Update roles/stolon/tasks/main.yml

.gitea/workflows/deploy-k8s.yml

@@ -36,7 +36,6 @@ jobs:
           echo "session"
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
           echo "BW_SESSION=$BW_SESSION" >> $GITEA_ENV
-          
 
       - name: Cloning ansible repository
         uses: actions/checkout@v4
@@ -56,6 +55,6 @@ jobs:
       - name: Run Ansible Playbook
         working-directory: ansible/iac
         run: |
-          ansible-playbook -i inventory.ini playbook.yml
+          ansible-playbook -i inventory.ini playbook.yml -e "BW_CLIENTID=$BW_CLIENTID BW_CLIENTSECRET=$BW_CLIENTSECRET BW_PASSWORD=$BW_PASSWORD BW_EMAIL=$BW_EMAIL"
         env:
           BW_SESSION: ${{ env.BW_SESSION }}

roles/stolon/tasks/main.yml

@@ -21,9 +21,12 @@
   shell: ls -l /tmp/stolon/kubernetes-files/files
   register: resultado_ls
 
+
 - name: Obter várias notas do Bitwarden
   shell: |
-    export BW_SESSION={{ lookup('env', 'BW_SESSION') }}
+    echo "unlock"
+    BW_SESSION=$(bw unlock {{ bw_password }} --raw)
+    echo "get item"
     bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }}
   loop:
     - { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" }
@@ -31,6 +34,8 @@
     - { id: "iac.ansible.stolon.keeper.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-secret.yaml" }
   args:
     executable: /bin/bash
+  environment:
+    BW_PASSWORD: "{{ BW_PASSWORD }}"
 
 
 - name: Mostrar resultado do ls

roles/stolon/vars/main.yml

@@ -0,0 +1,4 @@
+bw_password: "{{ lookup('env', 'BW_PASSWORD') }}"
+VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}"
+BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}"
+BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}"

roles/vaultwarden/tasks/main.yml

@@ -45,20 +45,32 @@
   register: bw_version
   failed_when: bw_version.rc != 0
 
+- name: Garantir logout do Bitwarden antes de configurar
+  shell: bw logout
+  ignore_errors: true
+
 - name: Fazer login no Bitwarden
   shell: | 
     echo "config"
     echo "VAULTWARDEN_LINK: {{ VAULTWARDEN_LINK }}"
     bw config server {{ VAULTWARDEN_LINK }}
+    echo $BW_CLIENTID
+    echo $BW_CLIENTSECRET
     echo "login"
     bw login --apikey
+  environment:
+    BW_CLIENTID: "{{ BW_CLIENTID }}"
+    BW_CLIENTSECRET: "{{ BW_CLIENTSECRET }}"
+    VAULTWARDEN_LINK: "{{ VAULTWARDEN_LINK }}"
   args:
     executable: /bin/bash
   register: bw_login
 
 - name: Desbloquear cofre e guardar sessão
-  shell: bw unlock --password {{ bw_password }} --raw
+  shell: bw unlock {{ bw_password }} --raw
   register: bw_session
+  environment:
+    BW_PASSWORD: "{{ BW_PASSWORD }}"
 
 - name: Exportar sessão para ambiente local
   shell: echo "export BW_SESSION={{ bw_session.stdout }}" >> /etc/profile.d/bw-session.sh