ci: fix syntax-check vault password, update CI deploy key
- Add vault password step to syntax-check job (ansible needs it even for --syntax-check) - Regenerate CI deploy SSH key (old private key was lost, new pair generated) - Add VAULT_PASSWORD and SSH_PRIVATE_KEY secrets to Forgejo via API Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
43a870954a
commit
9bfb702322
2 changed files with 6 additions and 1 deletions
|
|
@ -15,6 +15,11 @@ jobs:
|
|||
- name: Install ansible
|
||||
run: pip3 install ansible --quiet --break-system-packages
|
||||
|
||||
- name: Write vault password
|
||||
run: |
|
||||
echo "${{ secrets.VAULT_PASSWORD }}" > ~/.vault-password-file
|
||||
chmod 600 ~/.vault-password-file
|
||||
|
||||
- name: Syntax check
|
||||
run: ansible-playbook playbooks/deploy.yml --syntax-check -i inventory/
|
||||
|
||||
|
|
|
|||
|
|
@ -26,4 +26,4 @@ syncthing_basic_auth_htpasswd: "{{ vault_syncthing_basic_auth_htpasswd }}"
|
|||
forgejo_runner_token: "{{ vault_forgejo_runner_token }}"
|
||||
|
||||
# CI/CD deploy key (public key — not a secret)
|
||||
ci_deploy_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6kK8+/9cMo9sFUIQAupPfcD3A6UixmAzB0r8jAf0kz ci-deploy@forgejo-runner"
|
||||
ci_deploy_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdr9mRSSUqt7Ym4wA5RpVyz76wEXSOtVfh2/yCSMIbg ci-deploy@forgejo-runner"
|
||||
|
|
|
|||
Loading…
Reference in a new issue