Skip to content

GitHub Actions Integration

Overview

Implement CI/CD pipelines for Ansible using GitHub Actions.

Workflow Examples

Basic Workflow

name: Ansible CI/CD

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.x'

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install ansible-lint

      - name: Lint Ansible Playbooks
        run: ansible-lint

  test:
    needs: lint
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.x'

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install ansible molecule docker

      - name: Run Molecule tests
        run: molecule test

  deploy:
    needs: test
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    environment:
      name: production
      url: https://example.com

    steps:
      - uses: actions/checkout@v3

      - name: Configure SSH
        uses: webfactory/[email protected]
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Run Ansible playbook
        run: |
          echo "${{ secrets.VAULT_PASSWORD }}" > .vault_pass
          ansible-playbook -i inventory/prod \
            --vault-password-file .vault_pass \
            site.yml

Security Features

Secrets Management

jobs:
  deploy:
    steps:
      - name: Load secrets
        env:
          VAULT_PASS: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
          SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          AWS_KEY: ${{ secrets.AWS_ACCESS_KEY }}

Environment Protection

environments:
  production:
    name: production
    deployment-branch: ['main']
    required-reviewers: 2
    wait-timer: 15

Matrix Testing

Multi-Platform Tests

jobs:
  test:
    strategy:
      matrix:
        os: [ubuntu-latest, centos-latest]
        python-version: ['3.8', '3.9', '3.10']
    runs-on: ${{ matrix.os }}
    steps:
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}

Advanced Features

Reusable Workflows

# .github/workflows/reusable-ansible.yml
name: Reusable Ansible Deploy
on:
  workflow_call:
    inputs:
      environment:
        required: true
        type: string
    secrets:
      ssh_key:
        required: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Deploy to ${{ inputs.environment }}
        run: ansible-playbook -i inventory/${{ inputs.environment }}