mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
The docker_services and systemd_services roles ran their "start the service" tasks with `failed_when: false`, so a container or unit that failed to come up still reported the deploy as green. Drop it from both start tasks so a broken deploy actually fails CI. The compose/unit *copy* tasks keep `failed_when: false` — that's load-bearing for the `item is not failed` filter that skips services without a compose/unit file. Also: - Remove a duplicate "Template service .env files" task in docker_services (second copy used a hardcoded path and didn't register; first one is the one the start task reads). - Don't trigger a full fleet deploy on docs/markdown/workflow-only pushes to main — add docs/**, **/*.md and .github/** to paths-ignore. - Drop the dangling `update-freebsd` Make target (playbook doesn't exist; fleet has no FreeBSD hosts).
47 lines
1.1 KiB
YAML
47 lines
1.1 KiB
YAML
name: Deploy (on merge)
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths-ignore:
|
|
- "terraform/**"
|
|
- "docs/**"
|
|
- "**/*.md"
|
|
- ".github/**"
|
|
|
|
# Serialize fleet deploys so two quick merges can't run Ansible against the
|
|
# same hosts at once. Don't cancel an in-flight deploy mid-run — queue it.
|
|
concurrency:
|
|
group: deploy-on-merge
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
discover:
|
|
name: Discover hosts
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
hosts: ${{ steps.discover.outputs.hosts }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- name: Read hosts from inventory
|
|
id: discover
|
|
run: |
|
|
HOSTS=$(grep 'ansible_host=' ansible/inventory/hosts.ini | awk '{print $1}' | jq -R . | jq -cs .)
|
|
echo "hosts=$HOSTS" >> "$GITHUB_OUTPUT"
|
|
|
|
deploy:
|
|
needs: discover
|
|
strategy:
|
|
matrix:
|
|
host: ${{ fromJson(needs.discover.outputs.hosts) }}
|
|
fail-fast: false
|
|
permissions:
|
|
id-token: write
|
|
uses: ./.github/workflows/_deploy-core.yml
|
|
with:
|
|
host: ${{ matrix.host }}
|
|
playbook: deploy.yml
|
|
dry_run: false
|
|
secrets: inherit
|