Add FLY_DEPLOY_TOKEN to Forgejo Actions secrets

Extends the forgejo_actions_secrets role to sync the Fly.io deploy token from 1Password, enabling CI auto-deploy on push to fly/. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 02:35:24 -08:00 · 2026-02-08 02:35:24 -08:00 · 90c751ecca
commit 90c751ecca
parent 9a5444851c
2 changed files with 13 additions and 0 deletions
--- a/ansible/playbooks/indri.yml
+++ b/ansible/playbooks/indri.yml
@ -82,10 +82,21 @@
      check_mode: false
      tags: [forgejo_actions_secrets]

+    - name: Fetch Fly.io deploy token for Forgejo Actions
+      ansible.builtin.command:
+        cmd: op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get on5slfaygtdjrxmdwezyhfmqsq --fields deploy-token --reveal
+      delegate_to: localhost
+      register: _fly_deploy_token
+      changed_when: false
+      no_log: true
+      check_mode: false
+      tags: [forgejo_actions_secrets]
+
    - name: Set Forgejo Actions secrets facts
      ansible.builtin.set_fact:
        forgejo_api_token: "{{ _forgejo_api_token.stdout }}"
        forgejo_secret_argocd_token: "{{ _forgejo_argocd_token.stdout }}"
+        forgejo_secret_fly_deploy_token: "{{ _fly_deploy_token.stdout }}"
      no_log: true
      tags: [forgejo_actions_secrets]

--- a/ansible/roles/forgejo_actions_secrets/defaults/main.yml
+++ b/ansible/roles/forgejo_actions_secrets/defaults/main.yml
@ -13,3 +13,5 @@ forgejo_actions_secrets_repo: blumeops
 forgejo_actions_secrets_list:
  - name: ARGOCD_AUTH_TOKEN
    value_var: forgejo_secret_argocd_token
+  - name: FLY_DEPLOY_TOKEN
+    value_var: forgejo_secret_fly_deploy_token