Baptiste-Ferrand · Baptiste-Ferrand · Mar 1, 2026 · Mar 1, 2026 · Mar 1, 2026 · Mar 1, 2026
diff --git a/.github/workflows/Deploy.yml b/.github/workflows/Deploy.yml
@@ -0,0 +1,43 @@
+name: 🚀 Ansible Deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: 'Mode check (dry-run)'
+        required: false
+        default: false
+        type: boolean
+
+env:
+  ANSIBLE_HOST_KEY_CHECKING: "False"
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 📥 Checkout repository
+        uses: actions/checkout@v4
+
+      - name: 🐍 Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: 📦 Install Ansible
+        run: pip install ansible
+
+      - name: 🔑 Load SSH key
+        uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: 🚀 Deploy to server
+        working-directory: ansible
+        run: |
+          echo '${{ secrets.VAULT_PASSWORD }}' > vault_pass.txt
+          ansible-playbook -i hosts playbooks/site.yml \
+            --vault-password-file vault_pass.txt \
+            ${{ inputs.dry_run == 'true' && '--check' || '' }}
+          rm vault_pass.txt
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
@@ -0,0 +1,3 @@
+[defaults]
+inventory = hosts
+roles_path  = roles
diff --git a/ansible/host_vars/whoami.coak.fr.yml b/ansible/host_vars/whoami.coak.fr.yml
@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.1;AES256
+62663832636563633265666234633662663865346232616236356536643162373533316362346437
+3833343330386333373233306666636563386665303733300a333933363933353932383635656331
+39343733343866393063623661383038636335663534303236343837303563386263373663353735
+3930623465366531620a323464353232633663313365353161303065653136383563366666653963
+32396363346136383737633165663135383238306663316462656664393532396538303636373935
+39646331343232656665636530366235363633636164623164333634363061373132306664346533
+35613763646165363863633933623862356134393534353665666165636161656237363962393832
+33636134646336313437333839363438336563653330666138343166356533666633353231353537
+63393932613361323234336330316565666462633463323730303438373666363764356330333935
+31326139653861333830626162643562353735623633643833653962613661373537326136323139
+37356265336664396135663031366362326138303930393633306262653435373135333963663031
+64323532393661333161623336613930386334396130396262306161656336323037636335623633
+31626466396136323231613535303837383736613563643435663362363139616432323166623031
+36663532373633646437316566306537616136343032373766366566616535333965303730363135
+62643463323661333034643432306563376337333134323039356366623335323439653739323464
+63336365376464653266663261303535653933316133643531643561623437316436646134366438
+35343363623430613731653863323938663937646233643866363562646264343763396663373634
+37316234346437373739343064616531353637306662383261303639636239633637326133623633
+37653866366536346361353130303866356636336438396666633731343164396662616466343465
+35383430323137333866373930313230333134613539366236613535323863653938353736353436
+37303338373861363538343133653162313439353535666531383062623130663935653362306466
+62616137656565646365313465356435346439343164313035313664613133653338363037383639
+66653264353638316338363530383536636233623839663736366163323761396532303561656266
+65393137313038393934646364303562623666353162303965306132346161656566663337316363
+6530
diff --git a/ansible/hosts b/ansible/hosts
@@ -0,0 +1,8 @@
+
+[all:vars]
+ansible_user              = user
+ansible_ssh_private_key_file = ../../../key/id_runner
+ansible_connection        = ssh
+
+[prod]
+whoami.coak.fr        ansible_host=ssh.coak.fr
diff --git a/ansible/playbooks/site.yml b/ansible/playbooks/site.yml
@@ -0,0 +1,6 @@
+---
+- name: 🚀 Test rôle Docker
+  hosts: all
+  become: true
+  roles:
+    - { role: deploy,    tags: deploy}
diff --git a/ansible/roles/deploy/defaults/main.yml b/ansible/roles/deploy/defaults/main.yml
@@ -0,0 +1 @@
+project_root: /opt/projects/portfolio
diff --git a/ansible/roles/deploy/tasks/main.yml b/ansible/roles/deploy/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+  - name: Création du répertoire de déploiement
+    ansible.builtin.file:
+      path: "{{ project_root }}/{{ inventory_hostname }}"
+      state: directory
+      owner: user
+      group: user
+      mode: '0755'
+
+  - name: Génération de docker-compose.yml
+    ansible.builtin.template:
+      src: docker-compose.j2
+      dest: "{{ project_root }}/{{ inventory_hostname }}/docker-compose.yml"
+      mode: '0644'
+
+  - name: Vérifier si des services Docker Compose tournent
+    command:
+      cmd: docker compose -f "{{ project_root }}/{{ inventory_hostname }}/docker-compose.yml" ps -q
+    register: compose_ps
+    changed_when: false
+    failed_when: false
+
+  - name: Arrêt des services existants (Compose CLI)
+    shell: docker compose down
+    args:
+      chdir: "{{ project_root }}/{{ inventory_hostname }}"
+    when: compose_ps.stdout_lines | length > 0
+
+  - name: Démarrage et construction des services (Compose CLI)
+    shell: docker compose up --build -d
+    args:
+      chdir: "{{ project_root }}/{{ inventory_hostname }}"
+    when: not ansible_check_mode
diff --git a/ansible/roles/deploy/templates/docker-compose.j2 b/ansible/roles/deploy/templates/docker-compose.j2
@@ -0,0 +1,21 @@
+networks:
+  {{ docker_network_name }}:
+    external: true
+
+services:
+
+  portfolio-front:
+    image: {{ front_image }}
+    container_name: {{ front_container }}
+    restart: unless-stopped
+    expose:
+      - "80"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.portfolio-front.rule=Host(`{{ domain_front }}`)"
+      - "traefik.http.routers.portfolio-front.entrypoints=websecure"
+      - "traefik.http.routers.portfolio-front.tls.certresolver=letsencrypt"
+      - "traefik.http.services.portfolio-front.loadbalancer.server.port=80"
+      - "com.centurylinklabs.watchtower.enable=true"
+    networks:
+      - {{ docker_network_name }}