pez-infra/.github/workflows/deploy-on-merge.yml
Rasmus Wejlgaard 89b21fd6fc fix: stop masking failed service deploys; trim dead config
The docker_services and systemd_services roles ran their "start the
service" tasks with `failed_when: false`, so a container or unit that
failed to come up still reported the deploy as green. Drop it from both
start tasks so a broken deploy actually fails CI. The compose/unit *copy*
tasks keep `failed_when: false` — that's load-bearing for the
`item is not failed` filter that skips services without a compose/unit file.

Also:
- Remove a duplicate "Template service .env files" task in docker_services
  (second copy used a hardcoded path and didn't register; first one is the
  one the start task reads).
- Don't trigger a full fleet deploy on docs/markdown/workflow-only pushes
  to main — add docs/**, **/*.md and .github/** to paths-ignore.
- Drop the dangling `update-freebsd` Make target (playbook doesn't exist;
  fleet has no FreeBSD hosts).
2026-06-04 18:37:37 +01:00

47 lines
1.1 KiB
YAML

name: Deploy (on merge)
on:
push:
branches:
- main
paths-ignore:
- "terraform/**"
- "docs/**"
- "**/*.md"
- ".github/**"
# Serialize fleet deploys so two quick merges can't run Ansible against the
# same hosts at once. Don't cancel an in-flight deploy mid-run — queue it.
concurrency:
group: deploy-on-merge
cancel-in-progress: false
jobs:
discover:
name: Discover hosts
runs-on: ubuntu-latest
outputs:
hosts: ${{ steps.discover.outputs.hosts }}
steps:
- uses: actions/checkout@v6
- name: Read hosts from inventory
id: discover
run: |
HOSTS=$(grep 'ansible_host=' ansible/inventory/hosts.ini | awk '{print $1}' | jq -R . | jq -cs .)
echo "hosts=$HOSTS" >> "$GITHUB_OUTPUT"
deploy:
needs: discover
strategy:
matrix:
host: ${{ fromJson(needs.discover.outputs.hosts) }}
fail-fast: false
permissions:
id-token: write
uses: ./.github/workflows/_deploy-core.yml
with:
host: ${{ matrix.host }}
playbook: deploy.yml
dry_run: false
secrets: inherit