bot_secrets.envs.jenkins_build_token_node
- gh_bot_secrets.conf.github_deploy_webhook_secret
- name: Get IP addresses of jenkins-workspace machines
no_log: true
set_fact:
jenkins_workspace_ips: "{{ jenkins_workspace_ips | default([]) + [item.value.ansible_host | string] }}"
when: "item.value.alias is defined and item.value.alias is match('jenkins-workspace.*')"
with_dict: "{{ hostvars }}"
- name: Bootstrap | Install baseline packages
package:
name: "{{ package }}"
state: present
loop_control:
loop_var: package
with_items: "{{ base_packages }}"
- name: Bootstrap | Add nodesource signing key
ansible.builtin.get_url:
dest: /etc/apt/keyrings/nodesource-repo.gpg.asc
url: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key
- name: Bootstrap | Add nodesource repo
apt_repository:
repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/nodesource-repo.gpg.asc] https://deb.nodesource.com/node_22.x nodistro main
state: present
- name: Bootstrap | APT Update and upgrade
apt:
update_cache: yes
upgrade: full
- name: Bootstrap | Install packages
package:
name: "{{ package }}"
state: present
loop_control:
loop_var: package
with_items: "{{ packages }}"
notify:
- restart github-bot-deploy-webhook
- restart github-bot
- name: Bootstrap | Enable time syncing
service:
name: systemd-timesyncd
state: started
enabled: yes
- name: Boostrap | Add {{ server_user }} user
user:
name: "{{ server_user }}"
- name: Init | Create required directories
file:
path: "/home/{{ server_user }}/{{ item }}"
state: directory
mode: 0755
owner: "{{ server_user }}"
with_items: "{{ required_directories }}"
- name: Init | Generate and copy init script
template:
src: "{{ role_path }}/templates/github-bot.service.j2"
dest: /lib/systemd/system/github-bot.service
notify:
- restart github-bot
- name: Init | Generate and copy systemd EnvironmentFile
template:
src: "{{ role_path }}/templates/environment-file.j2"
dest: "/home/{{ server_user }}/environment/github-bot"
notify:
- restart github-bot-deploy-webhook
- restart github-bot
- name: Init | Clone github-bot repo
become: yes
become_user: "{{ server_user }}"
git:
repo: https://github.com/nodejs/github-bot.git
dest: "/home/{{ server_user }}/github-bot"
notify:
- restart github-bot
- name: Init | Install npm dependencies
become: yes
become_user: "{{ server_user }}"
npm:
path: "/home/{{ server_user }}/github-bot"
production: yes
notify:
- restart github-bot
- name: Init | Start github-bot
service:
name: github-bot
state: started
enabled: yes
- name: Deploy Webhook | Install github-webhook
npm:
name: github-webhook
global: yes
notify:
- restart github-bot-deploy-webhook
- name: Deploy Webhook | Copy config
template:
src: "{{ role_path }}/templates/github-bot-deploy-webhook.json.j2"
dest: "/home/{{ server_user }}/config/github-bot-deploy-webhook.json"
notify:
- restart github-bot-deploy-webhook
- name: Deploy Webhook | Copy deploy script
template:
src: "{{ role_path }}/templates/deploy-github-bot.sh.j2"
dest: "/home/{{ server_user }}/bin/deploy-github-bot.sh"
mode: 0755
owner: "{{ server_user }}"
notify:
- restart github-bot-deploy-webhook
- name: Deploy Webhook | Generate and copy service script
template:
src: "{{ role_path }}/templates/github-bot-deploy-webhook.service.j2"
dest: /lib/systemd/system/github-bot-deploy-webhook.service
notify:
- restart github-bot-deploy-webhook
- name: Deploy Webhook | Start service
service:
name: github-bot-deploy-webhook
state: started
enabled: yes
notify:
- restart github-bot-deploy-webhook
- name: Deploy Webhook | Allow user to restart github-bot
lineinfile:
dest: /etc/sudoers
state: present
regexp: "^{{ server_user }}"
line: "{{ server_user }} ALL=(ALL) NOPASSWD: /bin/systemctl restart github-bot"
- name: Runtime dependencies | Clone node repo
become: yes
become_user: "{{ server_user }}"
git:
repo: https://github.com/nodejs/node.git
dest: "/home/{{ server_user }}/repos/node"
update: no
- name: Runtime dependencies | Config node repo author email
become: yes
become_user: "{{ server_user }}"
git_config:
name: user.email
value: "github-bot@nodejs.org"
scope: local
repo: "/home/{{ server_user }}/repos/node"
- name: Runtime dependencies | Config node repo author name
become: yes
become_user: "{{ server_user }}"
git_config:
name: user.name
value: "nodejs-github-bot"
scope: local
repo: "/home/{{ server_user }}/repos/node"