From a25923418b4bb5187dbe074f60cf4c6da25eee12 Mon Sep 17 00:00:00 2001
From: Elia el Lazkani <blog@lazkani.io>
Date: Sat, 1 Jul 2023 18:21:19 +0200
Subject: [PATCH] chore(): Migrates deployment to ansible

---
 .drone.yml                                    | 67 +++++++++++++++++--
 ansible/ansible.cfg                           |  6 ++
 .../group_vars/_application_/all.yml          |  1 +
 ansible/inventory/hcloud.yml                  |  6 ++
 ansible/requirements.txt                      |  3 +
 ansible/roles/defaults/main.yml               |  3 +
 ansible/roles/tasks/main.yml                  | 33 +++++++++
 ansible/site.yml                              |  8 +++
 8 files changed, 122 insertions(+), 5 deletions(-)
 create mode 100644 ansible/ansible.cfg
 create mode 100644 ansible/inventory/group_vars/_application_/all.yml
 create mode 100644 ansible/inventory/hcloud.yml
 create mode 100644 ansible/requirements.txt
 create mode 100644 ansible/roles/defaults/main.yml
 create mode 100644 ansible/roles/tasks/main.yml
 create mode 100644 ansible/site.yml

diff --git a/.drone.yml b/.drone.yml
index 35baca6..52b5203 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,6 +1,6 @@
 ---
 kind: pipeline
-name: default
+name: generate-blog
 
 clone:
   depth: 1
@@ -36,10 +36,6 @@ steps:
     squash: true
     tags:
     - "${DRONE_COMMIT_SHA:0:8}"
-  when:
-    event:
-      exclude:
-      - tag
 
 - name: build-container
   image: plugins/docker
@@ -60,3 +56,64 @@ steps:
     - promote
     target:
     - production
+
+---
+kind: pipeline
+name: deploy-blog
+
+clone:
+  depth: 1
+
+steps:
+  - name: syntax-check
+    image: plugins/ansible:latest
+    settings:
+      playbook: ansible/site.yml
+      inventory: ansible/inventory/hcloud.yml
+      requirements: ansible/requirements.txt
+      tags: blog
+      check: true
+      diff: true
+      syntax_check: true
+      extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
+    environment:
+      HCLOUD_TOKEN:
+        from_secret: hcloud_token
+
+  - name: dry-run
+    image: plugins/ansible:latest
+    settings:
+      playbook: ansible/site.yml
+      inventory: ansible/inventory/hcloud.yml
+      requirements: ansible/requirements.txt
+      tags: blog
+      check: true
+      diff: true
+      syntax_check: false
+      extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
+    environment:
+      HCLOUD_TOKEN:
+        from_secret: hcloud_token
+
+  - name: deploy
+    image: plugins/ansible:latest
+    settings:
+      playbook: ansible/site.yml
+      inventory: ansible/inventory/hcloud.yml
+      requirements: ansible/requirements.txt
+      tags: blog
+      check: false
+      diff: true
+      syntax_check: false
+      extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
+    environment:
+      HCLOUD_TOKEN:
+        from_secret: hcloud_token
+    when:
+      event:
+      - promote
+      target:
+      - production
+
+depends_on:
+  - generate-blog
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
new file mode 100644
index 0000000..42cfd54
--- /dev/null
+++ b/ansible/ansible.cfg
@@ -0,0 +1,6 @@
+[defaults]
+roles_path = ./external-roles/:./roles/
+host_key_checking = False
+
+[inventory]
+enable_plugins = hetzner.hcloud.hcloud
diff --git a/ansible/inventory/group_vars/_application_/all.yml b/ansible/inventory/group_vars/_application_/all.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/ansible/inventory/group_vars/_application_/all.yml
@@ -0,0 +1 @@
+---
diff --git a/ansible/inventory/hcloud.yml b/ansible/inventory/hcloud.yml
new file mode 100644
index 0000000..a124c36
--- /dev/null
+++ b/ansible/inventory/hcloud.yml
@@ -0,0 +1,6 @@
+plugin: hetzner.hcloud.hcloud
+keyed_groups:
+  - key: labels
+    separator: "_"
+    default_value: ""
+    prefix: ""
diff --git a/ansible/requirements.txt b/ansible/requirements.txt
new file mode 100644
index 0000000..10c014f
--- /dev/null
+++ b/ansible/requirements.txt
@@ -0,0 +1,3 @@
+ansible
+docker
+hcloud
diff --git a/ansible/roles/defaults/main.yml b/ansible/roles/defaults/main.yml
new file mode 100644
index 0000000..e327bfd
--- /dev/null
+++ b/ansible/roles/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+blog_container_tag: "latest"
+blog_http_port: 8080
diff --git a/ansible/roles/tasks/main.yml b/ansible/roles/tasks/main.yml
new file mode 100644
index 0000000..f54ebaa
--- /dev/null
+++ b/ansible/roles/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+- name: Deploy Blog Stack
+  community.docker.docker_compose:
+    project_name: Blog
+    state: present
+    definition:
+      version: '3'
+      services:
+        blog:
+          container_name: blog
+          image: "scm.project42.io/elia/blog:{{ blog_container_tag }}"
+          restart: unless-stopped
+          networks:
+            - traefik-ingress
+          environment:
+           - "NGINX_PORT={{ blog_http_port }}"
+          labels:
+            - "traefik.enable=true"
+            - "traefik.docker.network=traefik-ingress"
+            - "traefik.http.routers.blog.rule=Host(`blog.lazkani.io`)"
+            - "traefik.http.routers.blog.service=blog"
+            - "traefik.http.services.blog.loadbalancer.server.port={{ blog_http_port }}"
+            - "traefik.http.middlewares.weechat-main.chain.middlewares=frame-deny,browser-xss-filter,ssl-redirect"
+            - "traefik.http.routers.blog.tls.certresolver=cloudflareresolver"
+
+      networks:
+        traefik-ingress:
+          external: true
+  register: output_blog
+
+- assert:
+    that:
+      - output_blog.services.blog.blog.state.running
diff --git a/ansible/site.yml b/ansible/site.yml
new file mode 100644
index 0000000..8e795d4
--- /dev/null
+++ b/ansible/site.yml
@@ -0,0 +1,8 @@
+---
+- name: Deploy Blog
+  hosts: _application_
+  become: true
+  tags:
+    - blog
+  roles:
+    - role: blog