From 0059cc494fe1d25b31bb9af5e1e508fee2ff22bf Mon Sep 17 00:00:00 2001
From: Tobias Manske <tobias.manske@mailbox.org>
Date: Thu, 30 Mar 2023 19:18:27 +0200
Subject: [PATCH] Drone CI: Add secret management

---
 .drone.yml | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 9cad89d..27c251c 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -15,18 +15,37 @@ node:
   ansible: true
 
 steps:
+  - name: Prepare Secrets
+    image: registry.tobiasmanske.de/ansible-runner:latest
+    pull: always
+    environment:
+      VAULT_PASS:
+        from_secret: vault_pass
+      SSH_KEY:
+        from_secret: ssh_key
+    commands:
+      - echo $${VAULT_PASS} > /drone/src/vault_pass
+      - echo $${SSH_KEY} | base64 -d > /drone/src/ssh_key
+      - chmod 600 /drone/src/ssh_key
+      - chmod 600 /drone/src/vault_pass
   - name: Run Ansible
     image: registry.tobiasmanske.de/ansible-runner:latest
     pull: always
+    environment:
+      ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass"
+      ANSIBLE_FORCE_COLOR: "true"
     commands:
       - cd coreos-config
-      - ansible-playbook --limit host.nc.chaoswg.org --private-key /ssh_key --inventory=inventory.yaml playbook.yaml
+      - ansible-playbook --limit host.nc.chaoswg.org --private-key ../ssh_key --inventory=inventory.yaml playbook.yaml
   - name: Validate Ansible
     image: registry.tobiasmanske.de/ansible-runner:latest
     pull: always
+    environment:
+      ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass"
+      ANSIBLE_FORCE_COLOR: "true"
     commands:
       - cd coreos-config
-      - ansible-playbook --limit host.nc.chaoswg.org --check --private-key /ssh_key --inventory=inventory.yaml playbook.yaml
+      - ansible-playbook --limit host.nc.chaoswg.org --check --private-key ../ssh_key --inventory=inventory.yaml playbook.yaml
 
 image_pull_secrets:
   - registry