name: Ansible Deploy on: workflow_dispatch: inputs: environment: description: '部署环境' required: true default: 'dev' type: choice options: - dev - staging - production provider: description: '云服务商' required: true default: 'oracle-cloud' type: choice options: - oracle-cloud - huawei-cloud - google-cloud - digitalocean - aws playbook: description: 'Playbook 类型' required: true default: 'bootstrap' type: choice options: - bootstrap - security - applications - monitoring - maintenance env: ANSIBLE_VERSION: "8.0.0" jobs: deploy: runs-on: ubuntu-latest environment: ${{ github.event.inputs.environment }} steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Python uses: actions/setup-python@v4 with: python-version: '3.11' - name: Install Ansible run: | pip install ansible==${{ env.ANSIBLE_VERSION }} pip install ansible-core ansible-galaxy collection install community.general ansible-galaxy collection install ansible.posix - name: Setup SSH key run: | mkdir -p ~/.ssh echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa ssh-keyscan -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts - name: Create dynamic inventory run: | ENV="${{ github.event.inputs.environment }}" PROVIDER="${{ github.event.inputs.provider }}" # 从 OpenTofu 输出创建动态清单 if [ -f "configuration/inventories/$ENV/$PROVIDER-inventory.json" ]; then echo "Using existing inventory from OpenTofu output" cp configuration/inventories/$ENV/$PROVIDER-inventory.json /tmp/inventory.json else echo "Creating static inventory" cat > /tmp/inventory.ini << EOF [$ENV] ${{ secrets.TARGET_HOST }} ansible_host=${{ secrets.TARGET_HOST }} ansible_user=${{ secrets.SSH_USER }} ansible_become=yes ansible_become_pass=${{ secrets.SUDO_PASSWORD }} [all:vars] ansible_ssh_common_args='-o StrictHostKeyChecking=no' EOF fi - name: Run Ansible Playbook run: | ENV="${{ github.event.inputs.environment }}" PLAYBOOK="${{ github.event.inputs.playbook }}" cd configuration # 选择正确的清单文件 if [ -f "/tmp/inventory.json" ]; then INVENTORY="/tmp/inventory.json" else INVENTORY="/tmp/inventory.ini" fi # 运行对应的 playbook case "$PLAYBOOK" in "bootstrap") ansible-playbook -i $INVENTORY playbooks/bootstrap/main.yml -e "environment=$ENV" ;; "security") ansible-playbook -i $INVENTORY playbooks/security/main.yml -e "environment=$ENV" ;; "applications") ansible-playbook -i $INVENTORY playbooks/applications/main.yml -e "environment=$ENV" ;; "monitoring") ansible-playbook -i $INVENTORY playbooks/monitoring/main.yml -e "environment=$ENV" ;; "maintenance") ansible-playbook -i $INVENTORY playbooks/maintenance/main.yml -e "environment=$ENV" ;; esac - name: Generate deployment report run: | echo "## 部署报告" > deployment-report.md echo "" >> deployment-report.md echo "**环境**: ${{ github.event.inputs.environment }}" >> deployment-report.md echo "**云服务商**: ${{ github.event.inputs.provider }}" >> deployment-report.md echo "**Playbook**: ${{ github.event.inputs.playbook }}" >> deployment-report.md echo "**时间**: $(date)" >> deployment-report.md echo "**状态**: ✅ 部署成功" >> deployment-report.md - name: Upload deployment report uses: actions/upload-artifact@v4 with: name: deployment-report-${{ github.event.inputs.environment }}-${{ github.event.inputs.provider }} path: deployment-report.md retention-days: 30