#!/usr/bin/env -S deno run --allow-env --allow-net --allow-run --allow-read --allow-write import { BitwardenSession, getRequiredEnv, getStdout, loggerWithPrefix, prependWith, type SecureNote, } from "@liz-ci/utils"; import type { AnsiblePlaybookJobProps } from "@liz-ci/model"; const args: AnsiblePlaybookJobProps = { path: getRequiredEnv("path"), playbooks: getRequiredEnv("playbooks"), }; const logger = loggerWithPrefix(() => `[ansible_playbook."${args.playbooks}"]`); const run = async () => { logger.log( "starting ansible playbook job~ (⑅˘꒳˘) let's configure all the things!", ); const bitwardenSession = new BitwardenSession(); const secretFiles = await Promise.all( ["ansible_secrets", "ssh_key"] .map((secretName) => bitwardenSession .getItem(secretName) .then(async ({ notes: recoveredSecret }) => { const tempFile = await Deno.makeTempFile(); await Deno.writeTextFile(tempFile, recoveredSecret); logger.log(secretName, "safely tucked away at", tempFile, "(˘ω˘)"); return tempFile; }) ), ); const [ansibleSecrets, sshKey] = secretFiles; try { const volumes = [ `${args.path}:/ansible`, `${sshKey}:/root/id_rsa`, `${ansibleSecrets}:/ansible/secrets.yml`, ]; const playbookCmd = `ansible-playbook -e @secrets.yml ${args.playbooks}`; const deployCmd = [ "docker", "run", ...prependWith(volumes, "-v"), "willhallonline/ansible:latest", ...playbookCmd.split(" "), ]; logger.log("running ansible magic~ (◕ᴗ◕✿)", deployCmd); await getStdout(deployCmd); } finally { await Promise.allSettled( [bitwardenSession.close()].concat( secretFiles.map((p) => { logger.log(`tidying up`, p, "keeping things neat and tidy~"); return Deno.remove(p); }), ), ); } logger.log("ansible playbook job all done! servers are happy now (。•̀ᴗ-)✧"); }; if (import.meta.main) { try { await run(); } catch (e) { logger.error( "oh nyo! ansible had a problem", e, "maybe next time? (´。﹏。`)", ); throw e; } }