🔨 Init

.drone.yml

@@ -0,0 +1,43 @@
+name: Build Docker
+kind: pipeline
+type: docker
+steps:
+
+  - name: Only build image
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo:  harbor.sebclem.fr/sebclem/drone-ansible-runner
+      registry: harbor.sebclem.fr
+      tags: latest
+      dry_run: true
+    when:
+      target:
+        exclude:
+          - production
+
+  - name: Build and Push docker
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo:  harbor.sebclem.fr/sebclem/drone-ansible-runner
+      registry: harbor.sebclem.fr
+      tags: latest
+    when:
+      branch:
+        - main
+      target:
+        - production
+
+trigger:
+  event:
+    - push
+    - custom
+    - promote
+    - rollback

Dockerfile

@@ -0,0 +1,15 @@
+FROM alpine:3.15.0
+
+RUN apk add --no-cache py3-pip bash gcc musl-dev python3-dev libffi-dev
+
+RUN pip3 install --upgrade pip
+
+# renovate: datasource=pypi depName=ansible
+ENV ANSIBLE_VERSION=5.0.1
+RUN pip3 install --no-cache-dir ansible==${ANSIBLE_VERSION}
+
+RUN apk del gcc musl-dev python3-dev libffi-dev
+
+COPY entrypoint /bin/entrypoint
+
+ENTRYPOINT [ "/bin/entrypoint" ]

README.md

@@ -0,0 +1,42 @@
+# Drone Ansible Runner
+
+Config:
+```yml
+kind: pipeline
+name: default
+
+steps:
+  - name: Check ansible syntax
+    image: harbor.sebclem.fr/sebclem/drone-ansible-runner
+    settings:
+      playbook: sites.yml
+      galaxy_file: roles/requirements.yml
+      check_syntax: true
+      vault_token:
+        from_secret: ansible_vault_password
+      private_key:
+        from_secret: ansible_private_key
+    when:
+      event:
+        - push
+        - custom
+
+  - name: Run ansible playbook
+    image: harbor.sebclem.fr/sebclem/drone-ansible-runner
+    settings:
+      verbosity: 1
+      playbook: sites.yml
+      galaxy_file: roles/requirements.yml
+      check_syntax: true
+      vault_token:
+        from_secret: ansible_vault_password
+      private_key:
+        from_secret: ansible_private_key
+      limit: harbor.home
+    when:
+      event:
+        - promote
+        - rollback
+        - custom
+
+```

entrypoint

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+check=${PLUGIN_CHECK_SYNTAX:-false}
+verbosity=${PLUGIN_VERBOSITY:-0}
+
+if [[ -z "$PLUGIN_PLAYBOOK" ]]; then
+    echo -e "\e[31m'playbook' setting not defined, ABORT!\e[39m"
+    exit 1
+fi
+
+if [[ -z "$PLUGIN_PRIVATE_KEY" ]]; then
+    echo -e "\e[31m'private_key' setting not defined, ABORT!\e[39m"
+    exit 1
+fi
+
+echo "$PLUGIN_PRIVATE_KEY" > /root/.ssh/id_ed
+chmod 400 /root/.ssh/id_ed
+
+if [[ -n "$PLUGIN_VAULT_TOKEN" ]]; then
+    echo "Adding vault token to 'credentials/vault_token'"
+    mkdir credentials
+    echo $PLUGIN_VAULT_TOKEN > credentials/vault_token
+    echo ""
+fi
+
+if [[ -n "$PLUGIN_GALAXY_FILE" ]]; then
+    echo "Installing Galaxy dependencies ($PLUGIN_GALAXY_FILE)"
+    echo "\$ ansible-galaxy install -r $PLUGIN_GALAXY_FILE --force"
+    ansible-galaxy install -r $PLUGIN_GALAXY_FILE --force
+    echo ""
+fi
+
+args="$PLUGIN_PLAYBOOK"
+
+if [[ $check = true ]]; then
+    args="$args --syntax-check"
+fi
+
+if [[ $verbosity != "0" ]]; then
+    args="${args} -"
+    for i in `seq 1 $verbosity`; do
+        args="${args}v"
+    done
+fi
+
+if [[ -n "$PLUGIN_LIMIT" ]]; then
+    args="${args} --limit \"$PLUGIN_LIMIT\""
+fi
+
+echo "\$ ansible-playbook $args"
+ansible-playbook $args