task: (try to) pause UptimeRobot during deployment

php-coder · php-coder · commit abb9ae97d90a · 2023-07-25T11:12:07.000+07:00
Part of #1154
diff --git a/.gitignore b/.gitignore
@@ -41,6 +41,7 @@ infra/docker/mysql_backup_mystamps.sql.gz
 
 # created by src/main/scripts/ci/deploy.sh
 vault-pass.txt
+prod_vars.yml
 
 # maven-wrapper
 .mvn/wrapper/maven-wrapper.jar
diff --git a/src/main/scripts/ci/ansible/deploy.yml b/src/main/scripts/ci/ansible/deploy.yml
@@ -3,12 +3,11 @@
 - hosts: all
   gather_facts: no
   remote_user: mystamps
+  vars_files:
+    - prod_vars.yml
   vars:
     local_war_dir: "{{ playbook_dir }}/../../../../../target"
     remote_war_dir: /data/mystamps
-    uptimerobot:
-      monitorid: 'MyStamps'
-      apikey: "{{ lookup('env', 'UPTIMEROBOT_APIKEY') }}"
   tasks:
 
   - name: Getting info about WAR file
diff --git a/src/main/scripts/ci/ansible/prod_vars.yml.enc b/src/main/scripts/ci/ansible/prod_vars.yml.enc
@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+37633135383264346165663932623034666631326537333763313133613037636239656538626166
+3732393862613738613264323061663336303036363033370a366133636534326133316362623962
+33323763643562343338616336663537663134646661326364313232643961366461353365353231
+3237623430313338640a666432323135643761643933613862356265346264313436333266626135
+63643432336631306333643465393565643933613333303261303034343839343234366663626263
+64323834626533393366623037623132646563623737616535303832313836666136363362323236
+65316538646331653366313762313835346462366164366336313066343131643763313639616639
+63363164393233613437373261383030326363656263313934663839623838343437316336623730
+33353035373939373231303066373537366432643335336230373361656533633634646166356639
+34613361346436663238383964383466333366646566393431656236356537366363336564646564
+63316232643163363834623835346361343761393836306364313239336137393133396166646438
+62613262623266626364613234353538636639666239343634616362626666383433356432376238
+6432
diff --git a/src/main/scripts/ci/deploy.sh b/src/main/scripts/ci/deploy.sh
@@ -14,10 +14,11 @@ CURRENT_DIR="$(dirname "${0:-.}")"
 INVENTORY="$CURRENT_DIR/ansible/mystamps.inventory"
 PLAYBOOK="$CURRENT_DIR/ansible/deploy.yml"
 PRIVATE_KEY="$CURRENT_DIR/ansible/mystamps_rsa"
+VARS_FILE="$CURRENT_DIR/ansible/prod_vars.yml"
 PASS_FILE="$CURRENT_DIR/vault-pass.txt"
 
 cleanup() {
-	rm -f "$PRIVATE_KEY" "$PASS_FILE"
+	rm -f "$PRIVATE_KEY" "$PASS_FILE" "$VARS_FILE"
 	exit
 }
 trap 'cleanup' EXIT SIGHUP SIGINT SIGTERM
@@ -35,15 +36,17 @@ if [ -z "${VAULT_PASSWORD:-}" ]; then
 	exit 1
 fi
 
-# Decrypt private key
 echo -n "$VAULT_PASSWORD" >"$PASS_FILE"
 
-ansible-vault decrypt \
-	--vault-password-file "$PASS_FILE" \
-	--output "$PRIVATE_KEY" \
-	"${PRIVATE_KEY}.enc"
-
-chmod 600 "$PRIVATE_KEY"
+for FILE in "$PRIVATE_KEY" "$VARS_FILE"; do
+	FILENAME="$(basename "$FILE")"
+	echo "Decrypting ${FILENAME}.enc to $FILENAME"
+	ansible-vault decrypt \
+		--vault-password-file "$PASS_FILE" \
+		--output "$FILE" \
+		"${FILE}.enc"
+	chmod 600 "$FILE"
+done
 
 ansible-playbook \
 	--inventory="$INVENTORY" \
