mirror of
https://github.com/dawidd6/action-ansible-playbook.git
synced 2024-12-27 10:36:09 -07:00
d45b74f42d
By default it seems that SSH host key checking has been disabled. This patch makes it optional. If a variable named known_hosts is passed in, the key checking will be enabled. The variable should contain the complete contents of the known_hosts file, which must contain the public key(s) of the host(s) in the inventory.
94 lines
3.1 KiB
JavaScript
94 lines
3.1 KiB
JavaScript
const core = require('@actions/core')
|
|
const exec = require('@actions/exec')
|
|
const yaml = require('yaml')
|
|
const fs = require('fs')
|
|
const os = require('os')
|
|
|
|
async function main() {
|
|
try {
|
|
const playbook = core.getInput("playbook", { required: true })
|
|
const requirements = core.getInput("requirements")
|
|
const directory = core.getInput("directory")
|
|
const key = core.getInput("key")
|
|
const inventory = core.getInput("inventory")
|
|
const vaultPassword = core.getInput("vault_password")
|
|
const knownHosts = core.getInput("known_hosts")
|
|
const options = core.getInput("options")
|
|
|
|
let cmd = ["ansible-playbook", playbook]
|
|
|
|
if (options) {
|
|
cmd.push(options.replace(/\n/g, " "))
|
|
}
|
|
|
|
if (directory) {
|
|
process.chdir(directory)
|
|
core.saveState("directory", directory)
|
|
}
|
|
|
|
if (requirements) {
|
|
const requirementsContent = fs.readFileSync(requirements, 'utf8')
|
|
const requirementsObject = yaml.parse(requirementsContent)
|
|
|
|
if (Array.isArray(requirementsObject)) {
|
|
await exec.exec("ansible-galaxy", ["install", "-r", requirements])
|
|
} else {
|
|
if (requirementsObject.roles)
|
|
await exec.exec("ansible-galaxy", ["role", "install", "-r", requirements])
|
|
if (requirementsObject.collections)
|
|
await exec.exec("ansible-galaxy", ["collection", "install", "-r", requirements])
|
|
}
|
|
}
|
|
|
|
if (key) {
|
|
const keyFile = ".ansible_key"
|
|
fs.writeFileSync(keyFile, key + os.EOL, { mode: 0600 })
|
|
core.saveState("keyFile", keyFile)
|
|
cmd.push("--key-file")
|
|
cmd.push(keyFile)
|
|
}
|
|
|
|
if (inventory) {
|
|
const inventoryFile = ".ansible_inventory"
|
|
fs.writeFileSync(inventoryFile, inventory, { mode: 0600 })
|
|
core.saveState("inventoryFile", inventoryFile)
|
|
cmd.push("--inventory-file")
|
|
cmd.push(inventoryFile)
|
|
}
|
|
|
|
if (vaultPassword) {
|
|
const vaultPasswordFile = ".ansible_vault_password"
|
|
fs.writeFileSync(vaultPasswordFile, vaultPassword, { mode: 0600 })
|
|
core.saveState("vaultPasswordFile", vaultPasswordFile)
|
|
cmd.push("--vault-password-file")
|
|
cmd.push(vaultPasswordFile)
|
|
}
|
|
|
|
if (knownHosts) {
|
|
const knownHostsFile = ".ansible_known_hosts"
|
|
fs.writeFileSync(knownHostsFile, knownHosts, { mode: 0600 })
|
|
core.saveState("knownHostsFile", knownHostsFile)
|
|
let known_hosts_param = [
|
|
"--ssh-common-args=",
|
|
"\"",
|
|
"-o UserKnownHostsFile=",
|
|
knownHostsFile,
|
|
"\""
|
|
].join('')
|
|
cmd.push(known_hosts_param)
|
|
process.env.ANSIBLE_HOST_KEY_CHECKING = "True"
|
|
} else {
|
|
process.env.ANSIBLE_HOST_KEY_CHECKING = "False"
|
|
}
|
|
|
|
process.env.ANSIBLE_FORCE_COLOR = "True"
|
|
|
|
await exec.exec(cmd.join(' '))
|
|
|
|
} catch (error) {
|
|
core.setFailed(error.message)
|
|
}
|
|
}
|
|
|
|
main()
|