diff --git a/run_admin_container.sh b/run_admin_container.sh index cf6d0c8..2e13189 100644 --- a/run_admin_container.sh +++ b/run_admin_container.sh @@ -9,66 +9,47 @@ MAIN_BR="${MAIN_BR:-main}" ENV="${ENV:-staging}" ENV_BR="${ENV_BR:-test_feature}" PLAYBOOK_FILE="${PLAYBOOK_FILE:-base.yaml}" -# The 'ssh_vm' environment variable is expected from the Variable Group -# --- USE SSH URLs --- -REPO_CORE="git@git.felcloud.io:felcloud/ansible_core_init_ansible.git" -REPO_ENV="git@git.felcloud.io:felcloud/ansible_env_staging.git" - -echo "[INFO] Setting up SSH environment..." -mkdir -p ~/.ssh -chmod 700 ~/.ssh - -# --- INJECT SSH PRIVATE KEY FROM $ssh_vm --- -if [ -n "$ssh_vm" ]; then - echo "[INFO] Injecting SSH private key from \$ssh_vm into ~/.ssh/id_felcloud_key" - printf "%s\n" "$ssh_vm" > ~/.ssh/id_felcloud_key # Using a descriptive name - chmod 600 ~/.ssh/id_felcloud_key - echo "[DEBUG] SSH private key id_felcloud_key injected. Listing ~/.ssh:" - ls -la ~/.ssh -else - echo "[ERROR] \$ssh_vm environment variable is not set or is empty! This variable should contain the SSH private key." - echo "[ERROR] Please ensure the Variable Group 'ssh_vm' (or whichever is used by this task) has an environment variable named 'ssh_vm' with the private key content." +# --- VALIDATION DES IDENTIFIANTS GIT --- +if [ -z "$GIT_USERNAME" ] || [ -z "$GIT_TOKEN" ]; then + echo "[ERROR] Les variables d'environnement GIT_USERNAME et/ou GIT_TOKEN ne sont pas définies ou sont vides !" + echo "[ERROR] Veuillez vous assurer qu'elles sont fournies via l'interface utilisateur de Semaphore / Variable Group." exit 1 fi -# --- END INJECT SSH PRIVATE KEY --- +echo "[INFO] Utilisation de GIT_USERNAME: $GIT_USERNAME pour le clonage HTTPS." +# Ne pas afficher le GIT_TOKEN dans les logs pour des raisons de sécurité. -# Add git.felcloud.io to known_hosts -echo "[INFO] Adding git.felcloud.io to known_hosts..." -ssh-keyscan git.felcloud.io >> ~/.ssh/known_hosts || echo "[WARN] ssh-keyscan failed but continuing." -chmod 644 ~/.ssh/known_hosts +# --- UTILISER LES URLS HTTPS AVEC AUTHENTIFICATION INTÉGRÉE --- +# Le format est : https://:@domain.com/path/to/repo.git +REPO_CORE_URL_RAW="git.felcloud.io/felcloud/ansible_core_init_ansible.git" +REPO_ENV_URL_RAW="git.felcloud.io/felcloud/ansible_env_staging.git" -echo "[DEBUG] Content of ~/.ssh/known_hosts after keyscan:" -cat ~/.ssh/known_hosts || echo "[WARN] Could not cat known_hosts" +REPO_CORE="https://"$GIT_USERNAME":"$GIT_TOKEN"@${REPO_CORE_URL_RAW}" +REPO_ENV="https://"$GIT_USERNAME":"$GIT_TOKEN"@${REPO_ENV_URL_RAW}" -# Define the SSH command for Git to use, explicitly pointing to our injected key -export GIT_SSH_COMMAND="ssh -vvv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ~/.ssh/id_felcloud_key" -echo "[DEBUG] GIT_SSH_COMMAND is set to: $GIT_SSH_COMMAND" +echo "[INFO] Clonage des dépôts en utilisant HTTPS..." +# Pour l'affichage dans les logs, on utilise une version "propre" de l'URL sans le token +echo "[INFO] Clonage de https://${REPO_CORE_URL_RAW} sur la branche $ENV_BR..." +git clone --branch "$ENV_BR" "$REPO_CORE" ansible_core_init_ansible || { + echo "[FATAL] Échec du clonage de ${REPO_CORE_URL_RAW}. Vérifiez les identifiants, l'URL et les permissions du jeton."; + exit 1; +} +echo "[INFO] Clonage réussi de ${REPO_CORE_URL_RAW}." -# Enable verbose Git tracing -export GIT_TRACE=1 -export GIT_TRACE_PACKET=1 -export GIT_TRACE_SETUP=1 - -echo "[INFO] Cloning repositories using GIT_SSH_COMMAND..." -echo "[INFO] Cloning $REPO_CORE on branch $ENV_BR..." -git clone --branch "$ENV_BR" "$REPO_CORE" ansible_core_init_ansible || { echo "[FATAL] Failed to clone $REPO_CORE. See verbose SSH/Git output above."; exit 1; } -echo "[INFO] Successfully cloned $REPO_CORE." - -echo "[INFO] Cloning $REPO_ENV..." -git clone "$REPO_ENV" ansible_env_staging || { echo "[FATAL] Failed to clone $REPO_ENV. See verbose SSH/Git output above."; exit 1; } -echo "[INFO] Successfully cloned $REPO_ENV." - -# Unset GIT_SSH_COMMAND and trace variables if not needed later -# unset GIT_SSH_COMMAND GIT_TRACE GIT_TRACE_PACKET GIT_TRACE_SETUP +echo "[INFO] Clonage de https://${REPO_ENV_URL_RAW}..." +git clone "$REPO_ENV" ansible_env_staging || { + echo "[FATAL] Échec du clonage de ${REPO_ENV_URL_RAW}. Vérifiez les identifiants, l'URL et les permissions du jeton."; + exit 1; +} +echo "[INFO] Clonage réussi de ${REPO_ENV_URL_RAW}." cd ansible_core_init_ansible -echo "[INFO] Building Docker image locally..." +echo "[INFO] Construction de l'image Docker localement..." docker build --no-cache --build-arg branch=fix_packages_dependencies -t ansible-pulumi:local . cd .. -echo "[INFO] Running the admin container with playbook: $PLAYBOOK_FILE" +echo "[INFO] Exécution du conteneur admin avec le playbook : $PLAYBOOK_FILE" docker run --rm -it \ -v "$(pwd)/ansible_env_staging:/home/cloud/ansible_env_staging" \ -e MAIN_BR="$MAIN_BR" \ @@ -76,9 +57,9 @@ docker run --rm -it \ -e ENV_BR="$ENV_BR" \ ansible-pulumi:local bash -c " set -e; \ - echo '[CONTAINER] Current directory: \$(pwd)'; \ + echo '[CONTAINER] Répertoire courant : \$(pwd)'; \ cd /home/cloud/ansible-pulumi && \ source /home/cloud/venv/bin/activate && \ ansible-playbook playbooks/${PLAYBOOK_FILE} -i /home/cloud/ansible_env_staging/hosts" -echo "[INFO] Task completed." +echo "[INFO] Tâche terminée."