feat: CI/CD pipeline setup complete - Ansible playbooks updated, secrets configured, workflow ready

.deployment-archive-20251030-111806/ansible/playbooks/setup-production-secrets.yml

@@ -0,0 +1,57 @@
+---
+# Ansible Playbook: Setup Production Secrets
+# Purpose: Deploy Docker Secrets and environment configuration to production
+# Usage: ansible-playbook -i inventory/production.yml playbooks/setup-production-secrets.yml --ask-vault-pass
+
+- name: Setup Production Secrets and Environment
+  hosts: production_server
+  become: no
+  vars_files:
+    - ../secrets/production-vault.yml  # Encrypted with ansible-vault
+
+  tasks:
+    - name: Ensure secrets directory exists
+      file:
+        path: /home/deploy/secrets
+        state: directory
+        mode: '0700'
+        owner: deploy
+        group: deploy
+
+    - name: Deploy environment file from vault
+      template:
+        src: ../templates/production.env.j2
+        dest: /home/deploy/secrets/.env.production
+        mode: '0600'
+        owner: deploy
+        group: deploy
+      notify: Restart services
+
+    - name: Create Docker secrets (if swarm is initialized)
+      docker_secret:
+        name: "{{ item.name }}"
+        data: "{{ item.value }}"
+        state: present
+      loop:
+        - { name: "db_password", value: "{{ vault_db_password }}" }
+        - { name: "redis_password", value: "{{ vault_redis_password }}" }
+        - { name: "app_key", value: "{{ vault_app_key }}" }
+        - { name: "jwt_secret", value: "{{ vault_jwt_secret }}" }
+        - { name: "registry_password", value: "{{ vault_registry_password }}" }
+      no_log: true  # Don't log secrets
+
+    - name: Verify secrets are accessible
+      shell: docker secret ls
+      register: secret_list
+      changed_when: false
+
+    - name: Display deployed secrets (names only)
+      debug:
+        msg: "Deployed secrets: {{ secret_list.stdout_lines }}"
+
+  handlers:
+    - name: Restart services
+      shell: |
+        docker service update --force framework_web
+        docker service update --force framework_queue-worker
+      when: ansible_check_mode is not defined