name: Ansible Deploy
on: [push]
jobs:
  build:
    uses: ./.gitea/workflows/ansible-install.yml

  deploy:
    needs: [ 'build' ]
    runs-on: ubuntu-latest
    env:
      RUNNER_TOOL_CACHE: /toolcache
      ANSIBLE_VERSION: "8.7.0"
    strategy:
      matrix:
        playbook:
          - Ansible/openssh.yml
          - Ansible/cloudflare-dns.yml
          - Ansible/heartbeat.yml
          - Ansible/debian.yml
    steps:
      - name: Copy SSH Key
        run: | 
          mkdir ~/.ssh/
          echo "Host *" > ~/.ssh/config
          echo "    StrictHostKeyChecking no" >> ~/.ssh/config
          echo '${{secrets.SSH_PRIVATE_KEY}}' > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa

      - name: Run playbook
        uses: dawidd6/action-ansible-playbook@v2
        with:
          playbook: ${{ matrix.playbook }}
          directory: ./
          key: ${{secrets.SSH_PRIVATE_KEY}}
          vault_password: ${{secrets.VAULT_PASSWORD}}

          # requirements: requirements.yaml

          options: |
            --inventory Ansible/inventory.ini
            --extra-vars "@Ansible/homelab-vault/secrets.yml"