refactor(ci): call ansible-playbook directly in pipeline for better transparency

2026-04-18 11:37:47 +08:00 · 2026-04-18 11:37:47 +08:00 · 25332bb75f
commit 25332bb75f
parent 3e432b718e
1 changed files with 15 additions and 6 deletions
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@ -213,13 +213,22 @@ jobs:
        run: bash ./scripts/github-actions/prepare-ssh.sh "${{ steps.deploy_meta.outputs.target_host }}" "${SSH_KNOWN_HOSTS}"

      - name: Run Ansible deploy playbook
-        working-directory: xworkmate-bridge
+        working-directory: playbooks
        env:
-          INTERNAL_SERVICE_TOKEN: ${{ env.INTERNAL_SERVICE_TOKEN }}
-          GHCR_USERNAME: ${{ env.GHCR_USERNAME }}
-          GHCR_PASSWORD: ${{ env.GHCR_PASSWORD }}
-          XWORKMATE_BRIDGE_IMAGE_ARTIFACT_PATH: ${{ github.workspace }}/xworkmate-bridge/dist/image-artifact/service-image-ref.txt
-        run: bash ./scripts/github-actions/deploy.sh "${{ steps.deploy_meta.outputs.target_host }}" "${{ steps.deploy_meta.outputs.run_apply }}" ../playbooks
+          ANSIBLE_CONFIG: ./ansible.cfg
+          BRIDGE_AUTH_TOKEN: ${{ env.INTERNAL_SERVICE_TOKEN }}
+        run: |
+          SERVICE_COMPOSE_IMAGE="$(cat ../xworkmate-bridge/dist/image-artifact/service-image-ref.txt | xargs)"
+          CHECK_MODE_FLAG=""
+          if [[ "${{ steps.deploy_meta.outputs.run_apply }}" != "true" ]]; then
+            CHECK_MODE_FLAG="-C"
+          fi
+          ansible-playbook -i inventory.ini deploy_xworkmate_bridge_vhosts.yml \
+            -D ${CHECK_MODE_FLAG} \
+            -l "${{ steps.deploy_meta.outputs.target_host }}" \
+            -e "service_compose_image=${SERVICE_COMPOSE_IMAGE}" \
+            -e "ghcr_username=${{ env.GHCR_USERNAME }}" \
+            -e "ghcr_password=${{ env.GHCR_PASSWORD }}"

  publish_release:
    name: Publish GitHub Release