Fixing pipelines

xnoto · xnoto · commit 34401ee9177b · 2025-07-04T16:12:49.000-06:00
diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml
@@ -29,6 +29,11 @@ jobs:
       - name: Copy SSH area
         run: cp -r /root/.ssh /github/home/
 
+      - name: Ansible
+        run: |
+          ansible-galaxy install -r ansible/requirements.yml
+          ansible-playbook ansible/site.yml -u ${{ secrets.SSH_USER }} -i "${{ secrets.SSH_HOST }}," -e "age_keys=$(sops decrypt secrets/secrets.yaml | grep ^age_secret_key | cut -d ' ' -f 2)"
+
       - name: Login to OpenShift
         uses: redhat-actions/oc-login@v1
         continue-on-error: true
diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
@@ -29,6 +29,10 @@ jobs:
       - name: Copy SSH area
         run: cp -r /root/.ssh /github/home/
 
+      - name: Ansible Check
+        run: |
+          ansible-galaxy install -r ansible/requirements.yml
+          ansible-playbook ansible/site.yml -u ${{ secrets.SSH_USER }} -i "${{ secrets.SSH_HOST }}," -e "age_keys=$(sops decrypt secrets/secrets.yaml | grep ^age_secret_key | cut -d ' ' -f 2)" -C --diff
 
       - name: Login to OpenShift
         uses: redhat-actions/oc-login@v1
@@ -41,5 +45,6 @@ jobs:
 
       - name: Run tests
         run: make test
+
       - name: Terraform plan
         run: make plan
diff --git a/Makefile b/Makefile
@@ -1,7 +1,4 @@
 SHELL := /bin/bash
-CLUSTER_HOST := ltc.makeitwork.cloud
-CLUSTER_USER := $(shell sops decrypt secrets/secrets.yaml | grep ^cluster_user | cut -d ' ' -f 2)
-SOPS_AGE_KEYS := $(shell sops decrypt secrets/secrets.yaml | grep ^sops_age_key | cut -d ' ' -f 2)
 OPENSHIFT := $(shell which oc)
 TERRAFORM := $(shell which terraform)
 ARGOCD_URL := $(shell sops decrypt secrets/secrets.yaml | grep ^argocd_url | cut -d ' ' -f 2)
@@ -10,7 +7,7 @@ OPENSHIFT_TF_NAMESPACE := $(shell sops decrypt secrets/secrets.yaml | grep ^tf_n
 CONTEXT := $(shell ${OPENSHIFT} config current-context 2>/dev/null)
 DESIRED_CONTEXT := $(shell sops decrypt secrets/secrets.yaml | grep ^desired_context | cut -d ' ' -f 2)
 
-.PHONY: help init plan apply test pre-commit-check-deps pre-commit-install-hooks argocd-login argocd-password password argocd-sync sync clean
+.PHONY: help init plan apply test pre-commit-check-deps pre-commit-install-hooks argocd-login argocd-password password argocd-sync sync clean ansible-init
 
 help:
 	@echo "General targets"
@@ -46,25 +43,15 @@ init: check-context clean .terraform/terraform.tfstate
 	@${OPENSHIFT} get project ${OPENSHIFT_TF_NAMESPACE} > /dev/null 2>&1 || ${OPENSHIFT} new-project ${OPENSHIFT_TF_NAMESPACE}
 	@${TERRAFORM} init -reconfigure -upgrade -input=false -backend-config="host=https://${OPENSHIFT_API_URL}" -backend-config="namespace=${OPENSHIFT_TF_NAMESPACE}"
 
-plan: ansible-check init .terraform/plan
+plan: init .terraform/plan
 
 .terraform/plan:
 	@${TERRAFORM} plan -compact-warnings -out .terraform/plan
 
-ansible-check:
-	@rm -rf ~/.ansible >/dev/null 2>&1
-	@ansible-galaxy install -r ansible/requirements.yml
-	@ansible/site.yml -u ${CLUSTER_USER} -i "${CLUSTER_HOST}," -e 'age_keys=${SOPS_AGE_KEYS}' -C --diff
-
-apply: ansible-init test plan
+apply: test plan
 	@${TERRAFORM} apply -auto-approve -compact-warnings .terraform/plan
 	@rm -f .terraform/plan
 
-ansible-init:
-	@rm -rf ~/.ansible >/dev/null 2>&1
-	@ansible-galaxy install -r ansible/requirements.yml
-	@ansible/site.yml -u ${CLUSTER_USER} -i "${CLUSTER_HOST}," -e 'age_keys=${SOPS_AGE_KEYS}'
-
 test: check-context .git/hooks/pre-commit
 	@pre-commit run -a
 
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
@@ -1,5 +1,4 @@
 openshift_api_url: ENC[AES256_GCM,data:+fFe/tvXfR+0W78MdMWjZ4J/KLA7qXQ4ng==,iv:OwpFUUJu3zOiXvquU/6rojsG9GD0Zn+hZdwhI3pJv4w=,tag:cz3Ojl4DOY4uei0of2DACg==,type:str]
-cluster_user: ENC[AES256_GCM,data:YjU91A==,iv:1MonMDleZzhNkoPbIlZuf1KVVyGDFGHWP2tlmGzUDZc=,tag:hd9VzB+87OsBfr20nqnQcw==,type:str]
 tf_namespace: ENC[AES256_GCM,data:kNXar6grmCbtqg==,iv:PrBsfqMZEMPjWNJs1VPoYFX1WiqwYCD/l1vrO/EziQI=,tag:VBkdXs9YM/9YNJTvyzRhVg==,type:str]
 desired_context: ENC[AES256_GCM,data:rfR1vvjn393ZFvvdrptjMfItip0Cr+czBkiRa5+Qd05MUpQ=,iv:XU0xK3XxrpiyYf/lwiujzDI+bTEZKvf6YDNQNNHYwbs=,tag:l2xNvvJJrhj6fbGlrnfx7w==,type:str]
 argocd_url: ENC[AES256_GCM,data:YU9Y5JS5YNs+7ayGtwQn7YOzu5ehVyQEq6+K5X2ZgcXvDDhJP4Cw5KwL3KuM3b99eHA1XU3Ga6fSS+lCpCE=,iv:kGOZqXH1u9IKrxtgHzZsho/8EhNhN3DuajdHPpCOGEY=,tag:7Kc1ISCseYdqkK7jN8DTVA==,type:str]
@@ -15,7 +14,7 @@ sops:
             QVpNbjlwSzhsRnJ0cE85YThyUzVieGsK0vfHn0U2NB69RSH8xMOSWhenxaAH8q0D
             vwY2mYLvncQ7HpTOuCae6Lx0eBIRdS/O29eRJM0hxklM1v+1EWyTLw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-04T21:55:33Z"
-    mac: ENC[AES256_GCM,data:B74Kyy5xEr//9J4t5umNAocjB/Gzr5EM4+rT/TgzlcaSsnPICo5rHX7dWIwxHDnT29skfKDGHyzvxytsGMzzMrObk0mr7Ypd7Aexb4ERdHjd7eqfpjY/ZOEzRiEGJGr2Sy5bOVLCm0VdMoBsyOYjXi8irt+ruUbhL2fHtA+p7JQ=,iv:QvHxa9jgp61IK9w1aA1Sdgdh+KC5HwgcF9DiKh/MhMQ=,tag:FOx5Uo4gGZk1yoZDCr61+A==,type:str]
+    lastmodified: "2025-07-04T22:12:42Z"
+    mac: ENC[AES256_GCM,data:KSAQ5/85esYFfQLRq7rP3cjbdmKoo+nQBZix2v/icZujnuFLXJvbjwIMfqM893C49IZ6rXs2mBpScF+2af/TkgeTguWkGQq12c/xEGx3UveaJdQc+gKlXy/tl2J9aqeGLDp1jtdotjn7Afghps01urd6eosTb+LQPZKqYGXWZP8=,iv:SR+CL1sHimdw2yAm9e4AA7X5Vju29UwvSwfrQvfTXVI=,tag:H/DdMNrHlwWayqk0KMRTWw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2
