Ansible --06- Cleanup Clients #63
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Ansible --06- Cleanup Clients | |
| on: | |
| schedule: | |
| - cron: '30 3 * * 0' # Run at 03:30 UTC every Sunday [maintenance window: 12:00-06:00 UTC] | |
| workflow_dispatch: | |
| inputs: | |
| verbosity: | |
| description: 'The verbosity level for logs' | |
| type: choice | |
| required: true | |
| default: '-v' | |
| options: | |
| - '-v' | |
| - '-vv' | |
| - '-vvv' | |
| serial: | |
| description: 'The value for the variable_serial argument' | |
| type: number | |
| dry_run: | |
| description: 'Run in dry-run mode to see what would be deleted' | |
| type: boolean | |
| required: true | |
| default: false | |
| defaults: | |
| run: | |
| working-directory: './ansible' | |
| jobs: | |
| run_playbook: | |
| name: Run Play | |
| runs-on: ubuntu-latest | |
| env: | |
| LINODE_API_TOKEN: ${{ secrets.LINODE_TOKEN }} | |
| strategy: | |
| matrix: | |
| host_groups: | |
| - 'prd_oldeworld_clt' | |
| - 'stg_oldeworld_clt' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| - name: Setup UV | |
| run: | | |
| # Install uv if not available | |
| if ! command -v uv >/dev/null 2>&1; then | |
| echo "Installing uv..." | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
| fi | |
| # Verify uv is available | |
| if ! command -v uv >/dev/null 2>&1; then | |
| echo "ERROR: uv installation failed" | |
| exit 1 | |
| fi | |
| echo "uv version: $(uv --version)" | |
| - name: Setup Ansible and Dependencies | |
| run: | | |
| # Use uv to install ansible and dependencies (matches local setup) | |
| uv sync | |
| # Activate venv and install ansible collections/roles | |
| source .venv/bin/activate | |
| ansible-galaxy install -r requirements.yml | |
| # Verify ansible is working | |
| ansible --version | |
| - name: Configure SSH Private Key | |
| shell: bash | |
| run: | | |
| mkdir -p ~/.ssh/ | |
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_for_ansible.pem | |
| chmod 600 ~/.ssh/id_for_ansible.pem | |
| - name: Play -- Cleanup Clients | |
| run: | | |
| source .venv/bin/activate | |
| SERIAL_VALUE=${{ inputs.serial || 1 }} # Default value of 1 if inputs.serial is not set | |
| ansible-playbook -i inventory/linode.yml \ | |
| play-any--cleanup-clients.yml \ | |
| --private-key=~/.ssh/id_for_ansible.pem \ | |
| -e '{"variable_host": "${{ matrix.host_groups }}", "variable_serial": '$SERIAL_VALUE', "variable_dry_run": '${{ inputs.dry_run }}'}' \ | |
| ${{ inputs.verbosity }} |