From 90c751ecca413cde02544c3e5e327889b8fbf067 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sun, 8 Feb 2026 02:35:24 -0800 Subject: [PATCH] Add FLY_DEPLOY_TOKEN to Forgejo Actions secrets Extends the forgejo_actions_secrets role to sync the Fly.io deploy token from 1Password, enabling CI auto-deploy on push to fly/. Co-Authored-By: Claude Opus 4.6 --- ansible/playbooks/indri.yml | 11 +++++++++++ .../roles/forgejo_actions_secrets/defaults/main.yml | 2 ++ 2 files changed, 13 insertions(+) diff --git a/ansible/playbooks/indri.yml b/ansible/playbooks/indri.yml index 6fb9c4e..7698820 100644 --- a/ansible/playbooks/indri.yml +++ b/ansible/playbooks/indri.yml @@ -82,10 +82,21 @@ check_mode: false tags: [forgejo_actions_secrets] + - name: Fetch Fly.io deploy token for Forgejo Actions + ansible.builtin.command: + cmd: op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get on5slfaygtdjrxmdwezyhfmqsq --fields deploy-token --reveal + delegate_to: localhost + register: _fly_deploy_token + changed_when: false + no_log: true + check_mode: false + tags: [forgejo_actions_secrets] + - name: Set Forgejo Actions secrets facts ansible.builtin.set_fact: forgejo_api_token: "{{ _forgejo_api_token.stdout }}" forgejo_secret_argocd_token: "{{ _forgejo_argocd_token.stdout }}" + forgejo_secret_fly_deploy_token: "{{ _fly_deploy_token.stdout }}" no_log: true tags: [forgejo_actions_secrets] diff --git a/ansible/roles/forgejo_actions_secrets/defaults/main.yml b/ansible/roles/forgejo_actions_secrets/defaults/main.yml index dccee3f..d46a968 100644 --- a/ansible/roles/forgejo_actions_secrets/defaults/main.yml +++ b/ansible/roles/forgejo_actions_secrets/defaults/main.yml @@ -13,3 +13,5 @@ forgejo_actions_secrets_repo: blumeops forgejo_actions_secrets_list: - name: ARGOCD_AUTH_TOKEN value_var: forgejo_secret_argocd_token + - name: FLY_DEPLOY_TOKEN + value_var: forgejo_secret_fly_deploy_token