Deploy VPN server(s) #7

	name: Deploy VPN server(s)

	on:
	workflow_dispatch:
	inputs:
	ansible_vault_password:
	description: 'ansible_vault_password'
	required: true

	jobs:
	build:
	runs-on: ubuntu-latest

	steps:

	- id: mask-ansible_vault_password
	name: Mask ansible_vault_password
	run: \|
	ansible_vault_password=$(jq -r '.inputs.ansible_vault_password' $GITHUB_EVENT_PATH)
	echo ::add-mask::$ansible_vault_password
	echo "ansible_vault_password=$ansible_vault_password" >> "$GITHUB_OUTPUT"

	- name: Verify ansible_vault_password mask
	run: \|
	echo "the ansible_vault_password is ${{ env.ansible_vault_password }}"

	- name: Checkout code
	uses: actions/checkout@v4

	- name: Setup ansible
	run: \|
	pip3 install ansible
	ansible-galaxy collection install --requirements-file ./src/vpn/requirements.yml

	- name: Run ansible
	run: \|
	cd src/vpn
	echo Creating ANSIBLE_VAULT_PASSWORD_FILE
	TMPFILE=$(mktemp)
	trap "rm -f ${TMPFILE@Q}" EXIT
	echo -n "${{ env.ansible_vault_password }}" > $TMPFILE
	export ANSIBLE_VAULT_PASSWORD_FILE=$TMPFILE

	echo Run deploy vpn playbook
	ansible-playbook -i inventory.ini -i inventory-vpn-servers-hcloud.yml playbooks/create-rebuild-vpn-server.yml
	rm $TMPFILE

	# Enable tmate debugging of manually-triggered workflows if the input option was provided
	- name: Setup tmate session
	uses: mxschmitt/action-tmate@v3
	if: ${{ failure() }}

Provide feedback