153bd11b05
- Diun monitors Docker images - Automated updates for nginx, manual approval for gitea/postgres - Weekly cert renewal automation via cron - Health checks with automatic rollback on failure - AWS SES email notifications on update failures - Daily S3 backups + pre-update snapshots - Integration tests with Gitea Actions quality gate Deployment + optional PoC complete.
85 lines
2.4 KiB
YAML
85 lines
2.4 KiB
YAML
---
|
|
- name: Deploy Gitea application
|
|
hosts: gitea
|
|
become: true
|
|
vars:
|
|
secret_name: "qvest-task-db-credentials"
|
|
ses_secret_name: "qvest-task-ses-smtp-credentials"
|
|
aws_region: "eu-central-1"
|
|
|
|
tasks:
|
|
- name: Create application directory
|
|
ansible.builtin.file:
|
|
path: /opt/gitea
|
|
state: directory
|
|
owner: ubuntu
|
|
group: ubuntu
|
|
mode: "0755"
|
|
|
|
- name: Copy docker-compose.yml
|
|
ansible.builtin.copy:
|
|
src: ../docker/docker-compose.yml
|
|
dest: /opt/gitea/docker-compose.yml
|
|
owner: ubuntu
|
|
group: ubuntu
|
|
mode: "0644"
|
|
|
|
- name: Fetch database credentials from Secrets Manager
|
|
ansible.builtin.shell: |
|
|
aws secretsmanager get-secret-value \
|
|
--secret-id "{{ secret_name }}" \
|
|
--region "{{ aws_region }}" \
|
|
--query SecretString \
|
|
--output text
|
|
register: db_secret
|
|
changed_when: false
|
|
|
|
- name: Parse database credentials
|
|
ansible.builtin.set_fact:
|
|
db_creds: "{{ db_secret.stdout | from_json }}"
|
|
|
|
- name: Fetch SES SMTP credentials from Secrets Manager
|
|
ansible.builtin.shell: |
|
|
aws secretsmanager get-secret-value \
|
|
--secret-id "{{ ses_secret_name }}" \
|
|
--region "{{ aws_region }}" \
|
|
--query SecretString \
|
|
--output text
|
|
register: ses_secret
|
|
changed_when: false
|
|
|
|
- name: Parse SES SMTP credentials
|
|
ansible.builtin.set_fact:
|
|
ses_creds: "{{ ses_secret.stdout | from_json }}"
|
|
|
|
- name: Create .env file
|
|
ansible.builtin.copy:
|
|
content: |
|
|
DB_USER={{ db_creds.username }}
|
|
DB_PASSWORD={{ db_creds.password }}
|
|
DB_NAME={{ db_creds.database }}
|
|
SMTP_HOST={{ ses_creds.smtp_host }}
|
|
SMTP_PORT={{ ses_creds.smtp_port }}
|
|
SMTP_USERNAME={{ ses_creds.smtp_username }}
|
|
SMTP_PASSWORD={{ ses_creds.smtp_password }}
|
|
ALERT_EMAIL={{ ses_creds.alert_email }}
|
|
dest: /opt/gitea/.env
|
|
owner: ubuntu
|
|
group: ubuntu
|
|
mode: "0600"
|
|
|
|
- name: Start Docker Compose services
|
|
community.docker.docker_compose_v2:
|
|
project_src: /opt/gitea
|
|
state: present
|
|
become_user: ubuntu
|
|
|
|
- name: Wait for Gitea to be ready
|
|
ansible.builtin.uri:
|
|
url: http://localhost:3000
|
|
status_code: 200
|
|
register: result
|
|
until: result.status == 200
|
|
retries: 30
|
|
delay: 10
|