parent
58036c7ab9
commit
bb128c1a8f
52
.github/workflows/deploy.yml
vendored
Normal file
52
.github/workflows/deploy.yml
vendored
Normal file
|
|
@ -0,0 +1,52 @@
|
||||||
|
---
|
||||||
|
name: Deploy
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- production
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
name: Deploy via Ansible
|
||||||
|
|
||||||
|
env:
|
||||||
|
ANSIBLE_FORCE_COLOR: 1
|
||||||
|
ANSIBLE_HOST_KEY_CHECKING: no
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout the code
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Add the deployment SSH key
|
||||||
|
uses: shimataro/ssh-key-action@v2
|
||||||
|
with:
|
||||||
|
key: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||||
|
name: id_rsa
|
||||||
|
known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
|
||||||
|
|
||||||
|
- name: Cache dependencies
|
||||||
|
uses: actions/cache@v1
|
||||||
|
with:
|
||||||
|
path: tools/ansible/.roles
|
||||||
|
key: dependencies-composer-${{ hashFiles('tools/ansible/requirements.yml') }}
|
||||||
|
|
||||||
|
- name: Download Ansible roles
|
||||||
|
run: ansible-galaxy install -r tools/ansible/requirements.yml
|
||||||
|
|
||||||
|
- name: Export the Ansible Vault password
|
||||||
|
run: echo $ANSIBLE_VAULT_PASS > tools/ansible/.vault-pass.txt
|
||||||
|
env:
|
||||||
|
ANSIBLE_VAULT_PASS: ${{ secrets.ANSIBLE_VAULT_PASS }}
|
||||||
|
|
||||||
|
- name: Deploy the code
|
||||||
|
run: >
|
||||||
|
ansible-playbook tools/ansible/deploy.yml
|
||||||
|
-i tools/ansible/hosts.yml
|
||||||
|
-e "ansistrano_deploy_branch=$GITHUB_SHA"
|
||||||
|
--vault-password-file=tools/ansible/.vault-pass.txt
|
||||||
|
|
||||||
|
- name: Remove the Ansible Vault password file
|
||||||
|
run: rm tools/ansible/.vault-pass.txt
|
||||||
|
|
@ -23,13 +23,18 @@ ansible-playbook tools/ansible/provision.yml
|
||||||
Deployments for this site for managed with Ansible and [Ansistrano][].
|
Deployments for this site for managed with Ansible and [Ansistrano][].
|
||||||
Ansible Vault is used to manage sensitive information like database passwords.
|
Ansible Vault is used to manage sensitive information like database passwords.
|
||||||
|
|
||||||
Deployments are triggered automatically when changes are pushed to GitHub, and are performed via [CircleCI][].
|
Deployments are triggered automatically when changes are pushed to GitHub, and are performed automatically via GitHub Actions on each push to the `production` branch.
|
||||||
|
|
||||||
To run a deployment manually, run `ansible-playbook tools/ansible/deploy.yml --ask-vault-pass`.
|
To run a deployment manually, run `ansible-playbook tools/ansible/deploy.yml --ask-vault-pass`.
|
||||||
The Vault password is stored in LastPass.
|
The Vault password is stored in LastPass.
|
||||||
|
|
||||||
[Ansistrano]: https://ansistrano.com
|
[Ansistrano]: https://ansistrano.com
|
||||||
[CircleCI]: https://circleci.com/gh/opdavies/oliverdavies-uk
|
|
||||||
|
#### Generating settings files
|
||||||
|
|
||||||
|
Production settings files are generated automatically during a deployment. This is done using the [opdavies.drupal_settings_files][] Ansible role, using variables from `tools/ansible/vars/deploy_vars.yml`, and performed during Ansistrano’s `After update code` build step.
|
||||||
|
|
||||||
|
[opdavies.drupal_settings_files][https://galaxy.ansible.com/opdavies/drupal_settings_files]
|
||||||
|
|
||||||
## Migrating data into the website
|
## Migrating data into the website
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue