From d1c285e31cadfd76a578f9700cafcea58e71f211 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Thu, 14 Apr 2022 10:45:38 +0200 Subject: [PATCH 1/3] Including an ami.yml for packing AMIs on build finale. --- roles/deploy_code/defaults/main.yml | 3 +++ roles/deploy_code/tasks/ami.yml | 1 + roles/deploy_code/tasks/cleanup.yml | 16 ++++++++++------ roles/deploy_code/tasks/deploy.yml | 10 +++++----- roles/deploy_code/tasks/main.yml | 2 +- 5 files changed, 20 insertions(+), 12 deletions(-) create mode 100644 roles/deploy_code/tasks/ami.yml diff --git a/roles/deploy_code/defaults/main.yml b/roles/deploy_code/defaults/main.yml index 19e45eee..59b4cff5 100644 --- a/roles/deploy_code/defaults/main.yml +++ b/roles/deploy_code/defaults/main.yml @@ -21,3 +21,6 @@ deploy_code: # Path that you want to make sure has 755 permissions. Make sure to include the webroot WITHOUT the slash. perms_fix_path: "" # perms_fix_path: "www/sites/default" + # Pack an AMI if this is AWS and we are deploying instances with the code built in. + # This goes with ce-provision's 'repack' operation for deploying autoscaling groups. + pack_ami: false diff --git a/roles/deploy_code/tasks/ami.yml b/roles/deploy_code/tasks/ami.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/roles/deploy_code/tasks/ami.yml @@ -0,0 +1 @@ +--- diff --git a/roles/deploy_code/tasks/cleanup.yml b/roles/deploy_code/tasks/cleanup.yml index dc72c752..7932389c 100644 --- a/roles/deploy_code/tasks/cleanup.yml +++ b/roles/deploy_code/tasks/cleanup.yml @@ -1,13 +1,13 @@ --- - name: Ensure codebase is writable. - shell: + ansible.builtin.shell: cmd: "if [ -d {{ deploy_path_prefix }}{{ item }} ]; then chmod -R 777 {{ deploy_path_prefix }}{{ item }}; fi" with_sequence: start={{ [previous_build_number | int - 50, 0] | max }} end={{ [previous_build_number | int - deploy_code.keep, 0] | max }} become: true when: "www_user != deploy_user" - name: Ensure permissions are set on directory. - shell: + ansible.builtin.shell: cmd: "if [ -d {{ deploy_path_prefix }}{{ item }}/{{ deploy_code.perms_fix_path }} ]; then chmod 755 {{ deploy_path_prefix }}{{ item }}/{{ deploy_code.perms_fix_path }}; fi" with_sequence: start={{ [previous_build_number | int - 50, 0] | max }} end={{ [previous_build_number | int - deploy_code.keep, 0] | max }} when: @@ -15,13 +15,13 @@ - deploy_code.perms_fix_path | length > 1 - name: Delete codebases. - file: + ansible.builtin.file: name: "{{ deploy_path_prefix }}{{ item }}" state: absent with_sequence: start={{ [previous_build_number | int - 50, 0] | max }} end={{ [previous_build_number | int - deploy_code.keep, 0] | max }} - name: Create a tarball of the deployed codebases. - command: + ansible.builtin.command: cmd: "tar -cvf /tmp/{{ project_name }}_{{ build_type }}.tar {{ deploy_base_path }}" when: - deploy_code.mount_sync is defined @@ -29,7 +29,7 @@ run_once: true - name: Create destination folder. - file: + ansible.builtin.file: path: "{{ deploy_code.mount_sync }}" state: directory mode: "0755" @@ -39,9 +39,13 @@ run_once: true - name: Move to final destination. - command: + ansible.builtin.command: cmd: "mv /tmp/{{ project_name }}_{{ build_type }}.tar {{ deploy_code.mount_sync }}/{{ project_name }}_{{ build_type }}.tar" when: - deploy_code.mount_sync is defined - deploy_code.mount_sync | length > 1 run_once: true + +- name: Pack an AWS AMI. + ansible.builtin.include_tasks: "ami.yml" + when: deploy_code.pack_ami diff --git a/roles/deploy_code/tasks/deploy.yml b/roles/deploy_code/tasks/deploy.yml index 3693eb70..0d15425c 100644 --- a/roles/deploy_code/tasks/deploy.yml +++ b/roles/deploy_code/tasks/deploy.yml @@ -1,6 +1,6 @@ --- - name: Copy project repository. - synchronize: + ansible.posix.synchronize: src: "{{ _ce_deploy_build_dir }}/" dest: "{{ deploy_path }}" archive: true @@ -8,17 +8,17 @@ - "--exclude=.git" - name: Ensure project repository is readable. - file: + ansible.builtin.file: path: "{{ deploy_path }}" state: directory mode: 0755 - name: Project specific tasks. - include_role: + ansible.builtin.include_role: name: "deploy_code/deploy_code-{{ project_type }}" - name: Generate additional templates. - template: + ansible.builtin.template: src: "{{ template.src }}" dest: "{{ deploy_path }}/{{ template.dest }}" with_items: "{{ deploy_code.templates }}" @@ -29,7 +29,7 @@ - deploy_operation == 'deploy' - name: Create additional symlinks. - file: + ansible.builtin.file: src: "{{ link.src }}" dest: "{{ deploy_path }}/{{ link.dest }}" state: link diff --git a/roles/deploy_code/tasks/main.yml b/roles/deploy_code/tasks/main.yml index a8021dcf..f4bd05af 100644 --- a/roles/deploy_code/tasks/main.yml +++ b/roles/deploy_code/tasks/main.yml @@ -1,2 +1,2 @@ --- -- include_tasks: "{{ deploy_operation }}.yml" +- ansible.builtin.include_tasks: "{{ deploy_operation }}.yml" From 3f8c89ee822bcd53d023ad1385d6bbe86dc847c2 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Thu, 14 Apr 2022 16:24:11 +0200 Subject: [PATCH 2/3] New api_call role, focused on GitLab for now. --- roles/api_call/README.md | 9 ++++++++ roles/api_call/defaults/main.yml | 13 ++++++++++++ roles/api_call/tasks/main.yml | 35 ++++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+) create mode 100644 roles/api_call/README.md create mode 100644 roles/api_call/defaults/main.yml create mode 100644 roles/api_call/tasks/main.yml diff --git a/roles/api_call/README.md b/roles/api_call/README.md new file mode 100644 index 00000000..83d1ab28 --- /dev/null +++ b/roles/api_call/README.md @@ -0,0 +1,9 @@ +# API call + +Making RESTful API calls to other platforms. + + + + + + diff --git a/roles/api_call/defaults/main.yml b/roles/api_call/defaults/main.yml new file mode 100644 index 00000000..091342e8 --- /dev/null +++ b/roles/api_call/defaults/main.yml @@ -0,0 +1,13 @@ +--- +api_call: + type: gitlab + base_url: https://gitlab.example.com/api/v4/ + path: projects # see documentation - https://docs.gitlab.com/ee/api/ + method: GET + token: "" # empty means anonymous action + token_type: trigger # options are 'trigger' or 'personal' + variables: [] + status_codes: + - 200 + - 201 + - 202 \ No newline at end of file diff --git a/roles/api_call/tasks/main.yml b/roles/api_call/tasks/main.yml new file mode 100644 index 00000000..c837df2d --- /dev/null +++ b/roles/api_call/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: Ensure variables are empty. + ansible.builtin.set_fact: + _api_call_variables: "" + _api_call_url: "" + +- name: Build HTML escaped variable string. + ansible.builtin.set_fact: + _api_call_variables: "{{ _api_call_variables + ('' if ansible_loop.first else '&') + 'variables' + item }}" + with_items: "{{ api_call.variables }}" + loop_control: + extended: true + when: api_call.variables | length > 0 + +- name: Build anonymous API call URL. + ansible.builtin.set_fact: + _api_call_url: "{{ api_call.base_url }}{{ api_call.path }}?{{ _api_call_variables }}" + when: api_call.token | length == 0 + +- name: Build token authenticated API call URL. + ansible.builtin.set_fact: + _api_call_url: "{{ api_call.base_url }}{{ api_call.path }}?{% if api_call.token_type == 'trigger' %}token={% else %}private_token={% endif %}{{ api_call.token }}&{{ _api_call_variables }}" + when: api_call.token | length > 0 + +- name: Display URL to call. + ansible.builtin.debug: + msg: "{{ _api_call_url }}" + +- name: Make API call. + ansible.builtin.uri: + url: "{{ _api_call_url }}" + method: "{{ api_call.method }}" + return_content: true + status_code: "{{ api_call.status_codes }}" + register: _api_call_return From 54355568ff701af98514150227eb493ebe17636b Mon Sep 17 00:00:00 2001 From: gregharvey Date: Thu, 14 Apr 2022 16:24:37 +0200 Subject: [PATCH 3/3] Optionally trigger an infra build with an API call. --- roles/deploy_code/defaults/main.yml | 24 +++++++++++++++++++++--- roles/deploy_code/tasks/ami.yml | 1 - roles/deploy_code/tasks/cleanup.yml | 17 ++++++++++++++--- 3 files changed, 35 insertions(+), 7 deletions(-) delete mode 100644 roles/deploy_code/tasks/ami.yml diff --git a/roles/deploy_code/defaults/main.yml b/roles/deploy_code/defaults/main.yml index 59b4cff5..d616bf08 100644 --- a/roles/deploy_code/defaults/main.yml +++ b/roles/deploy_code/defaults/main.yml @@ -21,6 +21,24 @@ deploy_code: # Path that you want to make sure has 755 permissions. Make sure to include the webroot WITHOUT the slash. perms_fix_path: "" # perms_fix_path: "www/sites/default" - # Pack an AMI if this is AWS and we are deploying instances with the code built in. - # This goes with ce-provision's 'repack' operation for deploying autoscaling groups. - pack_ami: false + # Trigger an API call to rebuild infra after a deploy, e.g. if you need to repack an AMI. + rebuild_infra: false + # Details of API call to trigger. See api_call role. + api_call: + type: gitlab + base_url: https://gitlab.example.com/api/v4/ + path: projects/1/ref/main/trigger/pipeline + method: POST + token: asdf-1234 + token_type: trigger + variables: [] + # example build parameters + # - "[ENV]=dev" + # - "[PLAY]=myserver.yml" + # - "[RESOURCE]=myserver-example-com" + # - "[REGION]=eu-west-1" + # - "[EXTRA_PARAMS]=--force" + status_codes: + - 200 + - 201 + - 202 diff --git a/roles/deploy_code/tasks/ami.yml b/roles/deploy_code/tasks/ami.yml deleted file mode 100644 index ed97d539..00000000 --- a/roles/deploy_code/tasks/ami.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/deploy_code/tasks/cleanup.yml b/roles/deploy_code/tasks/cleanup.yml index 7932389c..4e648d25 100644 --- a/roles/deploy_code/tasks/cleanup.yml +++ b/roles/deploy_code/tasks/cleanup.yml @@ -46,6 +46,17 @@ - deploy_code.mount_sync | length > 1 run_once: true -- name: Pack an AWS AMI. - ansible.builtin.include_tasks: "ami.yml" - when: deploy_code.pack_ami +- name: Trigger an infrastructure rebuild. + ansible.builtin.include_role: + name: api_call + vars: + api_call: + type: "{{ deploy_code.api_call.type }}" + base_url: "{{ deploy_code.api_call.base_url }}" + path: "{{ deploy_code.api_call.path }}" + method: "{{ deploy_code.api_call.method }}" + token: "{{ deploy_code.api_call.token }}" + token_type: "{{ deploy_code.api_call.token_type }}" + variables: "{{ deploy_code.api_call.variables }}" + status_codes: "{{ deploy_code.api_call.status_codes }}" + when: deploy_code.rebuild_infra