forked from docs/doc-exports
Artem Goncharov
dfe3039259
switch to git apply of the generated patch In comparison to a regular diff we have binary files already in patch. It is also created with the purpose to be shared (by email). Try applying it instead. Reviewed-by: OpenTelekomCloud Bot <None>
105 lines
3.5 KiB
YAML
105 lines
3.5 KiB
YAML
---
|
|
- hosts: localhost
|
|
vars:
|
|
vault_addr: "{{ zuul_vault_addr }}"
|
|
vault_secret_dest: "{{ zuul.executor.work_root }}/.approle-secret"
|
|
vault_token_dest: "{{ zuul.executor.work_root }}/.approle-token"
|
|
github_token_dest: "{{ zuul.executor.work_root }}/.github"
|
|
github_token_lease: "{{ zuul.executor.work_root }}/.github_lease"
|
|
|
|
roles:
|
|
# Get the Vault token from prepared secret-id
|
|
- role: create-vault-approle-token
|
|
vault_role_id: "{{ zuul_vault.vault_role_id }}"
|
|
vault_wrapping_token_id: "{{ lookup('file', vault_secret_dest) }}"
|
|
|
|
tasks:
|
|
|
|
- name: Fetch organization tokens
|
|
no_log: true
|
|
check_mode: false
|
|
ansible.builtin.uri:
|
|
url: "{{ vault_addr }}/v1/{{ zuul_vault.vault_token_path }}"
|
|
headers:
|
|
"X-Vault-Token": "{{ lookup('file', vault_token_dest) }}"
|
|
method: "POST"
|
|
body:
|
|
org_name: "opentelekomcloud-docs"
|
|
body_format: "json"
|
|
register: "org_token"
|
|
|
|
- name: Write GitHub token into the destination
|
|
no_log: true
|
|
copy:
|
|
content: "{{ org_token.json.data.token }}"
|
|
dest: "{{ github_token_dest }}"
|
|
mode: "0400"
|
|
when:
|
|
- "vault_token_dest is defined"
|
|
- "org_token is defined"
|
|
- "org_token.json is defined"
|
|
- "org_token.json.data is defined"
|
|
- "org_token.json.data.token is defined"
|
|
|
|
- name: Save token lease
|
|
no_log: true
|
|
copy:
|
|
content: "{{ org_token.json.lease_id }}"
|
|
dest: "{{ github_token_lease }}"
|
|
mode: "0400"
|
|
when:
|
|
- "vault_token_dest is defined"
|
|
- "org_token is defined"
|
|
- "org_token.json is defined"
|
|
|
|
- hosts: all
|
|
vars:
|
|
github_token_dest: "{{ zuul.executor.work_root }}/.github"
|
|
github_token: "{{ lookup('file', github_token_dest) }}"
|
|
vault_addr: "{{ zuul_vault_addr }}"
|
|
vault_token_file: "{{ zuul.executor.work_root }}/.approle-token"
|
|
github_token_lease: "{{ zuul.executor.work_root }}/.github_lease"
|
|
environment:
|
|
GITHUB_TOKEN: "{{ github_token }}"
|
|
tasks:
|
|
|
|
- name: Attempt to gracefully apply patch
|
|
block:
|
|
- name: Read project docs configuration
|
|
include_vars: "{{ docs_update_data_file }}"
|
|
|
|
- name: Configure git user name
|
|
command: "git config --global user.name 'OpenTelekomCloud Proposal Bot'"
|
|
|
|
- name: Configure git user email
|
|
command: "git config --global user.email 52695153+otcbot@users.noreply.github.com"
|
|
|
|
- name: Process patch
|
|
include_role:
|
|
name: "apply_doc_patch"
|
|
vars:
|
|
doc_label: "{{ doc.label }}"
|
|
apply_doc_patch_repository: "{{ doc.repository }}"
|
|
apply_doc_patch_diff_patch_file: "{{ ansible_user_dir }}/{{ doc.label }}.diff.patch"
|
|
apply_doc_patch_git_patch_file: "{{ ansible_user_dir }}/{{ doc.label }}.git.patch"
|
|
apply_doc_patch_target_location: "{{ doc.project_location }}"
|
|
loop: "{{ docs }}"
|
|
loop_control:
|
|
loop_var: "doc"
|
|
label: "{{ doc.label }}"
|
|
|
|
always:
|
|
- name: Revoke GitHub token lease
|
|
check_mode: false
|
|
no_log: true
|
|
delegate_to: localhost
|
|
uri:
|
|
url: "{{ vault_addr }}/v1/sys/leases/revoke"
|
|
headers:
|
|
"X-Vault-Token": "{{ lookup('file', vault_token_file) }}"
|
|
method: "PUT"
|
|
body:
|
|
lease_id: "{{ lookup('file', github_token_lease) }}"
|
|
body_format: "json"
|
|
status_code: 204
|