Add very basic deployment service based on webhook

2025-05-25 16:11:05 +02:00 · 2025-05-25 16:11:05 +02:00 · 5d22308f0f
commit 5d22308f0f
parent a70ea6ef2a
5 changed files with 92 additions and 0 deletions
--- a/playbooks/roles/deploy/files/deploy-reitanlage_oranienburg
+++ b/playbooks/roles/deploy/files/deploy-reitanlage_oranienburg
@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+if [ -n "$WEBHOOK_DATA" ]
+then
+  docker exec -i reitanlage_oranienburg-app-1 sh < "$WEBHOOK_DATA"
+fi
--- a/playbooks/roles/deploy/tasks/main.yml
+++ b/playbooks/roles/deploy/tasks/main.yml
@ -0,0 +1,37 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ role_name }}
+  vars:
+    svc: "{{ deploy_svc }}"
+    yml: "{{ deploy_yml }}"
+    compose: "{{ deploy_compose }}"
+  block:
+    - name: Import prepare tasks for common service
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
+
+    - name: Set webhook config path
+      ansible.builtin.set_fact:
+        config_path: "{{ (service_path, 'config') | path_join }}"
+
+    - name: Create config directory
+      ansible.builtin.file:
+        path: "{{ config_path }}"
+        state: directory
+        mode: "0755"
+
+    - name: Template main config
+      ansible.builtin.template:
+        src: yml.j2
+        dest: "{{ (config_path, 'hooks.yml') | path_join }}"
+        mode: "0644"
+
+    - name: Copy the deploy-reitanlage_oranienburg script
+      ansible.builtin.copy:
+        src: deploy-reitanlage_oranienburg
+        dest: "{{ (config_path, 'deploy-reitanlage_oranienburg') | path_join }}"
+        mode: "0755"
+
+    - name: Import start tasks for common service
+      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/playbooks/roles/deploy/vars/main.yml
+++ b/playbooks/roles/deploy/vars/main.yml
@ -0,0 +1,33 @@
+---
+deploy_svc:
+  domain: "{{ all_services | service_get_domain(role_name) }}"
+  port: 9000
+
+deploy_yml:
+  - id: deploy-reitanlage_oranienburg
+    trigger-rule-mismatch-http-response-code: 400
+    execute-command: /config/deploy-reitanlage_oranienburg
+    pass-file-to-command:
+      - source: payload
+        name: data
+        envname: WEBHOOK_DATA
+        base64decode: true
+    trigger-rule:
+      and:
+        - match:
+            type: value
+            value: "{{ vault_deploy.reitanlage_oranienburg_token }}"
+            parameter:
+              source: header
+              name: X-Webhook-Token
+
+deploy_compose:
+  watchtower: update
+  image: lwlook/webhook
+  volumes:
+    - ./config:/config:ro
+    - /var/run/docker.sock:/var/run/docker.sock
+  file:
+    services:
+      app:
+        command: ["-verbose", "-hooks=/config/hooks.yml", "-hotreload"]
--- a/scripts/visualize.py
+++ b/scripts/visualize.py
@ -9,6 +9,7 @@ import hcl2
 icon_overrides = {
    "acme_dns": "lets-encrypt",
    "backup": "restic",
+    "deploy": "webhook",
    "extra_services": None,
    "forgejo_runner": "forgejo",
    "healthcheck": "healthchecks",
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@ -99,6 +99,21 @@ services = {
    s3 = false
  },

+  "deploy" = {
+    host = "node001"
+    dns = [
+      {
+        domain = "deploy.serguzim.me"
+      },
+    ]
+    monitoring = {
+      group = "7-support"
+    }
+    auth = false
+    database = false
+    s3 = false
+  }
+
  "dokku" = {
    host = "node001"
    dns = [