mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
Add concurrency guards to the terraform and deploy-on-merge workflows so two merges in quick succession can't run against the same state or the same hosts at once (queue, never cancel an in-flight run). Enable native S3 state locking (use_lockfile) on the Backblaze B2 backend, which needs OpenTofu 1.10+, so bump the CI tofu version 1.9.0 -> 1.10.10 and the required_version constraint to >= 1.10.0.
44 lines
1.1 KiB
YAML
44 lines
1.1 KiB
YAML
name: Deploy (on merge)
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths-ignore:
|
|
- "terraform/**"
|
|
|
|
# Serialize fleet deploys so two quick merges can't run Ansible against the
|
|
# same hosts at once. Don't cancel an in-flight deploy mid-run — queue it.
|
|
concurrency:
|
|
group: deploy-on-merge
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
discover:
|
|
name: Discover hosts
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
hosts: ${{ steps.discover.outputs.hosts }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- name: Read hosts from inventory
|
|
id: discover
|
|
run: |
|
|
HOSTS=$(grep 'ansible_host=' ansible/inventory/hosts.ini | awk '{print $1}' | jq -R . | jq -cs .)
|
|
echo "hosts=$HOSTS" >> "$GITHUB_OUTPUT"
|
|
|
|
deploy:
|
|
needs: discover
|
|
strategy:
|
|
matrix:
|
|
host: ${{ fromJson(needs.discover.outputs.hosts) }}
|
|
fail-fast: false
|
|
permissions:
|
|
id-token: write
|
|
uses: ./.github/workflows/_deploy-core.yml
|
|
with:
|
|
host: ${{ matrix.host }}
|
|
playbook: deploy.yml
|
|
dry_run: false
|
|
secrets: inherit
|