Recover from failed tasks when download fails on VM

.github/workflows/ci.yml

@@ -0,0 +1,14 @@
+name: Run continuous integration
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Lint Ansible playbooks
+        uses: ansible/ansible-lint-action@v6

.gitignore

@@ -0,0 +1,2 @@
+tmp/
+venv/

README.md

@@ -25,3 +25,22 @@ To configure HTTPS, copy certificate, key and chain file to the server and provi
     $ ansible-playbook -i staging proxy.yml --extra-vars "proxy_ssl_cert=/path/to/cert proxy_ssl_key=/path/to/key proxy_ssl_chain=/path/to/chain"
 
 This will create an Apache virtual host that listens on port 443 and proxies as described above. Additionally, non-HTTPS URLs will be rewritten to HTTPS.
+
+
+## Caveats
+
+These playbooks currently require Ansible 1.9, which is older and less supported. You may want to use an optional virtual environment for use that will also allow you to install its dependencies.
+
+    $ virtualenv venv
+    $ source venv/bin/activate
+    $ pip install -r requirements.txt
+
+If you are still using Python 2.7, you may need to install `virtualenv` first:
+
+    $ pip install virtualenv
+
+To exit out of the virtual environment:
+
+    $ deactivate
+
+There is an [open issue](https://github.com/rightsstatements/rights-deploy/issues/24) to upgrade Ansible to a more recent release.

app_deploy.yml

@@ -3,6 +3,7 @@
   roles:
     - common
     #- java
+
   tasks:
 
     - name: Install unzip
@@ -25,6 +26,14 @@
       sudo: yes
       sudo_user: "{{ deployment_user }}"
       environment: "{{ proxy_env }}"
+      register: download_result
+      ignore_errors: true
+
+    - name: Fall back on downloading rights-app locally and uploading via scp
+      include: roles/app/tasks/local_app_download.yml
+      vars:
+        rights_app_release_local: "{{ rights_app_release }}"
+      when: download_result.state == "absent"
 
     - stat: path="{{ rights_app_dest }}/rights-app-dist.zip"
       register: download

requirements.txt

@@ -0,0 +1,14 @@
+ansible==1.9.6
+bcrypt==3.1.7
+cffi==1.15.0
+cryptography==3.3.2
+enum34==1.1.10
+ipaddress==1.0.23
+Jinja2==2.11.3
+MarkupSafe==1.1.1
+paramiko==2.10.4
+pycparser==2.21
+pycrypto==2.6.1
+PyNaCl==1.4.0
+PyYAML==5.4.1
+six==1.16.0

roles/app/tasks/local_app_download.yml

@@ -0,0 +1,10 @@
+- name: Clear local download
+  local_action: file path="tmp/rights-app-dist.zip" state=absent
+
+- name: Download rights-app release locally
+  local_action: get_url url="{{ rights_app_repo_url }}/releases/download/{{ rights_app_release_local }}/rights-app-dist.zip" dest="tmp/rights-app-dist.zip"
+
+- name: Upload local rights-app download to server
+  copy: src=tmp/rights-app-dist.zip dest="{{ rights_app_dest }}/rights-app-dist.zip"
+  sudo: yes
+  sudo_user: "{{ deployment_user }}"