name: Deploy (on merge) on: push: branches: - main paths-ignore: - "terraform/**" jobs: discover: name: Discover hosts runs-on: ubuntu-latest outputs: hosts: ${{ steps.discover.outputs.hosts }} steps: - uses: actions/checkout@v6 - name: Read hosts from inventory id: discover run: | HOSTS=$(grep 'ansible_host=' ansible/inventory/hosts.ini | awk '{print $1}' | jq -R . | jq -cs .) echo "hosts=$HOSTS" >> "$GITHUB_OUTPUT" deploy: needs: discover strategy: matrix: host: ${{ fromJson(needs.discover.outputs.hosts) }} fail-fast: false permissions: id-token: write uses: ./.github/workflows/_deploy-core.yml with: host: ${{ matrix.host }} playbook: deploy.yml dry_run: false secrets: inherit