From 34d2c4ba3a05e095db3040b02bb0abe2d715d204 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:11:03 -0500 Subject: [PATCH 001/185] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 5f67be2..1640862 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,7 @@ # site-runner-example-app An example repo containing server configuration and app code. + +## Instructions + +This repo was setup using the instructions from https://github.com/operations-project/ansible-collection-site-runner/tree/feature/how-to?#how-to + From ed27539309d57901e044e3b6c66be123ec518e1d Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:13:40 -0500 Subject: [PATCH 002/185] add site runner roles --- .gitmodules | 3 +++ site-runner | 1 + 2 files changed, 4 insertions(+) create mode 100644 .gitmodules create mode 160000 site-runner diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..5e7f47e --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "site-runner"] + path = site-runner + url = https://github.com/operations-project/ansible-collection-site-runner.git diff --git a/site-runner b/site-runner new file mode 160000 index 0000000..9ecc8bb --- /dev/null +++ b/site-runner @@ -0,0 +1 @@ +Subproject commit 9ecc8bb82e77c5590a294b80538ed3c90e822c90 From 987497bf8f379f37b1fcc70adb995e6895a8bbbd Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:22:12 -0500 Subject: [PATCH 003/185] initial files --- .github/workflows/servers.yml | 11 +++++++++++ ansible.cfg | 0 host_vars/server.example.com.yml | 3 +++ inventory.yml | 7 +++++++ 4 files changed, 21 insertions(+) create mode 100644 .github/workflows/servers.yml create mode 100644 ansible.cfg create mode 100644 host_vars/server.example.com.yml create mode 100644 inventory.yml diff --git a/.github/workflows/servers.yml b/.github/workflows/servers.yml new file mode 100644 index 0000000..a1a5e18 --- /dev/null +++ b/.github/workflows/servers.yml @@ -0,0 +1,11 @@ +jobs: + playbook: + runs-on: "control@server.mydomain.com" + + steps: + - name: Checkout codebase + uses: actions/checkout@v4 + + - name: Run playbook + run: | + ansible-playbook --connection local --limit control@server.mydomain.com --extra-vars operations_github_api_token=${{ secrets.GITHUB_TOKEN_RUNNER_ADMIN }} site-runner/playbook.yml diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..e69de29 diff --git a/host_vars/server.example.com.yml b/host_vars/server.example.com.yml new file mode 100644 index 0000000..eba729c --- /dev/null +++ b/host_vars/server.example.com.yml @@ -0,0 +1,3 @@ +# See example https://github.com/operations-project/ansible-collection-site-runner/blob/main/ansible/host_vars/host.example.yml +operations_github_runners: + - runner_repo: operations-project/site-runner-example-app diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000..f2da63d --- /dev/null +++ b/inventory.yml @@ -0,0 +1,7 @@ +# See example https://github.com/operations-project/ansible-collection-site-runner/blob/main/ansible/host_vars/host.example.yml +all: + vars: + operations_admin_users: + # Put your github usernames here. + # - jonpugh + From 1e58b99db780b1d369769ecde9e2576ab1fec6c7 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:22:57 -0500 Subject: [PATCH 004/185] hosts file --- hosts | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 hosts diff --git a/hosts b/hosts new file mode 100644 index 0000000..8645f02 --- /dev/null +++ b/hosts @@ -0,0 +1,2 @@ +[operations_host_ddev] +server.mydomain.com ansible_connection=local From 5f5e10f7f6ba41c852f7a6265637723bb0d11a26 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:40:57 -0500 Subject: [PATCH 005/185] Add runner.test.yml for testing your config in CI --- .github/workflows/runner.test.yml | 48 +++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .github/workflows/runner.test.yml diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml new file mode 100644 index 0000000..44bdd1f --- /dev/null +++ b/.github/workflows/runner.test.yml @@ -0,0 +1,48 @@ +# +name: Test server config +on: + pull_request: + +env: + # This example creates github runners for each subsequent job. + # To do so, it needs a GitHub token with admin:write permissions. + # Create a personal access token with admin:write permissions on the repository you wish to deploy. + GITHUB_TOKEN: "${{ secrets.OPERATIONS_GITHUB_TOKEN_ADMIN }}" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number }} + cancel-in-progress: false + +jobs: + # This emulates a persistent server. The ddev.site.deploy.yml jobs require one. + # This job runs the rest. It will stay running until the last job is complete. + create-server: + name: Launch test runner + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + repository: 'operations-project/github-runner-starter' + ref: 'v1.2.1' + + # Kick off the runner script over and over until there are no more queued jobs. + - name: "Launch runner script." + + run: | + while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do + sleep 2 + ./github-runner-starter \ + --run \ + --name=github.actions.runner.${{ github.run_id }}.${{ matrix.runner }} \ + --labels=github.actions.runner.${{ github.run_id }} \ + --config-sh-options=--ephemeral + sleep 2 + done + + configure-server: + name: Configure server + runs-on: github.actions.runner.${{ github.run_id }} + steps: + - uses: actions/checkout@v4 + - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts + - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${{ secrets.OPERATIONS_GITHUB_API_TOKEN }} From 6794fc1159584507e5a840151c7cc15207731026 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:42:15 -0500 Subject: [PATCH 006/185] Use GITHUB_TOKEN_RUNNER_ADMIN --- .github/workflows/runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index 44bdd1f..bdecf4f 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -7,7 +7,7 @@ env: # This example creates github runners for each subsequent job. # To do so, it needs a GitHub token with admin:write permissions. # Create a personal access token with admin:write permissions on the repository you wish to deploy. - GITHUB_TOKEN: "${{ secrets.OPERATIONS_GITHUB_TOKEN_ADMIN }}" + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN_RUNNER_ADMIN }}" concurrency: group: ${{ github.workflow }}-${{ github.event.number }} From 2ae9e0282fc5c0b07014cfe858f3760ca72ee9e8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:43:14 -0500 Subject: [PATCH 007/185] Use GITHUB_TOKEN, rename var --- .github/workflows/runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index bdecf4f..0ee26e5 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -45,4 +45,4 @@ jobs: steps: - uses: actions/checkout@v4 - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts - - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${{ secrets.OPERATIONS_GITHUB_API_TOKEN }} + - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${GITHUB_TOKEN} From 5aee5537b71b846b8305a2fe5b6179de18f054ee Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:46:06 -0500 Subject: [PATCH 008/185] Update runner.test.yml --- .github/workflows/runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index 0ee26e5..dd6f7f5 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -7,7 +7,7 @@ env: # This example creates github runners for each subsequent job. # To do so, it needs a GitHub token with admin:write permissions. # Create a personal access token with admin:write permissions on the repository you wish to deploy. - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN_RUNNER_ADMIN }}" + GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" concurrency: group: ${{ github.workflow }}-${{ github.event.number }} From f38f0ab0ef6053fa34b38dd001e6472e71ed0f0d Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:49:10 -0500 Subject: [PATCH 009/185] Run on container with ansible already installed. --- .github/workflows/runner.test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index dd6f7f5..6aa12ef 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -19,6 +19,8 @@ jobs: create-server: name: Launch test runner runs-on: ubuntu-latest + container: + image: geerlingguy/docker-ubuntu2404-ansible steps: - uses: actions/checkout@v4 with: From e8f2d2d7e1073f9cc3693d3d9c4aa60136c511f8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:50:48 -0500 Subject: [PATCH 010/185] Wrong job to run in container. --- .github/workflows/runner.test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index 6aa12ef..adeaf90 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -19,8 +19,6 @@ jobs: create-server: name: Launch test runner runs-on: ubuntu-latest - container: - image: geerlingguy/docker-ubuntu2404-ansible steps: - uses: actions/checkout@v4 with: @@ -44,6 +42,8 @@ jobs: configure-server: name: Configure server runs-on: github.actions.runner.${{ github.run_id }} + container: + image: geerlingguy/docker-ubuntu2404-ansible steps: - uses: actions/checkout@v4 - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts From 817a2cc167f6d486e116697c1a3566dd2bab7981 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:53:08 -0500 Subject: [PATCH 011/185] Create ansible-hosts for testing --- .github/workflows/ansible-hosts | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .github/workflows/ansible-hosts diff --git a/.github/workflows/ansible-hosts b/.github/workflows/ansible-hosts new file mode 100644 index 0000000..8645f02 --- /dev/null +++ b/.github/workflows/ansible-hosts @@ -0,0 +1,2 @@ +[operations_host_ddev] +server.mydomain.com ansible_connection=local From 9fe3229fc45defad721c6bdf691b48d331340dfc Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:55:33 -0500 Subject: [PATCH 012/185] Update runner.test.yml --- .github/workflows/runner.test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index adeaf90..687bc77 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -46,5 +46,7 @@ jobs: image: geerlingguy/docker-ubuntu2404-ansible steps: - uses: actions/checkout@v4 + with: + submodules: true - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${GITHUB_TOKEN} From 48b09b6f0824cc3c3c34b3d07d735e8ca126fad1 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 09:57:53 -0500 Subject: [PATCH 013/185] Ubuntu GIT is not the latest?? --- .github/workflows/runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index 687bc77..7915cac 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -43,7 +43,7 @@ jobs: name: Configure server runs-on: github.actions.runner.${{ github.run_id }} container: - image: geerlingguy/docker-ubuntu2404-ansible + image: geerlingguy/docker-rockylinux10-ansible steps: - uses: actions/checkout@v4 with: From 66a5608a61fc57b8ae8df979cf7881a571f24475 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 10:02:25 -0500 Subject: [PATCH 014/185] Update runner.test.yml --- .github/workflows/runner.test.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index 7915cac..31b7f3b 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -43,10 +43,9 @@ jobs: name: Configure server runs-on: github.actions.runner.${{ github.run_id }} container: - image: geerlingguy/docker-rockylinux10-ansible + image: geerlingguy/docker-ubuntu2404-ansible steps: - uses: actions/checkout@v4 - with: - submodules: true + - run: git submodule init && git submodule update - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${GITHUB_TOKEN} From 67eb16861d549d4191a7d588df4c52808ef4ff67 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 10:05:23 -0500 Subject: [PATCH 015/185] try to install git. --- .github/workflows/runner.test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index 31b7f3b..98cc4f8 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -43,9 +43,11 @@ jobs: name: Configure server runs-on: github.actions.runner.${{ github.run_id }} container: + + # Test on your OS of choice. image: geerlingguy/docker-ubuntu2404-ansible steps: + - run: apt-get install update && apt-get install git - uses: actions/checkout@v4 - - run: git submodule init && git submodule update - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${GITHUB_TOKEN} From c8e26a8d09f178381522dd58dd40baf7d3b75b8f Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 10:08:37 -0500 Subject: [PATCH 016/185] Update runner.test.yml --- .github/workflows/runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index 98cc4f8..f749b47 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -47,7 +47,7 @@ jobs: # Test on your OS of choice. image: geerlingguy/docker-ubuntu2404-ansible steps: - - run: apt-get install update && apt-get install git + - run: apt-get update && apt-get install git - uses: actions/checkout@v4 - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${GITHUB_TOKEN} From e54666b5dba3f365d651295cc00ae0faf94565a2 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 10:11:13 -0500 Subject: [PATCH 017/185] Fix git install --- .github/workflows/runner.test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index f749b47..ad19644 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -47,7 +47,9 @@ jobs: # Test on your OS of choice. image: geerlingguy/docker-ubuntu2404-ansible steps: - - run: apt-get update && apt-get install git + - run: apt-get update && apt-get install -y git - uses: actions/checkout@v4 + with: + submodules: true - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${GITHUB_TOKEN} From f3081a90d4426a3ee43c75caf100cddc170291bb Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 5 Nov 2025 10:15:27 -0500 Subject: [PATCH 018/185] Recursive submodules. --- .github/workflows/runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/runner.test.yml index ad19644..c7de009 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/runner.test.yml @@ -50,6 +50,6 @@ jobs: - run: apt-get update && apt-get install -y git - uses: actions/checkout@v4 with: - submodules: true + submodules: recursive - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${GITHUB_TOKEN} From 9c48a3b335abafdf06aeb2dfceb8806ab8c66723 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:09:58 -0500 Subject: [PATCH 019/185] Use rockylinux, add comments. --- .../{runner.test.yml => site-runner.test.yml} | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) rename .github/workflows/{runner.test.yml => site-runner.test.yml} (75%) diff --git a/.github/workflows/runner.test.yml b/.github/workflows/site-runner.test.yml similarity index 75% rename from .github/workflows/runner.test.yml rename to .github/workflows/site-runner.test.yml index c7de009..a311298 100644 --- a/.github/workflows/runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -1,9 +1,13 @@ # +# site-runner.test.yml +# This workflow allows you to test your server config in a container. +# Use it for testing out changes to your Ansible inventory or Roles. +# name: Test server config on: pull_request: -env: +env: # This example creates github runners for each subsequent job. # To do so, it needs a GitHub token with admin:write permissions. # Create a personal access token with admin:write permissions on the repository you wish to deploy. @@ -45,11 +49,19 @@ jobs: container: # Test on your OS of choice. - image: geerlingguy/docker-ubuntu2404-ansible + # Jeff's images have ansible pre-installed: https://hub.docker.com/u/geerlingguy + # Using rockylinux8 here to match the tests from site runner ansible role: https://github.com/operations-project/ansible-collection-site-runner/blob/main/Dockerfile + image: geerlingguy/docker-rockylinux8-ansible + steps: - - run: apt-get update && apt-get install -y git + - run: | + yum -y install git + chmod 0400 /etc/shadow + - uses: actions/checkout@v4 with: submodules: recursive + + # Server hostname is stored here. - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${GITHUB_TOKEN} From e01328db34490215eea66e547978fb5a57948ce5 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:15:34 -0500 Subject: [PATCH 020/185] Create docker-compose.yml --- docker-compose.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 docker-compose.yml diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..0d05666 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,16 @@ +# For testing and development. + +--- +services: + operations: + image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest + cgroup: host + cgroup_parent: docker.slice + privileged: true + volumes: + - ./:/usr/share/operations + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - ./ansible:/etc/ansible + env_file: + - .env + build: ./ From 6f532e8d20fcd0ad1f1e0f85a0e6c59f687701d8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:16:59 -0500 Subject: [PATCH 021/185] Create Dockerfile --- Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..7a2f1d5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +# This is for testing and development only. +# SSHD must be installed before running the playbook. +# Thanks: https://stackoverflow.com/questions/71040681/qemu-x86-64-could-not-open-lib64-ld-linux-x86-64-so-2-no-such-file-or-direc +FROM geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest + +# https://github.com/geerlingguy/docker-rockylinux9-ansible/issues/6#issuecomment-2676248714 +RUN chmod 0400 /etc/shadow From 759674de9410a49edeb57040c548191e0b7a7d37 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:18:36 -0500 Subject: [PATCH 022/185] Delete Dockerfile --- Dockerfile | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 7a2f1d5..0000000 --- a/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -# This is for testing and development only. -# SSHD must be installed before running the playbook. -# Thanks: https://stackoverflow.com/questions/71040681/qemu-x86-64-could-not-open-lib64-ld-linux-x86-64-so-2-no-such-file-or-direc -FROM geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest - -# https://github.com/geerlingguy/docker-rockylinux9-ansible/issues/6#issuecomment-2676248714 -RUN chmod 0400 /etc/shadow From d553c79a314ae8dc43e78672fdcca99dac8af981 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:25:22 -0500 Subject: [PATCH 023/185] Replace this job with one just like the project's --- .github/workflows/site-runner.test.yml | 56 ++++++++------------------ 1 file changed, 17 insertions(+), 39 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index a311298..303d83e 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -18,50 +18,28 @@ concurrency: cancel-in-progress: false jobs: - # This emulates a persistent server. The ddev.site.deploy.yml jobs require one. - # This job runs the rest. It will stay running until the last job is complete. - create-server: - name: Launch test runner + configure-server: + name: Run Playbook runs-on: ubuntu-latest + steps: - - uses: actions/checkout@v4 + - uses: jonpugh/goatscripts@v1 + - name: Install docker-compose + uses: KengoTODA/actions-setup-docker-compose@v1 with: - repository: 'operations-project/github-runner-starter' - ref: 'v1.2.1' + version: '2.24.0' - # Kick off the runner script over and over until there are no more queued jobs. - - name: "Launch runner script." + - uses: actions/checkout@v3 + with: + submodules: true + - name: Start Container run: | - while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do - sleep 2 - ./github-runner-starter \ - --run \ - --name=github.actions.runner.${{ github.run_id }}.${{ matrix.runner }} \ - --labels=github.actions.runner.${{ github.run_id }} \ - --config-sh-options=--ephemeral - sleep 2 - done + docker compose up -d + docker-compose exec operations chmod 0400 /etc/shadow - configure-server: - name: Configure server - runs-on: github.actions.runner.${{ github.run_id }} - container: - - # Test on your OS of choice. - # Jeff's images have ansible pre-installed: https://hub.docker.com/u/geerlingguy - # Using rockylinux8 here to match the tests from site runner ansible role: https://github.com/operations-project/ansible-collection-site-runner/blob/main/Dockerfile - image: geerlingguy/docker-rockylinux8-ansible - - steps: - - run: | - yum -y install git - chmod 0400 /etc/shadow + - name: Inventory + run: run-with-summary docker compose exec operations ansible-playbook site-runner/playbook.yml + env: + SUCCESS: "Ansible inventory" - - uses: actions/checkout@v4 - with: - submodules: recursive - - # Server hostname is stored here. - - run: cp .github/workflows/ansible-hosts /etc/ansible/hosts - - run: ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=${GITHUB_TOKEN} From d041787c648b558f4c358f2475e08087b500e609 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:28:04 -0500 Subject: [PATCH 024/185] Update docker-compose.yml volumes --- docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 0d05666..7ccd8d0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,8 +7,9 @@ services: cgroup: host cgroup_parent: docker.slice privileged: true + working_dir: /app volumes: - - ./:/usr/share/operations + - ./:/app - /sys/fs/cgroup:/sys/fs/cgroup:rw - ./ansible:/etc/ansible env_file: From 45aa424811b31e7e5c885f99d86b83243a9fc0db Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:29:35 -0500 Subject: [PATCH 025/185] No .env file, no build. --- docker-compose.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 7ccd8d0..5a37c38 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,6 +12,3 @@ services: - ./:/app - /sys/fs/cgroup:/sys/fs/cgroup:rw - ./ansible:/etc/ansible - env_file: - - .env - build: ./ From 3e4052ed9c7f16dd4787f8e6f54df87f5379e1bd Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:33:24 -0500 Subject: [PATCH 026/185] No scripts, yet. --- .github/workflows/site-runner.test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 303d83e..b8477f5 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -35,11 +35,11 @@ jobs: - name: Start Container run: | - docker compose up -d + docker compose up -d --quiet-pull docker-compose exec operations chmod 0400 /etc/shadow - name: Inventory - run: run-with-summary docker compose exec operations ansible-playbook site-runner/playbook.yml + run: docker compose exec operations ansible-playbook site-runner/playbook.yml env: SUCCESS: "Ansible inventory" From 40f497b61c6ebd6fa054d5758dc113054759d091 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:41:51 -0500 Subject: [PATCH 027/185] create ansible dir. --- ansible.cfg => ansible/ansible.cfg | 0 {host_vars => ansible/host_vars}/server.example.com.yml | 0 hosts => ansible/hosts | 0 inventory.yml => ansible/inventory.yml | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename ansible.cfg => ansible/ansible.cfg (100%) rename {host_vars => ansible/host_vars}/server.example.com.yml (100%) rename hosts => ansible/hosts (100%) rename inventory.yml => ansible/inventory.yml (100%) diff --git a/ansible.cfg b/ansible/ansible.cfg similarity index 100% rename from ansible.cfg rename to ansible/ansible.cfg diff --git a/host_vars/server.example.com.yml b/ansible/host_vars/server.example.com.yml similarity index 100% rename from host_vars/server.example.com.yml rename to ansible/host_vars/server.example.com.yml diff --git a/hosts b/ansible/hosts similarity index 100% rename from hosts rename to ansible/hosts diff --git a/inventory.yml b/ansible/inventory.yml similarity index 100% rename from inventory.yml rename to ansible/inventory.yml From 1a77cda9e2dc55c42f0e5e499248a72a66fc1d62 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:45:01 -0500 Subject: [PATCH 028/185] Use group vars all.yml to store global stuff --- ansible/group_vars/all.yml | 7 +++++++ ansible/inventory.yml | 7 ------- 2 files changed, 7 insertions(+), 7 deletions(-) create mode 100644 ansible/group_vars/all.yml delete mode 100644 ansible/inventory.yml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml new file mode 100644 index 0000000..d72315a --- /dev/null +++ b/ansible/group_vars/all.yml @@ -0,0 +1,7 @@ + +# Put your github usernames here. +# Each one will get a user with ssh and sudo acccess. + +operations_admin_users: + # - jonpugh + diff --git a/ansible/inventory.yml b/ansible/inventory.yml deleted file mode 100644 index f2da63d..0000000 --- a/ansible/inventory.yml +++ /dev/null @@ -1,7 +0,0 @@ -# See example https://github.com/operations-project/ansible-collection-site-runner/blob/main/ansible/host_vars/host.example.yml -all: - vars: - operations_admin_users: - # Put your github usernames here. - # - jonpugh - From 26f8fad5a9c07263496263234e255af5d8875ac9 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:48:42 -0500 Subject: [PATCH 029/185] update ansible config --- ansible/ansible.cfg | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index e69de29..a5bc846 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -0,0 +1,9 @@ +[defaults] +stdout_callback = yaml +force_color = True + +# The ./roles path next to the playbook is used automatically. + +# It's not really recommended to install roles here because you want to run the roles from your git repo. +# The roles in your repo are cloned to the runner's working directory are used instead. +# roles_path = /etc/ansible/roles From b20c68e6902e910a0b82a9da9d83f3142c1c0ff2 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:50:20 -0500 Subject: [PATCH 030/185] list hosts --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index b8477f5..5101f9d 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -39,7 +39,7 @@ jobs: docker-compose exec operations chmod 0400 /etc/shadow - name: Inventory - run: docker compose exec operations ansible-playbook site-runner/playbook.yml + run: docker compose exec operations ansible-playbook site-runner/playbook.yml --list-hosts env: SUCCESS: "Ansible inventory" From 10cce43c99707ff774229cc6dc9f3df61ab61906 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:53:44 -0500 Subject: [PATCH 031/185] Run playbook --- .github/workflows/site-runner.test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 5101f9d..66af133 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -43,3 +43,5 @@ jobs: env: SUCCESS: "Ansible inventory" + - name: Playbook + run: docker compose exec operations ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=$GITHUB_TOKEN From b92f6a8b11a1b063e1d50fc02759da79deca9440 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 07:54:39 -0500 Subject: [PATCH 032/185] Run action From 2ce6f172d7b52969cf33aaab45569064c730b6c4 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 08:00:18 -0500 Subject: [PATCH 033/185] Wrong server name. --- .../host_vars/{server.example.com.yml => server.mydomain.com.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ansible/host_vars/{server.example.com.yml => server.mydomain.com.yml} (100%) diff --git a/ansible/host_vars/server.example.com.yml b/ansible/host_vars/server.mydomain.com.yml similarity index 100% rename from ansible/host_vars/server.example.com.yml rename to ansible/host_vars/server.mydomain.com.yml From 1cc4a0069139237113786432d1465a3edc3ebc62 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 08:04:20 -0500 Subject: [PATCH 034/185] Recursive submodules. --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 66af133..c3d6c99 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -31,7 +31,7 @@ jobs: - uses: actions/checkout@v3 with: - submodules: true + submodules: recursive - name: Start Container run: | From e9c073b92205c4b4f24a8073ecb59d75109cfd9a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 08:06:26 -0500 Subject: [PATCH 035/185] need user for testing --- ansible/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index d72315a..230a797 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -3,5 +3,5 @@ # Each one will get a user with ssh and sudo acccess. operations_admin_users: - # - jonpugh + - jonpugh From abdad780d7c2b0e062b2ec16f006ac1589b6c42e Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 08:25:35 -0500 Subject: [PATCH 036/185] Create README.md --- ansible/README.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ansible/README.md diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..545c6cf --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,7 @@ +# Ansible Server Configuration + +Our server configuration. + +- `hosts` - list of servers. +- `group_vars/all.yml` - Global variables. Users. +- `group_vars/yourservername.yml` - Server specific config. From 5208ba32524d4ea9cdcade28c547ddf55d172db9 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 08:55:42 -0500 Subject: [PATCH 037/185] Move to ansible folder --- .gitmodules | 2 +- site-runner => ansible/site-runner | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename site-runner => ansible/site-runner (100%) diff --git a/.gitmodules b/.gitmodules index 5e7f47e..724ef59 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "site-runner"] - path = site-runner + path = ansible/site-runner url = https://github.com/operations-project/ansible-collection-site-runner.git diff --git a/site-runner b/ansible/site-runner similarity index 100% rename from site-runner rename to ansible/site-runner From f29aed87eae553cc3f2742a5c5f9bb428da3c195 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:01:00 -0500 Subject: [PATCH 038/185] New ansible file in root so that ansible command can be run from there without using /etc/ansible --- ansible.cfg | 19 +++++++++++++++++++ ansible/ansible.cfg | 11 ++++++++--- 2 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 ansible.cfg diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..fa7cf3e --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,19 @@ +# These settings work from the repo root, given that the inventory and roles are in ./ansible. + +[defaults] +stdout_callback = yaml +force_color = True + +# You don't have to set /etc/ansible if you set the inventory path. +# When setting inventory, the host_vars and group_vars will be loaded automatically. +inventory = ./ansible/hosts + + +# The ./roles path next to the playbook is used automatically. +# If you are using your own playbook, you will have to make sure the site-runner roles are available +# by setting roles_path. + + +# It's not really recommended to install roles here because you want to run the roles from your git repo. +# The roles in your repo are cloned to the runner's working directory are used instead. +# roles_path = /etc/ansible/roles diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index a5bc846..dad3e96 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,6 +1,11 @@ -[defaults] -stdout_callback = yaml -force_color = True +# This file can be placed at /etc/ansible to set global config. +# Typically, however, the 'ansible' command will be run from your repo root, so it will use the +# ansible.cfg file there. + + +# [defaults] +# stdout_callback = yaml +# force_color = True # The ./roles path next to the playbook is used automatically. From 93b6cc63fb2c2e376df19ba9c0dee80b745e2957 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:03:07 -0500 Subject: [PATCH 039/185] Moved site runner playbook --- .github/workflows/site-runner.test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index c3d6c99..46e7d16 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -39,9 +39,9 @@ jobs: docker-compose exec operations chmod 0400 /etc/shadow - name: Inventory - run: docker compose exec operations ansible-playbook site-runner/playbook.yml --list-hosts + run: docker compose exec operations ansible-playbook ansible/site-runner/playbook.yml --list-hosts env: SUCCESS: "Ansible inventory" - name: Playbook - run: docker compose exec operations ansible-playbook site-runner/playbook.yml --extra-vars operations_github_api_token=$GITHUB_TOKEN + run: docker compose exec operations ansible-playbook ansible/site-runner/playbook.yml --extra-vars operations_github_api_token=$GITHUB_TOKEN From 38cbf620acc00037387c6e8541c20e8d54d2d9f7 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:08:50 -0500 Subject: [PATCH 040/185] Add example playbook and roles symlink so we dont have to alter ansible.cfg. --- ansible/playbook.example.yml | 59 ++++++++++++++++++++++++++++++++++++ ansible/roles | 1 + 2 files changed, 60 insertions(+) create mode 100644 ansible/playbook.example.yml create mode 120000 ansible/roles diff --git a/ansible/playbook.example.yml b/ansible/playbook.example.yml new file mode 100644 index 0000000..689cea2 --- /dev/null +++ b/ansible/playbook.example.yml @@ -0,0 +1,59 @@ +# +# This playbook was copied from the Site Runner Ansible repo: https://github.com/operations-project/ansible-collection-site-runner/blob/main/playbook.yml +# +# This grants you total control what happens on your server. +# To use this playbook, just make sure the roles are available by setting roles_path or +# using the symlink. +# +--- +- name: Configure Server + hosts: all + become: true + + pre_tasks: + + # Set server hostnames to inventory hostname. + - name: "Set hostname for {{ ansible_nodename }} to {{ inventory_hostname }}." + hostname: + name: "{{ inventory_hostname }}" + when: inventory_hostname != ansible_nodename + register: result + until: result.failed != true + retries: 5 + delay: 2 + + - name: Prerequisite Packages + package: + name: + - openssh-server + - git + - gpg + + roles: + - role: geerlingguy.security + tags: system + vars: + security_sudoers_passwordless: "{{ [operations_control_user|default('control')] + operations_admin_users|default([]) }}" + security_ssh_allowed_users: "{{ [operations_control_user|default('control')] + [operations_platform_user|default('platform')] + operations_admin_users|default([]) }}" + + - role: geerlingguy.github-users + tags: system + vars: + github_users: "{{ operations_admin_users | default([]) }}" + +- name: "Configure Hosting: DDEV" + hosts: operations_host_ddev + become: true + + roles: + - role: geerlingguy.docker + tags: system + + - role: operations.users + tags: operations + + - role: operations.ddev + tags: operations, ddev + + - role: operations.runner + tags: operations, runner diff --git a/ansible/roles b/ansible/roles new file mode 120000 index 0000000..2107a37 --- /dev/null +++ b/ansible/roles @@ -0,0 +1 @@ +site-runner/roles/ \ No newline at end of file From d9f79471fdc7848b7cac174b224a7b8da630b86b Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:10:49 -0500 Subject: [PATCH 041/185] Use example playbook --- .github/workflows/site-runner.test.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 46e7d16..c5ea368 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -13,6 +13,11 @@ env: # Create a personal access token with admin:write permissions on the repository you wish to deploy. GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" + # The playbook to run. + # You can use the one included in the site-runn ansible roles or make your own. + # ANSIBLE_PLAYBOOK: ansible/site-runner/playbook.yml + ANSIBLE_PLAYBOOK: ansible/playbook.example.yml + concurrency: group: ${{ github.workflow }}-${{ github.event.number }} cancel-in-progress: false @@ -39,9 +44,9 @@ jobs: docker-compose exec operations chmod 0400 /etc/shadow - name: Inventory - run: docker compose exec operations ansible-playbook ansible/site-runner/playbook.yml --list-hosts + run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts env: SUCCESS: "Ansible inventory" - name: Playbook - run: docker compose exec operations ansible-playbook ansible/site-runner/playbook.yml --extra-vars operations_github_api_token=$GITHUB_TOKEN + run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=$GITHUB_TOKEN From a5b0168fd4dbdd44e000ebddbbfbbfdcb99be818 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:13:58 -0500 Subject: [PATCH 042/185] Remove ansible folder mount. We want it to work from local folder all by itself. --- docker-compose.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5a37c38..4425c7e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,4 +11,6 @@ services: volumes: - ./:/app - /sys/fs/cgroup:/sys/fs/cgroup:rw - - ./ansible:/etc/ansible + + # We want it to work from local repo only. + # - ./ansible:/etc/ansible From a70e182e637956dd7e162776ac364e7f3ae55205 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:24:04 -0500 Subject: [PATCH 043/185] Create site.preview.yml --- .github/workflows/site.preview.yml | 73 ++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 .github/workflows/site.preview.yml diff --git a/.github/workflows/site.preview.yml b/.github/workflows/site.preview.yml new file mode 100644 index 0000000..2b79b64 --- /dev/null +++ b/.github/workflows/site.preview.yml @@ -0,0 +1,73 @@ +# +# site.preview.yml +# +# Launch and test preview sites for each pull request. +# +name: Preview Site +on: + pull_request: + +# Cancel jobs if another push is received. +concurrency: + group: ${{ github.workflow }}-${{ github.event.number }} + cancel-in-progress: false + +env: + SITE_URL: http://pr${{ github.event.number }}.server.mydomain.com + +jobs: + create-site: + name: Create Preview Site + uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows + with: + + # Where to install your site. + # By default, the site runner ansible role creates user "platform" at "/var/platform" + git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} + + # Project name for this instance. Used to generate the domain name. + ddev_project_name: example.pr${{ github.event.number }} + + # Top-level domain. Sites are hosted as subdomains under this. + ddev_project_tld: server.mydomain.com + + # Tell the remote workflow what to run on. + # For site runner, the default is "platform@{hostname -f}" + # This is defined in the site runner playbook, but can be controlled with variables. + github_runs_on: platform@server.mydomain.com + + # Define the github environment name, to be displayed in the UI. + github_environment_name: pr${{ github.event.number }} + + # Define a github environment url, a link to be shown on the pull request. + github_environment_url: http://example.pr${{ github.event.number }}.server.mydomain.com + + # To persist a site's data, set "run_prepare_command" to false. + run_prepare_command: true + + # Prepare the site's data. Run your sync/import/install script. + # Change to 'ddev drush site:install' or 'ddev sync' or whatever your project uses to prepare the site data. + prepare_command: ddev status + + # Command to run after deploying code changes + # Change to 'ddev drush update:database' or './deploy.sh' or whatever your project uses to after new code is available. + deploy_command: ddev status + + # Additional ddev config to apply to the environment. + # Will be saved to .ddev/config.zzz.runner.yaml + # See your project's .ddev/config.yaml file for examples. + ddev_config: | + + # Test .github/workflows/operations.site.command.yml + run-command: + name: DDEV Status + uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.command.yml@feature/reusable-workflows + needs: create-site + with: + working_directory: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} + github_runs_on: platform@server.mydomain.com + env: | + SUCCESS="DDEV Status Command" + HIDE=1 + command: | + ddev status From 25862d90b48db34a0f126e41309380ffcf0c2af8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:26:14 -0500 Subject: [PATCH 044/185] Add ddev test config --- .ddev/config.yaml | 280 ++++++++++++++++++++++++++++++++++++++++++++++ web/index.html | 1 + 2 files changed, 281 insertions(+) create mode 100644 .ddev/config.yaml create mode 100644 web/index.html diff --git a/.ddev/config.yaml b/.ddev/config.yaml new file mode 100644 index 0000000..880d118 --- /dev/null +++ b/.ddev/config.yaml @@ -0,0 +1,280 @@ +name: example +type: php +docroot: web +php_version: "8.2" +webserver_type: nginx-fpm +xdebug_enabled: false +additional_hostnames: [] +additional_fqdns: [] +database: + type: mariadb + version: "10.11" +use_dns_when_possible: true +composer_version: "2" +web_environment: [] +corepack_enable: false + +# Key features of DDEV's config.yaml: + +# name: # Name of the project, automatically provides +# http://projectname.ddev.site and https://projectname.ddev.site + +# type: # backdrop, craftcms, django4, drupal, drupal6, drupal7, laravel, magento, magento2, php, python, shopware6, silverstripe, typo3, wordpress +# See https://ddev.readthedocs.io/en/stable/users/quickstart/ for more +# information on the different project types +# "drupal" covers recent Drupal 8+ + +# docroot: # Relative path to the directory containing index.php. + +# php_version: "8.2" # PHP version to use, "5.6", "7.0", "7.1", "7.2", "7.3", "7.4", "8.0", "8.1", "8.2", "8.3" + +# You can explicitly specify the webimage but this +# is not recommended, as the images are often closely tied to DDEV's' behavior, +# so this can break upgrades. + +# webimage: # nginx/php docker image. + +# database: +# type: # mysql, mariadb, postgres +# version: # database version, like "10.11" or "8.0" +# MariaDB versions can be 5.5-10.8 and 10.11, MySQL versions can be 5.5-8.0 +# PostgreSQL versions can be 9-16. + +# router_http_port: # Port to be used for http (defaults to global configuration, usually 80) +# router_https_port: # Port for https (defaults to global configuration, usually 443) + +# xdebug_enabled: false # Set to true to enable Xdebug and "ddev start" or "ddev restart" +# Note that for most people the commands +# "ddev xdebug" to enable Xdebug and "ddev xdebug off" to disable it work better, +# as leaving Xdebug enabled all the time is a big performance hit. + +# xhprof_enabled: false # Set to true to enable Xhprof and "ddev start" or "ddev restart" +# Note that for most people the commands +# "ddev xhprof" to enable Xhprof and "ddev xhprof off" to disable it work better, +# as leaving Xhprof enabled all the time is a big performance hit. + +# webserver_type: nginx-fpm, apache-fpm, or nginx-gunicorn + +# timezone: Europe/Berlin +# This is the timezone used in the containers and by PHP; +# it can be set to any valid timezone, +# see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +# For example Europe/Dublin or MST7MDT + +# composer_root: +# Relative path to the Composer root directory from the project root. This is +# the directory which contains the composer.json and where all Composer related +# commands are executed. + +# composer_version: "2" +# You can set it to "" or "2" (default) for Composer v2 or "1" for Composer v1 +# to use the latest major version available at the time your container is built. +# It is also possible to use each other Composer version channel. This includes: +# - 2.2 (latest Composer LTS version) +# - stable +# - preview +# - snapshot +# Alternatively, an explicit Composer version may be specified, for example "2.2.18". +# To reinstall Composer after the image was built, run "ddev debug refresh". + +# nodejs_version: "20" +# change from the default system Node.js version to any other version. +# Numeric version numbers can be complete (i.e. 18.15.0) or +# incomplete (18, 17.2, 16). 'lts' and 'latest' can be used as well along with +# other named releases. +# see https://www.npmjs.com/package/n#specifying-nodejs-versions +# Note that you can continue using 'ddev nvm' or nvm inside the web container +# to change the project's installed node version if you need to. + +# corepack_enable: false +# Change to 'true' to 'corepack enable' and gain access to latest versions of yarn/pnpm + +# additional_hostnames: +# - somename +# - someothername +# would provide http and https URLs for "somename.ddev.site" +# and "someothername.ddev.site". + +# additional_fqdns: +# - example.com +# - sub1.example.com +# would provide http and https URLs for "example.com" and "sub1.example.com" +# Please take care with this because it can cause great confusion. + +# upload_dirs: "custom/upload/dir" +# +# upload_dirs: +# - custom/upload/dir +# - ../private +# +# would set the destination paths for ddev import-files to /custom/upload/dir +# When Mutagen is enabled this path is bind-mounted so that all the files +# in the upload_dirs don't have to be synced into Mutagen. + +# disable_upload_dirs_warning: false +# If true, turns off the normal warning that says +# "You have Mutagen enabled and your 'php' project type doesn't have upload_dirs set" + +# ddev_version_constraint: "" +# Example: +# ddev_version_constraint: ">= 1.22.4" +# This will enforce that the running ddev version is within this constraint. +# See https://github.com/Masterminds/semver#checking-version-constraints for +# supported constraint formats + +# working_dir: +# web: /var/www/html +# db: /home +# would set the default working directory for the web and db services. +# These values specify the destination directory for ddev ssh and the +# directory in which commands passed into ddev exec are run. + +# omit_containers: [db, ddev-ssh-agent] +# Currently only these containers are supported. Some containers can also be +# omitted globally in the ~/.ddev/global_config.yaml. Note that if you omit +# the "db" container, several standard features of DDEV that access the +# database container will be unusable. In the global configuration it is also +# possible to omit ddev-router, but not here. + +# performance_mode: "global" +# DDEV offers performance optimization strategies to improve the filesystem +# performance depending on your host system. Should be configured globally. +# +# If set, will override the global config. Possible values are: +# - "global": uses the value from the global config. +# - "none": disables performance optimization for this project. +# - "mutagen": enables Mutagen for this project. +# - "nfs": enables NFS for this project. +# +# See https://ddev.readthedocs.io/en/stable/users/install/performance/#nfs +# See https://ddev.readthedocs.io/en/stable/users/install/performance/#mutagen + +# fail_on_hook_fail: False +# Decide whether 'ddev start' should be interrupted by a failing hook + +# host_https_port: "59002" +# The host port binding for https can be explicitly specified. It is +# dynamic unless otherwise specified. +# This is not used by most people, most people use the *router* instead +# of the localhost port. + +# host_webserver_port: "59001" +# The host port binding for the ddev-webserver can be explicitly specified. It is +# dynamic unless otherwise specified. +# This is not used by most people, most people use the *router* instead +# of the localhost port. + +# host_db_port: "59002" +# The host port binding for the ddev-dbserver can be explicitly specified. It is dynamic +# unless explicitly specified. + +# mailpit_http_port: "8025" +# mailpit_https_port: "8026" +# The Mailpit ports can be changed from the default 8025 and 8026 + +# host_mailpit_port: "8025" +# The mailpit port is not normally bound on the host at all, instead being routed +# through ddev-router, but it can be bound directly to localhost if specified here. + +# webimage_extra_packages: [php7.4-tidy, php-bcmath] +# Extra Debian packages that are needed in the webimage can be added here + +# dbimage_extra_packages: [telnet,netcat] +# Extra Debian packages that are needed in the dbimage can be added here + +# use_dns_when_possible: true +# If the host has internet access and the domain configured can +# successfully be looked up, DNS will be used for hostname resolution +# instead of editing /etc/hosts +# Defaults to true + +# project_tld: ddev.site +# The top-level domain used for project URLs +# The default "ddev.site" allows DNS lookup via a wildcard +# If you prefer you can change this to "ddev.local" to preserve +# pre-v1.9 behavior. + +# ngrok_args: --basic-auth username:pass1234 +# Provide extra flags to the "ngrok http" command, see +# https://ngrok.com/docs/ngrok-agent/config or run "ngrok http -h" + +# disable_settings_management: false +# If true, DDEV will not create CMS-specific settings files like +# Drupal's settings.php/settings.ddev.php or TYPO3's AdditionalConfiguration.php +# In this case the user must provide all such settings. + +# You can inject environment variables into the web container with: +# web_environment: +# - SOMEENV=somevalue +# - SOMEOTHERENV=someothervalue + +# no_project_mount: false +# (Experimental) If true, DDEV will not mount the project into the web container; +# the user is responsible for mounting it manually or via a script. +# This is to enable experimentation with alternate file mounting strategies. +# For advanced users only! + +# bind_all_interfaces: false +# If true, host ports will be bound on all network interfaces, +# not the localhost interface only. This means that ports +# will be available on the local network if the host firewall +# allows it. + +# default_container_timeout: 120 +# The default time that DDEV waits for all containers to become ready can be increased from +# the default 120. This helps in importing huge databases, for example. + +#web_extra_exposed_ports: +#- name: nodejs +# container_port: 3000 +# http_port: 2999 +# https_port: 3000 +#- name: something +# container_port: 4000 +# https_port: 4000 +# http_port: 3999 +# Allows a set of extra ports to be exposed via ddev-router +# Fill in all three fields even if you don’t intend to use the https_port! +# If you don’t add https_port, then it defaults to 0 and ddev-router will fail to start. +# +# The port behavior on the ddev-webserver must be arranged separately, for example +# using web_extra_daemons. +# For example, with a web app on port 3000 inside the container, this config would +# expose that web app on https://.ddev.site:9999 and http://.ddev.site:9998 +# web_extra_exposed_ports: +# - name: myapp +# container_port: 3000 +# http_port: 9998 +# https_port: 9999 + +#web_extra_daemons: +#- name: "http-1" +# command: "/var/www/html/node_modules/.bin/http-server -p 3000" +# directory: /var/www/html +#- name: "http-2" +# command: "/var/www/html/node_modules/.bin/http-server /var/www/html/sub -p 3000" +# directory: /var/www/html + +# override_config: false +# By default, config.*.yaml files are *merged* into the configuration +# But this means that some things can't be overridden +# For example, if you have 'use_dns_when_possible: true'' you can't override it with a merge +# and you can't erase existing hooks or all environment variables. +# However, with "override_config: true" in a particular config.*.yaml file, +# 'use_dns_when_possible: false' can override the existing values, and +# hooks: +# post-start: [] +# or +# web_environment: [] +# or +# additional_hostnames: [] +# can have their intended affect. 'override_config' affects only behavior of the +# config.*.yaml file it exists in. + +# Many DDEV commands can be extended to run tasks before or after the +# DDEV command is executed, for example "post-start", "post-import-db", +# "pre-composer", "post-composer" +# See https://ddev.readthedocs.io/en/stable/users/extend/custom-commands/ for more +# information on the commands that can be extended and the tasks you can define +# for them. Example: +#hooks: diff --git a/web/index.html b/web/index.html new file mode 100644 index 0000000..4e3dffe --- /dev/null +++ b/web/index.html @@ -0,0 +1 @@ +HELLO WORLD From 877a243cb07931efe2170b2a928845613475a56e Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:30:29 -0500 Subject: [PATCH 045/185] Write wait script so the other jobs can run --- .github/workflows/site-runner.test.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index c5ea368..35d4ef3 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -17,6 +17,7 @@ env: # You can use the one included in the site-runn ansible roles or make your own. # ANSIBLE_PLAYBOOK: ansible/site-runner/playbook.yml ANSIBLE_PLAYBOOK: ansible/playbook.example.yml + RUNNER_NAME: platform@server.mysite.com concurrency: group: ${{ github.workflow }}-${{ github.event.number }} @@ -50,3 +51,14 @@ jobs: - name: Playbook run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=$GITHUB_TOKEN + + - uses: actions/checkout@v4 + with: + repository: 'operations-project/github-runner-starter' + ref: 'v1.2.1' + + - name: "Wait for all jobs to complete." + run: | + while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do + sleep 3 + done From 2cfb92e6a5c7ac60578e3197f6bb38c32a925dc8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:35:05 -0500 Subject: [PATCH 046/185] run site deploy in the test job --- .github/workflows/site-runner.test.yml | 42 +++++++++++++++++++ ...e.preview.yml => site.preview.yml.example} | 0 2 files changed, 42 insertions(+) rename .github/workflows/{site.preview.yml => site.preview.yml.example} (100%) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 35d4ef3..8823578 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -62,3 +62,45 @@ jobs: while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do sleep 3 done + + create-site: + name: Create Preview Site + uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows + with: + + # Where to install your site. + # By default, the site runner ansible role creates user "platform" at "/var/platform" + git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} + + # Project name for this instance. Used to generate the domain name. + ddev_project_name: example.pr${{ github.event.number }} + + # Top-level domain. Sites are hosted as subdomains under this. + ddev_project_tld: server.mydomain.com + + # Tell the remote workflow what to run on. + # For site runner, the default is "platform@{hostname -f}" + # This is defined in the site runner playbook, but can be controlled with variables. + github_runs_on: platform@server.mydomain.com + + # Define the github environment name, to be displayed in the UI. + github_environment_name: pr${{ github.event.number }} + + # Define a github environment url, a link to be shown on the pull request. + github_environment_url: http://example.pr${{ github.event.number }}.server.mydomain.com + + # To persist a site's data, set "run_prepare_command" to false. + run_prepare_command: true + + # Prepare the site's data. Run your sync/import/install script. + # Change to 'ddev drush site:install' or 'ddev sync' or whatever your project uses to prepare the site data. + prepare_command: ddev status + + # Command to run after deploying code changes + # Change to 'ddev drush update:database' or './deploy.sh' or whatever your project uses to after new code is available. + deploy_command: ddev status + + # Additional ddev config to apply to the environment. + # Will be saved to .ddev/config.zzz.runner.yaml + # See your project's .ddev/config.yaml file for examples. + ddev_config: | diff --git a/.github/workflows/site.preview.yml b/.github/workflows/site.preview.yml.example similarity index 100% rename from .github/workflows/site.preview.yml rename to .github/workflows/site.preview.yml.example From 0e6be2f4a9364413711db2d72d0eb88ae57aa3ba Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 09:41:55 -0500 Subject: [PATCH 047/185] Don't override GITHUB_TOKEN --- .github/workflows/site-runner.test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 8823578..c727e55 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -11,7 +11,7 @@ env: # This example creates github runners for each subsequent job. # To do so, it needs a GitHub token with admin:write permissions. # Create a personal access token with admin:write permissions on the repository you wish to deploy. - GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" + RUNNER_GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" # The playbook to run. # You can use the one included in the site-runn ansible roles or make your own. @@ -50,7 +50,7 @@ jobs: SUCCESS: "Ansible inventory" - name: Playbook - run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=$GITHUB_TOKEN + run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} - uses: actions/checkout@v4 with: From 0076fcf4c67dcd9be30d36367b2aee7e46540f41 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 10:40:42 -0500 Subject: [PATCH 048/185] Allow platform user to clone. --- .github/workflows/site-runner.test.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index c727e55..d1f38a3 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -52,10 +52,9 @@ jobs: - name: Playbook run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} - - uses: actions/checkout@v4 - with: - repository: 'operations-project/github-runner-starter' - ref: 'v1.2.1' + # We're only doing this in github actions container. On your own server, do this manually or use a GitHub variable to set it. + - name: Set known hosts. + run: docker compose exec -u platform operations "ssh-keyscan -H github.com >> ~/.ssh/known_hosts" - name: "Wait for all jobs to complete." run: | From a650b6172a11938e1c5fd17940b979880c119822 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 10:45:44 -0500 Subject: [PATCH 049/185] try to set known hosts. --- .github/workflows/site-runner.test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index d1f38a3..db2bde3 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -54,7 +54,10 @@ jobs: # We're only doing this in github actions container. On your own server, do this manually or use a GitHub variable to set it. - name: Set known hosts. - run: docker compose exec -u platform operations "ssh-keyscan -H github.com >> ~/.ssh/known_hosts" + run: | + docker compose exec -u platform operations "mkdir -p /var/platform/.ssh" + docker compose exec -u platform operations "ssh-keyscan -H github.com >> /var/platform/.ssh/known_hosts" + docker compose exec -u platform operations "chmod 600 /var/platform/.ssh/known_hosts" - name: "Wait for all jobs to complete." run: | From cbbd6d57a4e597e9ba868e102c960cf0d1ed62fd Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 11:00:37 -0500 Subject: [PATCH 050/185] add details to README.md --- README.md | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/README.md b/README.md index 1640862..3d9ae15 100644 --- a/README.md +++ b/README.md @@ -5,3 +5,45 @@ An example repo containing server configuration and app code. This repo was setup using the instructions from https://github.com/operations-project/ansible-collection-site-runner/tree/feature/how-to?#how-to +# site-runner-example-app +An example repo containing server configuration and app code. + +## Instructions + +This repo was setup in concert with writing the instructions from https://github.com/operations-project/ansible-collection-site-runner/tree/feature/how-to?#how-to + +## Variables + +To get started you need the following bits of info. + +- Server Hostname. Use a FQDN with a DNS record for ease of use. +- GitHub usernames of your server admins. +- Name of your app repository. +- A GitHub token with repo admin privileges. Used for creating self-hosted runners. + +To set this up for your own host, just copy this repo and change the following files in the [`ansible`](./ansible) directory: + +- [`hosts`](./ansible/hosts) - Define server hostname. Defines your Ansible inventory. See [Ansible Documentation](https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html). + ```ini + [operations_host_ddev] + server.mydomain.com ansible_connection=local + ``` +- [`group_vars/all.yml`](./ansible/group_vars/all.yml) - Define server admins. Add github usernames. + ```yml + operations_admin_users: + - jonpugh + ``` +- [`host_vars/server.mydomain.com.yml`](./ansible/host_vars/server.mydomain.com.yml) - Define which repos go on the server. Rename to match your hostname. + ```yml + operations_github_runners: + - runner_repo: operations-project/site-runner-example-app + ``` + +Set the secret variable `operations_github_api_token` to the GitHub token using your preferred secrets management tools. + +For example, to use github secrets, you can pass it on the command line: +``` +ansible-playbook --extra-vars operations_github_api_token=${{ secrets.REPO_ADMIN_TOKEN }} +``` + +See [`site-runner.test.yml`](./.github/workflows/site-runner.test.yml#53) From eae52e78aa3205d1743e8c6fbac0e51b7f813511 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 11:00:49 -0500 Subject: [PATCH 051/185] Update README.md --- README.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/README.md b/README.md index 3d9ae15..6938c72 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,6 @@ An example repo containing server configuration and app code. ## Instructions -This repo was setup using the instructions from https://github.com/operations-project/ansible-collection-site-runner/tree/feature/how-to?#how-to - -# site-runner-example-app -An example repo containing server configuration and app code. - -## Instructions - This repo was setup in concert with writing the instructions from https://github.com/operations-project/ansible-collection-site-runner/tree/feature/how-to?#how-to ## Variables From a38555b02262becef2b548a0f0c94440a11fd1f0 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 11:01:46 -0500 Subject: [PATCH 052/185] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6938c72..53e0194 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ To set this up for your own host, just copy this repo and change the following f Set the secret variable `operations_github_api_token` to the GitHub token using your preferred secrets management tools. -For example, to use github secrets, you can pass it on the command line: +For example, to use github secrets, you can pass it on the command line in your workflow file: ``` ansible-playbook --extra-vars operations_github_api_token=${{ secrets.REPO_ADMIN_TOKEN }} ``` From 2f26cad10c5507b076469f1daec90516d494ef89 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 12:14:45 -0500 Subject: [PATCH 053/185] Use known_hosts --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 9ecc8bb..8c30bd9 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 9ecc8bb82e77c5590a294b80538ed3c90e822c90 +Subproject commit 8c30bd90df3f8c6f8f7386404354e6ad18a2ce93 From 2031941a03fc897c87cfda694ec764b82e38e93a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 12:17:58 -0500 Subject: [PATCH 054/185] set known hosts --- .github/workflows/site-runner.test.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index db2bde3..0cb1739 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -52,12 +52,9 @@ jobs: - name: Playbook run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} - # We're only doing this in github actions container. On your own server, do this manually or use a GitHub variable to set it. - name: Set known hosts. run: | - docker compose exec -u platform operations "mkdir -p /var/platform/.ssh" - docker compose exec -u platform operations "ssh-keyscan -H github.com >> /var/platform/.ssh/known_hosts" - docker compose exec -u platform operations "chmod 600 /var/platform/.ssh/known_hosts" + echo "operations_known_hosts: \"${ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml - name: "Wait for all jobs to complete." run: | From b2092cb649e5cad9ef56424f9513de851ff0fcc8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 12:18:40 -0500 Subject: [PATCH 055/185] use vars file --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 0cb1739..b97720f 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -50,7 +50,7 @@ jobs: SUCCESS: "Ansible inventory" - name: Playbook - run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} + run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} --extra-vars vars.ci.yml - name: Set known hosts. run: | From 31e10618d6a08b0fe537a67a9d62cced53332d4d Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 12:30:08 -0500 Subject: [PATCH 056/185] oops --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index b97720f..0cfa5ac 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -54,7 +54,7 @@ jobs: - name: Set known hosts. run: | - echo "operations_known_hosts: \"${ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml + echo "operations_known_hosts: \"${{ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml - name: "Wait for all jobs to complete." run: | From a97356553b5c98a9155adaf05c75b0ca3e7618c5 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 12:52:50 -0500 Subject: [PATCH 057/185] try waitfornojobs script --- .github/workflows/site-runner.test.yml | 8 +++--- scripts/wait-for-no-jobs | 36 ++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 3 deletions(-) create mode 100755 scripts/wait-for-no-jobs diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index b97720f..a2c1f24 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -57,10 +57,12 @@ jobs: echo "operations_known_hosts: \"${ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml - name: "Wait for all jobs to complete." + env: + REPO: ${{ github.repository }} + RUN_ID: ${{ github.run_id }} + run: | - while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do - sleep 3 - done + ./scripts/wait-for-no-jobs create-site: name: Create Preview Site diff --git a/scripts/wait-for-no-jobs b/scripts/wait-for-no-jobs new file mode 100755 index 0000000..f84c8b7 --- /dev/null +++ b/scripts/wait-for-no-jobs @@ -0,0 +1,36 @@ +#!/bin/bash + +# Configuration +GITHUB_TOKEN="$GITHUB_TOKEN" # Replace with your GitHub Personal Access Token +REPO="$REPO" # Replace with your repository name +RUN_ID="$RUN_ID" # Replace with the specific workflow run ID +INTERVAL_SECONDS=10 # How often to check the status + +# Function to get workflow run status +get_workflow_run_status() { + curl -s -H "Authorization: token $GITHUB_TOKEN" \ + "https://api.github.com/repos/$REPO/actions/runs/$RUN_ID" | \ + jq -r '.status' +} + +echo "Waiting for GitHub Actions workflow run $RUN_ID to complete..." + +while true; do + STATUS=$(get_workflow_run_status) + echo "Current status: $STATUS" + + case "$STATUS" in + "completed") + echo "Workflow run $RUN_ID completed." + exit 0 + ;; + "queued"|"in_progress"|"waiting"|"requested"|"pending") + echo "Workflow run $RUN_ID is still $STATUS. Waiting..." + sleep $INTERVAL_SECONDS + ;; + *) + echo "Unexpected status: $STATUS. Exiting." + exit 1 + ;; + esac +done From eac7bc28541a63ac72429bae1983521bddedf55d Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 13:47:46 -0500 Subject: [PATCH 058/185] print link --- scripts/wait-for-no-jobs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/wait-for-no-jobs b/scripts/wait-for-no-jobs index f84c8b7..ad15aae 100755 --- a/scripts/wait-for-no-jobs +++ b/scripts/wait-for-no-jobs @@ -7,6 +7,8 @@ RUN_ID="$RUN_ID" # Replace with the specific workflow run ID INTERVAL_SECONDS=10 # How often to check the status # Function to get workflow run status + + get_workflow_run_status() { curl -s -H "Authorization: token $GITHUB_TOKEN" \ "https://api.github.com/repos/$REPO/actions/runs/$RUN_ID" | \ @@ -14,7 +16,7 @@ get_workflow_run_status() { } echo "Waiting for GitHub Actions workflow run $RUN_ID to complete..." - +echo "Run: https://github.com/$REPO/actions/runs/$RUN_ID" while true; do STATUS=$(get_workflow_run_status) echo "Current status: $STATUS" From 456e649f77f89a61dc2f7b29932792535715349a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 13:54:06 -0500 Subject: [PATCH 059/185] rename --- .github/workflows/site-runner.test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index ab3d706..6172fb8 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -3,7 +3,7 @@ # This workflow allows you to test your server config in a container. # Use it for testing out changes to your Ansible inventory or Roles. # -name: Test server config +name: Server Config Test on: pull_request: @@ -25,7 +25,7 @@ concurrency: jobs: configure-server: - name: Run Playbook + name: Prepare server runs-on: ubuntu-latest steps: From 7e01dc218f313238fa478310f7b45ff1a4780bb2 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 13:54:55 -0500 Subject: [PATCH 060/185] set other github token with permissions for workflows. --- .github/workflows/site-runner.test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 6172fb8..60dab02 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -60,6 +60,7 @@ jobs: env: REPO: ${{ github.repository }} RUN_ID: ${{ github.run_id }} + GITHUB_TOKEN: ${{ secrets.WORKFLOW_GITHUB_TOKEN }} run: | ./scripts/wait-for-no-jobs From 5b3fe6958ae9605ea6e17902e88986ea929de779 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 14:21:46 -0500 Subject: [PATCH 061/185] Add param for current Job ID so we don't get stuck in a loop. --- scripts/wait-for-no-jobs | 66 +++++++++++++++++++++++++++++++++------- 1 file changed, 55 insertions(+), 11 deletions(-) diff --git a/scripts/wait-for-no-jobs b/scripts/wait-for-no-jobs index ad15aae..706b2b1 100755 --- a/scripts/wait-for-no-jobs +++ b/scripts/wait-for-no-jobs @@ -1,34 +1,78 @@ #!/bin/bash # Configuration -GITHUB_TOKEN="$GITHUB_TOKEN" # Replace with your GitHub Personal Access Token -REPO="$REPO" # Replace with your repository name -RUN_ID="$RUN_ID" # Replace with the specific workflow run ID -INTERVAL_SECONDS=10 # How often to check the status - -# Function to get workflow run status - +GITHUB_TOKEN="$GITHUB_TOKEN" # Your GitHub Personal Access Token (from env) +REPO="$REPO" # Your repository name (from env) +RUN_ID="$RUN_ID" # The specific workflow run ID (from env) +JOB_ID="$JOB_ID" # The *current* job's ID (from env) +INTERVAL_SECONDS=10 # How often to check the status +# Function to get *overall* workflow run status get_workflow_run_status() { curl -s -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ "https://api.github.com/repos/$REPO/actions/runs/$RUN_ID" | \ jq -r '.status' } +# Function to check if all *other* jobs are completed +check_other_jobs_status() { + echo "Checking status of other jobs..." + local non_completed_count + + # Fetches all jobs, filters out the current job (JOB_ID), + # counts how many of the *other* jobs are NOT "completed". + non_completed_count=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$REPO/actions/runs/$RUN_ID/jobs" | \ + jq --argjson jid "$JOB_ID" ' + .jobs | map( + # Select jobs that are NOT the current job AND are NOT completed + select(.id != $jid and .status != "completed") + ) | length + ') + + if [ -z "$non_completed_count" ]; then + echo "Error: Could not parse job statuses. Check JOB_ID ($JOB_ID) and API response." + return 1 # Indicate error + elif [ "$non_completed_count" -eq 0 ]; then + # All other jobs are completed + return 0 + else + # Some other jobs are still running + echo "$non_completed_count other jobs are not yet completed." + return 1 # Indicate "still waiting" + fi +} + + echo "Waiting for GitHub Actions workflow run $RUN_ID to complete..." -echo "Run: https://github.com/$REPO/actions/runs/$RUN_ID" +echo "Repository: $REPO" +echo "Run URL: https://github.com/$REPO/actions/runs/$RUN_ID" +echo "Ignoring Job ID: $JOB_ID" + while true; do STATUS=$(get_workflow_run_status) - echo "Current status: $STATUS" + echo "Current overall run status: $STATUS" case "$STATUS" in "completed") echo "Workflow run $RUN_ID completed." + # You could also check the 'conclusion' (success, failure, etc.) here if needed exit 0 ;; "queued"|"in_progress"|"waiting"|"requested"|"pending") - echo "Workflow run $RUN_ID is still $STATUS. Waiting..." - sleep $INTERVAL_SECONDS + echo "Workflow run $RUN_ID is still $STATUS." + + # This implements your @TODO: + # Check if all *other* jobs are done. + if check_other_jobs_status; then + echo "All other jobs are completed. This job (JOB_ID: $JOB_ID) can now proceed." + exit 0 + else + echo "Still waiting for other jobs to finish... sleeping for $INTERVAL_SECONDS sec." + sleep $INTERVAL_SECONDS + fi ;; *) echo "Unexpected status: $STATUS. Exiting." From 3d74ef7ad32975433663f12871b73bc654e3de6b Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 14:22:19 -0500 Subject: [PATCH 062/185] Pass JOB_ID --- .github/workflows/site-runner.test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 60dab02..cbce25c 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -60,6 +60,7 @@ jobs: env: REPO: ${{ github.repository }} RUN_ID: ${{ github.run_id }} + JOB_ID: ${{ github.job_id }} GITHUB_TOKEN: ${{ secrets.WORKFLOW_GITHUB_TOKEN }} run: | From 871f5b4f42bee7211896df5fd869860d814965ed Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 14:28:31 -0500 Subject: [PATCH 063/185] Use run_job_id --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index cbce25c..e1c3f0e 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -60,7 +60,7 @@ jobs: env: REPO: ${{ github.repository }} RUN_ID: ${{ github.run_id }} - JOB_ID: ${{ github.job_id }} + JOB_ID: ${{ github.run_job_id }} GITHUB_TOKEN: ${{ secrets.WORKFLOW_GITHUB_TOKEN }} run: | From 17a4e7eb704ed5400775789991e8515f645cb247 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 15:14:23 -0500 Subject: [PATCH 064/185] Wrong thing --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index e1c3f0e..9303f45 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -60,7 +60,7 @@ jobs: env: REPO: ${{ github.repository }} RUN_ID: ${{ github.run_id }} - JOB_ID: ${{ github.run_job_id }} + JOB_ID: ${{ github.job }} GITHUB_TOKEN: ${{ secrets.WORKFLOW_GITHUB_TOKEN }} run: | From a488f6a501a7e613fc63d3ad960787bb33b8737b Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 15:17:54 -0500 Subject: [PATCH 065/185] debug --- .github/workflows/site-runner.test.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 9303f45..ebc366d 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -29,6 +29,12 @@ jobs: runs-on: ubuntu-latest steps: + + - name: Dump GitHub context + env: + GITHUB_CONTEXT_JSON: ${{ toJSON(github) }} + run: echo "$GITHUB_CONTEXT_JSON" + - uses: jonpugh/goatscripts@v1 - name: Install docker-compose uses: KengoTODA/actions-setup-docker-compose@v1 @@ -60,7 +66,7 @@ jobs: env: REPO: ${{ github.repository }} RUN_ID: ${{ github.run_id }} - JOB_ID: ${{ github.job }} + JOB_ID: ${{ github.run_job_id }} GITHUB_TOKEN: ${{ secrets.WORKFLOW_GITHUB_TOKEN }} run: | From 1cb08528382b15bf146a6aea60bc357cecee49d3 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 15:21:30 -0500 Subject: [PATCH 066/185] Update wait-for-no-jobs to use job name --- scripts/wait-for-no-jobs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/wait-for-no-jobs b/scripts/wait-for-no-jobs index 706b2b1..cbe5317 100755 --- a/scripts/wait-for-no-jobs +++ b/scripts/wait-for-no-jobs @@ -4,7 +4,7 @@ GITHUB_TOKEN="$GITHUB_TOKEN" # Your GitHub Personal Access Token (from env) REPO="$REPO" # Your repository name (from env) RUN_ID="$RUN_ID" # The specific workflow run ID (from env) -JOB_ID="$JOB_ID" # The *current* job's ID (from env) +JOB_ID="$JOB_ID" # The *current* job's name (from env) INTERVAL_SECONDS=10 # How often to check the status # Function to get *overall* workflow run status @@ -25,12 +25,14 @@ check_other_jobs_status() { non_completed_count=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ -H "Accept: application/vnd.github.v3+json" \ "https://api.github.com/repos/$REPO/actions/runs/$RUN_ID/jobs" | \ - jq --argjson jid "$JOB_ID" ' + jq --arg jid "$JOB_ID" ' .jobs | map( # Select jobs that are NOT the current job AND are NOT completed - select(.id != $jid and .status != "completed") + select(.name != $jid and .status != "completed") ) | length ') + + # Note: I changed --argjson to --arg for string comparison if [ -z "$non_completed_count" ]; then echo "Error: Could not parse job statuses. Check JOB_ID ($JOB_ID) and API response." From 11991dc676f983abd193628ae45bfffb9af4e694 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 15:21:46 -0500 Subject: [PATCH 067/185] Update site-runner.test.yml --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index ebc366d..4e6c51c 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -66,7 +66,7 @@ jobs: env: REPO: ${{ github.repository }} RUN_ID: ${{ github.run_id }} - JOB_ID: ${{ github.run_job_id }} + JOB_ID: ${{ github.job }} GITHUB_TOKEN: ${{ secrets.WORKFLOW_GITHUB_TOKEN }} run: | From fc4420602f571b43d25df83c2b5d6c508d5470a4 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 6 Nov 2025 15:23:24 -0500 Subject: [PATCH 068/185] Cancel in progress --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 4e6c51c..0984ac3 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -21,7 +21,7 @@ env: concurrency: group: ${{ github.workflow }}-${{ github.event.number }} - cancel-in-progress: false + cancel-in-progress: true jobs: configure-server: From a2a1417ac210002d7dcc5e260872c1662bcc61d5 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Fri, 7 Nov 2025 10:48:53 -0500 Subject: [PATCH 069/185] Test out this github api call. --- .github/workflows/site-runner.test.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 0984ac3..98e6107 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -66,11 +66,12 @@ jobs: env: REPO: ${{ github.repository }} RUN_ID: ${{ github.run_id }} - JOB_ID: ${{ github.job }} - GITHUB_TOKEN: ${{ secrets.WORKFLOW_GITHUB_TOKEN }} + ATTEMPT: ${{ github.run_attempt }} + JOB_NAME: ${{ github.job }} run: | - ./scripts/wait-for-no-jobs + gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ + -q ".jobs[] | select(.name != \"$JOB_NAME\") | select(.status != \"completed\") | .status" create-site: name: Create Preview Site From 3fb921d2ed0cdfef8c7a01ff58000ac82bff1625 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Tue, 11 Nov 2025 08:16:41 -0500 Subject: [PATCH 070/185] print env --- .github/workflows/site-runner.test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 98e6107..489323d 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -30,11 +30,14 @@ jobs: steps: - - name: Dump GitHub context + - name: GitHub context env: GITHUB_CONTEXT_JSON: ${{ toJSON(github) }} run: echo "$GITHUB_CONTEXT_JSON" + - name: GitHub Environment + run: env | grep GITHUB_ + - uses: jonpugh/goatscripts@v1 - name: Install docker-compose uses: KengoTODA/actions-setup-docker-compose@v1 From ef5caff7b89fbe359c1a0bbb154c9f3f90b72377 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Tue, 11 Nov 2025 08:55:02 -0500 Subject: [PATCH 071/185] Fail JQ if empty. --- .github/workflows/site-runner.test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 489323d..a009dc7 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -73,8 +73,8 @@ jobs: JOB_NAME: ${{ github.job }} run: | - gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ - -q ".jobs[] | select(.name != \"$JOB_NAME\") | select(.status != \"completed\") | .status" + wait-for gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ + | jq -e ".jobs[] | select(.name != \"$JOB_NAME\") | select(.status != \"completed\") | .status" create-site: name: Create Preview Site From 826c4ebe7c64a0495a5a7086f5ecee6052aa2125 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 16 Nov 2025 10:09:45 -0500 Subject: [PATCH 072/185] Update goatscripts action version to main --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index a009dc7..4756296 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -38,7 +38,7 @@ jobs: - name: GitHub Environment run: env | grep GITHUB_ - - uses: jonpugh/goatscripts@v1 + - uses: jonpugh/goatscripts@main - name: Install docker-compose uses: KengoTODA/actions-setup-docker-compose@v1 with: From 253a98146a85e10f9487c00efcafa34c4cf4a211 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 16 Nov 2025 10:17:25 -0500 Subject: [PATCH 073/185] Debug why goatscripts ain't workin --- .github/workflows/site-runner.test.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 4756296..ce1f395 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -39,6 +39,12 @@ jobs: run: env | grep GITHUB_ - uses: jonpugh/goatscripts@main + + - name: Debug + run: | + ls -la .goatscripts/src + run-with-summary wait-for sleep 5 + - name: Install docker-compose uses: KengoTODA/actions-setup-docker-compose@v1 with: From 025ba0a78725214a2029a748284cc10336c653c1 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 16 Nov 2025 10:17:57 -0500 Subject: [PATCH 074/185] Remove non-working workflow. --- .github/workflows/servers.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 .github/workflows/servers.yml diff --git a/.github/workflows/servers.yml b/.github/workflows/servers.yml deleted file mode 100644 index a1a5e18..0000000 --- a/.github/workflows/servers.yml +++ /dev/null @@ -1,11 +0,0 @@ -jobs: - playbook: - runs-on: "control@server.mydomain.com" - - steps: - - name: Checkout codebase - uses: actions/checkout@v4 - - - name: Run playbook - run: | - ansible-playbook --connection local --limit control@server.mydomain.com --extra-vars operations_github_api_token=${{ secrets.GITHUB_TOKEN_RUNNER_ADMIN }} site-runner/playbook.yml From 6f1860b3fa6345a3d77032a0b4c99d71617debfc Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 16 Nov 2025 12:28:42 -0500 Subject: [PATCH 075/185] Use run-with-summary. --- .github/workflows/site-runner.test.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index ce1f395..8de0140 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -60,12 +60,17 @@ jobs: docker-compose exec operations chmod 0400 /etc/shadow - name: Inventory - run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts + run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts env: SUCCESS: "Ansible inventory" + ERROR: "Ansible inventory list failed" + HIDE: true - name: Playbook - run: docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} --extra-vars vars.ci.yml + env: + SUCCESS: "Ansible playbook completed successfully." + ERROR: "Ansible playbook failed!" + run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} --extra-vars vars.ci.yml - name: Set known hosts. run: | From 723d082546f443aff332da5a7d1328d50e66ca72 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 17 Nov 2025 07:49:49 -0500 Subject: [PATCH 076/185] Must use actions/checkout first or it will delete whatever was there before. --- .github/workflows/site-runner.test.yml | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 8de0140..34a4238 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -29,7 +29,13 @@ jobs: runs-on: ubuntu-latest steps: - + + - uses: actions/checkout@v3 + with: + submodules: recursive + + - uses: jonpugh/goatscripts@main + - name: GitHub context env: GITHUB_CONTEXT_JSON: ${{ toJSON(github) }} @@ -38,22 +44,11 @@ jobs: - name: GitHub Environment run: env | grep GITHUB_ - - uses: jonpugh/goatscripts@main - - - name: Debug - run: | - ls -la .goatscripts/src - run-with-summary wait-for sleep 5 - - name: Install docker-compose uses: KengoTODA/actions-setup-docker-compose@v1 with: version: '2.24.0' - - uses: actions/checkout@v3 - with: - submodules: recursive - - name: Start Container run: | docker compose up -d --quiet-pull From 8a270401df3d3434c2f0a08063057ea6688cce80 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 17 Nov 2025 20:27:23 -0500 Subject: [PATCH 077/185] Don't use wait-for, it screwed up piping? --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 34a4238..9c0618e 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -79,7 +79,7 @@ jobs: JOB_NAME: ${{ github.job }} run: | - wait-for gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ + gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ | jq -e ".jobs[] | select(.name != \"$JOB_NAME\") | select(.status != \"completed\") | .status" create-site: From 8c613c04342051ae04fee32381f1fa31d5f70979 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 17 Nov 2025 20:38:07 -0500 Subject: [PATCH 078/185] Set GH_TOKEN --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 9c0618e..e3958b7 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -77,7 +77,7 @@ jobs: RUN_ID: ${{ github.run_id }} ATTEMPT: ${{ github.run_attempt }} JOB_NAME: ${{ github.job }} - + GH_TOKEN: ${{ github.token }} run: | gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ | jq -e ".jobs[] | select(.name != \"$JOB_NAME\") | select(.status != \"completed\") | .status" From f5769e6cca5bc498972740aaf08d7298cd0afdf1 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 17 Nov 2025 21:24:56 -0500 Subject: [PATCH 079/185] Add a jobs-done script --- .github/workflows/site-runner.test.yml | 3 +-- scripts/jobs-done | 29 ++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) create mode 100755 scripts/jobs-done diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index e3958b7..e48daf2 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -79,8 +79,7 @@ jobs: JOB_NAME: ${{ github.job }} GH_TOKEN: ${{ github.token }} run: | - gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ - | jq -e ".jobs[] | select(.name != \"$JOB_NAME\") | select(.status != \"completed\") | .status" + wait-for ./scripts/jobs-done create-site: name: Create Preview Site diff --git a/scripts/jobs-done b/scripts/jobs-done new file mode 100755 index 0000000..8226fdd --- /dev/null +++ b/scripts/jobs-done @@ -0,0 +1,29 @@ +#!/bin/bash + +set -e +# Usage +# +# REPO owner/repo +# RUN_ID the run to check. +# ATTEMPT The run attempt. +# JOB_NAME If supplied, only check this job. +# EXCLUDE_JOB_NAME if supplied, exclude the job with this name. +# In order to use this script (jobs-done) in a job, you have to exclude itself or it will run forever. +# + +REPO=${REPO:-$(gh repo view --json 'nameWithOwner' --jq '.nameWithOwner')} +echo $REPO + +if [[ -n $JOB_NAME ]]; then + JQ=".jobs[] | select(.name = \"$JOB_NAME\") | select(.status != \"completed\") | .status" + +elif [[ -n $EXCLUDE_JOB_NAME ]]; then + JQ=".jobs[] | select(.name != \"$EXCLUDE_JOB_NAME\") | select(.status != \"completed\") | .status" + +else + JQ=".jobs[] | select(.status != \"completed\") | .status" + +fi + +gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ + | jq -e "$JQ" From 76c1d09419fb2a61142727c68215348cde8c1d0f Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 17 Nov 2025 21:28:14 -0500 Subject: [PATCH 080/185] Show everything in the wait for. --- .github/workflows/site-runner.test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index e48daf2..afef60e 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -78,6 +78,7 @@ jobs: ATTEMPT: ${{ github.run_attempt }} JOB_NAME: ${{ github.job }} GH_TOKEN: ${{ github.token }} + OUTPUT: all run: | wait-for ./scripts/jobs-done From 4c6013d41ff28d79db60d9d0479719ad53296ed8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 17 Nov 2025 21:32:31 -0500 Subject: [PATCH 081/185] EXCLUDE_JOB_NAME --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index afef60e..8d84945 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -76,7 +76,7 @@ jobs: REPO: ${{ github.repository }} RUN_ID: ${{ github.run_id }} ATTEMPT: ${{ github.run_attempt }} - JOB_NAME: ${{ github.job }} + EXCLUDE_JOB_NAME: ${{ github.job }} GH_TOKEN: ${{ github.token }} OUTPUT: all run: | From 1f9fd3a6ef655b1ca1ea2cc6cecaa1fb1a70caf3 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 20 Nov 2025 07:16:41 -0500 Subject: [PATCH 082/185] Display vars.ci.yml after setting known hosts Add command to display contents of vars.ci.yml --- .github/workflows/site-runner.test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 8d84945..7b82543 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -70,6 +70,7 @@ jobs: - name: Set known hosts. run: | echo "operations_known_hosts: \"${{ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml + cat vars.ci.yml - name: "Wait for all jobs to complete." env: From 5440fd5749245dedd4a4b36d63314870720cc0e0 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 20 Nov 2025 07:18:38 -0500 Subject: [PATCH 083/185] Set vars before playbook --- .github/workflows/site-runner.test.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 7b82543..b55db5c 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -54,6 +54,11 @@ jobs: docker compose up -d --quiet-pull docker-compose exec operations chmod 0400 /etc/shadow + - name: Set ansible variables + run: | + echo "operations_known_hosts: \"${{ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml + cat vars.ci.yml + - name: Inventory run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts env: @@ -67,11 +72,6 @@ jobs: ERROR: "Ansible playbook failed!" run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} --extra-vars vars.ci.yml - - name: Set known hosts. - run: | - echo "operations_known_hosts: \"${{ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml - cat vars.ci.yml - - name: "Wait for all jobs to complete." env: REPO: ${{ github.repository }} From 2018dfd56796cee88e58d7c5f840c13ba4d2cf3c Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 20 Nov 2025 07:34:04 -0500 Subject: [PATCH 084/185] update site runner --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 8c30bd9..9a906dd 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 8c30bd90df3f8c6f8f7386404354e6ad18a2ce93 +Subproject commit 9a906dd6358db511099ae8ab7c02b0ff46c2f7a1 From 033b4b4030d93f8a3fa2b2de8ed4f902d07ce8b0 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 20 Nov 2025 07:41:52 -0500 Subject: [PATCH 085/185] Fix playbook command to properly load vars file. --- .github/workflows/site-runner.test.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index b55db5c..c9ddfbf 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -70,7 +70,12 @@ jobs: env: SUCCESS: "Ansible playbook completed successfully." ERROR: "Ansible playbook failed!" - run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} --extra-vars vars.ci.yml + run: | + run-with-summary \ + docker compose exec operations \ + ansible-playbook ${ANSIBLE_PLAYBOOK} \ + --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} \ + --extra-vars @vars.ci.yml - name: "Wait for all jobs to complete." env: From 459f14bfedd0b6d716ff901dd6a59638661954d2 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 22 Nov 2025 08:34:21 -0500 Subject: [PATCH 086/185] New commits --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 9a906dd..42beba9 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 9a906dd6358db511099ae8ab7c02b0ff46c2f7a1 +Subproject commit 42beba918e103d473c4256121301ed1ce4e77f28 From ed01213446c09d1161d31e0cd56c26e8ad06f3c2 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 22 Nov 2025 08:49:16 -0500 Subject: [PATCH 087/185] Remove known hosts secret writing to ansible vars. --- .github/workflows/site-runner.test.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index c9ddfbf..7a75340 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -54,10 +54,11 @@ jobs: docker compose up -d --quiet-pull docker-compose exec operations chmod 0400 /etc/shadow - - name: Set ansible variables - run: | - echo "operations_known_hosts: \"${{ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml - cat vars.ci.yml + # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. + # - name: Set ansible variables + # run: | + # echo "operations_known_hosts: \"${{ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml + # cat vars.ci.yml - name: Inventory run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts From 4afa3a3e08ff952c8361515ae1c8bc85b1dfcb32 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 22 Nov 2025 08:51:32 -0500 Subject: [PATCH 088/185] Fix playbook command to properly load vars file. --- .github/workflows/site-runner.test.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 7a75340..82defb6 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -75,8 +75,7 @@ jobs: run-with-summary \ docker compose exec operations \ ansible-playbook ${ANSIBLE_PLAYBOOK} \ - --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} \ - --extra-vars @vars.ci.yml + --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} - name: "Wait for all jobs to complete." env: From 942fbdd13f4aa92255922df254d34eb4675aba78 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 22 Nov 2025 08:51:32 -0500 Subject: [PATCH 089/185] Create a yaml inventory. --- ansible.cfg | 2 +- ansible/host_vars/server.company.com.yml | 12 ++++++++ ansible/host_vars/server.mydomain.com.yml | 3 -- ansible/hosts | 8 +++++- ansible/inventory.example.yml | 35 +++++++++++++++++++++++ 5 files changed, 55 insertions(+), 5 deletions(-) create mode 100644 ansible/host_vars/server.company.com.yml delete mode 100644 ansible/host_vars/server.mydomain.com.yml create mode 100644 ansible/inventory.example.yml diff --git a/ansible.cfg b/ansible.cfg index fa7cf3e..0abd085 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,7 +6,7 @@ force_color = True # You don't have to set /etc/ansible if you set the inventory path. # When setting inventory, the host_vars and group_vars will be loaded automatically. -inventory = ./ansible/hosts +inventory = ./ansible/inventory.example.yml # The ./roles path next to the playbook is used automatically. diff --git a/ansible/host_vars/server.company.com.yml b/ansible/host_vars/server.company.com.yml new file mode 100644 index 0000000..55471fd --- /dev/null +++ b/ansible/host_vars/server.company.com.yml @@ -0,0 +1,12 @@ +# +# Example host inventory file. +# +# This is a standard Ansible host inventory file. +# It is not strictly necessary. +# +# You can use inventory.yml or this. +# +# It stores variables for the host with the same name as the file. +# You could use this for secrets storage if you are comfortable putting it right on the server. +# But really, you should save your secrets in GitHub secrets and pass to ansible-playbook in your GitHub workflows. +# diff --git a/ansible/host_vars/server.mydomain.com.yml b/ansible/host_vars/server.mydomain.com.yml deleted file mode 100644 index eba729c..0000000 --- a/ansible/host_vars/server.mydomain.com.yml +++ /dev/null @@ -1,3 +0,0 @@ -# See example https://github.com/operations-project/ansible-collection-site-runner/blob/main/ansible/host_vars/host.example.yml -operations_github_runners: - - runner_repo: operations-project/site-runner-example-app diff --git a/ansible/hosts b/ansible/hosts index 8645f02..bd484dd 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -1,2 +1,8 @@ +# +# Ansible hosts file. +# This is standard Ansible inventory in INI format. +# Lives at /etc/ansible/hosts +# This file isn't strictly required if you have other inventory files. +# [operations_host_ddev] -server.mydomain.com ansible_connection=local +server.company.com ansible_connection=local diff --git a/ansible/inventory.example.yml b/ansible/inventory.example.yml new file mode 100644 index 0000000..7641418 --- /dev/null +++ b/ansible/inventory.example.yml @@ -0,0 +1,35 @@ +# +# Example server inventory file. +# + +# "All" Group +# Put config that should be applied to all servers here. +all: + vars: + operations_admin_users: + - this_user_is_super + +# DDEV Site Runners +operations_host_ddev: + hosts: + + # Your server's full name. + # It will be helpful to set a DNS record for this. + server.company.com: + + # The github repos to install on this server. + # Each of these projects will get a github self-hosted runner. + operations_github_runners: + - runner_repo: thinkdrop/thinkdrop.net + - runner_repo: thinkdrop/launchpad + + # GitHub API token with admin:write access to the git repos. + # https://github.com/settings/personal-access-tokens + # DO NOT COMMIT THIS TO GIT. + # There are many ways to store your secrets in ansible. + # If you are running `ansible-playbook` in a GitHub action, you can simply + # add a GitHub secret to your repo or organization, then pass ${{ secrets.YOUR_GITHUB_SECRET }} + # to ansible-playbook + # ansible-playbook playbook.yml --extra-vars operations_github_api_token=${{ secrets.YOUR_GITHUB_SECRET }} on the command line. + # See .github/workflows/site-runner-test.yml line 78 for an example: + operations_github_api_token: "" \ No newline at end of file From e8c64edb56c80fe4694a8c55104cfb91ad155715 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 22 Nov 2025 09:26:14 -0500 Subject: [PATCH 090/185] Include both hosts and inventory. --- ansible.cfg | 3 +-- ansible/hosts | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index 0abd085..b81aad7 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,8 +6,7 @@ force_color = True # You don't have to set /etc/ansible if you set the inventory path. # When setting inventory, the host_vars and group_vars will be loaded automatically. -inventory = ./ansible/inventory.example.yml - +inventory =./ansible/hosts, ./ansible/inventory.example.yml # The ./roles path next to the playbook is used automatically. # If you are using your own playbook, you will have to make sure the site-runner roles are available diff --git a/ansible/hosts b/ansible/hosts index bd484dd..dd1fbff 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -2,7 +2,8 @@ # Ansible hosts file. # This is standard Ansible inventory in INI format. # Lives at /etc/ansible/hosts -# This file isn't strictly required if you have other inventory files. +# This is a good way to tell a server who it is. Use ansible_connection=local +# so that ansible-playbook runs from this server run locally. # [operations_host_ddev] server.company.com ansible_connection=local From deed667a422e36cee7edc486e44cf4b894edc9e1 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 08:53:06 -0500 Subject: [PATCH 091/185] Wrong repo --- ansible/inventory.example.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/inventory.example.yml b/ansible/inventory.example.yml index 7641418..95d2525 100644 --- a/ansible/inventory.example.yml +++ b/ansible/inventory.example.yml @@ -20,8 +20,7 @@ operations_host_ddev: # The github repos to install on this server. # Each of these projects will get a github self-hosted runner. operations_github_runners: - - runner_repo: thinkdrop/thinkdrop.net - - runner_repo: thinkdrop/launchpad + - runner_repo: operations-project/site-runner-example-app # GitHub API token with admin:write access to the git repos. # https://github.com/settings/personal-access-tokens From 38b68ca9bfd2e75aca1a9abb6674663d2c524b28 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 09:01:39 -0500 Subject: [PATCH 092/185] Set consistent server and variable names --- .github/workflows/site-runner.test.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 82defb6..d80d360 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -98,22 +98,23 @@ jobs: git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} # Project name for this instance. Used to generate the domain name. - ddev_project_name: example.pr${{ github.event.number }} + ddev_project_name: project.pr${{ github.event.number }} # Top-level domain. Sites are hosted as subdomains under this. - ddev_project_tld: server.mydomain.com + # Must create DNS records for this and a wildcard subdomain to enable unlimited sites. + ddev_project_tld: sites.company.com - # Tell the remote workflow what to run on. - # For site runner, the default is "platform@{hostname -f}" - # This is defined in the site runner playbook, but can be controlled with variables. - github_runs_on: platform@server.mydomain.com + # Tell the remote workflow what server to run on. + # Must match ansible inventory name. + github_runs_on: platform@server.company.com # Define the github environment name, to be displayed in the UI. github_environment_name: pr${{ github.event.number }} # Define a github environment url, a link to be shown on the pull request. - github_environment_url: http://example.pr${{ github.event.number }}.server.mydomain.com + github_environment_url: http://project.pr${{ github.event.number }}.sites.company.com + # If true, site data will be rebuilt on every run of this workflow (usually every git push) # To persist a site's data, set "run_prepare_command" to false. run_prepare_command: true From f1ccff818951f8a74665a44f16cfeef9004d9b1f Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 13:13:09 -0500 Subject: [PATCH 093/185] SSH config support --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 42beba9..466c199 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 42beba918e103d473c4256121301ed1ce4e77f28 +Subproject commit 466c1992521ff210f8400118e7206dfb518e292f From 679e4a8b6631379a7937b7625d67b4db4f728fc8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 13:23:36 -0500 Subject: [PATCH 094/185] Save SSH_PRIVATE_KEY secret to ansible vars --- .github/workflows/site-runner.test.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index d80d360..77a719e 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -54,11 +54,12 @@ jobs: docker compose up -d --quiet-pull docker-compose exec operations chmod 0400 /etc/shadow - # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. - # - name: Set ansible variables - # run: | - # echo "operations_known_hosts: \"${{ secrets.SSH_KNOWN_HOSTS }}\"" > vars.ci.yml - # cat vars.ci.yml + # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. + - name: Set ansible variables + run: | + echo "operations_platform_ssh_private_key: |" > vars.ci.yml + echo " ${{ secrets.SSH_PRIVATE_KEY }}" >> vars.ci.yml + cat vars.ci.yml - name: Inventory run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts @@ -75,7 +76,8 @@ jobs: run-with-summary \ docker compose exec operations \ ansible-playbook ${ANSIBLE_PLAYBOOK} \ - --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} + --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} \ + --extra-vars @vars.ci.yml - name: "Wait for all jobs to complete." env: From 545e6474d3151ba04f591391b5d747beea7f2361 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 13:26:57 -0500 Subject: [PATCH 095/185] no whitespace so it's valid yml. --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 77a719e..5874fdf 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -58,7 +58,7 @@ jobs: - name: Set ansible variables run: | echo "operations_platform_ssh_private_key: |" > vars.ci.yml - echo " ${{ secrets.SSH_PRIVATE_KEY }}" >> vars.ci.yml + echo "${{ secrets.SSH_PRIVATE_KEY }}" >> vars.ci.yml cat vars.ci.yml - name: Inventory From 40142155a7cbdb646d9f2ad2e650b9e4e5d3d709 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 13:30:05 -0500 Subject: [PATCH 096/185] Maybe with this operator? --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 5874fdf..d4b53b3 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -57,7 +57,7 @@ jobs: # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. - name: Set ansible variables run: | - echo "operations_platform_ssh_private_key: |" > vars.ci.yml + echo "operations_platform_ssh_private_key: >" > vars.ci.yml echo "${{ secrets.SSH_PRIVATE_KEY }}" >> vars.ci.yml cat vars.ci.yml From 055c2dbde5583822ec110c2e6ba49add3341951b Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 13:32:00 -0500 Subject: [PATCH 097/185] Trying to get multiline string to yaml via echo. --- .github/workflows/site-runner.test.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index d4b53b3..c6de2e8 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -57,8 +57,7 @@ jobs: # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. - name: Set ansible variables run: | - echo "operations_platform_ssh_private_key: >" > vars.ci.yml - echo "${{ secrets.SSH_PRIVATE_KEY }}" >> vars.ci.yml + echo "operations_platform_ssh_private_key: \"${{ secrets.SSH_PRIVATE_KEY }}\"" > vars.ci.yml cat vars.ci.yml - name: Inventory From 5ebf9fbec3151ee18cf2c7846862e793caf8aed5 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 13:39:25 -0500 Subject: [PATCH 098/185] ssh key fix; --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 466c199..5163948 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 466c1992521ff210f8400118e7206dfb518e292f +Subproject commit 5163948d215ffb732a84a7cc05d55a4e2359222c From 9c1cd572b0f18c596b8ed8b771355ab0d88384df Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 14:14:26 -0500 Subject: [PATCH 099/185] site runner commits --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 5163948..bf1147b 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 5163948d215ffb732a84a7cc05d55a4e2359222c +Subproject commit bf1147b3853ecffb34c369e796318f8b9af9a8ca From ee4c8e3fa0572114f3e96f6c9f1d30b44351bea8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 23 Nov 2025 14:22:39 -0500 Subject: [PATCH 100/185] Run action From 1203d7bb444d44636f7b07c94de8d34c488a5bea Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 06:35:48 -0500 Subject: [PATCH 101/185] Set ansible variable from env var. --- .github/workflows/site-runner.test.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index c6de2e8..8742ce5 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -66,17 +66,19 @@ jobs: SUCCESS: "Ansible inventory" ERROR: "Ansible inventory list failed" HIDE: true - + - name: Playbook env: SUCCESS: "Ansible playbook completed successfully." ERROR: "Ansible playbook failed!" + SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} run: | run-with-summary \ docker compose exec operations \ ansible-playbook ${ANSIBLE_PLAYBOOK} \ --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} \ - --extra-vars @vars.ci.yml + --extra-vars @vars.ci.yml \ + --extra-vars "operations_platform_ssh_private_key=\"{{ lookup('env', 'SSH_PRIVATE_KEY') }}\"" - name: "Wait for all jobs to complete." env: From e3cbc35ce9889e801dd62ef13bebf3164484ab72 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 06:47:23 -0500 Subject: [PATCH 102/185] Set ansible variable from env var. --- .github/workflows/site-runner.test.yml | 4 +--- ansible/group_vars/all.yml | 10 ++++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 8742ce5..7dc4463 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -76,9 +76,7 @@ jobs: run-with-summary \ docker compose exec operations \ ansible-playbook ${ANSIBLE_PLAYBOOK} \ - --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} \ - --extra-vars @vars.ci.yml \ - --extra-vars "operations_platform_ssh_private_key=\"{{ lookup('env', 'SSH_PRIVATE_KEY') }}\"" + --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} - name: "Wait for all jobs to complete." env: diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 230a797..0500409 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -5,3 +5,13 @@ operations_admin_users: - jonpugh +# Load SSH private key from environment variable SSH_PRIVATE_KEY. +# When running on github actions, this variable will be set, loaded from github secrets. +# See site-runner.test.yml +# +# If running manually, set SSH_PRIVATE_KEY env var if you want ansible-playbook to install it. +# You can also just leave this out and figure out your own key management. +# +# This key will be written to the platform user's authorized_keys file. +# Site codebases will be cloned with this key. +operations_platform_ssh_private_key: {{ lookup('env', 'SSH_PRIVATE_KEY') }} From 45b5ad76c697b624ae6a14a04b4ec38161a039d4 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 07:00:11 -0500 Subject: [PATCH 103/185] Always quote template expression brackets when they start a value. --- ansible/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 0500409..8886e47 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -14,4 +14,4 @@ operations_admin_users: # # This key will be written to the platform user's authorized_keys file. # Site codebases will be cloned with this key. -operations_platform_ssh_private_key: {{ lookup('env', 'SSH_PRIVATE_KEY') }} +operations_platform_ssh_private_key: "{{ lookup('env', 'SSH_PRIVATE_KEY') }}" From d37e2dbb945fc23ee0ac8f986f998cbd9ce99283 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 07:08:52 -0500 Subject: [PATCH 104/185] Add ssh agent and print rsa file to help figure out wtf is going on. --- .github/workflows/site-runner.test.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 7dc4463..30b896d 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -78,6 +78,11 @@ jobs: ansible-playbook ${ANSIBLE_PLAYBOOK} \ --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} + # Enable SSH agent to allow preview sites to clone. + - uses: webfactory/ssh-agent@v0.9.1 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + - name: "Wait for all jobs to complete." env: REPO: ${{ github.repository }} @@ -87,6 +92,7 @@ jobs: GH_TOKEN: ${{ github.token }} OUTPUT: all run: | + cat /var/platform/.ssh/id_rsa wait-for ./scripts/jobs-done create-site: From 519ed29e5bf1f16d57744f1eeb8f46cf62507020 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 07:12:39 -0500 Subject: [PATCH 105/185] id_rsa isn't there. Don't need it to be there. --- .github/workflows/site-runner.test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 30b896d..1fe285e 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -92,7 +92,6 @@ jobs: GH_TOKEN: ${{ github.token }} OUTPUT: all run: | - cat /var/platform/.ssh/id_rsa wait-for ./scripts/jobs-done create-site: From 4962e8fd513086b2a6d3d278c000101df6c7f395 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 07:16:45 -0500 Subject: [PATCH 106/185] Remove ssh agent. This won't work, we need ssh access from inside the server. --- .github/workflows/site-runner.test.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 1fe285e..7dc4463 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -78,11 +78,6 @@ jobs: ansible-playbook ${ANSIBLE_PLAYBOOK} \ --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} - # Enable SSH agent to allow preview sites to clone. - - uses: webfactory/ssh-agent@v0.9.1 - with: - ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - - name: "Wait for all jobs to complete." env: REPO: ${{ github.repository }} From c7d46b6ed8390a0251de2c5fb969a1dc657d2f6b Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 07:28:41 -0500 Subject: [PATCH 107/185] Add private key input. --- .github/workflows/site-runner.test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 7dc4463..8e68970 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -131,3 +131,7 @@ jobs: # Will be saved to .ddev/config.zzz.runner.yaml # See your project's .ddev/config.yaml file for examples. ddev_config: | + + # To run an SSH agent during the deploy and prepare data steps, add a private key here. + # If left blank, you'll have to manually add your private key to the runner before running this workflow. + ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} \ No newline at end of file From db75610dc51409edf5d093f2c4933f1aa6949f46 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 07:37:25 -0500 Subject: [PATCH 108/185] Use secrets instead of inputs. --- .github/workflows/site-runner.test.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 8e68970..7e9f763 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -92,6 +92,9 @@ jobs: create-site: name: Create Preview Site uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows + secrets: + SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} + with: # Where to install your site. @@ -131,7 +134,3 @@ jobs: # Will be saved to .ddev/config.zzz.runner.yaml # See your project's .ddev/config.yaml file for examples. ddev_config: | - - # To run an SSH agent during the deploy and prepare data steps, add a private key here. - # If left blank, you'll have to manually add your private key to the runner before running this workflow. - ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} \ No newline at end of file From f78fc850c67d1e29cc3237097a6c2d4c9da0208b Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 07:45:38 -0500 Subject: [PATCH 109/185] Push --- .github/workflows/site-runner.test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 7e9f763..fec6a7e 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -134,3 +134,4 @@ jobs: # Will be saved to .ddev/config.zzz.runner.yaml # See your project's .ddev/config.yaml file for examples. ddev_config: | + From 64af3069366c6c899a494344d5368e7dd04f2341 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 08:03:34 -0500 Subject: [PATCH 110/185] Push --- .github/workflows/site-runner.test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index fec6a7e..7e9f763 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -134,4 +134,3 @@ jobs: # Will be saved to .ddev/config.zzz.runner.yaml # See your project's .ddev/config.yaml file for examples. ddev_config: | - From 609c54886e3d72edef1ebd3309a3ac5649e92465 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Mon, 24 Nov 2025 08:17:42 -0500 Subject: [PATCH 111/185] If jq output is not empty, there are still jobs, exit with failure. --- scripts/jobs-done | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/jobs-done b/scripts/jobs-done index 8226fdd..e540dbd 100755 --- a/scripts/jobs-done +++ b/scripts/jobs-done @@ -25,5 +25,12 @@ else fi -gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ - | jq -e "$JQ" +JOBS=$(gh api /repos/$REPO/actions/runs/$RUN_ID/attempts/$ATTEMPT/jobs \ + | jq -e "$JQ") + +if [[ -n $JOBS ]]; then + echo "Jobs are still running." + exit 1 +else + echo "Jobs done!" +fi \ No newline at end of file From 5f5becd75520032cfa1e5acacda6e54449b7e08e Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 27 Nov 2025 12:17:24 -0500 Subject: [PATCH 112/185] Set timeout to 10 minutes --- .github/workflows/site-runner.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 7e9f763..8ad53da 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -85,7 +85,7 @@ jobs: ATTEMPT: ${{ github.run_attempt }} EXCLUDE_JOB_NAME: ${{ github.job }} GH_TOKEN: ${{ github.token }} - OUTPUT: all + TIMEOUT: 600 run: | wait-for ./scripts/jobs-done From 0d6f730b615e1870a93d59e8caa8209eb5d2003b Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 27 Nov 2025 12:25:57 -0500 Subject: [PATCH 113/185] Change Docker image to Ubuntu 20.04 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4425c7e..8e373bb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ --- services: operations: - image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest + image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest cgroup: host cgroup_parent: docker.slice privileged: true From bf2bd26c384a2bbe84060e3dfdd3a1590954da5a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 27 Nov 2025 12:28:02 -0500 Subject: [PATCH 114/185] New ansible thing... --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index b81aad7..30e5705 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,7 +1,7 @@ # These settings work from the repo root, given that the inventory and roles are in ./ansible. [defaults] -stdout_callback = yaml +result_format = yaml force_color = True # You don't have to set /etc/ansible if you set the inventory path. From 9f9dda7944c4e0c7690796604a68f9e3093ac4d3 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 07:47:12 -0500 Subject: [PATCH 115/185] Ansible deprecation. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index bf1147b..2f62b2e 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit bf1147b3853ecffb34c369e796318f8b9af9a8ca +Subproject commit 2f62b2ef54659562d16a777cecd022f4b3a8e76e From bb2940fbd2e55b145e71796e1a94bab854ba6c8a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:10:53 -0500 Subject: [PATCH 116/185] Set hostname in docker compose file. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 2f62b2e..f3a3acb 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 2f62b2ef54659562d16a777cecd022f4b3a8e76e +Subproject commit f3a3acb3e38b36c912eb6dae0dc3964518a8727f From 47f7608f9f471ef754220952674089d5482c5434 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:16:29 -0500 Subject: [PATCH 117/185] Did we just need this? --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index f3a3acb..1480cc0 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit f3a3acb3e38b36c912eb6dae0dc3964518a8727f +Subproject commit 1480cc03b798bd9365b58cad81cf8c2e996e2145 From e9b2ea23462d6a0a2325aec3ba16309f42ee603c Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:19:15 -0500 Subject: [PATCH 118/185] Set INJECT_FACTS_AS_VARS for now. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 1480cc0..ee2ac2d 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 1480cc03b798bd9365b58cad81cf8c2e996e2145 +Subproject commit ee2ac2d9bcef03a5b407f2de501187c0bb2d832f From 40e63605992e45e8834796b81b9ab9c08d6f90a9 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:21:01 -0500 Subject: [PATCH 119/185] Add OS to the hostname. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index ee2ac2d..58fb023 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit ee2ac2d9bcef03a5b407f2de501187c0bb2d832f +Subproject commit 58fb023e616a1c7d4f2811121993dec2e5b23aaf From a2865d51f5b87ecd6cc685ab993cb1377b25ff2e Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:23:24 -0500 Subject: [PATCH 120/185] Remove path hack, it would need OS specific vars. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 58fb023..4b2eb75 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 58fb023e616a1c7d4f2811121993dec2e5b23aaf +Subproject commit 4b2eb756ae7cf6d910c938aedaadc08fb100d447 From 9bd64996fee42868c484ad7c29d8e29df769983f Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:28:06 -0500 Subject: [PATCH 121/185] Set PATH so ddev executable is always available. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 4b2eb75..eeff1f8 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 4b2eb756ae7cf6d910c938aedaadc08fb100d447 +Subproject commit eeff1f860078d14bad69ae47bd20e1fa863f0c4c From c3f5eade9fff08f9ed511858b0835e4d254ee9cc Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:30:57 -0500 Subject: [PATCH 122/185] Don't fail fast. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index eeff1f8..9726c77 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit eeff1f860078d14bad69ae47bd20e1fa863f0c4c +Subproject commit 9726c7757afb07c1aacefee295097a41cf970f7a From fbcaf6a7cb1a778f5a2270e81e7f5a0e83a1751e Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:31:37 -0500 Subject: [PATCH 123/185] Cancel in progress --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 9726c77..35d2d2e 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 9726c7757afb07c1aacefee295097a41cf970f7a +Subproject commit 35d2d2ee2cdd0f245a76866a882f0ccca389502d From db3bbfbd1e560e2c61cda69c96c1e08da051f9ba Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:34:29 -0500 Subject: [PATCH 124/185] go back to last passing OS. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 35d2d2e..efde19a 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 35d2d2ee2cdd0f245a76866a882f0ccca389502d +Subproject commit efde19a75a3418310d155f8e34c57171b27db67d From d879d53e64b2a74c05ca1bbd8f1df63f45038a85 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 08:57:53 -0500 Subject: [PATCH 125/185] Attempt to set path. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index efde19a..5d9e492 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit efde19a75a3418310d155f8e34c57171b27db67d +Subproject commit 5d9e49229ce1a88b06c136fcde6ffd1d0e4c9843 From 0ea2f72ddfcfb3ec1b7241ee80912fdca6e51551 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 09:01:30 -0500 Subject: [PATCH 126/185] Set environment in ddev install step? --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 5d9e492..f8ae82b 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 5d9e49229ce1a88b06c136fcde6ffd1d0e4c9843 +Subproject commit f8ae82b114446613c57c70357cdfca592e05f6b3 From 4422e8ca2a9c12258c1e72d76827608c3e51ed41 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 29 Nov 2025 09:04:50 -0500 Subject: [PATCH 127/185] Don't mess with path --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index f8ae82b..2386a8e 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit f8ae82b114446613c57c70357cdfca592e05f6b3 +Subproject commit 2386a8e54a817092478fcca407a1311a6cba19eb From c918bc6e271a4e65636dcdc5198b9975b11c8a06 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 30 Nov 2025 11:40:22 -0500 Subject: [PATCH 128/185] Default to rockylinux9. --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 8e373bb..122ff34 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ --- services: operations: - image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest + image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest cgroup: host cgroup_parent: docker.slice privileged: true From 66fefd16715f820bc4c91481b23e2ff1c253219f Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 30 Nov 2025 11:40:49 -0500 Subject: [PATCH 129/185] Updates --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 2386a8e..135a428 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 2386a8e54a817092478fcca407a1311a6cba19eb +Subproject commit 135a4280541bb9b71551ef1735953c47c9dfd9d0 From 3eac5a7fb8a72c2837031e2fbdbaca7b98c96783 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sun, 30 Nov 2025 11:44:44 -0500 Subject: [PATCH 130/185] Set hostname --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 122ff34..3ed5004 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,7 @@ services: operations: image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest + hostname: server.company.com cgroup: host cgroup_parent: docker.slice privileged: true From c01f9ad81f9c0c697b31ac222d3413e73ce89c3d Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Fri, 12 Dec 2025 08:04:03 -0500 Subject: [PATCH 131/185] Add the workflow from the ddev site runner https://github.com/operations-project/github-action-ddev-runner/blob/main/.github/workflows/test.ddev.workflows.yml --- .github/server.test.yml | 117 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 .github/server.test.yml diff --git a/.github/server.test.yml b/.github/server.test.yml new file mode 100644 index 0000000..2945de4 --- /dev/null +++ b/.github/server.test.yml @@ -0,0 +1,117 @@ +# +# This workflow is for testing your server's config. +# +# It will launch a docker-based test server, run your ansible playbook, and launch a site with ddev. +# +# This allows you to create pull requests to alter server config, with CI/CD to ensure it works. +# +name: Server Test +on: + pull_request: + +env: + # To install github runners automatically, you need a personal access token with admin:write permissions on your repository. + GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number }} + cancel-in-progress: false + +jobs: + create-server: + name: Launch test runner + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + repository: 'operations-project/github-runner-starter' + ref: 'v1.2.1' + + # Kick off the runner script over and over until there are no more queued jobs. + # Each runner is --ephemeral, runs one job. + - name: "Launch runner script." + run: | + while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do + sleep 2 + ./github-runner-starter \ + --run \ + --name=github.actions.runner.${{ github.run_id }}.${{ matrix.runner }} \ + --labels=github.actions.runner.${{ github.run_id }} \ + --config-sh-options=--ephemeral + sleep 2 + done + + create-site: + name: Create Preview Site + uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows + with: + + # Configure your site here. + git_root: /home/runner/ourproject/pr${{ github.event.number }} + + # Use the http URL. + git_repository: ${{ github.event.repository.clone_url }} + + # Must be unique per server. + ddev_project_name: ourproject.pr${{ github.event.number }} + + # Used to create a system domain. + ddev_project_tld: sites.thinkdrop.net + + # Tell the remote workflow what to run on. + github_runs_on: github.actions.runner.${{ github.run_id }} + + # Define the github environment name, to be displayed in the UI. + github_environment_name: pr${{ github.event.number }} + + # Define a github environment url, a link to be shown on the pull request. + github_environment_url: http://pr${{ github.event.number }}.sites.thinkdrop.net + + # To persist a site's data, set "run_prepare_command" to false. + run_prepare_command: true + prepare_command: echo "Preparing site..." + + # Command to run after deploying code. + deploy_command: ddev exec echo "Hello from $(hostname)!" + + # Additional ddev config to apply to the environment. + # Will be saved to .ddev/config.zzz.runner.yaml + ddev_config: | + additional_fqdns: + - admin.pr${{ github.event.number }}.sites.thinkdrop.net + - ddev-runner.ddev.site + + run-command: + name: DDEV Status + uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.command.yml@feature/reusable-workflows + needs: create-site + with: + working_directory: /home/runner/ourproject/pr${{ github.event.number }} + github_runs_on: github.actions.runner.${{ github.run_id }} + command: ddev status + env: | + SUCCESS="DDEV Status" + HIDE=1 + + test-site: + name: Run tests + needs: create-site + runs-on: github.actions.runner.${{ github.run_id }} + steps: + + - uses: jonpugh/goatscripts@main + - name: Check homepage for Hello World. + env: + SUCCESS: "Tests passed! DDEV webserver is online. :boom:" + ERROR: "Unable to load DDEV website. :x:" + run: | + run-with-summary curl https://ddev-runner.ddev.site + curl -s https://ddev-runner.ddev.site | grep "Hello World!" + + remove-site: + name: Remove Site + uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.destroy.ddev.yml@feature/reusable-workflows + needs: test-site + with: + git_root: /home/runner/ourproject/pr${{ github.event.number }} + github_runs_on: github.actions.runner.${{ github.run_id }} From 8a818645deb3aeae4bd557e3e377a6802ad3c7fd Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Fri, 12 Dec 2025 08:04:23 -0500 Subject: [PATCH 132/185] Rename .github/server.test.yml to .github/workflows/server.test.yml --- .github/{ => workflows}/server.test.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{ => workflows}/server.test.yml (100%) diff --git a/.github/server.test.yml b/.github/workflows/server.test.yml similarity index 100% rename from .github/server.test.yml rename to .github/workflows/server.test.yml From dca1777bc17e6338c092094c26e363cd185f7a8c Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Fri, 12 Dec 2025 08:13:47 -0500 Subject: [PATCH 133/185] Set names. --- .github/workflows/server.test.yml | 42 +++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 2945de4..c3fa061 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -13,6 +13,12 @@ env: # To install github runners automatically, you need a personal access token with admin:write permissions on your repository. GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" + # The playbook to run. + # You can use the one included in the site-runn ansible roles or make your own. + # ANSIBLE_PLAYBOOK: ansible/site-runner/playbook.yml + ANSIBLE_PLAYBOOK: ansible/playbook.example.yml + RUNNER_NAME: platform@server.mysite.com + concurrency: group: ${{ github.workflow }}-${{ github.event.number }} cancel-in-progress: false @@ -22,10 +28,30 @@ jobs: name: Launch test runner runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - repository: 'operations-project/github-runner-starter' - ref: 'v1.2.1' + + # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. + - name: Set ansible variables + run: | + echo "operations_platform_ssh_private_key: \"${{ secrets.SSH_PRIVATE_KEY }}\"" > vars.ci.yml + cat vars.ci.yml + + - name: Inventory + run: run-with-summary ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts + env: + SUCCESS: "Ansible inventory" + ERROR: "Ansible inventory list failed" + HIDE: true + + - name: Playbook + env: + SUCCESS: "Ansible playbook completed successfully." + ERROR: "Ansible playbook failed!" + SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} + run: | + run-with-summary \ + docker compose exec operations \ + ansible-playbook ${ANSIBLE_PLAYBOOK} \ + --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} # Kick off the runner script over and over until there are no more queued jobs. # Each runner is --ephemeral, runs one job. @@ -56,16 +82,16 @@ jobs: ddev_project_name: ourproject.pr${{ github.event.number }} # Used to create a system domain. - ddev_project_tld: sites.thinkdrop.net + ddev_project_tld: sites.server.mysite.com # Tell the remote workflow what to run on. - github_runs_on: github.actions.runner.${{ github.run_id }} + github_runs_on: platform@server.mysite.com # Define the github environment name, to be displayed in the UI. github_environment_name: pr${{ github.event.number }} # Define a github environment url, a link to be shown on the pull request. - github_environment_url: http://pr${{ github.event.number }}.sites.thinkdrop.net + github_environment_url: http://pr${{ github.event.number }}.sites.server.mysite.com # To persist a site's data, set "run_prepare_command" to false. run_prepare_command: true @@ -78,7 +104,7 @@ jobs: # Will be saved to .ddev/config.zzz.runner.yaml ddev_config: | additional_fqdns: - - admin.pr${{ github.event.number }}.sites.thinkdrop.net + - admin.pr${{ github.event.number }}.sites.server.mysite.com - ddev-runner.ddev.site run-command: From 58df532a8c062fa9a52e0519d1f7dabd83633634 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Fri, 12 Dec 2025 08:16:23 -0500 Subject: [PATCH 134/185] Add run-with-summary --- .github/workflows/server.test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index c3fa061..20cbe2f 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -29,6 +29,9 @@ jobs: runs-on: ubuntu-latest steps: + # run-with-summary, etc + - uses: jonpugh/goatscripts@main + # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. - name: Set ansible variables run: | From 7849d42dbde6d09a0fa1f2344672ec4e9158f44e Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Fri, 12 Dec 2025 08:16:33 -0500 Subject: [PATCH 135/185] Comment out test for now. --- .github/workflows/site-runner.test.yml | 270 ++++++++++++------------- 1 file changed, 135 insertions(+), 135 deletions(-) diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml index 8ad53da..8f4af51 100644 --- a/.github/workflows/site-runner.test.yml +++ b/.github/workflows/site-runner.test.yml @@ -1,136 +1,136 @@ + ## +## site-runner.test.yml +## This workflow allows you to test your server config in a container. +## Use it for testing out changes to your Ansible inventory or Roles. +## +#name: Server Config Test +#on: +# pull_request: # -# site-runner.test.yml -# This workflow allows you to test your server config in a container. -# Use it for testing out changes to your Ansible inventory or Roles. -# -name: Server Config Test -on: - pull_request: - -env: - # This example creates github runners for each subsequent job. - # To do so, it needs a GitHub token with admin:write permissions. - # Create a personal access token with admin:write permissions on the repository you wish to deploy. - RUNNER_GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" - - # The playbook to run. - # You can use the one included in the site-runn ansible roles or make your own. - # ANSIBLE_PLAYBOOK: ansible/site-runner/playbook.yml - ANSIBLE_PLAYBOOK: ansible/playbook.example.yml - RUNNER_NAME: platform@server.mysite.com - -concurrency: - group: ${{ github.workflow }}-${{ github.event.number }} - cancel-in-progress: true - -jobs: - configure-server: - name: Prepare server - runs-on: ubuntu-latest - - steps: - - - uses: actions/checkout@v3 - with: - submodules: recursive - - - uses: jonpugh/goatscripts@main - - - name: GitHub context - env: - GITHUB_CONTEXT_JSON: ${{ toJSON(github) }} - run: echo "$GITHUB_CONTEXT_JSON" - - - name: GitHub Environment - run: env | grep GITHUB_ - - - name: Install docker-compose - uses: KengoTODA/actions-setup-docker-compose@v1 - with: - version: '2.24.0' - - - name: Start Container - run: | - docker compose up -d --quiet-pull - docker-compose exec operations chmod 0400 /etc/shadow - - # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. - - name: Set ansible variables - run: | - echo "operations_platform_ssh_private_key: \"${{ secrets.SSH_PRIVATE_KEY }}\"" > vars.ci.yml - cat vars.ci.yml - - - name: Inventory - run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts - env: - SUCCESS: "Ansible inventory" - ERROR: "Ansible inventory list failed" - HIDE: true - - - name: Playbook - env: - SUCCESS: "Ansible playbook completed successfully." - ERROR: "Ansible playbook failed!" - SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} - run: | - run-with-summary \ - docker compose exec operations \ - ansible-playbook ${ANSIBLE_PLAYBOOK} \ - --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} - - - name: "Wait for all jobs to complete." - env: - REPO: ${{ github.repository }} - RUN_ID: ${{ github.run_id }} - ATTEMPT: ${{ github.run_attempt }} - EXCLUDE_JOB_NAME: ${{ github.job }} - GH_TOKEN: ${{ github.token }} - TIMEOUT: 600 - run: | - wait-for ./scripts/jobs-done - - create-site: - name: Create Preview Site - uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows - secrets: - SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} - - with: - - # Where to install your site. - # By default, the site runner ansible role creates user "platform" at "/var/platform" - git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} - - # Project name for this instance. Used to generate the domain name. - ddev_project_name: project.pr${{ github.event.number }} - - # Top-level domain. Sites are hosted as subdomains under this. - # Must create DNS records for this and a wildcard subdomain to enable unlimited sites. - ddev_project_tld: sites.company.com - - # Tell the remote workflow what server to run on. - # Must match ansible inventory name. - github_runs_on: platform@server.company.com - - # Define the github environment name, to be displayed in the UI. - github_environment_name: pr${{ github.event.number }} - - # Define a github environment url, a link to be shown on the pull request. - github_environment_url: http://project.pr${{ github.event.number }}.sites.company.com - - # If true, site data will be rebuilt on every run of this workflow (usually every git push) - # To persist a site's data, set "run_prepare_command" to false. - run_prepare_command: true - - # Prepare the site's data. Run your sync/import/install script. - # Change to 'ddev drush site:install' or 'ddev sync' or whatever your project uses to prepare the site data. - prepare_command: ddev status - - # Command to run after deploying code changes - # Change to 'ddev drush update:database' or './deploy.sh' or whatever your project uses to after new code is available. - deploy_command: ddev status - - # Additional ddev config to apply to the environment. - # Will be saved to .ddev/config.zzz.runner.yaml - # See your project's .ddev/config.yaml file for examples. - ddev_config: | +#env: +# # This example creates github runners for each subsequent job. +# # To do so, it needs a GitHub token with admin:write permissions. +# # Create a personal access token with admin:write permissions on the repository you wish to deploy. +# RUNNER_GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" +# +# # The playbook to run. +# # You can use the one included in the site-runn ansible roles or make your own. +# # ANSIBLE_PLAYBOOK: ansible/site-runner/playbook.yml +# ANSIBLE_PLAYBOOK: ansible/playbook.example.yml +# RUNNER_NAME: platform@server.mysite.com +# +#concurrency: +# group: ${{ github.workflow }}-${{ github.event.number }} +# cancel-in-progress: true +# +#jobs: +# configure-server: +# name: Prepare server +# runs-on: ubuntu-latest +# +# steps: +# +# - uses: actions/checkout@v3 +# with: +# submodules: recursive +# +# - uses: jonpugh/goatscripts@main +# +# - name: GitHub context +# env: +# GITHUB_CONTEXT_JSON: ${{ toJSON(github) }} +# run: echo "$GITHUB_CONTEXT_JSON" +# +# - name: GitHub Environment +# run: env | grep GITHUB_ +# +# - name: Install docker-compose +# uses: KengoTODA/actions-setup-docker-compose@v1 +# with: +# version: '2.24.0' +# +# - name: Start Container +# run: | +# docker compose up -d --quiet-pull +# docker-compose exec operations chmod 0400 /etc/shadow +# +# # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. +# - name: Set ansible variables +# run: | +# echo "operations_platform_ssh_private_key: \"${{ secrets.SSH_PRIVATE_KEY }}\"" > vars.ci.yml +# cat vars.ci.yml +# +# - name: Inventory +# run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts +# env: +# SUCCESS: "Ansible inventory" +# ERROR: "Ansible inventory list failed" +# HIDE: true +# +# - name: Playbook +# env: +# SUCCESS: "Ansible playbook completed successfully." +# ERROR: "Ansible playbook failed!" +# SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} +# run: | +# run-with-summary \ +# docker compose exec operations \ +# ansible-playbook ${ANSIBLE_PLAYBOOK} \ +# --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} +# +# - name: "Wait for all jobs to complete." +# env: +# REPO: ${{ github.repository }} +# RUN_ID: ${{ github.run_id }} +# ATTEMPT: ${{ github.run_attempt }} +# EXCLUDE_JOB_NAME: ${{ github.job }} +# GH_TOKEN: ${{ github.token }} +# TIMEOUT: 600 +# run: | +# wait-for ./scripts/jobs-done +# +# create-site: +# name: Create Preview Site +# uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows +# secrets: +# SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} +# +# with: +# +# # Where to install your site. +# # By default, the site runner ansible role creates user "platform" at "/var/platform" +# git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} +# +# # Project name for this instance. Used to generate the domain name. +# ddev_project_name: project.pr${{ github.event.number }} +# +# # Top-level domain. Sites are hosted as subdomains under this. +# # Must create DNS records for this and a wildcard subdomain to enable unlimited sites. +# ddev_project_tld: sites.company.com +# +# # Tell the remote workflow what server to run on. +# # Must match ansible inventory name. +# github_runs_on: platform@server.company.com +# +# # Define the github environment name, to be displayed in the UI. +# github_environment_name: pr${{ github.event.number }} +# +# # Define a github environment url, a link to be shown on the pull request. +# github_environment_url: http://project.pr${{ github.event.number }}.sites.company.com +# +# # If true, site data will be rebuilt on every run of this workflow (usually every git push) +# # To persist a site's data, set "run_prepare_command" to false. +# run_prepare_command: true +# +# # Prepare the site's data. Run your sync/import/install script. +# # Change to 'ddev drush site:install' or 'ddev sync' or whatever your project uses to prepare the site data. +# prepare_command: ddev status +# +# # Command to run after deploying code changes +# # Change to 'ddev drush update:database' or './deploy.sh' or whatever your project uses to after new code is available. +# deploy_command: ddev status +# +# # Additional ddev config to apply to the environment. +# # Will be saved to .ddev/config.zzz.runner.yaml +# # See your project's .ddev/config.yaml file for examples. +# ddev_config: | From c88fca05d92607e82e1530944f321de99d52450f Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Fri, 12 Dec 2025 08:18:42 -0500 Subject: [PATCH 136/185] Forgot the codebase. --- .github/workflows/server.test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 20cbe2f..ba7c2bb 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -28,6 +28,7 @@ jobs: name: Launch test runner runs-on: ubuntu-latest steps: + - uses: actions/checkout@v6 # run-with-summary, etc - uses: jonpugh/goatscripts@main From 5f0dfbd13de8719f9103d67279ebf165b35d9665 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Fri, 12 Dec 2025 08:21:05 -0500 Subject: [PATCH 137/185] Recursive submodules. --- .github/workflows/server.test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index ba7c2bb..91579ca 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -29,6 +29,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 + with: + submodules: 'recursive' # run-with-summary, etc - uses: jonpugh/goatscripts@main From 9d729ae1961e562f847424c49fd3d403a4a60fa0 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Fri, 12 Dec 2025 08:22:16 -0500 Subject: [PATCH 138/185] No docker, we're in docker. --- .github/workflows/server.test.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 91579ca..34a9bad 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -55,9 +55,8 @@ jobs: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} run: | run-with-summary \ - docker compose exec operations \ - ansible-playbook ${ANSIBLE_PLAYBOOK} \ - --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} + ansible-playbook ${ANSIBLE_PLAYBOOK} \ + --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} # Kick off the runner script over and over until there are no more queued jobs. # Each runner is --ephemeral, runs one job. From 9ccbf2a2657bb627902f62e033c5174833d14b19 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 13 Dec 2025 07:57:12 -0500 Subject: [PATCH 139/185] new commits --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 135a428..6ba9be1 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 135a4280541bb9b71551ef1735953c47c9dfd9d0 +Subproject commit 6ba9be1028e6ee2edb150f576b843be04ac497ac From 19f4a5eee64263e62d1d2a979ac599bffa874a1a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 13 Dec 2025 08:57:18 -0500 Subject: [PATCH 140/185] Allow confirm ddev install to fail. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 6ba9be1..6374fed 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 6ba9be1028e6ee2edb150f576b843be04ac497ac +Subproject commit 6374fed01968854cf2bf7895c3bdf70304421e54 From dfe445147a2082efdfe0ba8f3813f87c3ee88752 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 13 Dec 2025 09:00:42 -0500 Subject: [PATCH 141/185] Remove unworking workflow. --- .github/workflows/site-runner.test.yml | 136 ------------------------- README.md | 2 +- ansible/group_vars/all.yml | 2 +- 3 files changed, 2 insertions(+), 138 deletions(-) delete mode 100644 .github/workflows/site-runner.test.yml diff --git a/.github/workflows/site-runner.test.yml b/.github/workflows/site-runner.test.yml deleted file mode 100644 index 8f4af51..0000000 --- a/.github/workflows/site-runner.test.yml +++ /dev/null @@ -1,136 +0,0 @@ - ## -## site-runner.test.yml -## This workflow allows you to test your server config in a container. -## Use it for testing out changes to your Ansible inventory or Roles. -## -#name: Server Config Test -#on: -# pull_request: -# -#env: -# # This example creates github runners for each subsequent job. -# # To do so, it needs a GitHub token with admin:write permissions. -# # Create a personal access token with admin:write permissions on the repository you wish to deploy. -# RUNNER_GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" -# -# # The playbook to run. -# # You can use the one included in the site-runn ansible roles or make your own. -# # ANSIBLE_PLAYBOOK: ansible/site-runner/playbook.yml -# ANSIBLE_PLAYBOOK: ansible/playbook.example.yml -# RUNNER_NAME: platform@server.mysite.com -# -#concurrency: -# group: ${{ github.workflow }}-${{ github.event.number }} -# cancel-in-progress: true -# -#jobs: -# configure-server: -# name: Prepare server -# runs-on: ubuntu-latest -# -# steps: -# -# - uses: actions/checkout@v3 -# with: -# submodules: recursive -# -# - uses: jonpugh/goatscripts@main -# -# - name: GitHub context -# env: -# GITHUB_CONTEXT_JSON: ${{ toJSON(github) }} -# run: echo "$GITHUB_CONTEXT_JSON" -# -# - name: GitHub Environment -# run: env | grep GITHUB_ -# -# - name: Install docker-compose -# uses: KengoTODA/actions-setup-docker-compose@v1 -# with: -# version: '2.24.0' -# -# - name: Start Container -# run: | -# docker compose up -d --quiet-pull -# docker-compose exec operations chmod 0400 /etc/shadow -# -# # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. -# - name: Set ansible variables -# run: | -# echo "operations_platform_ssh_private_key: \"${{ secrets.SSH_PRIVATE_KEY }}\"" > vars.ci.yml -# cat vars.ci.yml -# -# - name: Inventory -# run: run-with-summary docker compose exec operations ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts -# env: -# SUCCESS: "Ansible inventory" -# ERROR: "Ansible inventory list failed" -# HIDE: true -# -# - name: Playbook -# env: -# SUCCESS: "Ansible playbook completed successfully." -# ERROR: "Ansible playbook failed!" -# SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} -# run: | -# run-with-summary \ -# docker compose exec operations \ -# ansible-playbook ${ANSIBLE_PLAYBOOK} \ -# --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} -# -# - name: "Wait for all jobs to complete." -# env: -# REPO: ${{ github.repository }} -# RUN_ID: ${{ github.run_id }} -# ATTEMPT: ${{ github.run_attempt }} -# EXCLUDE_JOB_NAME: ${{ github.job }} -# GH_TOKEN: ${{ github.token }} -# TIMEOUT: 600 -# run: | -# wait-for ./scripts/jobs-done -# -# create-site: -# name: Create Preview Site -# uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows -# secrets: -# SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} -# -# with: -# -# # Where to install your site. -# # By default, the site runner ansible role creates user "platform" at "/var/platform" -# git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} -# -# # Project name for this instance. Used to generate the domain name. -# ddev_project_name: project.pr${{ github.event.number }} -# -# # Top-level domain. Sites are hosted as subdomains under this. -# # Must create DNS records for this and a wildcard subdomain to enable unlimited sites. -# ddev_project_tld: sites.company.com -# -# # Tell the remote workflow what server to run on. -# # Must match ansible inventory name. -# github_runs_on: platform@server.company.com -# -# # Define the github environment name, to be displayed in the UI. -# github_environment_name: pr${{ github.event.number }} -# -# # Define a github environment url, a link to be shown on the pull request. -# github_environment_url: http://project.pr${{ github.event.number }}.sites.company.com -# -# # If true, site data will be rebuilt on every run of this workflow (usually every git push) -# # To persist a site's data, set "run_prepare_command" to false. -# run_prepare_command: true -# -# # Prepare the site's data. Run your sync/import/install script. -# # Change to 'ddev drush site:install' or 'ddev sync' or whatever your project uses to prepare the site data. -# prepare_command: ddev status -# -# # Command to run after deploying code changes -# # Change to 'ddev drush update:database' or './deploy.sh' or whatever your project uses to after new code is available. -# deploy_command: ddev status -# -# # Additional ddev config to apply to the environment. -# # Will be saved to .ddev/config.zzz.runner.yaml -# # See your project's .ddev/config.yaml file for examples. -# ddev_config: | diff --git a/README.md b/README.md index 53e0194..e4aac1b 100644 --- a/README.md +++ b/README.md @@ -39,4 +39,4 @@ For example, to use github secrets, you can pass it on the command line in your ansible-playbook --extra-vars operations_github_api_token=${{ secrets.REPO_ADMIN_TOKEN }} ``` -See [`site-runner.test.yml`](./.github/workflows/site-runner.test.yml#53) +See [`server.test.yml`](./.github/workflows/server.yml#53) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 8886e47..0a14aec 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -7,7 +7,7 @@ operations_admin_users: # Load SSH private key from environment variable SSH_PRIVATE_KEY. # When running on github actions, this variable will be set, loaded from github secrets. -# See site-runner.test.yml +# See server.test.yml # # If running manually, set SSH_PRIVATE_KEY env var if you want ansible-playbook to install it. # You can also just leave this out and figure out your own key management. From 1e9e3c3526c7756360ef3aa160f387bd5f473531 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 13 Dec 2025 09:02:25 -0500 Subject: [PATCH 142/185] trying to set path again. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 6374fed..e47ac3b 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 6374fed01968854cf2bf7895c3bdf70304421e54 +Subproject commit e47ac3b7456bcf87659112ce57a6697fdc4ceeb7 From 06fe914728dd0390e0c16d95a64bdb17af7ad091 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 13 Dec 2025 09:17:36 -0500 Subject: [PATCH 143/185] Try creating the .config dir. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index e47ac3b..78242bd 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit e47ac3b7456bcf87659112ce57a6697fdc4ceeb7 +Subproject commit 78242bd0d1661daf1fdeddd9085598aaf77cbdcf From 26f437223000dc0fff7fdfd0eeb8f2af94554670 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 13 Dec 2025 09:18:16 -0500 Subject: [PATCH 144/185] Cancel prior runs. --- .github/workflows/server.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 34a9bad..9de425e 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -21,7 +21,7 @@ env: concurrency: group: ${{ github.workflow }}-${{ github.event.number }} - cancel-in-progress: false + cancel-in-progress: true jobs: create-server: From 2b6733ced59d89c714629dfa4d40b93ce715c92d Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 13 Dec 2025 09:23:14 -0500 Subject: [PATCH 145/185] Create config dir so permissions are ok. --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 78242bd..4cf4f61 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 78242bd0d1661daf1fdeddd9085598aaf77cbdcf +Subproject commit 4cf4f61bc7cf6ff545906eede730f878f9977feb From 413dc65445653be96ba23388b85aed0eb5f194c8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 08:28:03 -0500 Subject: [PATCH 146/185] See if rocky 8 works. --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3ed5004..9289811 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ --- services: operations: - image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest + image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest hostname: server.company.com cgroup: host cgroup_parent: docker.slice From 6aca79837977ad78b65d911b842a29a6d47a8a54 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 08:38:22 -0500 Subject: [PATCH 147/185] Use docker compose to launch test containers. --- .github/workflows/server.test.yml | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 9de425e..098ba07 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -35,14 +35,31 @@ jobs: # run-with-summary, etc - uses: jonpugh/goatscripts@main + - name: Install docker-compose + uses: KengoTODA/actions-setup-docker-compose@v1 + with: + version: '2.24.0' + + - name: Information + run: | + docker-compose --version + # Site runner ansible roles now sets SSH config to allow hosts to become known on first connection. - name: Set ansible variables run: | echo "operations_platform_ssh_private_key: \"${{ secrets.SSH_PRIVATE_KEY }}\"" > vars.ci.yml cat vars.ci.yml + - name: Start Containers + run: | + docker compose up -d --quiet-pull + docker-compose exec operations chmod 0400 /etc/shadow + - name: Inventory - run: run-with-summary ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts + run: | + run-with-summary \ + docker-compose exec operations \ + ansible-playbook ${ANSIBLE_PLAYBOOK} --list-hosts env: SUCCESS: "Ansible inventory" ERROR: "Ansible inventory list failed" @@ -55,8 +72,9 @@ jobs: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} run: | run-with-summary \ - ansible-playbook ${ANSIBLE_PLAYBOOK} \ - --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} + docker-compose exec operations \ + ansible-playbook ${ANSIBLE_PLAYBOOK} \ + --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} # Kick off the runner script over and over until there are no more queued jobs. # Each runner is --ephemeral, runs one job. From 7c9772a5a73ffcc395dca645417bad267c5c3896 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 08:42:43 -0500 Subject: [PATCH 148/185] Rename GITHUB_TOKEN to RUNNER_GITHUB_TOKEN --- .github/workflows/server.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 098ba07..f245db2 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -11,7 +11,7 @@ on: env: # To install github runners automatically, you need a personal access token with admin:write permissions on your repository. - GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" + RUNNER_GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" # The playbook to run. # You can use the one included in the site-runn ansible roles or make your own. From 3ab68da15739b06a96511e474d350ccf2c84d0ab Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 08:51:59 -0500 Subject: [PATCH 149/185] Wait for jobs to finish. --- .github/workflows/server.test.yml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index f245db2..bb596f5 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -76,19 +76,15 @@ jobs: ansible-playbook ${ANSIBLE_PLAYBOOK} \ --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} - # Kick off the runner script over and over until there are no more queued jobs. - # Each runner is --ephemeral, runs one job. - - name: "Launch runner script." + - name: Run jobs + env: + REPO: ${{ github.repository }} + RUN_ID: ${{ github.run_id }} + ATTEMPT: ${{ github.run_attempt }} + JOB_NAME: ${{ github.job }} + GH_TOKEN: ${{ github.token }} run: | - while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do - sleep 2 - ./github-runner-starter \ - --run \ - --name=github.actions.runner.${{ github.run_id }}.${{ matrix.runner }} \ - --labels=github.actions.runner.${{ github.run_id }} \ - --config-sh-options=--ephemeral - sleep 2 - done + wait-for ./scripts/jobs-done create-site: name: Create Preview Site From bbd54d596e54f87d775a54b85b860e9a2e7349b3 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 09:01:41 -0500 Subject: [PATCH 150/185] Set runner name --- .github/workflows/server.test.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index bb596f5..2754f2d 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -17,7 +17,7 @@ env: # You can use the one included in the site-runn ansible roles or make your own. # ANSIBLE_PLAYBOOK: ansible/site-runner/playbook.yml ANSIBLE_PLAYBOOK: ansible/playbook.example.yml - RUNNER_NAME: platform@server.mysite.com + RUNNER_NAME: platform@server.mydomain.com concurrency: group: ${{ github.workflow }}-${{ github.event.number }} @@ -101,16 +101,16 @@ jobs: ddev_project_name: ourproject.pr${{ github.event.number }} # Used to create a system domain. - ddev_project_tld: sites.server.mysite.com + ddev_project_tld: sites.server.mydomain.com # Tell the remote workflow what to run on. - github_runs_on: platform@server.mysite.com + github_runs_on: platform@server.mydomain.com # Define the github environment name, to be displayed in the UI. github_environment_name: pr${{ github.event.number }} # Define a github environment url, a link to be shown on the pull request. - github_environment_url: http://pr${{ github.event.number }}.sites.server.mysite.com + github_environment_url: http://pr${{ github.event.number }}.sites.server.mydomain.com # To persist a site's data, set "run_prepare_command" to false. run_prepare_command: true @@ -123,7 +123,7 @@ jobs: # Will be saved to .ddev/config.zzz.runner.yaml ddev_config: | additional_fqdns: - - admin.pr${{ github.event.number }}.sites.server.mysite.com + - admin.pr${{ github.event.number }}.sites.server.mydomain.com - ddev-runner.ddev.site run-command: @@ -132,7 +132,7 @@ jobs: needs: create-site with: working_directory: /home/runner/ourproject/pr${{ github.event.number }} - github_runs_on: github.actions.runner.${{ github.run_id }} + github_runs_on: platform@server.mydomain.com command: ddev status env: | SUCCESS="DDEV Status" @@ -141,7 +141,7 @@ jobs: test-site: name: Run tests needs: create-site - runs-on: github.actions.runner.${{ github.run_id }} + runs-on: platform@server.mydomain.com steps: - uses: jonpugh/goatscripts@main @@ -159,4 +159,4 @@ jobs: needs: test-site with: git_root: /home/runner/ourproject/pr${{ github.event.number }} - github_runs_on: github.actions.runner.${{ github.run_id }} + github_runs_on: platform@server.mydomain.com From 96300a292d767bbfda514148bd6646f68f71b335 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 09:10:01 -0500 Subject: [PATCH 151/185] Update server hostname in Ansible hosts file --- ansible/hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/hosts b/ansible/hosts index dd1fbff..2d01653 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -6,4 +6,4 @@ # so that ansible-playbook runs from this server run locally. # [operations_host_ddev] -server.company.com ansible_connection=local +server.mydomain.com ansible_connection=local From fe640328f7589e5068c340490636302c34d327e1 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 09:11:05 -0500 Subject: [PATCH 152/185] Right server name --- ansible/inventory.example.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/inventory.example.yml b/ansible/inventory.example.yml index 95d2525..fa8541c 100644 --- a/ansible/inventory.example.yml +++ b/ansible/inventory.example.yml @@ -15,7 +15,7 @@ operations_host_ddev: # Your server's full name. # It will be helpful to set a DNS record for this. - server.company.com: + server.mydomain.com: # The github repos to install on this server. # Each of these projects will get a github self-hosted runner. @@ -31,4 +31,4 @@ operations_host_ddev: # to ansible-playbook # ansible-playbook playbook.yml --extra-vars operations_github_api_token=${{ secrets.YOUR_GITHUB_SECRET }} on the command line. # See .github/workflows/site-runner-test.yml line 78 for an example: - operations_github_api_token: "" \ No newline at end of file + operations_github_api_token: "" From d09a5010b1185b09b9b0c54b364990dd1abed521 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 09:23:50 -0500 Subject: [PATCH 153/185] Use /var/platform --- .github/workflows/server.test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 2754f2d..9a1ace3 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -92,7 +92,7 @@ jobs: with: # Configure your site here. - git_root: /home/runner/ourproject/pr${{ github.event.number }} + git_root: /var/platform/ourproject/pr${{ github.event.number }} # Use the http URL. git_repository: ${{ github.event.repository.clone_url }} @@ -131,7 +131,7 @@ jobs: uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.command.yml@feature/reusable-workflows needs: create-site with: - working_directory: /home/runner/ourproject/pr${{ github.event.number }} + working_directory: /var/platform/ourproject/pr${{ github.event.number }} github_runs_on: platform@server.mydomain.com command: ddev status env: | @@ -158,5 +158,5 @@ jobs: uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.destroy.ddev.yml@feature/reusable-workflows needs: test-site with: - git_root: /home/runner/ourproject/pr${{ github.event.number }} + git_root: /var/platform/ourproject/pr${{ github.event.number }} github_runs_on: platform@server.mydomain.com From 399b3132f6e2f8cda80d8b38e467f628314707f0 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 09:25:50 -0500 Subject: [PATCH 154/185] Right directories --- .github/workflows/server.test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 9a1ace3..92a2faf 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -92,7 +92,7 @@ jobs: with: # Configure your site here. - git_root: /var/platform/ourproject/pr${{ github.event.number }} + git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} # Use the http URL. git_repository: ${{ github.event.repository.clone_url }} @@ -131,7 +131,7 @@ jobs: uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.command.yml@feature/reusable-workflows needs: create-site with: - working_directory: /var/platform/ourproject/pr${{ github.event.number }} + working_directory: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} github_runs_on: platform@server.mydomain.com command: ddev status env: | @@ -158,5 +158,5 @@ jobs: uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.destroy.ddev.yml@feature/reusable-workflows needs: test-site with: - git_root: /var/platform/ourproject/pr${{ github.event.number }} + git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} github_runs_on: platform@server.mydomain.com From b2e690d08ffa0c9dd54748c63afd6a5cf26f8bd3 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 09:26:24 -0500 Subject: [PATCH 155/185] Add timeout for wait-for --- .github/workflows/server.test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 92a2faf..888234e 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -83,6 +83,7 @@ jobs: ATTEMPT: ${{ github.run_attempt }} JOB_NAME: ${{ github.job }} GH_TOKEN: ${{ github.token }} + TIMEOUT: 600 run: | wait-for ./scripts/jobs-done From 7f37bc7700646a0173b3e48a2f40215865e5c4b3 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 09:52:22 -0500 Subject: [PATCH 156/185] updated roles --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index 4cf4f61..dac690b 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit 4cf4f61bc7cf6ff545906eede730f878f9977feb +Subproject commit dac690bfd47379669845b1e350ff46f3fcb494f6 From 99349203b04f3fa2d4d27b424f77e5e1b6558684 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Wed, 17 Dec 2025 11:40:29 -0500 Subject: [PATCH 157/185] updated roles --- ansible/site-runner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/site-runner b/ansible/site-runner index dac690b..aa5d107 160000 --- a/ansible/site-runner +++ b/ansible/site-runner @@ -1 +1 @@ -Subproject commit dac690bfd47379669845b1e350ff46f3fcb494f6 +Subproject commit aa5d107a89977d89de1986688228b068b2c1bc57 From 9f572ff43705c5674071734a4fd3e15d15b823c9 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 07:55:20 -0500 Subject: [PATCH 158/185] Update Docker image to use Rocky Linux 9 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 9289811..3ed5004 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ --- services: operations: - image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest + image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest hostname: server.company.com cgroup: host cgroup_parent: docker.slice From 669ba49743d87b242949b16ac201b54104e3490a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:07:37 -0500 Subject: [PATCH 159/185] Update Docker image to use Rocky Linux 10 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3ed5004..cf60f5b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ --- services: operations: - image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest + image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux10}-ansible:latest hostname: server.company.com cgroup: host cgroup_parent: docker.slice From d8dbf7cc1c6b646c7c720ffeb8595ea7e1cc7f03 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:12:37 -0500 Subject: [PATCH 160/185] Create Dockerfile for Ansible testing Add Dockerfile for testing and development environment --- Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..42fa59f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +# This is for testing and development only. +# SSHD must be installed before running the playbook. +# Thanks: https://stackoverflow.com/questions/71040681/qemu-x86-64-could-not-open-lib64-ld-linux-x86-64-so-2-no-such-file-or-direc +FROM geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux10}-ansible:latest + +# https://github.com/geerlingguy/docker-rockylinux9-ansible/issues/6#issuecomment-2676248714 +RUN chmod 0400 /etc/shadow From 4bfefac10215d26b9b51c381f5664de2cbfc96c1 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:13:05 -0500 Subject: [PATCH 161/185] Build --- docker-compose.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cf60f5b..b08d361 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,6 +12,8 @@ services: volumes: - ./:/app - /sys/fs/cgroup:/sys/fs/cgroup:rw - - # We want it to work from local repo only. - # - ./ansible:/etc/ansible + environment: + - OPERATIONS_PLATFORM=yes + env_file: + - .env + build: ./ From ad53bb0eb281586b223d543f1393802bca3c3a48 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:16:26 -0500 Subject: [PATCH 162/185] Use DOCKER_HOSTNAME env var --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index b08d361..68a6193 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ services: operations: image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux10}-ansible:latest - hostname: server.company.com + hostname: ${DOCKER_HOSTNAME:-server.mydomain.com} cgroup: host cgroup_parent: docker.slice privileged: true From cef67eb9bf8ba632d474af833930f931143c2460 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:17:09 -0500 Subject: [PATCH 163/185] Set env --- .github/workflows/server.test.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 888234e..644adee 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -50,6 +50,15 @@ jobs: echo "operations_platform_ssh_private_key: \"${{ secrets.SSH_PRIVATE_KEY }}\"" > vars.ci.yml cat vars.ci.yml + - name: Set runner name + if: github.event_name == 'pull_request' + run: | + echo "OPERATIONS_ENVIRONMENT_NAME=server.pr${{ github.event.number }}.${{ matrix.os }}.server.mydomain.com" >> "$GITHUB_ENV" + + - name: Set variables + run: | + echo "DOCKER_HOSTNAME=${{ env.OPERATIONS_ENVIRONMENT_NAME }}" > .env + - name: Start Containers run: | docker compose up -d --quiet-pull From fb6501e78ce27e3001804697c0637fc92c06c639 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:25:55 -0500 Subject: [PATCH 164/185] Change ENV var for OS. --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 68a6193..141d8d5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ --- services: operations: - image: geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux10}-ansible:latest + image: geerlingguy/docker-${DISTRO:-rockylinux10}-ansible:latest hostname: ${DOCKER_HOSTNAME:-server.mydomain.com} cgroup: host cgroup_parent: docker.slice From 0da46c5c38ff3ca7890558afc82d5e92809959ee Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:30:15 -0500 Subject: [PATCH 165/185] Use SERVER_NAME --- .github/workflows/server.test.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 644adee..76e6c7c 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -17,6 +17,7 @@ env: # You can use the one included in the site-runn ansible roles or make your own. # ANSIBLE_PLAYBOOK: ansible/site-runner/playbook.yml ANSIBLE_PLAYBOOK: ansible/playbook.example.yml + SERVER_NAME: server.mydomain.com RUNNER_NAME: platform@server.mydomain.com concurrency: @@ -27,6 +28,10 @@ jobs: create-server: name: Launch test runner runs-on: ubuntu-latest + strategy: + matrix: + os: + - rockylinux9 steps: - uses: actions/checkout@v6 with: @@ -53,10 +58,11 @@ jobs: - name: Set runner name if: github.event_name == 'pull_request' run: | - echo "OPERATIONS_ENVIRONMENT_NAME=server.pr${{ github.event.number }}.${{ matrix.os }}.server.mydomain.com" >> "$GITHUB_ENV" + echo "OPERATIONS_ENVIRONMENT_NAME=server.pr${{ github.event.number }}.${{ matrix.os }}.${{ env.SERVER_NAME }}" >> "$GITHUB_ENV" - name: Set variables run: | + echo "DISTRO=${{ matrix.os }}" > .env echo "DOCKER_HOSTNAME=${{ env.OPERATIONS_ENVIRONMENT_NAME }}" > .env - name: Start Containers @@ -133,7 +139,7 @@ jobs: # Will be saved to .ddev/config.zzz.runner.yaml ddev_config: | additional_fqdns: - - admin.pr${{ github.event.number }}.sites.server.mydomain.com + - admin.pr${{ github.event.number }}.sites.${{ env.SERVER_NAME }} - ddev-runner.ddev.site run-command: @@ -142,7 +148,7 @@ jobs: needs: create-site with: working_directory: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} - github_runs_on: platform@server.mydomain.com + github_runs_on: platform@${{ env.SERVER_NAME }} command: ddev status env: | SUCCESS="DDEV Status" @@ -151,7 +157,7 @@ jobs: test-site: name: Run tests needs: create-site - runs-on: platform@server.mydomain.com + runs-on: platform@${{ env.SERVER_NAME }} steps: - uses: jonpugh/goatscripts@main @@ -169,4 +175,4 @@ jobs: needs: test-site with: git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} - github_runs_on: platform@server.mydomain.com + github_runs_on: platform@${{ env.SERVER_NAME }} From a17cfb4a836093b2eec34049325941f925168b87 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:39:46 -0500 Subject: [PATCH 166/185] Use github var to set hostname. --- .github/workflows/server.test.yml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 76e6c7c..112e895 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -17,8 +17,8 @@ env: # You can use the one included in the site-runn ansible roles or make your own. # ANSIBLE_PLAYBOOK: ansible/site-runner/playbook.yml ANSIBLE_PLAYBOOK: ansible/playbook.example.yml - SERVER_NAME: server.mydomain.com - RUNNER_NAME: platform@server.mydomain.com +# SERVER_HOSTNAME: server.mydomain.com +# RUNNER_NAME: platform@server.mydomain.com concurrency: group: ${{ github.workflow }}-${{ github.event.number }} @@ -58,12 +58,16 @@ jobs: - name: Set runner name if: github.event_name == 'pull_request' run: | - echo "OPERATIONS_ENVIRONMENT_NAME=server.pr${{ github.event.number }}.${{ matrix.os }}.${{ env.SERVER_NAME }}" >> "$GITHUB_ENV" + echo "DOCKER_SERVER_HOSTNAME=server.pr${{ github.event.number }}.${{ matrix.os }}.${{ vars.SERVER_HOSTNAME }}" >> "$GITHUB_ENV" + + - name: Set runner name + if: github.event_name != 'pull_request' + run: | + echo "DOCKER_SERVER_HOSTNAME=server.${{ github.refname }}.${{ matrix.os }}.${{ vars.SERVER_HOSTNAME }}" >> "$GITHUB_ENV" - name: Set variables run: | echo "DISTRO=${{ matrix.os }}" > .env - echo "DOCKER_HOSTNAME=${{ env.OPERATIONS_ENVIRONMENT_NAME }}" > .env - name: Start Containers run: | @@ -117,16 +121,16 @@ jobs: ddev_project_name: ourproject.pr${{ github.event.number }} # Used to create a system domain. - ddev_project_tld: sites.server.mydomain.com + ddev_project_tld: sites.${{ vars.SERVER_NAME }} # Tell the remote workflow what to run on. - github_runs_on: platform@server.mydomain.com + github_runs_on: platform@${{ vars.SERVER_NAME }} # Define the github environment name, to be displayed in the UI. github_environment_name: pr${{ github.event.number }} # Define a github environment url, a link to be shown on the pull request. - github_environment_url: http://pr${{ github.event.number }}.sites.server.mydomain.com + github_environment_url: http://pr${{ github.event.number }}.sites.${{ vars.SERVER_NAME }} # To persist a site's data, set "run_prepare_command" to false. run_prepare_command: true @@ -139,7 +143,7 @@ jobs: # Will be saved to .ddev/config.zzz.runner.yaml ddev_config: | additional_fqdns: - - admin.pr${{ github.event.number }}.sites.${{ env.SERVER_NAME }} + - admin.pr${{ github.event.number }}.sites.${{ vars.SERVER_NAME }} - ddev-runner.ddev.site run-command: @@ -148,7 +152,7 @@ jobs: needs: create-site with: working_directory: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} - github_runs_on: platform@${{ env.SERVER_NAME }} + github_runs_on: platform@${{ vars.SERVER_NAME }} command: ddev status env: | SUCCESS="DDEV Status" @@ -157,7 +161,7 @@ jobs: test-site: name: Run tests needs: create-site - runs-on: platform@${{ env.SERVER_NAME }} + runs-on: platform@${{ vars.SERVER_NAME }} steps: - uses: jonpugh/goatscripts@main @@ -175,4 +179,4 @@ jobs: needs: test-site with: git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} - github_runs_on: platform@${{ env.SERVER_NAME }} + github_runs_on: platform@${{ vars.SERVER_NAME }} From 6df48cac3ef31e1e3c68f90a7903cdcfaae91ad8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:43:55 -0500 Subject: [PATCH 167/185] Change DOCKER_SERVER_HOSTNAME --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 141d8d5..ab4b23d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ services: operations: image: geerlingguy/docker-${DISTRO:-rockylinux10}-ansible:latest - hostname: ${DOCKER_HOSTNAME:-server.mydomain.com} + hostname: ${DOCKER_SERVER_HOSTNAME:-server.docker.host} cgroup: host cgroup_parent: docker.slice privileged: true From c0cd5969ea79e6d16e10e8c26db7d54cf826d410 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:47:07 -0500 Subject: [PATCH 168/185] Set hostname using matrix. --- .github/workflows/server.test.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 112e895..f0b79bc 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -30,8 +30,9 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - os: - - rockylinux9 + include: + - os: rockylinux9 + server_hostname: server.pr${{ github.event.number }}.${{ matrix.os }}.${{ vars.SERVER_HOSTNAME }} steps: - uses: actions/checkout@v6 with: @@ -63,11 +64,12 @@ jobs: - name: Set runner name if: github.event_name != 'pull_request' run: | - echo "DOCKER_SERVER_HOSTNAME=server.${{ github.refname }}.${{ matrix.os }}.${{ vars.SERVER_HOSTNAME }}" >> "$GITHUB_ENV" + echo "DOCKER_SERVER_HOSTNAME=${{ matrix.server_hostname }}" >> "$GITHUB_ENV" - name: Set variables run: | echo "DISTRO=${{ matrix.os }}" > .env + echo "DOCKER_SERVER_HOSTNAME=${{ matrix.server_hostname }}" > .env - name: Start Containers run: | From 6f4ff3465588564291d60a07de08153b7d8aee77 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:47:55 -0500 Subject: [PATCH 169/185] No matrix in matrix. --- .github/workflows/server.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index f0b79bc..7173955 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -32,7 +32,7 @@ jobs: matrix: include: - os: rockylinux9 - server_hostname: server.pr${{ github.event.number }}.${{ matrix.os }}.${{ vars.SERVER_HOSTNAME }} + server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} steps: - uses: actions/checkout@v6 with: From 3bdbdcda4eef9212b3e86db1e24910dfb80e8c58 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:51:03 -0500 Subject: [PATCH 170/185] Set ansible inventory. --- .github/workflows/server.test.yml | 4 ++++ docker-compose.yml | 1 + 2 files changed, 5 insertions(+) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 7173955..1d36b28 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -55,6 +55,10 @@ jobs: run: | echo "operations_platform_ssh_private_key: \"${{ secrets.SSH_PRIVATE_KEY }}\"" > vars.ci.yml cat vars.ci.yml + + echo "[operations_host_ddev] + ${{ matrix.server_hostname }} ansible_connection=local" > ./ansible/hosts + cat ./ansible/hosts - name: Set runner name if: github.event_name == 'pull_request' diff --git a/docker-compose.yml b/docker-compose.yml index ab4b23d..1ff7ca2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,6 +11,7 @@ services: working_dir: /app volumes: - ./:/app + - ./ansible:/etc/ansible - /sys/fs/cgroup:/sys/fs/cgroup:rw environment: - OPERATIONS_PLATFORM=yes From 1155b6ddf388c20dd278e5043f2db5522b6d3844 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:53:57 -0500 Subject: [PATCH 171/185] Set ansible inventory. --- ansible.cfg | 2 +- docker-compose.yml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index 30e5705..c921a50 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,7 +6,7 @@ force_color = True # You don't have to set /etc/ansible if you set the inventory path. # When setting inventory, the host_vars and group_vars will be loaded automatically. -inventory =./ansible/hosts, ./ansible/inventory.example.yml +inventory =./ansible/hosts # The ./roles path next to the playbook is used automatically. # If you are using your own playbook, you will have to make sure the site-runner roles are available diff --git a/docker-compose.yml b/docker-compose.yml index 1ff7ca2..ab4b23d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,7 +11,6 @@ services: working_dir: /app volumes: - ./:/app - - ./ansible:/etc/ansible - /sys/fs/cgroup:/sys/fs/cgroup:rw environment: - OPERATIONS_PLATFORM=yes From 89b59dbafd2180a1e45721280349b5c0da17c333 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 08:58:48 -0500 Subject: [PATCH 172/185] OS is weird. --- .github/workflows/server.test.yml | 1 + Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 1d36b28..d1a5699 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -74,6 +74,7 @@ jobs: run: | echo "DISTRO=${{ matrix.os }}" > .env echo "DOCKER_SERVER_HOSTNAME=${{ matrix.server_hostname }}" > .env + cat .env - name: Start Containers run: | diff --git a/Dockerfile b/Dockerfile index 42fa59f..01d55b5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # This is for testing and development only. # SSHD must be installed before running the playbook. # Thanks: https://stackoverflow.com/questions/71040681/qemu-x86-64-could-not-open-lib64-ld-linux-x86-64-so-2-no-such-file-or-direc -FROM geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux10}-ansible:latest +FROM geerlingguy/docker-${DISTRO:-rockylinux10}-ansible:latest # https://github.com/geerlingguy/docker-rockylinux9-ansible/issues/6#issuecomment-2676248714 RUN chmod 0400 /etc/shadow From 044bc577e7a87f9dfd01e9cc3c229d8071182fc0 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 09:02:24 -0500 Subject: [PATCH 173/185] Default to 9 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index ab4b23d..abf00f3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ --- services: operations: - image: geerlingguy/docker-${DISTRO:-rockylinux10}-ansible:latest + image: geerlingguy/docker-${DISTRO:-rockylinux9}-ansible:latest hostname: ${DOCKER_SERVER_HOSTNAME:-server.docker.host} cgroup: host cgroup_parent: docker.slice From a999033d8b2c4251d36e3b75ee32ae3487f0972e Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 09:08:39 -0500 Subject: [PATCH 174/185] Set vars for repo. --- ansible.cfg | 2 +- ansible/inventory.example.yml | 47 ++++++++++++++++++++--------------- 2 files changed, 28 insertions(+), 21 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index c921a50..30e5705 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,7 +6,7 @@ force_color = True # You don't have to set /etc/ansible if you set the inventory path. # When setting inventory, the host_vars and group_vars will be loaded automatically. -inventory =./ansible/hosts +inventory =./ansible/hosts, ./ansible/inventory.example.yml # The ./roles path next to the playbook is used automatically. # If you are using your own playbook, you will have to make sure the site-runner roles are available diff --git a/ansible/inventory.example.yml b/ansible/inventory.example.yml index fa8541c..e377f05 100644 --- a/ansible/inventory.example.yml +++ b/ansible/inventory.example.yml @@ -11,24 +11,31 @@ all: # DDEV Site Runners operations_host_ddev: - hosts: - - # Your server's full name. - # It will be helpful to set a DNS record for this. - server.mydomain.com: - - # The github repos to install on this server. - # Each of these projects will get a github self-hosted runner. - operations_github_runners: - - runner_repo: operations-project/site-runner-example-app + vars: + # The github repos to install on this server. + # Each of these projects will get a github self-hosted runner. + operations_github_runners: + - runner_repo: operations-project/site-runner-example-app - # GitHub API token with admin:write access to the git repos. - # https://github.com/settings/personal-access-tokens - # DO NOT COMMIT THIS TO GIT. - # There are many ways to store your secrets in ansible. - # If you are running `ansible-playbook` in a GitHub action, you can simply - # add a GitHub secret to your repo or organization, then pass ${{ secrets.YOUR_GITHUB_SECRET }} - # to ansible-playbook - # ansible-playbook playbook.yml --extra-vars operations_github_api_token=${{ secrets.YOUR_GITHUB_SECRET }} on the command line. - # See .github/workflows/site-runner-test.yml line 78 for an example: - operations_github_api_token: "" + # To have control over what repo is used on what server, set var operations_github_runners on specific hosts. +# hosts: +# +# # Your server's full name. +# # It will be helpful to set a DNS record for this. +# server.mydomain.com: +# +# # The github repos to install on this server. +# # Each of these projects will get a github self-hosted runner. +# operations_github_runners: +# - runner_repo: operations-project/site-runner-example-app +# +# # GitHub API token with admin:write access to the git repos. +# # https://github.com/settings/personal-access-tokens +# # DO NOT COMMIT THIS TO GIT. +# # There are many ways to store your secrets in ansible. +# # If you are running `ansible-playbook` in a GitHub action, you can simply +# # add a GitHub secret to your repo or organization, then pass ${{ secrets.YOUR_GITHUB_SECRET }} +# # to ansible-playbook +# # ansible-playbook playbook.yml --extra-vars operations_github_api_token=${{ secrets.YOUR_GITHUB_SECRET }} on the command line. +# # See .github/workflows/site-runner-test.yml line 78 for an example: +# operations_github_api_token: "" From 9602e27e0df136f7fd709d7a1e927458410f5af7 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 09:14:32 -0500 Subject: [PATCH 175/185] Try to use matrix in "with" params --- .github/workflows/server.test.yml | 32 +++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index d1a5699..66b1304 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -116,6 +116,13 @@ jobs: create-site: name: Create Preview Site uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows + + strategy: + matrix: + include: + - os: rockylinux9 + server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} + with: # Configure your site here. @@ -128,16 +135,16 @@ jobs: ddev_project_name: ourproject.pr${{ github.event.number }} # Used to create a system domain. - ddev_project_tld: sites.${{ vars.SERVER_NAME }} + ddev_project_tld: sites.${{ matrix.server_hostname }} # Tell the remote workflow what to run on. - github_runs_on: platform@${{ vars.SERVER_NAME }} + github_runs_on: platform@${{ matrix.server_hostname }} # Define the github environment name, to be displayed in the UI. github_environment_name: pr${{ github.event.number }} # Define a github environment url, a link to be shown on the pull request. - github_environment_url: http://pr${{ github.event.number }}.sites.${{ vars.SERVER_NAME }} + github_environment_url: http://pr${{ github.event.number }}.sites.${{ matrix.server_hostname }} # To persist a site's data, set "run_prepare_command" to false. run_prepare_command: true @@ -150,16 +157,22 @@ jobs: # Will be saved to .ddev/config.zzz.runner.yaml ddev_config: | additional_fqdns: - - admin.pr${{ github.event.number }}.sites.${{ vars.SERVER_NAME }} + - admin.pr${{ github.event.number }}.sites.${{ matrix.server_hostname }} - ddev-runner.ddev.site run-command: name: DDEV Status uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.command.yml@feature/reusable-workflows needs: create-site + strategy: + matrix: + include: + - os: rockylinux9 + server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} + with: working_directory: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} - github_runs_on: platform@${{ vars.SERVER_NAME }} + github_runs_on: platform@${{ matrix.server_hostname }} command: ddev status env: | SUCCESS="DDEV Status" @@ -168,7 +181,14 @@ jobs: test-site: name: Run tests needs: create-site - runs-on: platform@${{ vars.SERVER_NAME }} + runs-on: ${{ matrix.server_hostname }} + + strategy: + matrix: + include: + - os: rockylinux9 + server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} + steps: - uses: jonpugh/goatscripts@main From bfb554cff56988a0fbd736ced1d0b58cd0b566cf Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 09:43:59 -0500 Subject: [PATCH 176/185] README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e4aac1b..3ac2499 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# site-runner-example-app +# Site Runner Example App An example repo containing server configuration and app code. ## Instructions From 2baa4d13c4d80da7957229a7ba3d275294c5968e Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 13:22:09 -0500 Subject: [PATCH 177/185] Set docker_service_manage to false: according to https://github.com/geerlingguy/ansible-role-docker The tests failed when trying to start DDEV. --- .github/workflows/server.test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index 66b1304..b3d2b6c 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -54,6 +54,7 @@ jobs: - name: Set ansible variables run: | echo "operations_platform_ssh_private_key: \"${{ secrets.SSH_PRIVATE_KEY }}\"" > vars.ci.yml + echo "docker_service_manage: false" >> vars.ci.yml cat vars.ci.yml echo "[operations_host_ddev] From 0b1f8aab6885893a402190517390977698b3ff34 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 13:31:03 -0500 Subject: [PATCH 178/185] Comment out site starting. It won't work for now. --- .github/workflows/server.test.yml | 180 +++++++++++++++--------------- 1 file changed, 90 insertions(+), 90 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index b3d2b6c..c762628 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -114,97 +114,97 @@ jobs: run: | wait-for ./scripts/jobs-done - create-site: - name: Create Preview Site - uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows + # create-site: + # name: Create Preview Site + # uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows - strategy: - matrix: - include: - - os: rockylinux9 - server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} + # strategy: + # matrix: + # include: + # - os: rockylinux9 + # server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} - with: + # with: - # Configure your site here. - git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} + # # Configure your site here. + # git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} - # Use the http URL. - git_repository: ${{ github.event.repository.clone_url }} - - # Must be unique per server. - ddev_project_name: ourproject.pr${{ github.event.number }} - - # Used to create a system domain. - ddev_project_tld: sites.${{ matrix.server_hostname }} - - # Tell the remote workflow what to run on. - github_runs_on: platform@${{ matrix.server_hostname }} - - # Define the github environment name, to be displayed in the UI. - github_environment_name: pr${{ github.event.number }} - - # Define a github environment url, a link to be shown on the pull request. - github_environment_url: http://pr${{ github.event.number }}.sites.${{ matrix.server_hostname }} - - # To persist a site's data, set "run_prepare_command" to false. - run_prepare_command: true - prepare_command: echo "Preparing site..." - - # Command to run after deploying code. - deploy_command: ddev exec echo "Hello from $(hostname)!" - - # Additional ddev config to apply to the environment. - # Will be saved to .ddev/config.zzz.runner.yaml - ddev_config: | - additional_fqdns: - - admin.pr${{ github.event.number }}.sites.${{ matrix.server_hostname }} - - ddev-runner.ddev.site - - run-command: - name: DDEV Status - uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.command.yml@feature/reusable-workflows - needs: create-site - strategy: - matrix: - include: - - os: rockylinux9 - server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} - - with: - working_directory: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} - github_runs_on: platform@${{ matrix.server_hostname }} - command: ddev status - env: | - SUCCESS="DDEV Status" - HIDE=1 - - test-site: - name: Run tests - needs: create-site - runs-on: ${{ matrix.server_hostname }} - - strategy: - matrix: - include: - - os: rockylinux9 - server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} - - steps: - - - uses: jonpugh/goatscripts@main - - name: Check homepage for Hello World. - env: - SUCCESS: "Tests passed! DDEV webserver is online. :boom:" - ERROR: "Unable to load DDEV website. :x:" - run: | - run-with-summary curl https://ddev-runner.ddev.site - curl -s https://ddev-runner.ddev.site | grep "Hello World!" - - remove-site: - name: Remove Site - uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.destroy.ddev.yml@feature/reusable-workflows - needs: test-site - with: - git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} - github_runs_on: platform@${{ vars.SERVER_NAME }} + # # Use the http URL. + # git_repository: ${{ github.event.repository.clone_url }} + + # # Must be unique per server. + # ddev_project_name: ourproject.pr${{ github.event.number }} + + # # Used to create a system domain. + # ddev_project_tld: sites.${{ matrix.server_hostname }} + + # # Tell the remote workflow what to run on. + # github_runs_on: platform@${{ matrix.server_hostname }} + + # # Define the github environment name, to be displayed in the UI. + # github_environment_name: pr${{ github.event.number }} + + # # Define a github environment url, a link to be shown on the pull request. + # github_environment_url: http://pr${{ github.event.number }}.sites.${{ matrix.server_hostname }} + + # # To persist a site's data, set "run_prepare_command" to false. + # run_prepare_command: true + # prepare_command: echo "Preparing site..." + + # # Command to run after deploying code. + # deploy_command: ddev exec echo "Hello from $(hostname)!" + + # # Additional ddev config to apply to the environment. + # # Will be saved to .ddev/config.zzz.runner.yaml + # ddev_config: | + # additional_fqdns: + # - admin.pr${{ github.event.number }}.sites.${{ matrix.server_hostname }} + # - ddev-runner.ddev.site + + # run-command: + # name: DDEV Status + # uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.command.yml@feature/reusable-workflows + # needs: create-site + # strategy: + # matrix: + # include: + # - os: rockylinux9 + # server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} + + # with: + # working_directory: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} + # github_runs_on: platform@${{ matrix.server_hostname }} + # command: ddev status + # env: | + # SUCCESS="DDEV Status" + # HIDE=1 + + # test-site: + # name: Run tests + # needs: create-site + # runs-on: ${{ matrix.server_hostname }} + + # strategy: + # matrix: + # include: + # - os: rockylinux9 + # server_hostname: server.pr${{ github.event.number }}.rockylinux9.${{ vars.SERVER_HOSTNAME }} + + # steps: + + # - uses: jonpugh/goatscripts@main + # - name: Check homepage for Hello World. + # env: + # SUCCESS: "Tests passed! DDEV webserver is online. :boom:" + # ERROR: "Unable to load DDEV website. :x:" + # run: | + # run-with-summary curl https://ddev-runner.ddev.site + # curl -s https://ddev-runner.ddev.site | grep "Hello World!" + + # remove-site: + # name: Remove Site + # uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.destroy.ddev.yml@feature/reusable-workflows + # needs: test-site + # with: + # git_root: /var/platform/Sites/${{ github.repository }}/pr${{ github.event.number }} + # github_runs_on: platform@${{ vars.SERVER_NAME }} From 3b4a4fa840cfdf02d0fbd69dd0e6ee380b122136 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 13:34:01 -0500 Subject: [PATCH 179/185] Add preview site workflow. --- .github/workflows/site.preview.yml | 120 +++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 .github/workflows/site.preview.yml diff --git a/.github/workflows/site.preview.yml b/.github/workflows/site.preview.yml new file mode 100644 index 0000000..79af880 --- /dev/null +++ b/.github/workflows/site.preview.yml @@ -0,0 +1,120 @@ +# +# This workflow is for testing the re-usable ones workflows. +# +# It contains multiple steps, including starting and tearing down a site. +# It doesn't make sense to use this example directly. +# +# See the example.* files for that. +# +name: Preview Sites +on: + pull_request: + +env: + # To install github runners automatically, you need a personal access token with admin:write permissions on your repository. + RUNNER_GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number }} + cancel-in-progress: false + +jobs: + # This emulates a persistent server. The ddev.site.deploy.yml jobs require one. + # This job runs the rest. It will stay running until the last job is complete. + create-server: + name: Launch test runner + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + repository: 'operations-project/github-runner-starter' + ref: 'v1.2.1' + + # Kick off the runner script over and over until there are no more queued jobs. + - name: "Launch runner script." + + run: | + while [[ $(curl -s -H "Authorization: token ${RUNNER_GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do + sleep 2 + ./github-runner-starter \ + --run \ + --name=github.actions.runner.${{ github.run_id }}.${{ matrix.runner }} \ + --labels=github.actions.runner.${{ github.run_id }} \ + --config-sh-options=--ephemeral + sleep 2 + done + + create-site: + name: Create Preview Site + uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows + with: + + # Configure your site here. + git_root: /home/runner/ourproject/pr${{ github.event.number }} + + # Use the http URL. + git_repository: ${{ github.event.repository.clone_url }} + + # Must be unique per server. + ddev_project_name: ourproject.pr${{ github.event.number }} + + # Used to create a system domain. + ddev_project_tld: sites.thinkdrop.net + + # Tell the remote workflow what to run on. + github_runs_on: github.actions.runner.${{ github.run_id }} + + # Define the github environment name, to be displayed in the UI. + github_environment_name: pr${{ github.event.number }} + + # Define a github environment url, a link to be shown on the pull request. + github_environment_url: http://pr${{ github.event.number }}.sites.thinkdrop.net + + # To persist a site's data, set "run_prepare_command" to false. + run_prepare_command: true + prepare_command: echo "Preparing site..." + + # Command to run after deploying code. + deploy_command: ddev exec echo "Hello from $(hostname)!" + + # Additional ddev config to apply to the environment. + # Will be saved to .ddev/config.zzz.runner.yaml + ddev_config: | + additional_fqdns: + - admin.pr${{ github.event.number }}.sites.thinkdrop.net + - ddev-runner.ddev.site + + run-command: + name: DDEV Status + uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.command.yml@feature/reusable-workflows + needs: create-site + with: + working_directory: /home/runner/ourproject/pr${{ github.event.number }} + github_runs_on: github.actions.runner.${{ github.run_id }} + command: ddev status + env: | + SUCCESS="DDEV Status" + HIDE=1 + + test-site: + name: Run tests + needs: create-site + runs-on: github.actions.runner.${{ github.run_id }} + steps: + + - uses: jonpugh/goatscripts@main + - name: Check homepage for Hello World. + env: + SUCCESS: "Tests passed! DDEV webserver is online. :boom:" + ERROR: "Unable to load DDEV website. :x:" + run: | + run-with-summary curl https://ddev-runner.ddev.site + curl -s https://ddev-runner.ddev.site | grep "Hello World!" + + remove-site: + name: Remove Site + uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.destroy.ddev.yml@feature/reusable-workflows + needs: test-site + with: + git_root: /home/runner/ourproject/pr${{ github.event.number }} + github_runs_on: github.actions.runner.${{ github.run_id }} From 514d720d46ef51ddf184ee180ab06f2ceffdca7a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 13:35:07 -0500 Subject: [PATCH 180/185] Replace RUNNER_GITHUB_TOKEN with GITHUB_TOKEN --- .github/workflows/site.preview.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/site.preview.yml b/.github/workflows/site.preview.yml index 79af880..eb77ab4 100644 --- a/.github/workflows/site.preview.yml +++ b/.github/workflows/site.preview.yml @@ -12,7 +12,7 @@ on: env: # To install github runners automatically, you need a personal access token with admin:write permissions on your repository. - RUNNER_GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" + GITHUB_TOKEN: "${{ secrets.OUR_GITHUB_TOKEN_RUNNER_ADMIN }}" concurrency: group: ${{ github.workflow }}-${{ github.event.number }} @@ -34,7 +34,7 @@ jobs: - name: "Launch runner script." run: | - while [[ $(curl -s -H "Authorization: token ${RUNNER_GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do + while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do sleep 2 ./github-runner-starter \ --run \ From 731c486cc7ecab21f127e42ee9d3ac76719ec966 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 13:39:32 -0500 Subject: [PATCH 181/185] Fix test. --- .github/workflows/site.preview.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site.preview.yml b/.github/workflows/site.preview.yml index eb77ab4..d6f3a21 100644 --- a/.github/workflows/site.preview.yml +++ b/.github/workflows/site.preview.yml @@ -109,7 +109,7 @@ jobs: ERROR: "Unable to load DDEV website. :x:" run: | run-with-summary curl https://ddev-runner.ddev.site - curl -s https://ddev-runner.ddev.site | grep "Hello World!" + curl -s https://ddev-runner.ddev.site | grep "HELLO WORLD" remove-site: name: Remove Site From 96de36d6de8c63b6b22a91e460cca877377ec1b9 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 13:41:47 -0500 Subject: [PATCH 182/185] Run on github provided runners. --- .github/workflows/site.preview.yml | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/.github/workflows/site.preview.yml b/.github/workflows/site.preview.yml index d6f3a21..a109ed1 100644 --- a/.github/workflows/site.preview.yml +++ b/.github/workflows/site.preview.yml @@ -19,31 +19,6 @@ concurrency: cancel-in-progress: false jobs: - # This emulates a persistent server. The ddev.site.deploy.yml jobs require one. - # This job runs the rest. It will stay running until the last job is complete. - create-server: - name: Launch test runner - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - repository: 'operations-project/github-runner-starter' - ref: 'v1.2.1' - - # Kick off the runner script over and over until there are no more queued jobs. - - name: "Launch runner script." - - run: | - while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do - sleep 2 - ./github-runner-starter \ - --run \ - --name=github.actions.runner.${{ github.run_id }}.${{ matrix.runner }} \ - --labels=github.actions.runner.${{ github.run_id }} \ - --config-sh-options=--ephemeral - sleep 2 - done - create-site: name: Create Preview Site uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows @@ -62,7 +37,7 @@ jobs: ddev_project_tld: sites.thinkdrop.net # Tell the remote workflow what to run on. - github_runs_on: github.actions.runner.${{ github.run_id }} + github_runs_on: ubuntu-latest # Define the github environment name, to be displayed in the UI. github_environment_name: pr${{ github.event.number }} From 6b5e56d59e7879e39d03ee8309dd2aed37262108 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 13:46:27 -0500 Subject: [PATCH 183/185] Use fake self-hosted runner in this example workflow. --- .github/workflows/site.preview.yml | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/.github/workflows/site.preview.yml b/.github/workflows/site.preview.yml index a109ed1..82d017b 100644 --- a/.github/workflows/site.preview.yml +++ b/.github/workflows/site.preview.yml @@ -19,6 +19,32 @@ concurrency: cancel-in-progress: false jobs: + + # To allow sites to exist across multiple jobs, we can use a runner to launch other runners. + # Once you have this workflow going on a site runner server, you can remove the create-server job. + create-server: + name: Launch test runner + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + repository: 'operations-project/github-runner-starter' + ref: 'v1.2.1' + + # Kick off the runner script over and over until there are no more queued jobs. + - name: "Launch runner script." + + run: | + while [[ $(curl -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs" | jq -r '.jobs[] | select(.status=="queued") | .id' | wc -l) -gt 0 ]]; do + sleep 2 + ./github-runner-starter \ + --run \ + --name=github.actions.runner.${{ github.run_id }}.${{ matrix.runner }} \ + --labels=github.actions.runner.${{ github.run_id }} \ + --config-sh-options=--ephemeral + sleep 2 + done + create-site: name: Create Preview Site uses: operations-project/github-action-ddev-runner/.github/workflows/operations.site.deploy.ddev.yml@feature/reusable-workflows @@ -37,7 +63,8 @@ jobs: ddev_project_tld: sites.thinkdrop.net # Tell the remote workflow what to run on. - github_runs_on: ubuntu-latest + # Once a site runner server is installed, use that server's name (eg. platform@server.mydomain.com) + github_runs_on: github.actions.runner.${{ github.run_id }} # Define the github environment name, to be displayed in the UI. github_environment_name: pr${{ github.event.number }} From 472c1cfd673704bae80437f5d1857556939fda1d Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 13:49:51 -0500 Subject: [PATCH 184/185] Run command job goes first. --- .github/workflows/site.preview.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/site.preview.yml b/.github/workflows/site.preview.yml index 82d017b..b1bb5c0 100644 --- a/.github/workflows/site.preview.yml +++ b/.github/workflows/site.preview.yml @@ -100,7 +100,7 @@ jobs: test-site: name: Run tests - needs: create-site + needs: run-command runs-on: github.actions.runner.${{ github.run_id }} steps: From b3d12dfda6a556b1099d2c73eea00262a857739b Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Sat, 20 Dec 2025 13:51:06 -0500 Subject: [PATCH 185/185] No jobs to run. --- .github/workflows/server.test.yml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/server.test.yml b/.github/workflows/server.test.yml index c762628..c206abc 100644 --- a/.github/workflows/server.test.yml +++ b/.github/workflows/server.test.yml @@ -103,16 +103,17 @@ jobs: ansible-playbook ${ANSIBLE_PLAYBOOK} \ --extra-vars operations_github_api_token=${RUNNER_GITHUB_TOKEN} - - name: Run jobs - env: - REPO: ${{ github.repository }} - RUN_ID: ${{ github.run_id }} - ATTEMPT: ${{ github.run_attempt }} - JOB_NAME: ${{ github.job }} - GH_TOKEN: ${{ github.token }} - TIMEOUT: 600 - run: | - wait-for ./scripts/jobs-done +# @TODO Removed this part of the test. Couldn't get ddev in docker on github runners working. +# - name: Run jobs +# env: +# REPO: ${{ github.repository }} +# RUN_ID: ${{ github.run_id }} +# ATTEMPT: ${{ github.run_attempt }} +# JOB_NAME: ${{ github.job }} +# GH_TOKEN: ${{ github.token }} +# TIMEOUT: 600 +# run: | +# wait-for ./scripts/jobs-done # create-site: # name: Create Preview Site