feat: streamline Docker registry setup in CI workflow#1
Merged
PirateSeal merged 15 commits intomasterfrom Dec 9, 2024
Merged
Conversation
Refactor the CI workflow to utilize an Ansible playbook for setting up a private Docker registry. Remove manual steps for installing tools and creating the registry, replacing them with automated tasks in the playbook. This enhances maintainability and reduces complexity in the workflow. Update secrets usage for improved security in registry authentication.
Add the 'hosts' directive to the actions_test.yml file to specify the target hosts for the playbook. This change ensures that the playbook runs on all specified hosts, improving its usability and clarity.
Change the host from '' to 'target' in the Ansible test configuration to specify the intended target for the registry authentication test. Add a target section in the GitHub Actions workflow to ensure proper inventory configuration for the specified host.
Refactor the Ansible test workflow to improve SSH connection handling. Change the inventory format to use options for SSH user and private key. Update the playbook to target all hosts instead of a specific target. Add a new Ansible configuration file to disable host key checking.
Refactor the GitHub Actions workflow by splitting the `--extra-vars` option into two separate lines for better readability and clarity. This change enhances the maintainability of the workflow configuration.
Remove unnecessary configuration settings from the GitHub Actions workflow and streamline the Ansible command options. This change enhances readability and maintains the same functionality by using environment variables directly. The host key checking is now handled through command-line arguments, improving security and reducing complexity.
Change the SSH key option in the GitHub Actions workflow from "-v" to "--private-key" for clarity and correctness. This ensures the SSH key is passed correctly to the Ansible configuration, improving the reliability of the deployment process.
Replace the direct usage of the Docker SSH key secret with a temporary file. Add a step to create the SSH key file from the secret, security and ensuring compatibilitywith the Ansible action.
Add a comma and 'ssh' option to the Docker host argument in the GitHub Actions workflow. This change ensures proper SSH command execution and improves connection stability during the CI/CD process.
Add export of ANSIBLE_HOST_KEY_CHECKING to disable host key checking during the execution of the Ansible playbook This ensures execution in environments where keys are not-defined, preventing potential failures.
Change the path for the SSH key in the GitHub Actions workflow from `./ssh_key` to `ansible/ssh_key` to ensure the key is stored in the correct directory for Ansible usage. This improves organization and maintains consistency in file structure.
Set permissions for the SSH key file to 600 to enhance security. This ensures that only the owner can read and write the key, preventing unauthorized access during the CI process.
Replace the task that ensures the presence of apache2-utils with an assertion using the command module. This change improves the efficiency of the playbook by directly checking the package's installation status without modifying the system state.
Update the task for creating the registry user to use the `shell` module instead of `command`. This change allows for better handling of shell features and ensures the task does not report as changed, as the password file may already exist.
Adds a log message to indicate when the with-registry-auth flag is included in the Docker stack deploy command. This change improves visibility into the deployment process and helps with debugging by clearly showing the command's configuration.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refactor the CI workflow to utilize an Ansible playbook for
setting up a private Docker registry. Remove manual steps for
installing tools and creating the registry, replacing them
with automated tasks in the playbook. This enhances
maintainability and reduces complexity in the workflow.
Update secrets usage for improved security in registry
authentication.