web/playbooks/gitea/deployment.yml

- name: Deploy artifact to instance.
  hosts: localhost
  become: true
  vars_files:
    - ../../secrets/gitea.json
    - ../../secrets/terraform.json
  vars:
    ansible_connection: aws_ssm
    ansible_python_interpreter: /usr/bin/python3
    ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
    ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
    ansible_aws_ssm_instance_id: "{{ private_instance_id.value }}"

    ansible_aws_ssm_region: "{{ aws_region }}"
    ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
    ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
  tasks:
    - name: Fetch image.
      amazon.aws.s3_object:
        mode: get
        bucket: "{{ image_bucket }}"
        object: "{{ image_key }}"
        dest: /root/image.tar.xz

        region: "{{ aws_region }}"
        access_key: "{{ aws_access_key }}"
        secret_key: "{{ aws_secret_key }}"

    - name: Load image.
      community.docker.docker_image_load:
        path: /root/image.tar.xz
      register: image

    - name: Fetch repository.
      amazon.aws.s3_object:
        mode: get
        bucket: "{{ boot_bucket }}"
        object: "{{ boot_key }}"
        dest: /root/boot.tar.xz

        region: "{{ aws_region }}"
        access_key: "{{ aws_access_key }}"
        secret_key: "{{ aws_secret_key }}"

    - name: Unarchive image.
      ansible.builtin.unarchive:
        src: /root/boot.tar.xz
        remote_src: true
        dest: /root
        group: 1000
        owner: 1000

    - name: Run image.
      community.docker.docker_container:
        name: server
        image: "{{ image.image_names[0] }}"
        state: started
        recreate: true
        restart_policy: unless-stopped
        ports: [80:80, 2222:2222]
        env:
          GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
          GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"
          GITEA__oauth2__JWT_SECRET: "{{ jwt_secret }}"
          AWS_REGION: "{{ gitea_boot.value.region }}"
          AWS_ACCESS_KEY_ID: "{{ gitea_boot.value.id }}"
          AWS_SECRET_ACCESS_KEY: "{{ gitea_boot.value.secret }}"
          BOOT_URI: "s3://{{ boot_bucket }}/{{ boot_key }}"
        volumes:
          - /root/boot:/var/lib/gitea
          - /etc/timezone:/etc/timezone:ro
          - /etc/localtime:/etc/localtime:ro