Compare commits
No commits in common. "ea7e1ee066261ff08beea8554ce5f2a88580d2ed" and "36ee2030326f5984239d4a3dab0e8c9dd99e2f07" have entirely different histories.
ea7e1ee066
...
36ee203032
@ -1,20 +1,8 @@
|
|||||||
# =============================================================================
|
# =============================================================================
|
||||||
# Single pipeline – all event types handled via step-level when conditions:
|
# Single pipeline – all event types handled via step-level when conditions:
|
||||||
#
|
# pull_request → syntax-check, validate, drift-check
|
||||||
# pull_request → syntax-check, validate
|
|
||||||
# ONLY validates config correctness.
|
|
||||||
# Does NOT compare to the live server – a PR branch is
|
|
||||||
# expected to differ from the server (not yet deployed),
|
|
||||||
# so a drift-check here would always be OUT_OF_SYNC by
|
|
||||||
# design and is meaningless as a failure signal.
|
|
||||||
#
|
|
||||||
# push (master) → syntax-check, validate, deploy, update-sync-metric
|
# push (master) → syntax-check, validate, deploy, update-sync-metric
|
||||||
# Deploys to the server, then verifies sync and pushes metric.
|
|
||||||
#
|
|
||||||
# cron → gitops_sync_check (read-only drift check, no deploy)
|
# cron → gitops_sync_check (read-only drift check, no deploy)
|
||||||
# Continuously verifies that the live server still matches
|
|
||||||
# Git even when no push has happened. Detects manual edits
|
|
||||||
# made directly on the server.
|
|
||||||
#
|
#
|
||||||
# NOTE: Woodpecker does not support multiple YAML documents (---) in one file.
|
# NOTE: Woodpecker does not support multiple YAML documents (---) in one file.
|
||||||
# All pipelines must live in a single document with step-level filtering.
|
# All pipelines must live in a single document with step-level filtering.
|
||||||
@ -60,6 +48,24 @@ steps:
|
|||||||
- event: push
|
- event: push
|
||||||
branch: master
|
branch: master
|
||||||
|
|
||||||
|
# ---------------------------------------------------------------------------
|
||||||
|
# drift-check: Compare server config to Git – runs on pull_request only
|
||||||
|
# ---------------------------------------------------------------------------
|
||||||
|
drift-check:
|
||||||
|
image: alpine/ansible:latest
|
||||||
|
depends_on: [syntax-check]
|
||||||
|
environment:
|
||||||
|
ANSIBLE_CONFIG: ansible.cfg
|
||||||
|
SSH_PRIVATE_KEY:
|
||||||
|
from_secret: SSH_PRIVATE_KEY
|
||||||
|
commands:
|
||||||
|
- mkdir -p ~/.ssh
|
||||||
|
- printf '%s\n' "$${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
|
||||||
|
- chmod 600 ~/.ssh/id_rsa
|
||||||
|
- ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/drift-check.yml
|
||||||
|
when:
|
||||||
|
event: pull_request
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
# deploy: Apply Git configuration to server – runs on push to master only
|
# deploy: Apply Git configuration to server – runs on push to master only
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
#
|
#
|
||||||
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
|
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
|
||||||
|
|
||||||
# test branch
|
# test
|
||||||
#################
|
#################
|
||||||
#### MODULES ####
|
#### MODULES ####
|
||||||
#################
|
#################
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user