Investigate automatic deployment policy from master branch

[jwflory]

Summary

Set up automatic Ansible playbook runs when new changes are pushed to this repo's master branch

Background

Currently, changes are still pushed manually by FOSSRIT sysadmins. You have to manually run a playbook when a change is made. It's more convenient and less work to maintain if there were a triggered event to deploy new changes when a pull request is merged to the master branch of this repo.

This way, anyone can contribute without having SSH access to the servers, and still see their changes go through once the PR is merged. The emphasis changes from SSH access to commit access on this repository.

Additional protections are required on master branch once this is set up.

Details

I see Fedora Infrastructure does this with a special machine dedicated only to running Ansible playbooks. I envision this step-by-step process for how it might work:

1. Pull request is merged into master on FOSSRIT/infrastructure
2. Webhook / trigger is sent to remote server (or cronjobs could be used?)
3. Ansible playbook run occurs on playbook server
4. Changes push out across infrastructure
5. Logs are captured in case of failure with Ansible playbook

Outcome

1. Moving responsibility to git commit access from remote account / SSH account access
2. Automated deployment process after a PR is merged that does not require humans (and outlasts my time as a student at RIT)

[jwflory]

If I get time next week to explore this, I'll see if I can't create an Ansible Role for this set-up and use webhooks to trigger Ansible playbook runs. Might require a new DigitalOcean droplet:

https://medium.com/@rossbulat/ansible-github-webhooks-automating-app-deployment-733bf58b013