ilia
c2e797a027
All checks were successful
CI / skip-ci-check (pull_request) Successful in 1m22s
CI / lint-and-test (pull_request) Successful in 1m27s
CI / ansible-validation (pull_request) Successful in 2m53s
CI / secret-scanning (pull_request) Successful in 1m24s
CI / dependency-scan (pull_request) Successful in 1m28s
CI / sast-scan (pull_request) Successful in 2m32s
CI / license-check (pull_request) Successful in 1m28s
CI / vault-check (pull_request) Successful in 2m30s
CI / playbook-test (pull_request) Successful in 2m32s
CI / container-scan (pull_request) Successful in 1m53s
CI / sonar-analysis (pull_request) Successful in 2m40s
CI / workflow-summary (pull_request) Successful in 1m22s
- Fix deploy script to handle non-git directories by cloning to temp location and moving contents, preserving .env files during clone - Remove comment lines from env.j2 template to prevent xargs errors - Add initial deploy task to app_setup role to ensure app is deployed before service starts - Fix migrate command precedence to check env-specific overrides first - Add sudo to systemctl restart commands in deploy script - Update documentation with project-specific configuration notes These changes improve deployment reliability for all app projects while adding support for mirrormatch-specific requirements (db:push, seeding). All changes are backward-compatible with existing projects (pote, punimTag).
base_os
Baseline OS configuration for app guests:
- Installs required packages (git/curl/nodejs/npm/ufw/openssh-server/etc.)
- Creates deployment user (default
appuser) with passwordless sudo - Adds your authorized SSH key
- Configures UFW to allow SSH + backend/frontend ports
Variables
See defaults/main.yml. Common inputs in the app stack:
appuser_name,appuser_groups,appuser_shellappuser_ssh_public_key(usually{{ vault_ssh_public_key }})components.backend,components.frontend(enable/disable firewall rules per component)app_backend_port,app_frontend_port
This role is used by playbooks/app/configure_app.yml after provisioning.