136 lines
4.5 KiB
YAML
136 lines
4.5 KiB
YAML
name: Ansible Deploy
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
environment:
|
|
description: '部署环境'
|
|
required: true
|
|
default: 'dev'
|
|
type: choice
|
|
options:
|
|
- dev
|
|
- staging
|
|
- production
|
|
provider:
|
|
description: '云服务商'
|
|
required: true
|
|
default: 'oracle-cloud'
|
|
type: choice
|
|
options:
|
|
- oracle-cloud
|
|
- huawei-cloud
|
|
- google-cloud
|
|
- digitalocean
|
|
- aws
|
|
playbook:
|
|
description: 'Playbook 类型'
|
|
required: true
|
|
default: 'bootstrap'
|
|
type: choice
|
|
options:
|
|
- bootstrap
|
|
- security
|
|
- applications
|
|
- monitoring
|
|
- maintenance
|
|
|
|
env:
|
|
ANSIBLE_VERSION: "8.0.0"
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
environment: ${{ github.event.inputs.environment }}
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.11'
|
|
|
|
- name: Install Ansible
|
|
run: |
|
|
pip install ansible==${{ env.ANSIBLE_VERSION }}
|
|
pip install ansible-core
|
|
ansible-galaxy collection install community.general
|
|
ansible-galaxy collection install ansible.posix
|
|
|
|
- name: Setup SSH key
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
|
|
chmod 600 ~/.ssh/id_rsa
|
|
ssh-keyscan -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts
|
|
|
|
- name: Create dynamic inventory
|
|
run: |
|
|
ENV="${{ github.event.inputs.environment }}"
|
|
PROVIDER="${{ github.event.inputs.provider }}"
|
|
|
|
# 从 OpenTofu 输出创建动态清单
|
|
if [ -f "configuration/inventories/$ENV/$PROVIDER-inventory.json" ]; then
|
|
echo "Using existing inventory from OpenTofu output"
|
|
cp configuration/inventories/$ENV/$PROVIDER-inventory.json /tmp/inventory.json
|
|
else
|
|
echo "Creating static inventory"
|
|
cat > /tmp/inventory.ini << EOF
|
|
[$ENV]
|
|
${{ secrets.TARGET_HOST }} ansible_host=${{ secrets.TARGET_HOST }} ansible_user=${{ secrets.SSH_USER }} ansible_become=yes ansible_become_pass=${{ secrets.SUDO_PASSWORD }}
|
|
|
|
[all:vars]
|
|
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
|
|
EOF
|
|
fi
|
|
|
|
- name: Run Ansible Playbook
|
|
run: |
|
|
ENV="${{ github.event.inputs.environment }}"
|
|
PLAYBOOK="${{ github.event.inputs.playbook }}"
|
|
|
|
cd configuration
|
|
|
|
# 选择正确的清单文件
|
|
if [ -f "/tmp/inventory.json" ]; then
|
|
INVENTORY="/tmp/inventory.json"
|
|
else
|
|
INVENTORY="/tmp/inventory.ini"
|
|
fi
|
|
|
|
# 运行对应的 playbook
|
|
case "$PLAYBOOK" in
|
|
"bootstrap")
|
|
ansible-playbook -i $INVENTORY playbooks/bootstrap/main.yml -e "environment=$ENV"
|
|
;;
|
|
"security")
|
|
ansible-playbook -i $INVENTORY playbooks/security/main.yml -e "environment=$ENV"
|
|
;;
|
|
"applications")
|
|
ansible-playbook -i $INVENTORY playbooks/applications/main.yml -e "environment=$ENV"
|
|
;;
|
|
"monitoring")
|
|
ansible-playbook -i $INVENTORY playbooks/monitoring/main.yml -e "environment=$ENV"
|
|
;;
|
|
"maintenance")
|
|
ansible-playbook -i $INVENTORY playbooks/maintenance/main.yml -e "environment=$ENV"
|
|
;;
|
|
esac
|
|
|
|
- name: Generate deployment report
|
|
run: |
|
|
echo "## 部署报告" > deployment-report.md
|
|
echo "" >> deployment-report.md
|
|
echo "**环境**: ${{ github.event.inputs.environment }}" >> deployment-report.md
|
|
echo "**云服务商**: ${{ github.event.inputs.provider }}" >> deployment-report.md
|
|
echo "**Playbook**: ${{ github.event.inputs.playbook }}" >> deployment-report.md
|
|
echo "**时间**: $(date)" >> deployment-report.md
|
|
echo "**状态**: ✅ 部署成功" >> deployment-report.md
|
|
|
|
- name: Upload deployment report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: deployment-report-${{ github.event.inputs.environment }}-${{ github.event.inputs.provider }}
|
|
path: deployment-report.md
|
|
retention-days: 30 |