Deploy automatically via GitHub Actions

Fixes #19 and #58
2020-07-02 21:18:25 +01:00 · 2020-07-02 21:18:25 +01:00 · bb128c1a8f
parent 58036c7ab9
commit bb128c1a8f
2 changed files with 59 additions and 2 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -0,0 +1,52 @@
+---
+name: Deploy
+
+on:
+  push:
+    branches:
+      - production
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    name: Deploy via Ansible
+
+    env:
+      ANSIBLE_FORCE_COLOR: 1
+      ANSIBLE_HOST_KEY_CHECKING: no
+
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v2
+
+      - name: Add the deployment SSH key
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          name: id_rsa
+          known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
+
+      - name: Cache dependencies
+        uses: actions/cache@v1
+        with:
+          path: tools/ansible/.roles
+          key: dependencies-composer-${{ hashFiles('tools/ansible/requirements.yml') }}
+
+      - name: Download Ansible roles
+        run: ansible-galaxy install -r tools/ansible/requirements.yml
+
+      - name: Export the Ansible Vault password
+        run: echo $ANSIBLE_VAULT_PASS > tools/ansible/.vault-pass.txt
+        env:
+          ANSIBLE_VAULT_PASS: ${{ secrets.ANSIBLE_VAULT_PASS }}
+
+      - name: Deploy the code
+        run: >
+          ansible-playbook tools/ansible/deploy.yml
+          -i tools/ansible/hosts.yml
+          -e "ansistrano_deploy_branch=$GITHUB_SHA"
+          --vault-password-file=tools/ansible/.vault-pass.txt
+
+      - name: Remove the Ansible Vault password file
+        run: rm tools/ansible/.vault-pass.txt
--- a/README.md
+++ b/README.md
@ -23,13 +23,18 @@ ansible-playbook tools/ansible/provision.yml
 Deployments for this site for managed with Ansible and [Ansistrano][].
 Ansible Vault is used to manage sensitive information like database passwords.

-Deployments are triggered automatically when changes are pushed to GitHub, and are performed via [CircleCI][].
+Deployments are triggered automatically when changes are pushed to GitHub, and are performed automatically via GitHub Actions on each push to the `production` branch.

 To run a deployment manually, run `ansible-playbook tools/ansible/deploy.yml --ask-vault-pass`.
 The Vault password is stored in LastPass.

 [Ansistrano]: https://ansistrano.com
-[CircleCI]: https://circleci.com/gh/opdavies/oliverdavies-uk
+
+#### Generating settings files
+
+Production settings files are generated automatically during a deployment. This is done using the [opdavies.drupal_settings_files][] Ansible role, using variables from `tools/ansible/vars/deploy_vars.yml`, and performed during Ansistrano’s `After update code` build step.
+
+[opdavies.drupal_settings_files][https://galaxy.ansible.com/opdavies/drupal_settings_files]

 ## Migrating data into the website