action-ansible-playbook/main.js
Scott Rubin d45b74f42d Add support for SSH Host Key Checking
By default it seems that SSH host key checking has been disabled. This
patch makes it optional. If a variable named known_hosts is passed in,
the key checking will be enabled. The variable should contain the
complete contents of the known_hosts file, which must contain the public
key(s) of the host(s) in the inventory.
2021-04-04 16:51:46 -04:00

94 lines
3.1 KiB
JavaScript

const core = require('@actions/core')
const exec = require('@actions/exec')
const yaml = require('yaml')
const fs = require('fs')
const os = require('os')
async function main() {
try {
const playbook = core.getInput("playbook", { required: true })
const requirements = core.getInput("requirements")
const directory = core.getInput("directory")
const key = core.getInput("key")
const inventory = core.getInput("inventory")
const vaultPassword = core.getInput("vault_password")
const knownHosts = core.getInput("known_hosts")
const options = core.getInput("options")
let cmd = ["ansible-playbook", playbook]
if (options) {
cmd.push(options.replace(/\n/g, " "))
}
if (directory) {
process.chdir(directory)
core.saveState("directory", directory)
}
if (requirements) {
const requirementsContent = fs.readFileSync(requirements, 'utf8')
const requirementsObject = yaml.parse(requirementsContent)
if (Array.isArray(requirementsObject)) {
await exec.exec("ansible-galaxy", ["install", "-r", requirements])
} else {
if (requirementsObject.roles)
await exec.exec("ansible-galaxy", ["role", "install", "-r", requirements])
if (requirementsObject.collections)
await exec.exec("ansible-galaxy", ["collection", "install", "-r", requirements])
}
}
if (key) {
const keyFile = ".ansible_key"
fs.writeFileSync(keyFile, key + os.EOL, { mode: 0600 })
core.saveState("keyFile", keyFile)
cmd.push("--key-file")
cmd.push(keyFile)
}
if (inventory) {
const inventoryFile = ".ansible_inventory"
fs.writeFileSync(inventoryFile, inventory, { mode: 0600 })
core.saveState("inventoryFile", inventoryFile)
cmd.push("--inventory-file")
cmd.push(inventoryFile)
}
if (vaultPassword) {
const vaultPasswordFile = ".ansible_vault_password"
fs.writeFileSync(vaultPasswordFile, vaultPassword, { mode: 0600 })
core.saveState("vaultPasswordFile", vaultPasswordFile)
cmd.push("--vault-password-file")
cmd.push(vaultPasswordFile)
}
if (knownHosts) {
const knownHostsFile = ".ansible_known_hosts"
fs.writeFileSync(knownHostsFile, knownHosts, { mode: 0600 })
core.saveState("knownHostsFile", knownHostsFile)
let known_hosts_param = [
"--ssh-common-args=",
"\"",
"-o UserKnownHostsFile=",
knownHostsFile,
"\""
].join('')
cmd.push(known_hosts_param)
process.env.ANSIBLE_HOST_KEY_CHECKING = "True"
} else {
process.env.ANSIBLE_HOST_KEY_CHECKING = "False"
}
process.env.ANSIBLE_FORCE_COLOR = "True"
await exec.exec(cmd.join(' '))
} catch (error) {
core.setFailed(error.message)
}
}
main()