diff --git a/.drone.yml b/.drone.yml index 9cad89d..27c251c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,18 +15,37 @@ node: ansible: true steps: + - name: Prepare Secrets + image: registry.tobiasmanske.de/ansible-runner:latest + pull: always + environment: + VAULT_PASS: + from_secret: vault_pass + SSH_KEY: + from_secret: ssh_key + commands: + - echo $${VAULT_PASS} > /drone/src/vault_pass + - echo $${SSH_KEY} | base64 -d > /drone/src/ssh_key + - chmod 600 /drone/src/ssh_key + - chmod 600 /drone/src/vault_pass - name: Run Ansible image: registry.tobiasmanske.de/ansible-runner:latest pull: always + environment: + ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass" + ANSIBLE_FORCE_COLOR: "true" commands: - cd coreos-config - - ansible-playbook --limit host.nc.chaoswg.org --private-key /ssh_key --inventory=inventory.yaml playbook.yaml + - ansible-playbook --limit host.nc.chaoswg.org --private-key ../ssh_key --inventory=inventory.yaml playbook.yaml - name: Validate Ansible image: registry.tobiasmanske.de/ansible-runner:latest pull: always + environment: + ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass" + ANSIBLE_FORCE_COLOR: "true" commands: - cd coreos-config - - ansible-playbook --limit host.nc.chaoswg.org --check --private-key /ssh_key --inventory=inventory.yaml playbook.yaml + - ansible-playbook --limit host.nc.chaoswg.org --check --private-key ../ssh_key --inventory=inventory.yaml playbook.yaml image_pull_secrets: - registry