oys/bab-backend-ansible
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
b74528b6f1d42ff0c4d14b9fe3f33d05f7b03170
bab-backend-ansible/playbooks/sync_gitea_secrets.yml
Patrick Toal b74528b6f1 feat: Sync supabase secrets to gitea 
feat: Backup supabase
2026-04-14 20:23:26 -04:00

65 lines
2.2 KiB
YAML
Raw Blame History

---
- name: Sync Supabase secrets to Gitea repo variables
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Read Supabase dev secrets from Vault
ansible.builtin.set_fact:
_supabase_dev: "{{ lookup('community.hashi_vault.hashi_vault',
'secret=oys/dev/supabase url=' + vault_addr + ' engine_mount_point=kv') }}"
no_log: true
- name: Read Supabase prod secrets from Vault
ansible.builtin.set_fact:
_supabase_prod: "{{ lookup('community.hashi_vault.hashi_vault',
'secret=oys/prod/supabase url=' + vault_addr + ' engine_mount_point=kv') }}"
no_log: true
- name: Read Gitea API token from Vault
ansible.builtin.set_fact:
_gitea_token: "{{ lookup('community.hashi_vault.hashi_vault',
'secret=oys/shared/infra/gitea_token url=' + vault_addr + ' engine_mount_point=kv') }}"
no_log: true
- name: Construct ENV_FILE_DEV content
ansible.builtin.set_fact:
_env_file_dev: |
SUPABASE_URL={{ _supabase_dev.url }}
SUPABASE_ANON_KEY={{ _supabase_dev.anon_key }}
no_log: true
- name: Construct ENV_FILE_PROD content
ansible.builtin.set_fact:
_env_file_prod: |
SUPABASE_URL={{ _supabase_prod.url }}
SUPABASE_ANON_KEY={{ _supabase_prod.anon_key }}
no_log: true
- name: Update ENV_FILE_DEV Gitea variable
ansible.builtin.uri:
url: "{{ gitea_base_url }}/api/v1/repos/{{ gitea_owner }}/{{ gitea_repo }}/actions/variables/ENV_FILE_DEV"
method: PUT
headers:
Authorization: "token {{ _gitea_token.value }}"
Content-Type: application/json
body_format: json
body:
value: "{{ _env_file_dev }}"
status_code: [201, 204]
no_log: true
- name: Update ENV_FILE_PROD Gitea variable
ansible.builtin.uri:
url: "{{ gitea_base_url }}/api/v1/repos/{{ gitea_owner }}/{{ gitea_repo }}/actions/variables/ENV_FILE_PROD"
method: PUT
headers:
Authorization: "token {{ _gitea_token.value }}"
Content-Type: application/json
body_format: json
body:
value: "{{ _env_file_prod }}"
status_code: [201, 204]
no_log: true
Reference in New Issue View Git Blame Copy Permalink