feat: deployment platform

.gitignore

@@ -210,4 +210,5 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 
-*secret*
+*secret*
+.vscode

Taskfile.yml

@@ -4,11 +4,7 @@ includes:
   tf: { taskfile: terraform, dir: terraform }
 
 tasks:
-  dev: docker compose -f compose.dev.yml up --build --force-recreate --no-deps
-
-  deploy:fast: ansible-playbook playbooks/fast.yml
-  deploy:slow: ansible-playbook playbooks/slow.yml
-  deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
+  deploy: ansible-playbook playbooks/deploy.yml
 
   enter:
     cmd: aws ssm start-session --target $INSTANCE_ID

ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+callbacks_enabled = profile_tasks
+localhost_warning = False
+
+[inventory]
+inventory_unparsed_warning = False

playbooks/deploy.yml

@@ -0,0 +1,29 @@
+- name: Deploy artifact to instance.
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ../config/ansible.secret.json
+    - ../config/infrastructure.secret.json
+  vars:
+    ansible_connection: aws_ssm
+    ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
+    ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
+    ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
+    ansible_python_interpreter: /usr/bin/python3
+    ansible_aws_ssm_region: "{{ aws_region }}"
+    ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
+    ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
+  tasks:
+    - name: Run image.
+      community.docker.docker_container:
+        name: server
+        image: gitea/act_runner
+        state: started
+        recreate: true
+        restart_policy: always
+        ports: [80:80, 443:443]
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+        env:
+          GITEA_INSTANCE_URL: https://{{ subdomain }}.{{ domain }}/
+          GITEA_RUNNER_REGISTRATION_TOKEN: "{{ registration_token }}"

requirements.txt

@@ -0,0 +1,43 @@
+ansible==11.1.0
+ansible-compat==24.10.0
+ansible-core==2.18.1
+ansible-lint==24.12.2
+attrs==24.3.0
+awscli-local==0.22.0
+black==24.10.0
+boto3==1.35.95
+botocore==1.35.95
+bracex==2.5.post1
+certifi==2024.12.14
+cffi==1.17.1
+charset-normalizer==3.4.1
+click==8.1.8
+cryptography==44.0.0
+filelock==3.16.1
+idna==3.10
+importlib_metadata==8.5.0
+Jinja2==3.1.5
+jmespath==1.0.1
+jsonschema==4.23.0
+jsonschema-specifications==2024.10.1
+localstack-client==2.7
+MarkupSafe==3.0.2
+mypy-extensions==1.0.0
+packaging==24.2
+pathspec==0.12.1
+platformdirs==4.3.6
+pycparser==2.22
+python-dateutil==2.9.0.post0
+PyYAML==6.0.2
+referencing==0.35.1
+requests==2.32.3
+resolvelib==1.0.1
+rpds-py==0.22.3
+ruamel.yaml==0.18.10
+s3transfer==0.10.4
+six==1.17.0
+subprocess-tee==0.4.2
+urllib3==2.3.0
+wcmatch==10.0
+yamllint==1.35.1
+zipp==3.21.0