Create a Deploy Ansible Workflow

Using the Docker container action, you will build a workflow. This workflow will be responsible for deploying the site.yml playbook, which, in turn, configures your environment.

We have created the workflow file using the command below:

Components#

Let’s look at the components of the deploy_ansible workflow file one by one.

Triggers#

You will give the workflow a name and define the triggers for the following actions:

• Push
• Pull request

Job#

Use the checkout and Ansible Docker container actions within a job called deploy.

The highlighted line-6 calls action from within the repository instead of an external source. Review the complete deploy_ansible.yml file below:

Click the Run button and wait for the environment to set up. Once set up, save, add, commit, and push the new workflow to GitHub.

Build results#

Now let’s view the build results in GitHub.

1. Log into GitHub.
2. Open your Ansible repository.
3. Click Actions within the repository.
4. Select the deploy Ansible workflow.
5. View the latest run of the workflow.

6. Within the workflow, select the deploy job on the right panel.

7. Expand the Run /./.github/actions/ansible step.
8. Scroll to the bottom of the output.

The Vault password wasn’t found. From the output, you can confirm that the file is there, but the password is incorrect.

Sparing the debugging details, the reason is that the ANSIBLE_VAULT_PASSWORD environment variable isn’t defined. Previously you passed that to the docker container. Without this, the .vault file is empty. GitHub offers a solution to this problem by storing secrets passed to the Docker container action at runtime.

Store environment variables in secrets#

GitHub secrets are encrypted environment variables that you create in a repository or an organization. You will use them to store the environment variable values Ansible needs. Those secrets will then be passed to the Docker container action.

Following are the steps to add the secret to GitHub:

1. On GitHub, navigate to the main page of the Ansible repository.
2. Under the repository, click Settings.
3. In the left sidebar, click Secrets.
4. Click New repository secret.
5. Type an ANSIBLE_VAULT_PASSWORD in the Name input box.
6. Enter the vault password as the value for your secret.
7. Click Add secret.

The Ansible Vault password is one of several environment variables that you need. Because you’re using a dynamic inventory, you also need to add each of the environment variables that Ansible uses to authenticate your cloud provider.

For each environment variable, your cloud provider requires repeat steps 1-7.

AWS#

For AWS, you require the following environment variables:

• AWS_ACCESS_KEY_ID
• AWS_SECRET_ACCESS_KEY

Azure#

For Azure, you require the following environment variables:

• AZURE_SUBSCRIPTION_ID
• AZURE_CLIENT_ID
• AZURE_SECRET
• AZURE_TENANT

Using encrypted secrets in a workflow#

You update the deploy_ansible.yml and add the required environment variables to the deploy job. The syntax to use secrets from GitHub is ＄{{ secrets.SECRET_NAME }}.

Using this method, Github’s secrets populate the environment variables inside the container when the action runs.

AWS#

Review the job for AWS below:

Azure#

Review the jobs for Azure below:

Add, commit, and push the changes to the workflow.

Log into GitHub and review the action’s output.

With the environment variables added, the workflow can connect and configure your virtual machines or EC2 instances!

Github Secrets
Read more about configuring and managing workflow secrets.

In this lesson, you used the Docker container Github action, built a workflow on top of it, and we introduced GitHub secrets to populate the environment variables.