Skip to content
Snippets Groups Projects
Unverified Commit dcdf3bd0 authored by Alessio's avatar Alessio Committed by GitHub
Browse files

Update Ansible version and automated build (#7)

* Update Ansible to 2.9
* Add GitHub actions to lint and build
* Use official image instead of build
* Run shellcheck on startup script and apply fixes
parent 96df5dcf
No related branches found
No related tags found
No related merge requests found
README.md
.git
\ No newline at end of file
*.sh text eol=lf
*.py text eol=lf
\ No newline at end of file
name: Build Docker Image
on:
push:
branches:
- "master"
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
runs-on: ubuntu-latest
env:
IMAGE_VERSION: 'latest'
NAMESPACE: 'oneofftech/ansible-keepass'
CI_COMMIT_SHORT_SHA: ${{github.sha}}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 1
- name: Build the Docker image
run: |
docker pull $NAMESPACE:$IMAGE_VERSION || true
docker build --pull --compress --cache-from $NAMESPACE:$IMAGE_VERSION --build-arg VCS_REF=$CI_COMMIT_SHORT_SHA --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') -t $NAMESPACE:$IMAGE_VERSION .
- name: Test using Goss
run: |
curl -sL https://github.com/aelsabbahy/goss/releases/download/v0.3.10/goss-linux-amd64 -o ./goss
chmod +rx ./goss
docker run --rm $NAMESPACE:$IMAGE_VERSION > ./docker_output.log || true
./goss -g ./tests/goss.yml v
- name: Prepare push
uses: azure/docker-login@v1
if: github.event_name == 'push'
with:
username: ${{ secrets.CI_REGISTRY_USER }}
password: ${{ secrets.CI_REGISTRY_PASSWORD }}
- name: Push the Docker image
if: github.event_name == 'push'
run: |
docker push $NAMESPACE:$IMAGE_VERSION
\ No newline at end of file
name: Dockerfile lint
on:
push:
branches:
- "master"
pull_request:
types: [opened, synchronize, reopened]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 1
- name: Lint the Dockerfile
run: npx dockerfilelint ./Dockerfile
- name: Lint the Shell scripts
run: shellcheck ./files/ansible-playbook-wrapper
\ No newline at end of file
FROM gliderlabs/alpine
FROM gliderlabs/alpine:3.9
RUN \
apk-install \
ARG BUILD_DATE
ARG VCS_REF
LABEL maintainer="OneOffTech <info@oneofftech.xyz>" \
org.label-schema.name="oneofftech/ansible-keepass" \
org.label-schema.description="Opinionated Ansible Docker image with Keepass to manage provision and deployments" \
org.label-schema.schema-version="1.0" \
org.label-schema.vcs-url="https://github.com/OneOffTech/docker-ansible-keepass"
RUN apk-install --no-cache \
bash \
curl \
build-base \
......@@ -21,17 +29,26 @@ RUN \
py-pip \
py-setuptools \
py-yaml \
tar
tar \
&& pip install --upgrade python-keyczar pykeepass \
&& rm -rf /var/cache/apk/* \
# While we wait for Pip 20.1 with cache purge command to be available https://github.com/pypa/pip/issues/4685
&& rm -rf ~/.cache/pip/* /root/.cache/pip/*
RUN mkdir /etc/ansible/ /ansible /ansible/playbooks && \
echo "[local]" >> /etc/ansible/hosts && \
echo "localhost" >> /etc/ansible/hosts
ENV ANSIBLE_VERSION=2.9.7
RUN \
curl -fsSL https://github.com/ansible/ansible/archive/v${ANSIBLE_VERSION}.tar.gz -o ansible.tar.gz && \
tar -xzf ansible.tar.gz -C ansible --strip-components 1 && \
rm -fr ansible.tar.gz /ansible/docs /ansible/examples /ansible/packaging /ansible/changelogs /ansible/test
RUN mkdir /etc/ansible/ /ansible
RUN echo "[local]" >> /etc/ansible/hosts && \
echo "localhost" >> /etc/ansible/host
RUN mkdir -p /ansible/playbooks
ADD ./files /ansible/playbooks
WORKDIR /ansible/playbooks
RUN pip install --upgrade python-keyczar pykeepass ansible
RUN rm -rf /var/cache/apk/*
ADD ./files /ansible/playbooks
ENV ANSIBLE_GATHERING smart
ENV ANSIBLE_HOST_KEY_CHECKING false
......@@ -42,4 +59,8 @@ ENV ANSIBLE_LOOKUP_PLUGINS /ansible/playbooks/lookup_plugins
ENV PATH /ansible/bin:$PATH
ENV PYTHONPATH /ansible/lib
LABEL org.label-schema.build-date=$BUILD_DATE \
org.label-schema.vcs-ref=$VCS_REF
ENTRYPOINT ["/bin/bash", "./ansible-playbook-wrapper"]
......@@ -45,7 +45,7 @@ Before you start, all essential things for Ansible need to be placed into the
## Server deployment
Deployment happens through a docker container which runs ansible.
Deployment happens through a Docker container which runs Ansible.
- Apply everything to all: `docker-compose run --rm ansible_commander -i ansible.hosts playbooks/install.yml`
- Apply everything to one server: `docker-compose run --rm ansible_commander -i ansible.hosts -l YOURSERVER playbooks/install.yml`
......
......@@ -2,7 +2,7 @@ version: '2'
services:
ansible_commander:
build: ./build
image: "oneofftech/ansible-keepass"
container_name: ansible_commander
volumes:
- ./data/playbooks/:/ansible/playbooks/playbooks:ro
......
......@@ -5,11 +5,12 @@
# and store it if entered.
#
KEEPASS_FILE_CONFIG=".keepass_file_path"
if [ -z "${KEEPASS}" -a -r "${KEEPASS_FILE_CONFIG}" ]; then
KEEPASS=`cat ${KEEPASS_FILE_CONFIG} | xargs`
if [ -z "${KEEPASS}" ] && [ -r "${KEEPASS_FILE_CONFIG}" ]; then
# shellcheck disable=SC2002
KEEPASS="$(cat ${KEEPASS_FILE_CONFIG} | xargs)"
# If the path is empty or does not exist, delete the conf
if [ -z "${KEEPASS}" -o ! -f "${KEEPASS}" -o ! -r "${KEEPASS}" ]; then
if [ -z "${KEEPASS}" ] || [ ! -f "${KEEPASS}" ] || [ ! -r "${KEEPASS}" ]; then
echo "Stored keepass path '${KEEPASS}' is not readable file,"\
"deleting configuration file"
rm "${KEEPASS_FILE_CONFIG}"
......@@ -22,7 +23,7 @@ if [ -z "${KEEPASS}" ]; then
read -r KEEPASS
fi
if [ -z "${KEEPASS_FILE_CONFIG}" -o ! -f "${KEEPASS}" -o ! -r "${KEEPASS}" ]; then
if [ -z "${KEEPASS_FILE_CONFIG}" ] || [ ! -f "${KEEPASS}" ] || [ ! -r "${KEEPASS}" ]; then
>&2 echo "Keepass file '${KEEPASS}' not a readable file, exit"
exit 1
else
......@@ -49,4 +50,4 @@ fi
#
echo "using keepass file: '${KEEPASS}'"
exec env KEEPASS="${KEEPASS}" KEEPASS_PW="${KEEPASS_PW}" python `which ansible-playbook` $*
exec env KEEPASS="${KEEPASS}" KEEPASS_PW="${KEEPASS_PW}" python "$(which ansible-playbook)" "$@"
file:
./docker_output.log:
exists: true
contains:
- "is not readable file"
- "Keepass file path ()"
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment